bug 1166976 - add pyasn1-modules python library r=ted,gerv
authorDavid Keeler <dkeeler@mozilla.com>
Wed, 20 May 2015 16:33:23 -0700
changeset 276974 580d7094b03a0216a2c8a8e674defe2110a00441
parent 276973 91a3fb3270078e7e2f0690135b93a888ac2d933e
child 276975 6b9de503879547f9659915596f858bf71df7ed8c
push id4932
push userjlund@mozilla.com
push dateMon, 10 Aug 2015 18:23:06 +0000
treeherdermozilla-beta@6dd5a4f5f745 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersted, gerv
bugs1166976
milestone41.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1166976 - add pyasn1-modules python library r=ted,gerv
python/pyasn1-modules/CHANGES
python/pyasn1-modules/LICENSE
python/pyasn1-modules/MANIFEST.in
python/pyasn1-modules/PKG-INFO
python/pyasn1-modules/README
python/pyasn1-modules/pyasn1_modules.egg-info/PKG-INFO
python/pyasn1-modules/pyasn1_modules.egg-info/SOURCES.txt
python/pyasn1-modules/pyasn1_modules.egg-info/dependency_links.txt
python/pyasn1-modules/pyasn1_modules.egg-info/requires.txt
python/pyasn1-modules/pyasn1_modules.egg-info/top_level.txt
python/pyasn1-modules/pyasn1_modules.egg-info/zip-safe
python/pyasn1-modules/pyasn1_modules/__init__.py
python/pyasn1-modules/pyasn1_modules/pem.py
python/pyasn1-modules/pyasn1_modules/pkcs12.py
python/pyasn1-modules/pyasn1_modules/rfc1155.py
python/pyasn1-modules/pyasn1_modules/rfc1157.py
python/pyasn1-modules/pyasn1_modules/rfc1901.py
python/pyasn1-modules/pyasn1_modules/rfc1902.py
python/pyasn1-modules/pyasn1_modules/rfc1905.py
python/pyasn1-modules/pyasn1_modules/rfc2251.py
python/pyasn1-modules/pyasn1_modules/rfc2314.py
python/pyasn1-modules/pyasn1_modules/rfc2315.py
python/pyasn1-modules/pyasn1_modules/rfc2437.py
python/pyasn1-modules/pyasn1_modules/rfc2459.py
python/pyasn1-modules/pyasn1_modules/rfc2511.py
python/pyasn1-modules/pyasn1_modules/rfc2560.py
python/pyasn1-modules/pyasn1_modules/rfc3412.py
python/pyasn1-modules/pyasn1_modules/rfc3414.py
python/pyasn1-modules/pyasn1_modules/rfc3447.py
python/pyasn1-modules/pyasn1_modules/rfc4210.py
python/pyasn1-modules/pyasn1_modules/rfc5208.py
python/pyasn1-modules/setup.cfg
python/pyasn1-modules/setup.py
python/pyasn1-modules/test/cmp.sh
python/pyasn1-modules/test/crl.sh
python/pyasn1-modules/test/crmf.sh
python/pyasn1-modules/test/ocspreq.sh
python/pyasn1-modules/test/ocsprsp.sh
python/pyasn1-modules/test/pkcs1.sh
python/pyasn1-modules/test/pkcs10.sh
python/pyasn1-modules/test/pkcs7.sh
python/pyasn1-modules/test/pkcs8.sh
python/pyasn1-modules/test/x509dump.sh
python/pyasn1-modules/tools/cmpdump.py
python/pyasn1-modules/tools/crldump.py
python/pyasn1-modules/tools/crmfdump.py
python/pyasn1-modules/tools/ocspclient.py
python/pyasn1-modules/tools/ocspreqdump.py
python/pyasn1-modules/tools/ocsprspdump.py
python/pyasn1-modules/tools/ocspserver.py
python/pyasn1-modules/tools/pkcs10dump.py
python/pyasn1-modules/tools/pkcs1dump.py
python/pyasn1-modules/tools/pkcs7dump.py
python/pyasn1-modules/tools/pkcs8dump.py
python/pyasn1-modules/tools/snmpget.py
python/pyasn1-modules/tools/x509dump.py
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/CHANGES
@@ -0,0 +1,45 @@
+Revision 0.0.5
+--------------
+
+- License updated to vanilla BSD 2-Clause to ease package use
+  (http://opensource.org/licenses/BSD-2-Clause).
+
+Revision 0.0.4
+--------------
+
+- CMP structures (RFC4210), cmpdump.py tool and test case added.
+- SNMPv2c Message syntax (RFC1901) properly defined.
+- Package version established in form of __init__.__version__
+  which is in-sync with distutils.
+- Package meta information and classifiers updated.
+
+Revision 0.0.3
+--------------
+
+- Text cases implemented
+- X.509 CRMF structures (RFC2511) and crmfdump.py tool added
+- X.509 CRL structures and crldump.py tool added
+- PKCS#10 structures and pkcs10dump.py tool added
+- PKCS#8 structures and pkcs8dump.py tool added
+- PKCS#1 (rfc3447) structures added
+- OCSP request & response dumping tool added
+- SNMPv2c & SNMPv3/USM structures added
+- keydump.py moved into pkcs1dump.py
+- PEM files read function generalized to be used more universally.
+- complete PKIX1 '88 code implemented at rfc2459.py
+
+
+Revision 0.0.2
+--------------
+
+- Require pyasn1 >= 0.1.1
+- Fixes towards Py3K compatibility
+  + use either of existing urllib module
+  + adopt to the new bytes type
+  + print operator is now a function
+  + new exception syntax
+
+Revision 0.0.1a
+---------------
+
+- Initial revision, most code carried from pyasn1 examples.
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2005-2013, Ilya Etingof <ilya@glas.net>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+  * Redistributions of source code must retain the above copyright notice, 
+    this list of conditions and the following disclaimer.
+
+  * Redistributions in binary form must reproduce the above copyright notice,
+    this list of conditions and the following disclaimer in the documentation
+    and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE. 
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/MANIFEST.in
@@ -0,0 +1,3 @@
+include CHANGES README LICENSE
+recursive-include tools *.py
+recursive-include test *.sh
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/PKG-INFO
@@ -0,0 +1,26 @@
+Metadata-Version: 1.0
+Name: pyasn1-modules
+Version: 0.0.5
+Summary: A collection of ASN.1-based protocols modules.
+Home-page: http://sourceforge.net/projects/pyasn1/
+Author: Ilya Etingof <ilya@glas.net>
+Author-email: ilya@glas.net
+License: BSD
+Description: A collection of ASN.1 modules expressed in form of pyasn1 classes. Includes protocols PDUs definition (SNMP, LDAP etc.) and various data structures (X.509, PKCS etc.).
+Platform: any
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Education
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: Science/Research
+Classifier: Intended Audience :: System Administrators
+Classifier: Intended Audience :: Telecommunications Industry
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Natural Language :: English
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Communications
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/README
@@ -0,0 +1,17 @@
+
+ASN.1 modules for Python
+------------------------
+
+This is a small but growing collection of ASN.1 data structures
+[1] expressed in Python terms using pyasn1 [2] data model.
+
+It's thought to be useful to protocol developers and testers.
+
+All modules are py2k/py3k-compliant.
+
+If you happen to convert some ASN.1 module into pyasn1 that is not
+yet present in this collection and wish to contribute - please send
+it to me.
+
+=-=-=
+mailto: ilya@glas.net
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules.egg-info/PKG-INFO
@@ -0,0 +1,26 @@
+Metadata-Version: 1.0
+Name: pyasn1-modules
+Version: 0.0.5
+Summary: A collection of ASN.1-based protocols modules.
+Home-page: http://sourceforge.net/projects/pyasn1/
+Author: Ilya Etingof <ilya@glas.net>
+Author-email: ilya@glas.net
+License: BSD
+Description: A collection of ASN.1 modules expressed in form of pyasn1 classes. Includes protocols PDUs definition (SNMP, LDAP etc.) and various data structures (X.509, PKCS etc.).
+Platform: any
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Education
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: Science/Research
+Classifier: Intended Audience :: System Administrators
+Classifier: Intended Audience :: Telecommunications Industry
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Natural Language :: English
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Communications
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules.egg-info/SOURCES.txt
@@ -0,0 +1,54 @@
+CHANGES
+LICENSE
+MANIFEST.in
+README
+setup.py
+pyasn1_modules/__init__.py
+pyasn1_modules/pem.py
+pyasn1_modules/pkcs12.py
+pyasn1_modules/rfc1155.py
+pyasn1_modules/rfc1157.py
+pyasn1_modules/rfc1901.py
+pyasn1_modules/rfc1902.py
+pyasn1_modules/rfc1905.py
+pyasn1_modules/rfc2251.py
+pyasn1_modules/rfc2314.py
+pyasn1_modules/rfc2315.py
+pyasn1_modules/rfc2437.py
+pyasn1_modules/rfc2459.py
+pyasn1_modules/rfc2511.py
+pyasn1_modules/rfc2560.py
+pyasn1_modules/rfc3412.py
+pyasn1_modules/rfc3414.py
+pyasn1_modules/rfc3447.py
+pyasn1_modules/rfc4210.py
+pyasn1_modules/rfc5208.py
+pyasn1_modules.egg-info/PKG-INFO
+pyasn1_modules.egg-info/SOURCES.txt
+pyasn1_modules.egg-info/dependency_links.txt
+pyasn1_modules.egg-info/requires.txt
+pyasn1_modules.egg-info/top_level.txt
+pyasn1_modules.egg-info/zip-safe
+test/cmp.sh
+test/crl.sh
+test/crmf.sh
+test/ocspreq.sh
+test/ocsprsp.sh
+test/pkcs1.sh
+test/pkcs10.sh
+test/pkcs7.sh
+test/pkcs8.sh
+test/x509dump.sh
+tools/cmpdump.py
+tools/crldump.py
+tools/crmfdump.py
+tools/ocspclient.py
+tools/ocspreqdump.py
+tools/ocsprspdump.py
+tools/ocspserver.py
+tools/pkcs10dump.py
+tools/pkcs1dump.py
+tools/pkcs7dump.py
+tools/pkcs8dump.py
+tools/snmpget.py
+tools/x509dump.py
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules.egg-info/dependency_links.txt
@@ -0,0 +1,1 @@
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules.egg-info/requires.txt
@@ -0,0 +1,1 @@
+pyasn1>=0.1.4
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules.egg-info/top_level.txt
@@ -0,0 +1,1 @@
+pyasn1_modules
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules.egg-info/zip-safe
@@ -0,0 +1,1 @@
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/__init__.py
@@ -0,0 +1,2 @@
+# http://www.python.org/dev/peps/pep-0396/
+__version__ = '0.0.5'
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/pem.py
@@ -0,0 +1,51 @@
+import base64, sys
+
+stSpam, stHam, stDump = 0, 1, 2
+
+# The markers parameters is in form ('start1', 'stop1'), ('start2', 'stop2')...
+# Return is (marker-index, substrate)
+def readPemBlocksFromFile(fileObj, *markers):
+    startMarkers = dict(map(lambda x: (x[1],x[0]),
+                            enumerate(map(lambda x: x[0], markers))))
+    stopMarkers = dict(map(lambda x: (x[1],x[0]),
+                           enumerate(map(lambda x: x[1], markers))))
+    idx = -1; substrate = ''
+    state = stSpam
+    while 1:
+        certLine = fileObj.readline()
+        if not certLine:
+            break
+        certLine = certLine.strip()
+        if state == stSpam:
+            if certLine in startMarkers:
+                certLines = []
+                idx = startMarkers[certLine]
+                state = stHam
+                continue
+        if state == stHam:
+            if certLine in stopMarkers and stopMarkers[certLine] == idx:
+                state = stDump
+            else:
+                certLines.append(certLine)
+        if state == stDump:
+            if sys.version_info[0] <= 2:
+                substrate = ''.join([ base64.b64decode(x) for x in certLines ])
+            else:
+                substrate = ''.encode().join([ base64.b64decode(x.encode()) for x in certLines ])
+            break
+    return idx, substrate
+
+# Backward compatibility routine
+def readPemFromFile(fileObj, 
+                    startMarker='-----BEGIN CERTIFICATE-----',
+                    endMarker='-----END CERTIFICATE-----'):
+    idx, substrate = readPemBlocksFromFile(fileObj, (startMarker, endMarker))
+    return substrate
+
+def readBase64FromFile(fileObj):
+    if sys.version_info[0] <= 2:
+        return ''.join([ base64.b64decode(x) for x in fileObj.readlines() ])
+    else:
+        return ''.encode().join(
+            [ base64.b64decode(x.encode()) for x in fileObj.readlines() ]
+        )
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/pkcs12.py
@@ -0,0 +1,34 @@
+#
+# PKCS#12 syntax
+#
+# ASN.1 source from:
+# ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12.asn
+#
+# Sample captures could be obtained with "openssl pkcs12" command
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint
+from pyasn1_modules.rfc2459 import *
+from pyasn1_modules import rfc2251
+
+class Attributes(univ.SetOf):
+    componentType = rfc2251.Attribute()
+
+class Version(univ.Integer): pass
+
+class CertificationRequestInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('subject', Name()),
+        namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
+        namedtype.NamedType('attributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+class Signature(univ.BitString): pass
+class SignatureAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class CertificationRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certificationRequestInfo', CertificationRequestInfo()),
+        namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+        namedtype.NamedType('signature', Signature())
+    )
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc1155.py
@@ -0,0 +1,73 @@
+#
+# SNMPv1 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1155.txt
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+
+class ObjectName(univ.ObjectIdentifier): pass
+
+class SimpleSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('number', univ.Integer()),
+        namedtype.NamedType('string', univ.OctetString()),
+        namedtype.NamedType('object', univ.ObjectIdentifier()),
+        namedtype.NamedType('empty', univ.Null())
+        )
+
+class IpAddress(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(
+        4, 4
+        )
+class NetworkAddress(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('internet', IpAddress())
+        )
+
+class Counter(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 1)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+class Gauge(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 2)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+class TimeTicks(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 3)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+class Opaque(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 4)
+        )
+    
+class ApplicationSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('address', NetworkAddress()),
+        namedtype.NamedType('counter', Counter()),
+        namedtype.NamedType('gauge', Gauge()),
+        namedtype.NamedType('ticks', TimeTicks()),
+        namedtype.NamedType('arbitrary', Opaque())
+        )
+    
+class ObjectSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('simple', SimpleSyntax()),
+        namedtype.NamedType('application-wide', ApplicationSyntax())
+        )
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc1157.py
@@ -0,0 +1,90 @@
+#
+# SNMPv1 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1157.txt
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+from pyasn1_modules import rfc1155
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('version-1', 0)
+        )
+    defaultValue = 0
+
+class Community(univ.OctetString): pass
+
+class RequestID(univ.Integer): pass
+class ErrorStatus(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('noError', 0),
+        ('tooBig', 1),
+        ('noSuchName', 2),
+        ('badValue', 3),
+        ('readOnly', 4),
+        ('genErr', 5)
+        )
+class ErrorIndex(univ.Integer): pass
+
+class VarBind(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('name', rfc1155.ObjectName()),
+        namedtype.NamedType('value', rfc1155.ObjectSyntax())
+        )
+class VarBindList(univ.SequenceOf):
+    componentType = VarBind()
+
+class _RequestBase(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('request-id', RequestID()),
+        namedtype.NamedType('error-status', ErrorStatus()),
+        namedtype.NamedType('error-index', ErrorIndex()),
+        namedtype.NamedType('variable-bindings', VarBindList())
+        )
+                            
+class GetRequestPDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+        )    
+class GetNextRequestPDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+        )
+class GetResponsePDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)
+        )
+class SetRequestPDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)
+        )
+
+class TrapPDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('enterprise', univ.ObjectIdentifier()),
+        namedtype.NamedType('agent-addr', rfc1155.NetworkAddress()),
+        namedtype.NamedType('generic-trap', univ.Integer().clone(namedValues=namedval.NamedValues(('coldStart', 0), ('warmStart', 1), ('linkDown', 2), ('linkUp', 3), ('authenticationFailure', 4), ('egpNeighborLoss', 5), ('enterpriseSpecific', 6)))),
+        namedtype.NamedType('specific-trap', univ.Integer()),
+        namedtype.NamedType('time-stamp', rfc1155.TimeTicks()),
+        namedtype.NamedType('variable-bindings', VarBindList())
+        )
+    
+class Pdus(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('get-request', GetRequestPDU()),
+        namedtype.NamedType('get-next-request', GetNextRequestPDU()),
+        namedtype.NamedType('get-response', GetResponsePDU()),
+        namedtype.NamedType('set-request', SetRequestPDU()),
+        namedtype.NamedType('trap', TrapPDU())
+        )
+        
+class Message(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('community', Community()),
+        namedtype.NamedType('data', Pdus())
+        )
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc1901.py
@@ -0,0 +1,15 @@
+#
+# SNMPv2c message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1901.txt
+#
+from pyasn1.type import univ, namedtype, namedval
+
+class Message(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer(namedValues = namedval.NamedValues(('version-2c', 1)))),
+        namedtype.NamedType('community', univ.OctetString()),
+        namedtype.NamedType('data', univ.Any())
+        )
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc1902.py
@@ -0,0 +1,105 @@
+#
+# SNMPv2c message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1902.txt
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+
+class Integer(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        -2147483648, 2147483647
+        )
+
+class Integer32(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        -2147483648, 2147483647
+        )
+    
+class OctetString(univ.OctetString):
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueSizeConstraint(
+        0, 65535
+        )
+
+class IpAddress(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x00)
+        )
+    subtypeSpec = univ.OctetString.subtypeSpec+constraint.ValueSizeConstraint(
+        4, 4
+        )
+
+class Counter32(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x01)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+
+class Gauge32(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x02)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+
+class Unsigned32(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x02)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+
+class TimeTicks(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x03)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+
+class Opaque(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x04)
+        )
+
+class Counter64(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x06)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        0, 18446744073709551615
+        )
+
+class Bits(univ.OctetString): pass
+
+class ObjectName(univ.ObjectIdentifier): pass
+
+class SimpleSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('integer-value', Integer()),
+        namedtype.NamedType('string-value', OctetString()),
+        namedtype.NamedType('objectID-value', univ.ObjectIdentifier())
+        )
+
+class ApplicationSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ipAddress-value', IpAddress()),
+        namedtype.NamedType('counter-value', Counter32()),
+        namedtype.NamedType('timeticks-value', TimeTicks()),
+        namedtype.NamedType('arbitrary-value', Opaque()),
+        namedtype.NamedType('big-counter-value', Counter64()),
+# This conflicts with Counter32
+#        namedtype.NamedType('unsigned-integer-value', Unsigned32()),
+        namedtype.NamedType('gauge32-value', Gauge32())
+        ) # BITS misplaced?
+
+class ObjectSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('simple', SimpleSyntax()),
+        namedtype.NamedType('application-wide', ApplicationSyntax())
+        )
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc1905.py
@@ -0,0 +1,100 @@
+#
+# SNMPv2c PDU syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1905.txt
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+from pyasn1_modules import rfc1902
+
+max_bindings = rfc1902.Integer(2147483647)
+
+class _BindValue(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('value', rfc1902.ObjectSyntax()),
+        namedtype.NamedType('unSpecified', univ.Null()),
+        namedtype.NamedType('noSuchObject', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('noSuchInstance', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('endOfMibView', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        )
+        
+class VarBind(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('name', rfc1902.ObjectName()),
+        namedtype.NamedType('', _BindValue())
+        )
+    
+class VarBindList(univ.SequenceOf):
+    componentType = VarBind()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(
+        0, max_bindings
+        )
+
+class PDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('request-id', rfc1902.Integer32()),
+        namedtype.NamedType('error-status', univ.Integer(namedValues=namedval.NamedValues(('noError', 0), ('tooBig', 1), ('noSuchName', 2), ('badValue', 3), ('readOnly', 4), ('genErr', 5), ('noAccess', 6), ('wrongType', 7), ('wrongLength', 8), ('wrongEncoding', 9), ('wrongValue', 10), ('noCreation', 11), ('inconsistentValue', 12), ('resourceUnavailable', 13), ('commitFailed', 14), ('undoFailed', 15), ('authorizationError', 16), ('notWritable', 17), ('inconsistentName', 18)))),
+        namedtype.NamedType('error-index', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+        namedtype.NamedType('variable-bindings', VarBindList())
+        )
+
+class BulkPDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('request-id', rfc1902.Integer32()),
+        namedtype.NamedType('non-repeaters', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+        namedtype.NamedType('max-repetitions', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+        namedtype.NamedType('variable-bindings', VarBindList())
+        )
+
+class GetRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+        )
+
+class GetNextRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+        )
+
+class ResponsePDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)
+        )
+
+class SetRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)
+        )
+
+class GetBulkRequestPDU(BulkPDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)
+        )
+
+class InformRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6)
+        )
+
+class SNMPv2TrapPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)
+        )
+
+class ReportPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8)
+        )
+
+class PDUs(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('get-request', GetRequestPDU()),
+        namedtype.NamedType('get-next-request', GetNextRequestPDU()),
+        namedtype.NamedType('get-bulk-request', GetBulkRequestPDU()),
+        namedtype.NamedType('response', ResponsePDU()),
+        namedtype.NamedType('set-request', SetRequestPDU()),
+        namedtype.NamedType('inform-request', InformRequestPDU()),
+        namedtype.NamedType('snmpV2-trap', SNMPv2TrapPDU()),
+        namedtype.NamedType('report', ReportPDU())
+        )
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2251.py
@@ -0,0 +1,319 @@
+#
+# LDAP message syntax
+#
+# ASN.1 source from:
+# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/ldap.asn
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint,char,useful
+from pyasn1.codec.der import decoder, encoder
+
+maxInt = univ.Integer(2147483647)
+
+class LDAPString(univ.OctetString): pass
+class LDAPOID(univ.OctetString): pass
+
+class LDAPDN(LDAPString): pass
+class RelativeLDAPDN(LDAPString): pass
+class AttributeType(LDAPString): pass
+class AttributeDescription(LDAPString): pass
+
+class AttributeDescriptionList(univ.SequenceOf):
+    componentType = AttributeDescription()
+
+class AttributeValue(univ.OctetString): pass
+
+class AssertionValue(univ.OctetString): pass
+
+class AttributeValueAssertion(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('attributeDesc', AttributeDescription()),
+        namedtype.NamedType('assertionValue', AssertionValue())
+        )
+
+class Attribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeDescription()),
+        namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+        )
+
+class MatchingRuleId(LDAPString): pass
+
+class Control(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('controlType', LDAPOID()),
+        namedtype.DefaultedNamedType('criticality', univ.Boolean('False')),
+        namedtype.OptionalNamedType('controlValue', univ.OctetString())
+        )
+                         
+class Controls(univ.SequenceOf):
+    componentType = Control()
+
+class LDAPURL(LDAPString): pass
+
+class Referral(univ.SequenceOf):
+    componentType = LDAPURL()
+
+class SaslCredentials(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('mechanism', LDAPString()),
+        namedtype.OptionalNamedType('credentials', univ.OctetString())
+        )
+    
+class AuthenticationChoice(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('simple', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('reserved-1', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('reserved-2', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.NamedType('sasl', SaslCredentials().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+        )
+        
+class BindRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 0)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 127))),
+        namedtype.NamedType('name', LDAPDN()),
+        namedtype.NamedType('authentication', AuthenticationChoice())
+        )
+
+class PartialAttributeList(univ.SequenceOf):
+    componentType = univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))))
+    
+class SearchResultEntry(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 4)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('objectName', LDAPDN()),
+        namedtype.NamedType('attributes', PartialAttributeList())
+        )
+
+class MatchingRuleAssertion(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('matchingRule', MatchingRuleId().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('type', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.NamedType('matchValue', AssertionValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.DefaultedNamedType('dnAttributes', univ.Boolean('False').subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+        )
+        
+class SubstringFilter(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeDescription()),
+        namedtype.NamedType('substrings', univ.SequenceOf(componentType=univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('initial', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('any', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('final', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))))))
+        )
+
+# Ugly hack to handle recursive Filter reference (up to 3-levels deep).
+
+class Filter3(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+        )
+
+class Filter2(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('and', univ.SetOf(componentType=Filter3()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('or', univ.SetOf(componentType=Filter3()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('not', Filter3().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+        )
+
+class Filter(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('and', univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('or', univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('not', Filter2().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+        )
+
+# End of Filter hack
+
+class SearchRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('baseObject', LDAPDN()),
+        namedtype.NamedType('scope', univ.Enumerated(namedValues=namedval.NamedValues(('baseObject', 0), ('singleLevel', 1), ('wholeSubtree', 2)))),
+        namedtype.NamedType('derefAliases', univ.Enumerated(namedValues=namedval.NamedValues(('neverDerefAliases', 0), ('derefInSearching', 1), ('derefFindingBaseObj', 2), ('derefAlways', 3)))),
+        namedtype.NamedType('sizeLimit', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
+        namedtype.NamedType('timeLimit', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
+        namedtype.NamedType('typesOnly', univ.Boolean()),
+        namedtype.NamedType('filter', Filter()),
+        namedtype.NamedType('attributes', AttributeDescriptionList())
+        )
+
+class UnbindRequest(univ.Null):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 2)
+        )
+
+class BindResponse(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('matchedDN', LDAPDN()),
+        namedtype.NamedType('errorMessage', LDAPString()),
+        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('serverSaslCreds', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)))
+        )
+
+class LDAPResult(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('matchedDN', LDAPDN()),
+        namedtype.NamedType('errorMessage', LDAPString()),
+        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+        )
+
+class SearchResultReference(univ.SequenceOf):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 19)
+        )
+    componentType = LDAPURL()
+
+class SearchResultDone(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 5)
+        )
+
+class AttributeTypeAndValues(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeDescription()),
+        namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+        )
+    
+class ModifyRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 6)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('object', LDAPDN()),
+        namedtype.NamedType('modification', univ.SequenceOf(componentType=univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('operation', univ.Enumerated(namedValues=namedval.NamedValues(('add', 0), ('delete', 1), ('replace', 2)))), namedtype.NamedType('modification', AttributeTypeAndValues())))))
+        )
+
+class ModifyResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 7)
+        )
+
+class AttributeList(univ.SequenceOf):
+    componentType = univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))))
+                                                                     
+class AddRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 8)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('entry', LDAPDN()),
+        namedtype.NamedType('attributes', AttributeList())
+        )
+
+class AddResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 9)
+        )
+
+class DelRequest(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10)
+        )
+
+class DelResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 11)
+        )
+
+class ModifyDNRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('entry', LDAPDN()),
+        namedtype.NamedType('newrdn', RelativeLDAPDN()),
+        namedtype.NamedType('deleteoldrdn', univ.Boolean()),
+        namedtype.OptionalNamedType('newSuperior', LDAPDN().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        
+        )
+
+class ModifyDNResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 13)
+        )
+
+class CompareRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 14)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('entry', LDAPDN()),
+        namedtype.NamedType('ava', AttributeValueAssertion())
+        )
+
+class CompareResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 15)
+        )
+
+class AbandonRequest(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 16)
+        )
+
+class ExtendedRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 23)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('requestName', LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('requestValue', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+        )
+
+class ExtendedResponse(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 24)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('matchedDN', LDAPDN()),
+        namedtype.NamedType('errorMessage', LDAPString()),
+        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+
+        namedtype.OptionalNamedType('responseName', LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))),
+        namedtype.OptionalNamedType('response', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
+        )
+
+class MessageID(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, maxInt
+        )
+
+class LDAPMessage(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('messageID', MessageID()),
+        namedtype.NamedType('protocolOp', univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('bindRequest', BindRequest()), namedtype.NamedType('bindResponse', BindResponse()), namedtype.NamedType('unbindRequest', UnbindRequest()), namedtype.NamedType('searchRequest', SearchRequest()), namedtype.NamedType('searchResEntry', SearchResultEntry()), namedtype.NamedType('searchResDone', SearchResultDone()), namedtype.NamedType('searchResRef', SearchResultReference()), namedtype.NamedType('modifyRequest', ModifyRequest()), namedtype.NamedType('modifyResponse', ModifyResponse()), namedtype.NamedType('addRequest', AddRequest()), namedtype.NamedType('addResponse', AddResponse()), namedtype.NamedType('delRequest', DelRequest()), namedtype.NamedType('delResponse', DelResponse()), namedtype.NamedType('modDNRequest', ModifyDNRequest()), namedtype.NamedType('modDNResponse', ModifyDNResponse()), namedtype.NamedType('compareRequest', CompareRequest()), namedtype.NamedType('compareResponse', CompareResponse()), namedtype.NamedType('abandonRequest', AbandonRequest()), namedtype.NamedType('extendedReq', ExtendedRequest()), namedtype.NamedType('extendedResp', ExtendedResponse())))),
+        namedtype.OptionalNamedType('controls', Controls().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        )
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2314.py
@@ -0,0 +1,33 @@
+#
+# PKCS#10 syntax
+#
+# ASN.1 source from:
+# http://tools.ietf.org/html/rfc2314
+#
+# Sample captures could be obtained with "openssl req" command
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint
+from pyasn1_modules.rfc2459 import *
+
+class Attributes(univ.SetOf):
+    componentType = Attribute()
+
+class Version(univ.Integer): pass
+
+class CertificationRequestInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('subject', Name()),
+        namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
+        namedtype.NamedType('attributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+class Signature(univ.BitString): pass
+class SignatureAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class CertificationRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certificationRequestInfo', CertificationRequestInfo()),
+        namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+        namedtype.NamedType('signature', Signature())
+    )
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2315.py
@@ -0,0 +1,205 @@
+#
+# PKCS#7 message syntax
+#
+# ASN.1 source from:
+# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/pkcs7.asn
+#
+# Sample captures from:
+# openssl crl2pkcs7 -nocrl -certfile cert1.cer -out outfile.p7b
+#
+from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful
+from pyasn1_modules.rfc2459 import *
+
+class Attribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeType()),
+        namedtype.NamedType('values', univ.SetOf(componentType=AttributeValue()))
+        )
+
+class AttributeValueAssertion(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('attributeType', AttributeType()),
+        namedtype.NamedType('attributeValue', AttributeValue())
+        )
+
+pkcs_7 = univ.ObjectIdentifier('1.2.840.113549.1.7')
+data = univ.ObjectIdentifier('1.2.840.113549.1.7.1')
+signedData = univ.ObjectIdentifier('1.2.840.113549.1.7.2')
+envelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.3')
+signedAndEnvelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.4')
+digestedData = univ.ObjectIdentifier('1.2.840.113549.1.7.5')
+encryptedData = univ.ObjectIdentifier('1.2.840.113549.1.7.6')
+
+class ContentType(univ.ObjectIdentifier): pass
+
+class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class EncryptedContent(univ.OctetString): pass
+
+class EncryptedContentInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('contentType', ContentType()),
+        namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()),
+        namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        )
+
+class Version(univ.Integer): pass  # overrides x509.Version
+
+class EncryptedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
+        )
+
+class DigestAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class DigestAlgorithmIdentifiers(univ.SetOf):
+    componentType = DigestAlgorithmIdentifier()
+
+class Digest(univ.OctetString): pass
+
+class ContentInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('contentType', ContentType()),
+        namedtype.OptionalNamedType('content', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        )
+
+class DigestedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+        namedtype.NamedType('contentInfo', ContentInfo()),
+        namedtype.NamedType('digest', Digest)
+        )
+
+class IssuerAndSerialNumber(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('serialNumber', CertificateSerialNumber())
+        )
+
+class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class EncryptedKey(univ.OctetString): pass
+
+class RecipientInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+        namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+        namedtype.NamedType('encryptedKey', EncryptedKey())
+        )
+                    
+class RecipientInfos(univ.SetOf):
+    componentType = RecipientInfo()
+
+class Attributes(univ.SetOf):
+    componentType = Attribute()
+
+class ExtendedCertificateInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('certificate', Certificate()),
+        namedtype.NamedType('attributes', Attributes())
+        )
+
+class SignatureAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class Signature(univ.BitString): pass
+
+class ExtendedCertificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()),
+        namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+        namedtype.NamedType('signature', Signature())
+        )
+
+class ExtendedCertificateOrCertificate(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certificate', Certificate()),
+        namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        )
+
+class ExtendedCertificatesAndCertificates(univ.SetOf):
+    componentType = ExtendedCertificateOrCertificate()
+
+class SerialNumber(univ.Integer): pass
+
+class CRLEntry(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('userCertificate', SerialNumber()),
+        namedtype.NamedType('revocationDate', useful.UTCTime())
+        )
+
+class TBSCertificateRevocationList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signature', AlgorithmIdentifier()),
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('lastUpdate', useful.UTCTime()),
+        namedtype.NamedType('nextUpdate', useful.UTCTime()),
+        namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=CRLEntry()))
+        )
+                            
+class CertificateRevocationList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsCertificateRevocationList', TBSCertificateRevocationList()),
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString())
+        )
+
+class CertificateRevocationLists(univ.SetOf):
+    componentType = CertificateRevocationList()
+
+class DigestEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class EncryptedDigest(univ.OctetString): pass
+
+class SignerInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+        namedtype.OptionalNamedType('authenticatedAttributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('digestEncryptionAlgorithm', DigestEncryptionAlgorithmIdentifier()),
+        namedtype.NamedType('encryptedDigest', EncryptedDigest()),
+        namedtype.OptionalNamedType('unauthenticatedAttributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+        )
+                    
+class SignerInfos(univ.SetOf):
+    componentType = SignerInfo()
+
+class SignedAndEnvelopedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('recipientInfos', RecipientInfos()),
+        namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
+        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
+        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('signerInfos', SignerInfos())
+        )
+
+class EnvelopedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('recipientInfos', RecipientInfos()),
+        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
+        )
+    
+class DigestInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+        namedtype.NamedType('digest', Digest())
+        )
+                    
+class SignedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
+        namedtype.NamedType('contentInfo', ContentInfo()),
+        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('signerInfos', SignerInfos())
+        )
+        
+class Data(univ.OctetString): pass
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2437.py
@@ -0,0 +1,53 @@
+#
+# PKCS#1 syntax
+#
+# ASN.1 source from:
+# ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2.asn
+#
+# Sample captures could be obtained with "openssl genrsa" command
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint
+from pyasn1_modules.rfc2459 import AlgorithmIdentifier
+
+pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1')
+rsaEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1')
+md2WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.2')
+md4WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.3')
+md5WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.4')
+sha1WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.5')
+rsaOAEPEncryptionSET = univ.ObjectIdentifier('1.2.840.113549.1.1.6')
+id_RSAES_OAEP = univ.ObjectIdentifier('1.2.840.113549.1.1.7')
+id_mgf1 = univ.ObjectIdentifier('1.2.840.113549.1.1.8')
+id_pSpecified = univ.ObjectIdentifier('1.2.840.113549.1.1.9')
+id_sha1 = univ.ObjectIdentifier('1.3.14.3.2.26')
+
+MAX = 16
+
+class Version(univ.Integer): pass
+
+class RSAPrivateKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer()),
+        namedtype.NamedType('privateExponent', univ.Integer()),
+        namedtype.NamedType('prime1', univ.Integer()),
+        namedtype.NamedType('prime2', univ.Integer()),
+        namedtype.NamedType('exponent1', univ.Integer()),
+        namedtype.NamedType('exponent2', univ.Integer()),
+        namedtype.NamedType('coefficient', univ.Integer())
+    )
+
+class RSAPublicKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer())
+    )
+
+# XXX defaults not set
+class RSAES_OAEP_params(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('hashFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('maskGenFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('pSourceFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+    )
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2459.py
@@ -0,0 +1,903 @@
+#
+# X.509 message syntax
+#
+# ASN.1 source from:
+# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/x509.asn
+# http://www.ietf.org/rfc/rfc2459.txt
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful
+
+MAX = 64  # XXX ?
+
+#
+# PKIX1Explicit88
+#
+
+# Upper Bounds
+ub_name = univ.Integer(32768)
+ub_common_name = univ.Integer(64)
+ub_locality_name = univ.Integer(128)
+ub_state_name = univ.Integer(128)
+ub_organization_name = univ.Integer(64)
+ub_organizational_unit_name = univ.Integer(64)
+ub_title = univ.Integer(64)
+ub_match = univ.Integer(128)
+ub_emailaddress_length = univ.Integer(128)
+ub_common_name_length = univ.Integer(64)
+ub_country_name_alpha_length = univ.Integer(2)
+ub_country_name_numeric_length = univ.Integer(3)
+ub_domain_defined_attributes = univ.Integer(4)
+ub_domain_defined_attribute_type_length = univ.Integer(8)
+ub_domain_defined_attribute_value_length = univ.Integer(128)
+ub_domain_name_length = univ.Integer(16)
+ub_extension_attributes = univ.Integer(256)
+ub_e163_4_number_length = univ.Integer(15)
+ub_e163_4_sub_address_length = univ.Integer(40)
+ub_generation_qualifier_length = univ.Integer(3)
+ub_given_name_length = univ.Integer(16)
+ub_initials_length = univ.Integer(5)
+ub_integer_options = univ.Integer(256)
+ub_numeric_user_id_length = univ.Integer(32)
+ub_organization_name_length = univ.Integer(64)
+ub_organizational_unit_name_length = univ.Integer(32)
+ub_organizational_units = univ.Integer(4)
+ub_pds_name_length = univ.Integer(16)
+ub_pds_parameter_length = univ.Integer(30)
+ub_pds_physical_address_lines = univ.Integer(6)
+ub_postal_code_length = univ.Integer(16)
+ub_surname_length = univ.Integer(40)
+ub_terminal_id_length = univ.Integer(24)
+ub_unformatted_address_length = univ.Integer(180)
+ub_x121_address_length = univ.Integer(16)
+
+class UniversalString(char.UniversalString): pass
+class BMPString(char.BMPString): pass
+class UTF8String(char.UTF8String): pass
+
+id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7')
+id_pe = univ.ObjectIdentifier('1.3.6.1.5.5.7.1')
+id_qt = univ.ObjectIdentifier('1.3.6.1.5.5.7.2')
+id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3')
+id_ad = univ.ObjectIdentifier('1.3.6.1.5.5.7.48')
+
+id_qt_cps = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.1')
+id_qt_unotice = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.2')
+
+id_ad_ocsp = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.1')
+id_ad_caIssuers = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.2')
+
+class AttributeValue(univ.Any): pass
+
+class AttributeType(univ.ObjectIdentifier): pass
+
+class AttributeTypeAndValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeType()),
+        namedtype.NamedType('value', AttributeValue())
+        )
+
+class Attribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeType()),
+        namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+        )
+
+id_at = univ.ObjectIdentifier('2.5.4')
+id_at_name = univ.ObjectIdentifier('2.5.4.41')
+id_at_sutname = univ.ObjectIdentifier('2.5.4.4')
+id_at_givenName = univ.ObjectIdentifier('2.5.4.42')
+id_at_initials = univ.ObjectIdentifier('2.5.4.43')
+id_at_generationQualifier = univ.ObjectIdentifier('2.5.4.44')
+
+class X520name(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name)))
+    )
+
+id_at_commonName = univ.ObjectIdentifier('2.5.4.3')
+
+class X520CommonName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name)))
+    )
+
+id_at_localityName = univ.ObjectIdentifier('2.5.4.7')
+
+class X520LocalityName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name)))
+    )
+
+id_at_stateOrProvinceName = univ.ObjectIdentifier('2.5.4.8')
+
+class X520StateOrProvinceName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name)))
+    )
+
+id_at_organizationName = univ.ObjectIdentifier('2.5.4.10')
+
+class X520OrganizationName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name)))
+    )
+
+id_at_organizationalUnitName = univ.ObjectIdentifier('2.5.4.11')
+
+class X520OrganizationalUnitName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name)))
+    )
+
+id_at_title = univ.ObjectIdentifier('2.5.4.12')
+
+class X520Title(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title)))
+    )
+
+id_at_dnQualifier = univ.ObjectIdentifier('2.5.4.46')
+
+class X520dnQualifier(char.PrintableString): pass
+
+id_at_countryName = univ.ObjectIdentifier('2.5.4.6')
+
+class X520countryName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(2, 2)
+
+pkcs_9 = univ.ObjectIdentifier('1.2.840.113549.1.9')
+
+emailAddress = univ.ObjectIdentifier('1.2.840.113549.1.9.1')
+
+class Pkcs9email(char.IA5String):
+    subtypeSpec = char.IA5String.subtypeSpec + constraint.ValueSizeConstraint(1, ub_emailaddress_length)
+
+# ----
+
+class DSAPrivateKey(univ.Sequence):
+    """PKIX compliant DSA private key structure"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 0)))),
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer()),
+        namedtype.NamedType('public', univ.Integer()),
+        namedtype.NamedType('private', univ.Integer())
+        )
+
+# ----
+
+class RelativeDistinguishedName(univ.SetOf):
+    componentType = AttributeTypeAndValue()
+
+class RDNSequence(univ.SequenceOf):
+    componentType = RelativeDistinguishedName()
+
+class Name(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('', RDNSequence())
+        )
+
+class DirectoryString(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('ia5String', char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) # hm, this should not be here!? XXX
+        )
+
+# certificate and CRL specific structures begin here
+                          
+class AlgorithmIdentifier(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('algorithm', univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('parameters', univ.Any())
+        )
+
+class Extension(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('extnID', univ.ObjectIdentifier()),
+        namedtype.DefaultedNamedType('critical', univ.Boolean('False')),
+        namedtype.NamedType('extnValue', univ.Any())
+        )
+
+class Extensions(univ.SequenceOf):
+    componentType = Extension()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class SubjectPublicKeyInfo(univ.Sequence):
+     componentType = namedtype.NamedTypes(
+         namedtype.NamedType('algorithm', AlgorithmIdentifier()),
+         namedtype.NamedType('subjectPublicKey', univ.BitString())
+         )
+
+class UniqueIdentifier(univ.BitString): pass
+
+class Time(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('utcTime', useful.UTCTime()),
+        namedtype.NamedType('generalTime', useful.GeneralizedTime())
+        )
+    
+class Validity(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('notBefore', Time()),
+        namedtype.NamedType('notAfter', Time())
+        )
+
+class CertificateSerialNumber(univ.Integer): pass
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('v1', 0), ('v2', 1), ('v3', 2)
+        )
+
+class TBSCertificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('serialNumber', CertificateSerialNumber()),
+        namedtype.NamedType('signature', AlgorithmIdentifier()),
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('validity', Validity()),
+        namedtype.NamedType('subject', Name()),
+        namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
+        namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('extensions', Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+        )
+
+class Certificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsCertificate', TBSCertificate()),
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signatureValue', univ.BitString())
+        )
+
+# CRL structures
+
+class RevokedCertificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('userCertificate', CertificateSerialNumber()),
+        namedtype.NamedType('revocationDate', Time()),
+        namedtype.OptionalNamedType('crlEntryExtensions', Extensions())
+    )
+ 
+class TBSCertList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('version', Version()),
+        namedtype.NamedType('signature', AlgorithmIdentifier()),
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('thisUpdate', Time()),
+        namedtype.OptionalNamedType('nextUpdate', Time()),
+        namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=RevokedCertificate())),
+        namedtype.OptionalNamedType('crlExtensions', Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+class CertificateList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsCertList', TBSCertList()),
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString())
+    )
+
+# Algorithm OIDs and parameter structures
+
+pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1')
+rsaEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1')
+md2WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.2')
+md5WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.4')
+sha1WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.5')
+id_dsa_with_sha1 = univ.ObjectIdentifier('1.2.840.10040.4.3')
+
+class Dss_Sig_Value(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('r', univ.Integer()),
+        namedtype.NamedType('s', univ.Integer())
+    )
+
+dhpublicnumber = univ.ObjectIdentifier('1.2.840.10046.2.1')
+
+class ValidationParms(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('seed', univ.BitString()),
+        namedtype.NamedType('pgenCounter', univ.Integer())
+    )
+
+class DomainParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.NamedType('j', univ.Integer()),
+        namedtype.OptionalNamedType('validationParms', ValidationParms())
+    )
+
+id_dsa = univ.ObjectIdentifier('1.2.840.10040.4.1')
+
+class Dss_Parms(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer())
+    )
+
+# x400 address syntax starts here
+
+teletex_domain_defined_attributes = univ.Integer(6)
+
+class TeletexDomainDefinedAttribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
+        namedtype.NamedType('value', char.TeletexString())
+    )
+
+class TeletexDomainDefinedAttributes(univ.SequenceOf):
+    componentType = TeletexDomainDefinedAttribute()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
+
+terminal_type = univ.Integer(23)
+
+class TerminalType(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, ub_integer_options)
+    namedValues = namedval.NamedValues(
+        ('telex', 3),
+        ('teletelex', 4),
+        ('g3-facsimile', 5),
+        ('g4-facsimile', 6),
+        ('ia5-terminal', 7),
+        ('videotex', 8)
+    )
+
+class PresentationAddress(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3), subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    )
+
+extended_network_address = univ.Integer(22)
+
+class E163_4_address(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('number', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_number_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('sub-address', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_sub_address_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+class ExtendedNetworkAddress(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('e163-4-address', E163_4_address()),
+        namedtype.NamedType('psap-address', PresentationAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+class PDSParameter(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('printable-string', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))),
+        namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)))
+    )
+
+local_postal_attributes = univ.Integer(21)
+
+class LocalPostalAttributes(PDSParameter): pass
+
+class UniquePostalName(PDSParameter): pass
+
+unique_postal_name = univ.Integer(20)
+
+poste_restante_address = univ.Integer(19)
+
+class PosteRestanteAddress(PDSParameter): pass
+
+post_office_box_address = univ.Integer(18)
+
+class PostOfficeBoxAddress(PDSParameter): pass
+
+street_address = univ.Integer(17)
+
+class StreetAddress(PDSParameter): pass
+
+class UnformattedPostalAddress(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('printable-address', univ.SequenceOf(componentType=char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_physical_address_lines)))),
+        namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_unformatted_address_length)))
+    )
+
+physical_delivery_office_name = univ.Integer(10)
+
+class PhysicalDeliveryOfficeName(PDSParameter): pass
+
+physical_delivery_office_number = univ.Integer(11)
+
+class PhysicalDeliveryOfficeNumber(PDSParameter): pass
+
+extension_OR_address_components = univ.Integer(12)
+
+class ExtensionORAddressComponents(PDSParameter): pass
+
+physical_delivery_personal_name = univ.Integer(13)
+
+class PhysicalDeliveryPersonalName(PDSParameter): pass
+
+physical_delivery_organization_name = univ.Integer(14)
+
+class PhysicalDeliveryOrganizationName(PDSParameter): pass
+
+extension_physical_delivery_address_components = univ.Integer(15)
+
+class ExtensionPhysicalDeliveryAddressComponents(PDSParameter): pass
+
+unformatted_postal_address = univ.Integer(16)
+
+postal_code = univ.Integer(9)
+
+class PostalCode(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('numeric-code', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))),
+        namedtype.NamedType('printable-code', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length)))
+    )
+
+class PhysicalDeliveryCountryName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, ub_country_name_numeric_length))),
+        namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
+    )
+
+class PDSName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_pds_name_length)
+
+physical_delivery_country_name = univ.Integer(8)
+
+class TeletexOrganizationalUnitName(char.TeletexString):
+    subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
+
+pds_name = univ.Integer(7)
+
+teletex_organizational_unit_names = univ.Integer(5)
+
+class TeletexOrganizationalUnitNames(univ.SequenceOf):
+    componentType = TeletexOrganizationalUnitName()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units)
+
+teletex_personal_name = univ.Integer(4)
+
+class TeletexPersonalName(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('surname', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('given-name', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('initials', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('generation-qualifier', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+    )
+
+teletex_organization_name = univ.Integer(3)
+
+class TeletexOrganizationName(char.TeletexString):
+    subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length)
+
+teletex_common_name = univ.Integer(2)
+
+class TeletexCommonName(char.TeletexString):
+    subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length)
+
+class CommonName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length)
+
+common_name = univ.Integer(1)
+
+class ExtensionAttribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('extension-attribute-type', univ.Integer().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, ub_extension_attributes), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('extension-attribute-value', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+class ExtensionAttributes(univ.SetOf):
+    componentType = ExtensionAttribute()
+    subtypeSpec = univ.SetOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_extension_attributes)
+
+class BuiltInDomainDefinedAttribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
+        namedtype.NamedType('value', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length)))
+    )
+
+class BuiltInDomainDefinedAttributes(univ.SequenceOf):
+    componentType = BuiltInDomainDefinedAttribute()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
+
+class OrganizationalUnitName(char.PrintableString):
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
+
+class OrganizationalUnitNames(univ.SequenceOf):
+    componentType = OrganizationalUnitName()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units)
+
+class PersonalName(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('surname', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('given-name', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('initials', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('generation-qualifier', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+    )
+
+class NumericUserIdentifier(char.NumericString):
+    subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_numeric_user_id_length)
+
+class OrganizationName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length)
+
+class PrivateDomainName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('numeric', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))),
+        namedtype.NamedType('printable', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length)))
+    )
+
+class TerminalIdentifier(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_terminal_id_length)
+
+class X121Address(char.NumericString):
+    subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_x121_address_length)
+
+class NetworkAddress(X121Address): pass
+
+class AdministrationDomainName(univ.Choice):
+    tagSet = univ.Choice.tagSet.tagExplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('numeric', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))),
+        namedtype.NamedType('printable', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length)))
+    )
+
+class CountryName(univ.Choice):
+    tagSet = univ.Choice.tagSet.tagExplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, ub_country_name_numeric_length))),
+        namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
+    )
+
+class BuiltInStandardAttributes(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('country-name', CountryName()),
+        namedtype.OptionalNamedType('administration-domain-name', AdministrationDomainName()),
+        namedtype.OptionalNamedType('network-address', NetworkAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('terminal-identifier', TerminalIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('private-domain-name', PrivateDomainName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('organization-name', OrganizationName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.OptionalNamedType('numeric-user-identifier', NumericUserIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+        namedtype.OptionalNamedType('personal-name', PersonalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+        namedtype.OptionalNamedType('organizational-unit-names', OrganizationalUnitNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6)))
+    )
+
+class ORAddress(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('built-in-standard-attributes', BuiltInStandardAttributes()),
+        namedtype.OptionalNamedType('built-in-domain-defined-attributes', BuiltInDomainDefinedAttributes()),
+        namedtype.OptionalNamedType('extension-attributes', ExtensionAttributes())
+    )
+
+#
+# PKIX1Implicit88
+#
+
+id_ce_invalidityDate = univ.ObjectIdentifier('2.5.29.24')
+
+class InvalidityDate(useful.GeneralizedTime): pass
+
+id_holdinstruction_none = univ.ObjectIdentifier('2.2.840.10040.2.1')
+id_holdinstruction_callissuer = univ.ObjectIdentifier('2.2.840.10040.2.2')
+id_holdinstruction_reject = univ.ObjectIdentifier('2.2.840.10040.2.3')
+
+holdInstruction = univ.ObjectIdentifier('2.2.840.10040.2')
+
+id_ce_holdInstructionCode = univ.ObjectIdentifier('2.5.29.23')
+
+class HoldInstructionCode(univ.ObjectIdentifier): pass
+
+id_ce_cRLReasons = univ.ObjectIdentifier('2.5.29.21')
+
+class CRLReason(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('unspecified', 0),
+        ('keyCompromise', 1),
+        ('cACompromise', 2),
+        ('affiliationChanged', 3),
+        ('superseded', 4),
+        ('cessationOfOperation', 5),
+        ('certificateHold', 6),
+        ('removeFromCRL', 8)
+    )
+
+id_ce_cRLNumber = univ.ObjectIdentifier('2.5.29.20')
+
+class CRLNumber(univ.Integer):
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(0, MAX)
+
+class BaseCRLNumber(CRLNumber): pass
+
+id_kp_serverAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.1.1')
+id_kp_clientAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.2')
+id_kp_codeSigning = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.3')
+id_kp_emailProtection = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.4')
+id_kp_ipsecEndSystem = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.5')
+id_kp_ipsecTunnel = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.6')
+id_kp_ipsecUser = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.7')
+id_kp_timeStamping = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.8')
+id_pe_authorityInfoAccess = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.1')
+id_ce_extKeyUsage = univ.ObjectIdentifier('2.5.29.37')
+
+class KeyPurposeId(univ.ObjectIdentifier): pass
+
+class ExtKeyUsageSyntax(univ.SequenceOf):
+    componentType = KeyPurposeId()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class ReasonFlags(univ.BitString):
+    namedValues = namedval.NamedValues(
+        ('unused', 0),
+        ('keyCompromise', 1),
+        ('cACompromise', 2),
+        ('affiliationChanged', 3),
+        ('superseded', 4),
+        ('cessationOfOperation', 5),
+        ('certificateHold', 6)
+    )
+
+
+class SkipCerts(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, MAX)
+
+id_ce_policyConstraints = univ.ObjectIdentifier('2.5.29.36')
+
+class PolicyConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('requireExplicitPolicy', SkipCerts().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('inhibitPolicyMapping', SkipCerts().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+id_ce_basicConstraints = univ.ObjectIdentifier('2.5.29.19')
+
+class BasicConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('cA', univ.Boolean(False)),
+        namedtype.OptionalNamedType('pathLenConstraint', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX)))
+    )
+
+id_ce_subjectDirectoryAttributes = univ.ObjectIdentifier('2.5.29.9')
+
+class SubjectDirectoryAttributes(univ.SequenceOf):
+    componentType = Attribute()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class EDIPartyName(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('nameAssigner', DirectoryString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('partyName', DirectoryString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+class AnotherName(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type-id', univ.ObjectIdentifier()),
+        namedtype.NamedType('value', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+class GeneralName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('otherName', AnotherName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('rfc822Name', char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('dNSName', char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.NamedType('x400Address', ORAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.NamedType('directoryName', Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+        namedtype.NamedType('ediPartyName', EDIPartyName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+        namedtype.NamedType('uniformResourceIdentifier', char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+        namedtype.NamedType('iPAddress', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))
+    )
+
+class GeneralNames(univ.SequenceOf):
+    componentType = GeneralName()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class AccessDescription(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('accessMethod', univ.ObjectIdentifier()),
+        namedtype.NamedType('accessLocation', GeneralName())
+    )
+
+class AuthorityInfoAccessSyntax(univ.SequenceOf):
+    componentType = AccessDescription()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+id_ce_deltaCRLIndicator = univ.ObjectIdentifier('2.5.29.27')
+
+class DistributionPointName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('fullName', GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('nameRelativeToCRLIssuer', RelativeDistinguishedName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+class DistributionPoint(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('reasons', ReasonFlags().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('cRLIssuer', GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+    )
+class BaseDistance(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(0, MAX)
+
+id_ce_cRLDistributionPoints = univ.ObjectIdentifier('2.5.29.31')
+
+class CRLDistPointsSyntax(univ.SequenceOf):
+    componentType = DistributionPoint
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+id_ce_issuingDistributionPoint = univ.ObjectIdentifier('2.5.29.28')
+
+class IssuingDistributionPoint(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('onlyContainsUserCerts', univ.Boolean(False).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('onlyContainsCACerts', univ.Boolean(False).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('onlySomeReasons', ReasonFlags().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.NamedType('indirectCRL', univ.Boolean(False).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+    )
+
+class GeneralSubtree(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('base', GeneralName()),
+        namedtype.NamedType('minimum', BaseDistance(0).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('maximum', BaseDistance().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+class GeneralSubtrees(univ.SequenceOf):
+    componentType = GeneralSubtree()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+id_ce_nameConstraints = univ.ObjectIdentifier('2.5.29.30')
+
+class NameConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('permittedSubtrees', GeneralSubtrees().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('excludedSubtrees', GeneralSubtrees().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+
+class DisplayText(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('visibleString', char.VisibleString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200)))
+    )
+
+class NoticeReference(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('organization', DisplayText()),
+        namedtype.NamedType('noticeNumbers', univ.SequenceOf(componentType=univ.Integer()))
+    )
+
+class UserNotice(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('noticeRef', NoticeReference()),
+        namedtype.OptionalNamedType('explicitText', DisplayText())
+    )
+
+class CPSuri(char.IA5String): pass
+
+class PolicyQualifierId(univ.ObjectIdentifier):
+    subtypeSpec = univ.ObjectIdentifier.subtypeSpec + constraint.SingleValueConstraint(id_qt_cps, id_qt_unotice)
+
+class CertPolicyId(univ.ObjectIdentifier): pass
+
+class PolicyQualifierInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('policyQualifierId', PolicyQualifierId()),
+        namedtype.NamedType('qualifier', univ.Any())
+    )
+
+id_ce_certificatePolicies = univ.ObjectIdentifier('2.5.29.32')
+
+class PolicyInformation(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('policyIdentifier', CertPolicyId()),
+        namedtype.OptionalNamedType('policyQualifiers', univ.SequenceOf(componentType=PolicyQualifierInfo()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+class CertificatePolicies(univ.SequenceOf):
+    componentType = PolicyInformation()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+id_ce_policyMappings = univ.ObjectIdentifier('2.5.29.33')
+
+class PolicyMapping(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuerDomainPolicy', CertPolicyId()),
+        namedtype.NamedType('subjectDomainPolicy', CertPolicyId())
+    )
+
+class PolicyMappings(univ.SequenceOf):
+    componentType = PolicyMapping()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+id_ce_privateKeyUsagePeriod = univ.ObjectIdentifier('2.5.29.16')
+
+class PrivateKeyUsagePeriod(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('notBefore', useful.GeneralizedTime().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+id_ce_keyUsage = univ.ObjectIdentifier('2.5.29.15')
+
+class KeyUsage(univ.BitString):
+    namedValues = namedval.NamedValues(
+        ('digitalSignature', 0),
+        ('nonRepudiation', 1),
+        ('keyEncipherment', 2),
+        ('dataEncipherment', 3),
+        ('keyAgreement', 4),
+        ('keyCertSign', 5),
+        ('cRLSign', 6),
+        ('encipherOnly', 7),
+        ('decipherOnly', 8)
+    )
+
+id_ce = univ.ObjectIdentifier('2.5.29')
+
+id_ce_authorityKeyIdentifier = univ.ObjectIdentifier('2.5.29.35')
+
+class KeyIdentifier(univ.OctetString): pass
+
+id_ce_subjectKeyIdentifier = univ.ObjectIdentifier('2.5.29.14')
+
+class SubjectKeyIdentifier(KeyIdentifier): pass
+
+class AuthorityKeyIdentifier(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('keyIdentifier', KeyIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('authorityCertIssuer', GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('authorityCertSerialNumber', CertificateSerialNumber().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+id_ce_certificateIssuer = univ.ObjectIdentifier('2.5.29.29')
+
+class CertificateIssuer(GeneralNames): pass
+
+id_ce_subjectAltName = univ.ObjectIdentifier('2.5.29.17')
+
+class SubjectAltName(GeneralNames): pass
+
+id_ce_issuerAltName = univ.ObjectIdentifier('2.5.29.18')
+
+class IssuerAltName(GeneralNames): pass
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2511.py
@@ -0,0 +1,176 @@
+#
+# X.509 certificate Request Message Format (CRMF) syntax
+#
+# ASN.1 source from:
+# http://tools.ietf.org/html/rfc2511
+#
+# Sample captures could be obtained with OpenSSL
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint, char,useful
+from pyasn1_modules.rfc2459 import *
+from pyasn1_modules import rfc2315
+
+MAX=16
+
+id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7')
+id_pkip = univ.ObjectIdentifier('1.3.6.1.5.5.7.5')
+id_regCtrl = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1')
+id_regCtrl_regToken = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.1')
+id_regCtrl_authenticator = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.2')
+id_regCtrl_pkiPublicationInfo = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.3')
+id_regCtrl_pkiArchiveOptions = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.4')
+id_regCtrl_oldCertID = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.5')
+id_regCtrl_protocolEncrKey = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.6')
+id_regInfo = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2')
+id_regInfo_utf8Pairs = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.1')
+id_regInfo_certReq = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.2')
+
+# This should be in PKIX Certificate Extensions module
+
+class GeneralName(univ.OctetString): pass
+
+# end of PKIX Certificate Extensions module
+
+class UTF8Pairs(char.UTF8String): pass
+
+class ProtocolEncrKey(SubjectPublicKeyInfo): pass
+
+class CertId(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuer', GeneralName()),
+        namedtype.NamedType('serialNumber', univ.Integer())
+    )
+
+class OldCertId(CertId): pass
+
+class KeyGenParameters(univ.OctetString): pass
+
+class EncryptedValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('intendedAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('symmAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('keyAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('encValue', univ.BitString())
+    )
+
+class EncryptedKey(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptedValue', EncryptedValue()),
+        namedtype.NamedType('envelopedData', rfc2315.EnvelopedData().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+class PKIArchiveOptions(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptedPrivKey', EncryptedKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('keyGenParameters', KeyGenParameters().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('archiveRemGenPrivKey', univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+class SinglePubInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('pubMethod', univ.Integer(namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))),
+        namedtype.OptionalNamedType('pubLocation', GeneralName())
+    )
+
+class PKIPublicationInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('action', univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))),
+        namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+class Authenticator(char.UTF8String): pass
+class RegToken(char.UTF8String): pass
+
+class SubsequentMessage(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('encrCert', 0),
+        ('challengeResp', 1)
+    )
+
+class POPOPrivKey(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('thisMessage', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('subsequentMessage', SubsequentMessage().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('dhMAC', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+class PBMParameter(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('salt', univ.OctetString()),
+        namedtype.NamedType('owf', AlgorithmIdentifier()),
+        namedtype.NamedType('iterationCount', univ.Integer()),
+        namedtype.NamedType('mac', AlgorithmIdentifier())
+    )
+
+class PKMACValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('algId', AlgorithmIdentifier()),
+        namedtype.NamedType('value', univ.BitString())
+    )
+
+class POPOSigningKeyInput(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('authInfo', univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('sender', GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('publicKeyMAC', PKMACValue())))),
+        namedtype.NamedType('publicKey', SubjectPublicKeyInfo())
+    )
+
+class POPOSigningKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('algorithmIdentifier', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString())
+    )
+
+class ProofOfPossession(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('raVerified', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('signature', POPOSigningKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('keyEncipherment', POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('keyAgreement', POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+    )
+
+class Controls(univ.SequenceOf):
+    componentType = AttributeTypeAndValue()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class OptionalValidity(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('notBefore', Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('notAfter', Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+	)
+
+class CertTemplate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('version', Version().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('signingAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('issuer', Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('validity', OptionalValidity().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.OptionalNamedType('subject', Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.OptionalNamedType('publicKey', SubjectPublicKeyInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.OptionalNamedType('issuerUID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.OptionalNamedType('subjectUID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
+        namedtype.OptionalNamedType('extensions', Extensions().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+	)
+  
+class CertRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certReqId', univ.Integer()),
+        namedtype.NamedType('certTemplate', CertTemplate()),
+        namedtype.OptionalNamedType('controls', Controls())
+	)
+
+class CertReq(CertRequest): pass
+
+class CertReqMsg(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certReq', CertRequest()),
+        namedtype.OptionalNamedType('pop', ProofOfPossession()),
+        namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+	)
+        
+class CertReqMessages(univ.SequenceOf):
+    componentType = CertReqMsg()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2560.py
@@ -0,0 +1,171 @@
+#
+# OCSP request/response syntax
+#
+# Derived from a minimal OCSP library (RFC2560) code written by
+# Bud P. Bruegger <bud@ancitel.it>
+# Copyright: Ancitel, S.p.a,  Rome, Italy
+# License: BSD
+#
+
+#
+# current limitations:
+# * request and response works only for a single certificate
+# * only some values are parsed out of the response
+# * the request does't set a nonce nor signature
+# * there is no signature validation of the response
+# * dates are left as strings in GeneralizedTime format -- datetime.datetime
+# would be nicer
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint, useful
+from pyasn1_modules import rfc2459
+
+# Start of OCSP module definitions
+
+# This should be in directory Authentication Framework (X.509) module
+
+class CRLReason(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('unspecified', 0),
+        ('keyCompromise', 1),
+        ('cACompromise', 2),
+        ('affiliationChanged', 3),
+        ('superseded', 4),
+        ('cessationOfOperation', 5),
+        ('certificateHold', 6),
+        ('removeFromCRL', 8),
+        ('privilegeWithdrawn', 9),
+        ('aACompromise', 10)
+        )
+
+# end of directory Authentication Framework (X.509) module
+
+# This should be in PKIX Certificate Extensions module
+
+class GeneralName(univ.OctetString): pass
+
+# end of PKIX Certificate Extensions module
+
+id_kp_OCSPSigning = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 3, 9))
+id_pkix_ocsp = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1))
+id_pkix_ocsp_basic = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 1))
+id_pkix_ocsp_nonce = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 2))
+id_pkix_ocsp_crl = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 3))
+id_pkix_ocsp_response = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 4))
+id_pkix_ocsp_nocheck = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 5))
+id_pkix_ocsp_archive_cutoff = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 6))
+id_pkix_ocsp_service_locator = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 7))
+
+class AcceptableResponses(univ.SequenceOf):
+    componentType = univ.ObjectIdentifier()
+
+class ArchiveCutoff(useful.GeneralizedTime): pass
+
+class UnknownInfo(univ.Null): pass
+
+class RevokedInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('revocationTime', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('revocationReason', CRLReason().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
+
+class CertID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('hashAlgorithm', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('issuerNameHash', univ.OctetString()),
+        namedtype.NamedType('issuerKeyHash', univ.OctetString()),
+        namedtype.NamedType('serialNumber', rfc2459.CertificateSerialNumber())
+        )
+
+class CertStatus(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('good', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('revoked', RevokedInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('unknown', UnknownInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        )
+
+class SingleResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certID', CertID()),
+        namedtype.NamedType('certStatus', CertStatus()),
+        namedtype.NamedType('thisUpdate', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('singleExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+        )
+
+class KeyHash(univ.OctetString): pass
+
+class ResponderID(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('byName', rfc2459.Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('byKey', KeyHash().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        )
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(('v1', 0))
+
+class ResponseData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('responderID', ResponderID()),
+        namedtype.NamedType('producedAt', useful.GeneralizedTime()),
+        namedtype.NamedType('responses', univ.SequenceOf(SingleResponse())),
+        namedtype.OptionalNamedType('responseExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+        )
+
+class BasicOCSPResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsResponseData', ResponseData()),
+        namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString()),
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(rfc2459.Certificate()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
+
+class ResponseBytes(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('responseType', univ.ObjectIdentifier()),
+        namedtype.NamedType('response', univ.OctetString())
+        )
+
+class OCSPResponseStatus(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('successful', 0),
+        ('malformedRequest', 1),
+        ('internalError', 2),
+        ('tryLater', 3),
+        ('undefinedStatus', 4),  # should never occur
+        ('sigRequired', 5),
+        ('unauthorized', 6)
+        )
+
+class OCSPResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('responseStatus',  OCSPResponseStatus()),
+        namedtype.OptionalNamedType('responseBytes', ResponseBytes().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
+
+class Request(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('reqCert', CertID()),
+        namedtype.OptionalNamedType('singleRequestExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
+
+class Signature(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString()),
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(rfc2459.Certificate()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
+
+class TBSRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('requestorName', GeneralName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('requestList', univ.SequenceOf(Request())),
+        namedtype.OptionalNamedType('requestExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        )
+
+class OCSPRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsRequest',  TBSRequest()),
+        namedtype.OptionalNamedType('optionalSignature', Signature().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc3412.py
@@ -0,0 +1,38 @@
+#
+# SNMPv3 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc3412.txt
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+from pyasn1_modules import rfc1905
+
+class ScopedPDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('contextEngineId', univ.OctetString()),
+        namedtype.NamedType('contextName', univ.OctetString()),
+        namedtype.NamedType('data', rfc1905.PDUs())
+        )
+    
+class ScopedPduData(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('plaintext', ScopedPDU()),
+        namedtype.NamedType('encryptedPDU', univ.OctetString()),
+        )
+    
+class HeaderData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('msgID', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgMaxSize', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(484, 2147483647))),
+        namedtype.NamedType('msgFlags', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 1))),
+        namedtype.NamedType('msgSecurityModel', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 2147483647)))
+        )
+
+class SNMPv3Message(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+         namedtype.NamedType('msgVersion', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+         namedtype.NamedType('msgGlobalData', HeaderData()),
+         namedtype.NamedType('msgSecurityParameters', univ.OctetString()),
+         namedtype.NamedType('msgData', ScopedPduData())
+         )
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc3414.py
@@ -0,0 +1,17 @@
+#
+# SNMPv3 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc3414.txt
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+
+class UsmSecurityParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('msgAuthoritativeEngineID', univ.OctetString()),
+        namedtype.NamedType('msgAuthoritativeEngineBoots', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgAuthoritativeEngineTime', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgUserName', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 32))),
+        namedtype.NamedType('msgAuthenticationParameters', univ.OctetString()),
+        namedtype.NamedType('msgPrivacyParameters', univ.OctetString())
+        )
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc3447.py
@@ -0,0 +1,35 @@
+#
+# PKCS#1 syntax
+#
+# ASN.1 source from:
+# ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
+#
+# Sample captures could be obtained with "openssl genrsa" command
+#
+from pyasn1_modules.rfc2437 import *
+
+class OtherPrimeInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('prime', univ.Integer()),
+        namedtype.NamedType('exponent', univ.Integer()),
+        namedtype.NamedType('coefficient', univ.Integer())
+        )
+
+class OtherPrimeInfos(univ.SequenceOf):
+    componentType = OtherPrimeInfo()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + \
+                  constraint.ValueSizeConstraint(1, MAX)
+
+class RSAPrivateKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('two-prime', 0), ('multi', 1)))),
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer()),
+        namedtype.NamedType('privateExponent', univ.Integer()),
+        namedtype.NamedType('prime1', univ.Integer()),
+        namedtype.NamedType('prime2', univ.Integer()),
+        namedtype.NamedType('exponent1', univ.Integer()),
+        namedtype.NamedType('exponent2', univ.Integer()),
+        namedtype.NamedType('coefficient', univ.Integer()),
+        namedtype.OptionalNamedType('otherPrimeInfos', OtherPrimeInfos())
+    )
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc4210.py
@@ -0,0 +1,695 @@
+#
+# Certificate Management Protocol structures as per RFC4210
+#
+# Based on Alex Railean's work
+#
+from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful
+from pyasn1_modules import rfc2459, rfc2511, rfc2314
+
+MAX = 64
+
+class KeyIdentifier(univ.OctetString): pass
+
+class CMPCertificate(rfc2459.Certificate): pass
+
+class OOBCert(CMPCertificate): pass
+
+class CertAnnContent(CMPCertificate): pass
+
+class PKIFreeText(univ.SequenceOf):
+    """
+    PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
+    """
+    componentType = char.UTF8String()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class PollRepContent(univ.SequenceOf):
+    """
+         PollRepContent ::= SEQUENCE OF SEQUENCE {
+         certReqId              INTEGER,
+         checkAfter             INTEGER,  -- time in seconds
+         reason                 PKIFreeText OPTIONAL
+     }
+    """
+    class CertReq(univ.Sequence):
+        componentType = namedtype.NamedTypes(
+            namedtype.NamedType('certReqId', univ.Integer()),
+            namedtype.NamedType('checkAfter', univ.Integer()),
+            namedtype.OptionalNamedType('reason', PKIFreeText())
+        )
+    componentType = CertReq()
+
+class PollReqContent(univ.SequenceOf):
+    """
+         PollReqContent ::= SEQUENCE OF SEQUENCE {
+         certReqId              INTEGER
+     }
+
+    """
+    class CertReq(univ.Sequence):
+        componentType = namedtype.NamedTypes(
+            namedtype.NamedType('certReqId', univ.Integer())
+        )
+    componentType = CertReq()
+
+class InfoTypeAndValue(univ.Sequence):
+    """
+    InfoTypeAndValue ::= SEQUENCE {
+     infoType               OBJECT IDENTIFIER,
+     infoValue              ANY DEFINED BY infoType  OPTIONAL
+    }"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('infoType', univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('infoValue', univ.Any())
+    )
+
+class GenRepContent(univ.SequenceOf):
+    componentType = InfoTypeAndValue()
+
+class GenMsgContent(univ.SequenceOf):
+    componentType = InfoTypeAndValue()
+
+class PKIConfirmContent(univ.Null): pass
+
+class CRLAnnContent(univ.SequenceOf):
+    componentType = rfc2459.CertificateList()
+
+class CAKeyUpdAnnContent(univ.Sequence):
+    """
+    CAKeyUpdAnnContent ::= SEQUENCE {
+         oldWithNew   CMPCertificate,
+         newWithOld   CMPCertificate,
+         newWithNew   CMPCertificate
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('oldWithNew', CMPCertificate()),
+        namedtype.NamedType('newWithOld', CMPCertificate()),
+        namedtype.NamedType('newWithNew', CMPCertificate())
+    )
+
+class RevDetails(univ.Sequence):
+    """
+    RevDetails ::= SEQUENCE {
+         certDetails         CertTemplate,
+         crlEntryDetails     Extensions       OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certDetails', rfc2511.CertTemplate()),
+        namedtype.OptionalNamedType('crlEntryDetails', rfc2459.Extensions())
+    )
+ 
+class RevReqContent(univ.SequenceOf):
+    componentType = RevDetails()
+
+class CertOrEncCert(univ.Choice):
+    """
+     CertOrEncCert ::= CHOICE {
+         certificate     [0] CMPCertificate,
+         encryptedCert   [1] EncryptedValue
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certificate', CMPCertificate().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            )
+        ),
+        namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+            )
+        )
+    )
+
+class CertifiedKeyPair(univ.Sequence):
+    """
+    CertifiedKeyPair ::= SEQUENCE {
+         certOrEncCert       CertOrEncCert,
+         privateKey      [0] EncryptedValue      OPTIONAL,
+         publicationInfo [1] PKIPublicationInfo  OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certOrEncCert', CertOrEncCert()),
+        namedtype.OptionalNamedType('privateKey', rfc2511.EncryptedValue().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            )
+        ),
+        namedtype.OptionalNamedType('publicationInfo', rfc2511.PKIPublicationInfo().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+            )
+        )
+    )
+ 
+
+class POPODecKeyRespContent(univ.SequenceOf):
+    componentType = univ.Integer()
+
+class Challenge(univ.Sequence):
+    """
+    Challenge ::= SEQUENCE {
+         owf                 AlgorithmIdentifier  OPTIONAL,
+         witness             OCTET STRING,
+         challenge           OCTET STRING
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('owf', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('witness', univ.OctetString()),
+        namedtype.NamedType('challenge', univ.OctetString())
+    )
+
+class PKIStatus(univ.Integer):
+    """
+    PKIStatus ::= INTEGER {
+         accepted                (0),
+         grantedWithMods        (1),
+         rejection              (2),
+         waiting                (3),
+         revocationWarning      (4),
+         revocationNotification (5),
+         keyUpdateWarning       (6)
+     }
+    """
+    namedValues = namedval.NamedValues(
+        ('accepted', 0),
+        ('grantedWithMods', 1),
+        ('rejection', 2),
+        ('waiting', 3),
+        ('revocationWarning', 4),
+        ('revocationNotification', 5),
+        ('keyUpdateWarning', 6)
+    )
+ 
+class PKIFailureInfo(univ.BitString):
+    """
+    PKIFailureInfo ::= BIT STRING {
+         badAlg              (0),
+         badMessageCheck     (1),
+         badRequest          (2),
+         badTime             (3),
+         badCertId           (4),
+         badDataFormat       (5),
+         wrongAuthority      (6),
+         incorrectData       (7),
+         missingTimeStamp    (8),
+         badPOP              (9),
+         certRevoked         (10),
+         certConfirmed       (11),
+         wrongIntegrity      (12),
+         badRecipientNonce   (13),
+         timeNotAvailable    (14),
+         unacceptedPolicy    (15),
+         unacceptedExtension (16),
+         addInfoNotAvailable (17),
+         badSenderNonce      (18),
+         badCertTemplate     (19),
+         signerNotTrusted    (20),
+         transactionIdInUse  (21),
+         unsupportedVersion  (22),
+         notAuthorized       (23),
+         systemUnavail       (24),
+         systemFailure       (25),
+         duplicateCertReq    (26)
+    """
+    namedValues = namedval.NamedValues(
+        ('badAlg', 0),
+        ('badMessageCheck', 1),
+        ('badRequest', 2),
+        ('badTime', 3),
+        ('badCertId', 4),
+        ('badDataFormat', 5),
+        ('wrongAuthority', 6),
+        ('incorrectData', 7),
+        ('missingTimeStamp', 8),
+        ('badPOP', 9),
+        ('certRevoked', 10),
+        ('certConfirmed', 11),
+        ('wrongIntegrity', 12),
+        ('badRecipientNonce', 13),
+        ('timeNotAvailable', 14),
+        ('unacceptedPolicy', 15),
+        ('unacceptedExtension', 16),
+        ('addInfoNotAvailable', 17),
+        ('badSenderNonce', 18),
+        ('badCertTemplate', 19),
+        ('signerNotTrusted', 20),
+        ('transactionIdInUse', 21),
+        ('unsupportedVersion', 22),
+        ('notAuthorized', 23),
+        ('systemUnavail', 24),
+        ('systemFailure', 25),
+        ('duplicateCertReq', 26)
+    )
+
+class PKIStatusInfo(univ.Sequence):
+    """
+    PKIStatusInfo ::= SEQUENCE {
+         status        PKIStatus,
+         statusString  PKIFreeText     OPTIONAL,
+         failInfo      PKIFailureInfo  OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('status', PKIStatus()),
+        namedtype.OptionalNamedType('statusString', PKIFreeText()),
+        namedtype.OptionalNamedType('failInfo', PKIFailureInfo())
+        )
+
+class ErrorMsgContent(univ.Sequence):
+    """
+    ErrorMsgContent ::= SEQUENCE {
+         pKIStatusInfo          PKIStatusInfo,
+         errorCode              INTEGER           OPTIONAL,
+         -- implementation-specific error codes
+         errorDetails           PKIFreeText       OPTIONAL
+         -- implementation-specific error details
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('pKIStatusInfo', PKIStatusInfo()),
+        namedtype.OptionalNamedType('errorCode', univ.Integer()),
+        namedtype.OptionalNamedType('errorDetails', PKIFreeText())
+    )
+
+class CertStatus(univ.Sequence):
+    """
+    CertStatus ::= SEQUENCE {
+        certHash    OCTET STRING,
+        certReqId   INTEGER,
+        statusInfo  PKIStatusInfo OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certHash', univ.OctetString()),
+        namedtype.NamedType('certReqId', univ.Integer()),
+        namedtype.OptionalNamedType('statusInfo', PKIStatusInfo())
+    )
+
+class CertConfirmContent(univ.SequenceOf):
+    componentType = CertStatus()
+
+class RevAnnContent(univ.Sequence):
+    """
+    RevAnnContent ::= SEQUENCE {
+         status              PKIStatus,
+         certId              CertId,
+         willBeRevokedAt     GeneralizedTime,
+         badSinceDate        GeneralizedTime,
+         crlDetails          Extensions  OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('status', PKIStatus()),
+        namedtype.NamedType('certId', rfc2511.CertId()),
+        namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()),
+        namedtype.NamedType('badSinceDate', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions())
+    )
+
+class RevRepContent(univ.Sequence):
+    """
+    RevRepContent ::= SEQUENCE {
+         status       SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
+         revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId
+                                             OPTIONAL,
+         crls     [1] SEQUENCE SIZE (1..MAX) OF CertificateList
+                                             OPTIONAL
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('status', PKIStatusInfo()),
+        namedtype.OptionalNamedType('revCerts', univ.SequenceOf(
+                componentType=rfc2511.CertId()
+            ).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            )
+        ),
+        namedtype.OptionalNamedType('crls', univ.SequenceOf(
+                componentType=rfc2459.CertificateList()
+            ).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+            )
+        )
+    )
+
+class KeyRecRepContent(univ.Sequence):
+    """
+    KeyRecRepContent ::= SEQUENCE {
+         status                  PKIStatusInfo,
+         newSigCert          [0] CMPCertificate OPTIONAL,
+         caCerts             [1] SEQUENCE SIZE (1..MAX) OF
+                                             CMPCertificate OPTIONAL,
+         keyPairHist         [2] SEQUENCE SIZE (1..MAX) OF
+                                             CertifiedKeyPair OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('status', PKIStatusInfo()),
+        namedtype.OptionalNamedType('newSigCert', CMPCertificate().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            )
+        ),
+        namedtype.OptionalNamedType('caCerts', univ.SequenceOf(
+                componentType=CMPCertificate()
+            ).subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1),
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+            )
+        ),
+        namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf(
+                componentType=CertifiedKeyPair()
+            ).subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2),
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+            )
+        )
+    )
+ 
+class CertResponse(univ.Sequence):
+    """
+    CertResponse ::= SEQUENCE {
+         certReqId           INTEGER,
+         status              PKIStatusInfo,
+         certifiedKeyPair    CertifiedKeyPair    OPTIONAL,
+         rspInfo             OCTET STRING        OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certReqId', univ.Integer()),
+        namedtype.NamedType('status', PKIStatusInfo()),
+        namedtype.OptionalNamedType('certifiedKeyPair', CertifiedKeyPair()),
+        namedtype.OptionalNamedType('rspInfo', univ.OctetString())
+    )
+
+class CertRepMessage(univ.Sequence):
+    """
+    CertRepMessage ::= SEQUENCE {
+         caPubs       [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+                          OPTIONAL,
+         response         SEQUENCE OF CertResponse
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('caPubs', univ.SequenceOf(
+                componentType=CMPCertificate()
+            ).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
+            )
+        ),
+        namedtype.NamedType('response', univ.SequenceOf(
+                componentType=CertResponse())
+            )
+    )
+
+class POPODecKeyChallContent(univ.SequenceOf):
+    componentType = Challenge()
+
+class OOBCertHash(univ.Sequence):
+    """
+    OOBCertHash ::= SEQUENCE {
+         hashAlg     [0] AlgorithmIdentifier     OPTIONAL,
+         certId      [1] CertId                  OPTIONAL,
+         hashVal         BIT STRING
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('hashAlg',
+                                    rfc2459.AlgorithmIdentifier().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0)
+            )
+        ),
+        namedtype.OptionalNamedType('certId', rfc2511.CertId().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
+            )
+        ),
+        namedtype.NamedType('hashVal', univ.BitString())
+    )
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+class NestedMessageContent(univ.SequenceOf):
+    """
+    NestedMessageContent ::= PKIMessages
+    """
+    componentType = univ.Any()
+
+class DHBMParameter(univ.Sequence):
+    """
+    DHBMParameter ::= SEQUENCE {
+         owf                 AlgorithmIdentifier,
+         -- AlgId for a One-Way Function (SHA-1 recommended)
+         mac                 AlgorithmIdentifier
+         -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
+     }   -- or HMAC [RFC2104, RFC2202])
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
+    )
+
+id_DHBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.30')
+
+class PBMParameter(univ.Sequence):
+    """
+    PBMParameter ::= SEQUENCE {
+         salt                OCTET STRING,
+         owf                 AlgorithmIdentifier,
+         iterationCount      INTEGER,
+         mac                 AlgorithmIdentifier
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('salt', univ.OctetString().subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(0, 128)
+            )
+        ),
+        namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('iterationCount', univ.Integer()),
+        namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
+    )
+
+id_PasswordBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.13')
+
+class PKIProtection(univ.BitString): pass
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+nestedMessageContent = NestedMessageContent().subtype(explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20))
+ 
+class PKIBody(univ.Choice):
+    """
+    PKIBody ::= CHOICE {       -- message-specific body elements
+         ir       [0]  CertReqMessages,        --Initialization Request
+         ip       [1]  CertRepMessage,         --Initialization Response
+         cr       [2]  CertReqMessages,        --Certification Request
+         cp       [3]  CertRepMessage,         --Certification Response
+         p10cr    [4]  CertificationRequest,   --imported from [PKCS10]
+         popdecc  [5]  POPODecKeyChallContent, --pop Challenge
+         popdecr  [6]  POPODecKeyRespContent,  --pop Response
+         kur      [7]  CertReqMessages,        --Key Update Request
+         kup      [8]  CertRepMessage,         --Key Update Response
+         krr      [9]  CertReqMessages,        --Key Recovery Request
+         krp      [10] KeyRecRepContent,       --Key Recovery Response
+         rr       [11] RevReqContent,          --Revocation Request
+         rp       [12] RevRepContent,          --Revocation Response
+         ccr      [13] CertReqMessages,        --Cross-Cert. Request
+         ccp      [14] CertRepMessage,         --Cross-Cert. Response
+         ckuann   [15] CAKeyUpdAnnContent,     --CA Key Update Ann.
+         cann     [16] CertAnnContent,         --Certificate Ann.
+         rann     [17] RevAnnContent,          --Revocation Ann.
+         crlann   [18] CRLAnnContent,          --CRL Announcement
+         pkiconf  [19] PKIConfirmContent,      --Confirmation
+         nested   [20] NestedMessageContent,   --Nested Message
+         genm     [21] GenMsgContent,          --General Message
+
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ir', rfc2511.CertReqMessages().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0)
+            )
+        ),
+        namedtype.NamedType('ip', CertRepMessage().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
+            )
+        ),
+        namedtype.NamedType('cr', rfc2511.CertReqMessages().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,2)
+            )
+        ),
+        namedtype.NamedType('cp', CertRepMessage().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,3)
+            )
+        ),
+        namedtype.NamedType('p10cr', rfc2314.CertificationRequest().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,4)
+            )
+        ),
+        namedtype.NamedType('popdecc', POPODecKeyChallContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,5)
+            )
+        ),
+        namedtype.NamedType('popdecr', POPODecKeyRespContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,6)
+            )
+        ),
+        namedtype.NamedType('kur', rfc2511.CertReqMessages().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,7)
+            )
+        ),
+        namedtype.NamedType('kup', CertRepMessage().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,8)
+            )
+        ),
+        namedtype.NamedType('krr', rfc2511.CertReqMessages().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,9)
+            )
+        ),
+        namedtype.NamedType('krp', KeyRecRepContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,10)
+            )
+        ),
+        namedtype.NamedType('rr', RevReqContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,11)
+            )
+        ),
+        namedtype.NamedType('rp', RevRepContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,12)
+            )
+        ),
+        namedtype.NamedType('ccr', rfc2511.CertReqMessages().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,13)
+            )
+        ),
+        namedtype.NamedType('ccp', CertRepMessage().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,14)
+            )
+        ),
+        namedtype.NamedType('ckuann', CAKeyUpdAnnContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,15)
+            )
+        ),
+        namedtype.NamedType('cann', CertAnnContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,16)
+            )
+        ),
+        namedtype.NamedType('rann', RevAnnContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,17)
+            )
+        ),
+        namedtype.NamedType('crlann', CRLAnnContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,18)
+            )
+        ),
+        namedtype.NamedType('pkiconf', PKIConfirmContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,19)
+            )
+        ),
+        namedtype.NamedType('nested', nestedMessageContent),
+#        namedtype.NamedType('nested', NestedMessageContent().subtype(
+#            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20)
+#            )
+#        ),
+        namedtype.NamedType('genm', GenMsgContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,21)
+            )
+        )
+    )
+
+
+class PKIHeader(univ.Sequence):
+    """
+    PKIHeader ::= SEQUENCE {
+    pvno                INTEGER     { cmp1999(1), cmp2000(2) },
+    sender              GeneralName,
+    recipient           GeneralName,
+    messageTime     [0] GeneralizedTime         OPTIONAL,
+    protectionAlg   [1] AlgorithmIdentifier     OPTIONAL,
+    senderKID       [2] KeyIdentifier           OPTIONAL,
+    recipKID        [3] KeyIdentifier           OPTIONAL,
+    transactionID   [4] OCTET STRING            OPTIONAL,
+    senderNonce     [5] OCTET STRING            OPTIONAL,
+    recipNonce      [6] OCTET STRING            OPTIONAL,
+    freeText        [7] PKIFreeText             OPTIONAL,
+    generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
+                     InfoTypeAndValue     OPTIONAL
+    }
+
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('pvno', univ.Integer(
+                namedValues=namedval.NamedValues(    
+                    ('cmp1999', 1), 
+                    ('cmp2000', 2)    
+                )
+            )
+        ),
+        namedtype.NamedType('sender', rfc2459.GeneralName()),
+        namedtype.NamedType('recipient', rfc2459.GeneralName()),
+        namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+        namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+        namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+        namedtype.OptionalNamedType('freeText', PKIFreeText().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))),
+        namedtype.OptionalNamedType('generalInfo',
+            univ.SequenceOf(
+                componentType=InfoTypeAndValue().subtype( 
+                    subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)
+                    )
+                )
+            )
+        )
+
+class ProtectedPart(univ.Sequence):
+    """
+     ProtectedPart ::= SEQUENCE {
+         header    PKIHeader,
+         body      PKIBody
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('header', PKIHeader()),
+        namedtype.NamedType('infoValue', PKIBody())
+        )
+
+class PKIMessage(univ.Sequence):
+    """
+    PKIMessage ::= SEQUENCE {
+    header           PKIHeader,
+    body             PKIBody,
+    protection   [0] PKIProtection OPTIONAL,
+    extraCerts   [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+                  OPTIONAL
+     }"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('header', PKIHeader()),
+        namedtype.NamedType('body', PKIBody()),
+        namedtype.OptionalNamedType('protection', PKIProtection().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType( 'extraCerts',
+            univ.SequenceOf(
+                componentType=CMPCertificate()
+            ).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+            )
+        )
+    )
+
+class PKIMessages(univ.SequenceOf):
+    """
+    PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
+    """
+    componentType = PKIMessage()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+NestedMessageContent.componentType = PKIMessages()
+nestedMessageContent.componentType = PKIMessages()
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc5208.py
@@ -0,0 +1,39 @@
+#
+# PKCS#8 syntax
+#
+# ASN.1 source from:
+# http://tools.ietf.org/html/rfc5208
+#
+# Sample captures could be obtained with "openssl pkcs8 -topk8" command
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint
+from pyasn1_modules.rfc2459 import *
+from pyasn1_modules import rfc2251
+
+class KeyEncryptionAlgorithms(AlgorithmIdentifier): pass
+
+class PrivateKeyAlgorithms(AlgorithmIdentifier): pass
+
+class EncryptedData(univ.OctetString): pass
+
+class EncryptedPrivateKeyInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptionAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('encryptedData', EncryptedData())
+    )
+
+class PrivateKey(univ.OctetString): pass
+
+class Attributes(univ.SetOf):
+    componentType = rfc2251.Attribute()
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(('v1', 0), ('v2', 1)) 
+
+class PrivateKeyInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('privateKeyAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('privateKey', PrivateKey()),
+        namedtype.OptionalNamedType('attributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/setup.cfg
@@ -0,0 +1,5 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+tag_svn_revision = 0
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/setup.py
@@ -0,0 +1,89 @@
+#!/usr/bin/env python
+"""A collection of ASN.1-based protocols modules.
+
+   A collection of ASN.1 modules expressed in form of pyasn1 classes.
+   Includes protocols PDUs definition (SNMP, LDAP etc.) and various
+   data structures (X.509, PKCS etc.).
+"""
+
+classifiers = """\
+Development Status :: 5 - Production/Stable
+Environment :: Console
+Intended Audience :: Developers
+Intended Audience :: Education
+Intended Audience :: Information Technology
+Intended Audience :: Science/Research
+Intended Audience :: System Administrators
+Intended Audience :: Telecommunications Industry
+License :: OSI Approved :: BSD License
+Natural Language :: English
+Operating System :: OS Independent
+Programming Language :: Python :: 2
+Programming Language :: Python :: 3
+Topic :: Communications
+Topic :: Security :: Cryptography
+Topic :: Software Development :: Libraries :: Python Modules
+"""
+
+def howto_install_distribute():
+    print("""
+   Error: You need the distribute Python package!
+
+   It's very easy to install it, just type (as root on Linux):
+
+   wget http://python-distribute.org/distribute_setup.py
+   python distribute_setup.py
+
+   Then you could make eggs from this package.
+""")
+
+def howto_install_setuptools():
+    print("""
+   Error: You need setuptools Python package!
+
+   It's very easy to install it, just type (as root on Linux):
+
+   wget http://peak.telecommunity.com/dist/ez_setup.py
+   python ez_setup.py
+
+   Then you could make eggs from this package.
+""")
+
+try:
+    from setuptools import setup
+    params = {
+        'install_requires': [ 'pyasn1>=0.1.4' ],
+        'zip_safe': True
+        }    
+except ImportError:
+    import sys
+    for arg in sys.argv:
+        if arg.find('egg') != -1:
+            if sys.version_info[0] > 2:
+                howto_install_distribute()
+            else:
+                howto_install_setuptools()
+            sys.exit(1)
+    from distutils.core import setup
+    params = {}
+    if sys.version_info[:2] > (2, 4):
+        params['requires'] = [ 'pyasn1(>=0.1.4)' ]
+
+doclines = [ x.strip() for x in __doc__.split('\n') if x ]
+
+params.update( {
+    'name': 'pyasn1-modules',
+    'version': open('pyasn1_modules/__init__.py').read().split('\'')[1],
+    'description': doclines[0],
+    'long_description': ' '.join(doclines[1:]),
+    'maintainer': 'Ilya Etingof <ilya@glas.net>',
+    'author': 'Ilya Etingof',
+    'author_email': 'ilya@glas.net',
+    'url': 'http://sourceforge.net/projects/pyasn1/',
+    'platforms': ['any'],
+    'classifiers': [ x for x in classifiers.split('\n') if x ],
+    'license': 'BSD',
+    'packages': [ 'pyasn1_modules' ]
+    } )
+
+setup(**params)
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/test/cmp.sh
@@ -0,0 +1,93 @@
+#!/bin/sh
+
+cmpdump.py <<EOT
+MIITuTCCARECAQKkWTBXMQswCQYDVQQGEwJUUjEQMA4GA1UEChMHRS1HdXZlbjEUMBIGA1UECxML
+VHJ1c3RDZW50ZXIxIDAeBgNVBAMTF1JTQSBTZWN1cml0eSBDTVAgU2VydmVypC0wKzELMAkGA1UE
+BhMCVFIxHDAaBgNVBAMME1ZhbGltby1WZXR0b3ItMTdEZWOgERgPMjAxMjA1MDMxMTE2MTdaoQ8w
+DQYJKoZIhvcNAQEFBQCiIgQgZWVhMjg5MGU2ZGY5N2IyNzk5NWY2MWE0MzE2MzI1OWGkEgQQQ01Q
+VjJUMTIyMzM0NjI3MKUSBBCAAAABgAAAAYAAAAGAAAABphIEEDEzNjY0NDMwMjlSYW5kb22jghIZ
+MIISFaGCC84wggvKMIIFwDCCBKigAwIBAgIQfOVE05R616R6Nqgu3drXHzANBgkqhkiG9w0BAQUF
+ADBxMQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5T
+LjE4MDYGA1UEAxMvZS1HdXZlbiBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2FnbGF5aWNp
+c2kwHhcNMDgxMTI0MTAwMzI0WhcNMTYxMjE0MTExNzI0WjBdMQswCQYDVQQGEwJUUjEoMCYGA1UE
+CgwfRWxla3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5TLjEkMCIGA1UEAwwbZS1HdXZlbiBNb2Jp
+bCBUZXN0VVRGLTgtU09OMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqaymRo5chRK
+EKrhjWQky1HOm6b/Jy4tSUuo4vq3O9U3G2osOU/hHb6fyMmznLpc6CaZ3qKYiuDMFRW8g1kNjEjV
+sFSvH0Yd4qgwP1+qqzhBSe+nCAnEbRUrz+nXJ4fKhmGaQ+ZSic+MeyoqDsf/zENKqdV7ea9l3Ilu
+Rj93bmTxas9aWPWQ/U/fpwkwRXaqaONlM5e4GWdgA7T1aq106NvH1z6LDNXcMYw4lSZkj/UjmM/0
+NhVz+57Ib4a0bogTaBmm8a1E5NtzkcA7pgnZT8576T0UoiOpEo+NAELA1B0mRh1/82HK1/0xn1zt
+1ym4XZRtn2r2l/wTeEwU79ALVQIDAQABo4ICZjCCAmIwfAYIKwYBBQUHAQEEcDBuMDIGCCsGAQUF
+BzABhiZodHRwOi8vdGVzdG9jc3AyLmUtZ3V2ZW4uY29tL29jc3AueHVkYTA4BggrBgEFBQcwAoYs
+aHR0cDovL3d3dy5lLWd1dmVuLmNvbS9kb2N1bWVudHMvVGVzdEtvay5jcnQwDgYDVR0PAQH/BAQD
+AgEGMA8GA1UdEwEB/wQFMAMBAf8wggElBgNVHSAEggEcMIIBGDCCARQGCWCGGAMAAQECATCCAQUw
+NgYIKwYBBQUHAgEWKmh0dHA6Ly93d3cuZS1ndXZlbi5jb20vZG9jdW1lbnRzL05FU1VFLnBkZjCB
+ygYIKwYBBQUHAgIwgb0egboAQgB1ACAAcwBlAHIAdABpAGYAaQBrAGEAIABpAGwAZQAgAGkAbABn
+AGkAbABpACAAcwBlAHIAdABpAGYAaQBrAGEAIAB1AHkAZwB1AGwAYQBtAGEAIABlAHMAYQBzAGwA
+YQByATEAbgExACAAbwBrAHUAbQBhAGsAIABpAOcAaQBuACAAYgBlAGwAaQByAHQAaQBsAGUAbgAg
+AGQAbwBrAPwAbQBhAG4BMQAgAGEA5wExAG4BMQB6AC4wWAYDVR0fBFEwTzBNoEugSYZHaHR0cDov
+L3Rlc3RzaWwuZS1ndXZlbi5jb20vRWxla3Ryb25pa0JpbGdpR3V2ZW5saWdpQVNSb290L0xhdGVz
+dENSTC5jcmwwHQYDVR0OBBYEFLMoTImEKeXbqNjbYZkKshQi2vwzMB8GA1UdIwQYMBaAFGCI4dY9
+qCIkag0hwBgz5haCSNl0MA0GCSqGSIb3DQEBBQUAA4IBAQAWOsmvpoFB9sX2aq1/LjPDJ+A5Fpxm
+0XkOGM9yD/FsLfWgyv2HqBY1cVM7mjJfJ1ezkS0ODdlU6TyN5ouvAi21V9CIk69I3eUYSDjPpGia
+qcCCvJoMF0QD7B70kj2zW7IJ7pF11cbvPLaatdzojsH9fVfKtxtn/ZLrXtKsyUW5vKHOeniU6BBB
+Gl/ZZkFNXNN4mrB+B+wDV9OmdMw+Mc8KPq463hJQRat5a9lrXMdNtMAJOkvsUUzOemAsITjXWlyg
+BULijBhi8ZmMp0W7p6oKENX3vH2HCPCGQU29WIrK4iUoscjz93fB6oa4FQpxY0k3JRnWvD5FqkRD
+FKJdq/q9MIIDzzCCAregAwIBAgIQa34pJYdDFNXx90OkMkKzIjANBgkqhkiG9w0BAQUFADBxMQsw
+CQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5TLjE4MDYG
+A1UEAxMvZS1HdXZlbiBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2FnbGF5aWNpc2kwHhcN
+MDYxMjE1MTUxMzU0WhcNMTYxMjE1MTExMzU0WjBxMQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxl
+a3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5TLjE4MDYGA1UEAxMvZS1HdXZlbiBFbGVrdHJvbmlr
+IFNlcnRpZmlrYSBIaXptZXQgU2FnbGF5aWNpc2kwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCU/PTxSkcWPJMx4UO8L8ep9/JqRgAZ79EqYWgR4K2bNLgENpc5j0hO+QydgovFODzkEIBP
+RIBavMz9Cw2PONpSBmxd4K1A/5hGqoGEz8UCA2tIx4+Z2A9AQ2O3BYi9FWM+0D1brJDO+6yvX4m5
+Rf3mLlso52NIVV705fIkmOExHjdAj/xB0/LICZMfwKn8F19Jae/SQv9cFnptbNRCq8hU5zLRngpR
+eT1PYrZVV0XLbzbDPwgzLXCzDxG1atdGd5JRTnD58qM1foC3+hGafuyissMQVGnBQFlsx7V6OdlD
+bsxUXegCl2li0RpRJXLqyqMdtEplaznKp8NnbddylfrPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB
+hjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFGCI4dY9qCIkag0hwBgz5haCSNl0MB0GA1Ud
+DgQWBBRgiOHWPagiJGoNIcAYM+YWgkjZdDANBgkqhkiG9w0BAQUFAAOCAQEAKftTVjgltZJxXwDs
+MumguOSlljOQjotVVpES1QYwo3a5RQVpKuS4KYDEdWLD4ITtDNOA/iGKYWCNyKsE1BCL66irknZw
+iR6p6P+q2Wf7fGYSwUBcSBwWBTA+0EgpvPL3/vRuVVCVgC8XHBr72jKKTg9Nwcj+1FwXGZTDpjX8
+dzPhTXEWceQcDn2FRdNt6BQad9Hdq08lMHiyozsWniYZYuWpud91i8Pl698H9t0KqiJg6rPKc9kd
+z9QyC8E/cLIJgYhvfzXMxvmSjeSSFSqTHioqfpU3k8AWXuxqJUxbdQ8QrVaTXRByzEr1Ze0TYpDs
+oel1PjC9ouO8bC7cGrbCWzCCAi8wggGYAhBlEjJUo9asY2ISG4oHjcpzMA0GCSqGSIb3DQEBBQUA
+MFoxCzAJBgNVBAYTAlRSMRAwDgYDVQQKEwdFLUd1dmVuMRQwEgYDVQQLEwtUcnVzdENlbnRlcjEj
+MCEGA1UEAxMaRS1HdXZlblRFU1RDQUhTTSBTeXN0ZW0gQ0EwHhcNMDkxMTMwMjIxMzEzWhcNMTYx
+MTMwMTkxMTUxWjBXMQswCQYDVQQGEwJUUjEQMA4GA1UEChMHRS1HdXZlbjEUMBIGA1UECxMLVHJ1
+c3RDZW50ZXIxIDAeBgNVBAMTF1JTQSBTZWN1cml0eSBDTVAgU2VydmVyMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDCaZeJerGULW+1UPSu9T0voPNgzPcihXX6G5Q45nS4RNCe+pOc226EtD51
+wu6Eq2oARpZmCrKPn63EFmHEE04dRDr8MS2LHuZK8xslIx/AvPnV568795EPoAyhGIX9Na9ZHhnI
+zSPWmWfBd9bsQiLVF7C9dOvfW125mtywWXELewIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAAiIse/x
+aWwRWUM0CIzfnoXfrgyLdKVykK7dTPgoMJgAx229uN6VTPyk+E+lTKq9PhK+e/VJNNg9PjSFjKFd
+lfSDOi9ne1xOrb7cNTjw+sGf1mfNWyzizLXa7su7ISFN+GaClmAstH9vXsRxg1oh3pFMJv47I6iw
+gUQlwwg8WsY/MIIGPzCCBjsCAQAwAwIBADCCBi+gggYrMIIGJzCCBQ+gAwIBAgIRALGVtVAeoM1x
+gjgOX3alZ5MwDQYJKoZIhvcNAQEFBQAwXTELMAkGA1UEBhMCVFIxKDAmBgNVBAoMH0VsZWt0cm9u
+aWsgQmlsZ2kgR3V2ZW5saWdpIEEuUy4xJDAiBgNVBAMMG2UtR3V2ZW4gTW9iaWwgVGVzdFVURi04
+LVNPTjAeFw0xMjA1MDMxMTE2MTdaFw0xMzA1MDMxMTE2MTdaMGoxCzAJBgNVBAYTAlRSMREwDwYD
+VQQKDAhGaXJlIExMVDEbMBkGA1UECwwScG9wQ29kZSAtIDEyMzQ1Njc4MRQwEgYDVQQFEws3NjU0
+MzQ1Njc2NTEVMBMGA1UEAwwMQnVyYWsgWW9uZGVtMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQCpfSB7xcsHZR4E27yGHkzUJx1y2iknzX4gRM2acyPljRw/V5Lm7POrfWIX9UF2sxfYfRqxYmD0
++nw72nx8R/5AFQK0BfjHxIc5W1YekMHF8PSORo9rJqcX+qn+NBYwqcJl4EdObTcOtMWC6ws6n0uA
+oDvYYN0ujkua496sp+INiQIDAQABo4IDVzCCA1MwQgYIKwYBBQUHAQEENjA0MDIGCCsGAQUFBzAB
+hiZodHRwOi8vdGVzdG9jc3AyLmUtZ3V2ZW4uY29tL29jc3AueHVkYTAfBgNVHSMEGDAWgBSzKEyJ
+hCnl26jY22GZCrIUItr8MzCCAXIGA1UdIASCAWkwggFlMIGxBgZghhgDAAEwgaYwNgYIKwYBBQUH
+AgEWKmh0dHA6Ly93d3cuZS1ndXZlbi5jb20vZG9jdW1lbnRzL05FU1VFLnBkZjBsBggrBgEFBQcC
+AjBgGl5CdSBzZXJ0aWZpa2EsIDUwNzAgc2F5xLFsxLEgRWxla3Ryb25payDEsG16YSBLYW51bnVu
+YSBnw7ZyZSBuaXRlbGlrbGkgZWxla3Ryb25payBzZXJ0aWZpa2FkxLFyMIGuBglghhgDAAEBAQMw
+gaAwNwYIKwYBBQUHAgEWK2h0dHA6Ly93d3cuZS1ndXZlbi5jb20vZG9jdW1lbnRzL01LTkVTSS5w
+ZGYwZQYIKwYBBQUHAgIwWRpXQnUgc2VydGlmaWthLCBNS05FU0kga2Fwc2FtxLFuZGEgeWF5xLFu
+bGFubcSxxZ8gYmlyIG5pdGVsaWtsaSBlbGVrdHJvbmlrIHNlcnRpZmlrYWTEsXIuMA4GA1UdDwEB
+/wQEAwIGwDCBgwYIKwYBBQUHAQMEdzB1MAgGBgQAjkYBATBpBgtghhgBPQABp04BAQxaQnUgc2Vy
+dGlmaWthLCA1MDcwIHNheWlsaSBFbGVrdHJvbmlrIEltemEgS2FudW51bmEgZ8O2cmUgbml0ZWxp
+a2xpIGVsZWt0cm9uaWsgc2VydGlmaWthZGlyMEUGA1UdCQQ+MDwwFAYIKwYBBQUHCQIxCAQGQW5r
+YXJhMBIGCCsGAQUFBwkBMQYEBDE5NzkwEAYIKwYBBQUHCQQxBAQCVFIwGAYDVR0RBBEwD4ENZmly
+ZUBmaXJlLmNvbTBgBgNVHR8EWTBXMFWgU6BRhk9odHRwOi8vdGVzdHNpbC5lLWd1dmVuLmNvbS9F
+bGVrdHJvbmlrQmlsZ2lHdXZlbmxpZ2lBU01LTkVTSS1VVEYtOC9MYXRlc3RDUkwuY3JsMB0GA1Ud
+DgQWBBSLG9aIb1k2emFLCpM93kXJkWhzuTANBgkqhkiG9w0BAQUFAAOCAQEACoGCn4bzDWLzs799
+rndpB971UD2wbwt8Hkw1MGZkkJVQeVF4IS8FacAyYk5vY8ONuTA/Wsh4x23v9WTCtO89HMTz81eU
+BclqZ2Gc2UeMq7Y4FQWR8PNCMdCsxVVhpRRE6jQAyyR9YEBHQYVLfy34e3+9G/h/BR73VGHZJdZI
+DDJYd+VWXmUD9kGk/mI35qYdzN3O28KI8sokqX0z2hvkpDKuP4jNXSCHcVkK23tX2x5m6m0LdqVn
+vnCx2LfBn1wf1u7q30p/GgMVX+mR3QHs7feGewEjlkxuEyLVVD+uBwWCT6zcad17oaAyXV5RV28L
+vH0WNg6pFUpwOP0l+nIOqqCBhAOBgQBAtTB5Qd18sTxEKhSzRiN2OycFPrqoqlZZTHBohe8bE2D4
+Xc1ejkFWUEvQivkqJxCD6C7I37xgDaq8DZnaczIBxbPkY0QMdeL4MiEqlw/tlrJGrWoC5Twb0t/m
+JA5RSwQoMDYTj2WrwtM/nsP12T39or4JRZhlLSM43IaTwEBtQw==
+EOT
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/test/crl.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+crldump.py <<EOT
+-----BEGIN X509 CRL-----
+MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTETMBEGA1UE
+CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
+MRUwEwYDVQQDEwxzbm1wbGFicy5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ac25t
+cGxhYnMuY29tFw0xMjA0MTExMzQwNTlaFw0xMjA1MTExMzQwNTlaoA4wDDAKBgNV
+HRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQC1D/wwnrcY/uFBHGc6SyoYss2kn+nY
+RTwzXmmldbNTCQ03x5vkWGGIaRJdN8QeCzbEi7gpgxgpxAx6Y5WkxkMQ1UPjNM5n
+DGVDOtR0dskFrrbHuNpWqWrDaBN0/ryZiWKjr9JRbrpkHgVY29I1gLooQ6IHuKHY
+vjnIhxTFoCb5vA==
+-----END X509 CRL-----
+EOT
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/test/crmf.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+crmfdump.py <<EOT
+MIIBozCCAZ8wggEFAgUAwTnj2jCByoABAqURMA8xDTALBgNVBAMTBHVzZXKmgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ6ZQ2cYbn/lFsmBOlRltbRbFQUvvE0Q
+nbopOu1kC7Bmaaz7QTx8nxeiHi4m7uxCbGGxHNoGCt7EmdG8eZUBNAcHyGlXrJdm
+0z3/uNEGiBHq+xB8FnFJCA5EIJ3RWFnlbu9otSITLxWK7c5+/NHmWM+yaeHD/f/h
+rp01c/8qXZfZAgMBAAGpEDAOBgNVHQ8BAf8EBAMCBeAwLzASBgkrBgEFBQcFAQEM
+BTExMTExMBkGCSsGAQUFBwUBAgwMc2VydmVyX21hZ2ljoYGTMA0GCSqGSIb3DQEB
+BQUAA4GBAEI3KNEvTq/n1kNVhNhPkovk1AZxyJrN1u1+7Gkc4PLjWwjLOjcEVWt4
+AajUk/gkIJ6bbeO+fZlMjHfPSDKcD6AV2hN+n72QZwfzcw3icNvBG1el9EU4XfIm
+xfu5YVWi81/fw8QQ6X6YGHFQkomLd7jxakVyjxSng9BhO6GpjJNF
+EOT
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/test/ocspreq.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+ocspreqdump.py <<EOT
+MGowaDBBMD8wPTAJBgUrDgMCGgUABBS3ZrMV9C5Dko03aH13cEZeppg3wgQUkqR1LKSevoFE63n8
+isWVpesQdXMCBDXe9M+iIzAhMB8GCSsGAQUFBzABAgQSBBBjdJOiIW9EKJGELNNf/rdA
+EOT
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/test/ocsprsp.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+ocsprspdump.py <<EOT
+MIIEvQoBAKCCBLYwggSyBgkrBgEFBQcwAQEEggSjMIIEnzCCAQ+hgYAwfjELMAkGA1UEBhMCQVUx
+EzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEV
+MBMGA1UEAxMMc25tcGxhYnMuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHNubXBsYWJzLmNvbRgP
+MjAxMjA0MTExNDA5MjJaMFQwUjA9MAkGBSsOAwIaBQAEFLdmsxX0LkOSjTdofXdwRl6mmDfCBBSS
+pHUspJ6+gUTrefyKxZWl6xB1cwIENd70z4IAGA8yMDEyMDQxMTE0MDkyMlqhIzAhMB8GCSsGAQUF
+BzABAgQSBBBjdJOiIW9EKJGELNNf/rdAMA0GCSqGSIb3DQEBBQUAA4GBADk7oRiCy4ew1u0N52QL
+RFpW+tdb0NfkV2Xyu+HChKiTThZPr9ZXalIgkJ1w3BAnzhbB0JX/zq7Pf8yEz/OrQ4GGH7HyD3Vg
+PkMu+J6I3A2An+bUQo99AmCbZ5/tSHtDYQMQt3iNbv1fk0yvDmh7UdKuXUNSyJdHeg27dMNy4k8A
+oIIC9TCCAvEwggLtMIICVqADAgECAgEBMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFTAT
+BgNVBAMTDHNubXBsYWJzLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0Bzbm1wbGFicy5jb20wHhcN
+MTIwNDExMTMyNTM1WhcNMTMwNDExMTMyNTM1WjB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRUwEwYDVQQDEwxzbm1w
+bGFicy5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ac25tcGxhYnMuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDDDU5HOnNV8I2CojxB8ilIWRHYQuaAjnjrETMOprouDHFXnwWqQo/I3m0b
+XYmocrh9kDefb+cgc7+eJKvAvBqrqXRnU38DmQU/zhypCftGGfP8xjuBZ1n23lR3hplN1yYA0J2X
+SgBaAg6e8OsKf1vcX8Es09rDo8mQpt4G2zR56wIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG
++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU8Ys2dpJFLMHl
+yY57D4BNmlqnEcYwHwYDVR0jBBgwFoAU8Ys2dpJFLMHlyY57D4BNmlqnEcYwDQYJKoZIhvcNAQEF
+BQADgYEAWR0uFJVlQId6hVpUbgXFTpywtNitNXFiYYkRRv77McSJqLCa/c1wnuLmqcFcuRUK0oN6
+8ZJDP2HDDKe8MCZ8+sx+CF54eM8VCgN9uQ9XyE7x9XrXDd3Uw9RJVaWSIezkNKNeBE0lDM2jUjC4
+HAESdf7nebz1wtqAOXE1jWF/y8g=
+EOT
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/test/pkcs1.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+pkcs1dump.py <<EOT
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCN91+Cma8UPw09gjwP9WOJCdpv3mv3/qFqzgiODGZx0Q002iTl
+1dq36m5TsWYFEcMCEyC3tFuoQ0mGq5zUUOmJvHCIPufs0g8Av0fhY77uFqneHHUi
+VQMCPCHX9vTCWskmDE21LJppU27bR4H2q+ysE30d6u3+84qrItsn4bjpcQIVAPR5
+QrmooOXDn7fHJzshmxImGC4VAoGAXxKyEnlvzq93d4V6KLWX3H5Jk2JP771Ss1bT
+6D/mSbLlvjjo7qsj6diul1axu6Wny31oPertzA2FeGEzkqvjSNmSxyYYMDB3kEcx
+ahntt37I1FgSlgdZHuhdtl1h1DBKXqCCneOZuNj+kW5ib14u5HDfFIbec2HJbvVs
+lJ/k83kCgYB4TD8vgHetXHxqsiZDoy5wOnQ3mmFAfl8ZdQsIfov6kEgArwPYUOVB
+JsX84f+MFjIOKXUV8dHZ8VRrGCLAbXcxKqLNWKlKHUnEsvt63pkaTy/RKHyQS+pn
+wontdTt9EtbF+CqIWnm2wpn3O+SbdtawzPOL1CcGB0jYABwbeQ81RwIUFKdyRYaa
+INow2I3/ks+0MxDabTY=
+-----END DSA PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAMfAjvBNDDYBCl1w3yNcagZkPhqd0q5KqeOTgKSLuJWfe5+VSeR5
+Y1PcF3DyH8dvS3t8PIQjxJLoKS7HVRlsfhECAwEAAQJBAIr93/gxhIenXbD7MykF
+yvi7k8MtgkWoymICZwcX+c6RudFyuPPfQJ/sf6RmFZlRA9X9CQm5NwVG7+x1Yi6t
+KoECIQDmJUCWkPCiQYow6YxetpXFa0K6hTzOPmax7MNHVWNgmQIhAN4xOZ4JFT34
+xVhK+8EudBCYRomJUHmOJfoQAxiIXVw5AiEAyB7ecc5on/5zhqKef4Eu7LKfHIdc
+304diFuDVpTmTAkCIC2ZmKOQZaWkSowGR4isCfHl7oQHhFaOD8k0RA5i3hYxAiEA
+n8lDw3JT6NjvMnD6aM8KBsLyhazWSVVkaUSqmJzgCF0=
+-----END RSA PRIVATE KEY-----
+EOT
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/test/pkcs10.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+pkcs10dump.py <<EOT
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDATCCAekCAQAwgZkxCzAJBgNVBAYTAlJVMRYwFAYDVQQIEw1Nb3Njb3cgUmVn
+aW9uMQ8wDQYDVQQHEwZNb3Njb3cxGjAYBgNVBAoTEVNOTVAgTGFib3JhdG9yaWVz
+MQwwCgYDVQQLFANSJkQxFTATBgNVBAMTDHNubXBsYWJzLmNvbTEgMB4GCSqGSIb3
+DQEJARYRaW5mb0Bzbm1wbGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC9n2NfGS98JDBmAXQn+vNUyPB3QPYC1cwpX8UMYh9MdAmBZJCnvXrQ
+Pp14gNAv6AQKxefmGES1b+Yd+1we9HB8AKm1/8xvRDUjAvy4iO0sqFCPvIfSujUy
+pBcfnR7QE2itvyrMxCDSEVnMhKdCNb23L2TptUmpvLcb8wfAMLFsSu2yaOtJysep
+oH/mvGqlRv2ti2+E2YA0M7Pf83wyV1XmuEsc9tQ225rprDk2uyshUglkDD2235rf
+0QyONq3Aw3BMrO9ss1qj7vdDhVHVsxHnTVbEgrxEWkq2GkVKh9QReMZ2AKxe40j4
+og+OjKXguOCggCZHJyXKxccwqCaeCztbAgMBAAGgIjAgBgkqhkiG9w0BCQIxExMR
+U05NUCBMYWJvcmF0b3JpZXMwDQYJKoZIhvcNAQEFBQADggEBAAihbwmN9M2bsNNm
+9KfxqiGMqqcGCtzIlpDz/2NVwY93cEZsbz3Qscc0QpknRmyTSoDwIG+1nUH0vzkT
+Nv8sBmp9I1GdhGg52DIaWwL4t9O5WUHgfHSJpPxZ/zMP2qIsdPJ+8o19BbXRlufc
+73c03H1piGeb9VcePIaulSHI622xukI6f4Sis49vkDaoi+jadbEEb6TYkJQ3AMRD
+WdApGGm0BePdLqboW1Yv70WRRFFD8sxeT7Yw4qrJojdnq0xMHPGfKpf6dJsqWkHk
+b5DRbjil1Zt9pJuF680S9wtBzSi0hsMHXR9TzS7HpMjykL2nmCVY6A78MZapsCzn
+GGbx7DI=
+-----END CERTIFICATE REQUEST-----
+EOT
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/test/pkcs7.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+pkcs7dump.py <<EOT
+-----BEGIN PKCS7-----
+MIIKdQYJKoZIhvcNAQcCoIIKZjCCCmICAQExADALBgkqhkiG9w0BBwGgggpIMIIC
+XjCCAcegAwIBAgIBADANBgkqhkiG9w0BAQQFADB1MQswCQYDVQQGEwJSVTEPMA0G
+A1UEBxMGTW9zY293MRcwFQYDVQQKEw5Tb3ZhbSBUZWxlcG9ydDEMMAoGA1UECxMD
+TklTMQ8wDQYDVQQDEwZBQlMgQ0ExHTAbBgkqhkiG9w0BCQEWDmNlcnRAb25saW5l
+LnJ1MB4XDTk5MDgxNTE5MDI1OFoXDTAwMDExMjE5MDI1OFowdTELMAkGA1UEBhMC
+UlUxDzANBgNVBAcTBk1vc2NvdzEXMBUGA1UEChMOU292YW0gVGVsZXBvcnQxDDAK
+BgNVBAsTA05JUzEPMA0GA1UEAxMGQUJTIENBMR0wGwYJKoZIhvcNAQkBFg5jZXJ0
+QG9ubGluZS5ydTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw0g1P0yQAZIi
+ml2XOCOxnCcuhHmAgj4Ei9M2ebrrGwUMONPzr1a8W7JcpnR3FeOjxEIxrzkHr6UA
+oj4l/oC7Rv28uIig+Okf+82ekhH6VgAQNr5LAzfN8J6dZLx2OXAmmLleAqHuisT7
+I40vEFRoRmC5hiMlILE2rIlIKJn6cUkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBZ
+7ELDfGUNb+fbpHl5W3d9JMXsdOgd96+HG+X1SPgeiRAMjkla8WFCSaQPIR4vCy0m
+tm5a2bWSji6+vP5FGbjOz5iMlHMrCtu0He7Eim2zpaGI06ZIY75Cn1h2r3+KS0/R
+h01TJUbmsfV1tZm6Wk3bayJ+/K8A4mBHv8P6rhYacDCCAowwggH1oAMCAQICAQAw
+DQYJKoZIhvcNAQEEBQAwgYsxCzAJBgNVBAYTAlJVMQ8wDQYDVQQHEwZNb3Njb3cx
+FzAVBgNVBAoTDkdvbGRlbiBUZWxlY29tMQwwCgYDVQQLEwNST0wxHjAcBgNVBAMT
+FUdvbGRlbiBUZWxlY29tIEFCUyBDQTEkMCIGCSqGSIb3DQEJARYVY2VydEBnb2xk
+ZW50ZWxlY29tLnJ1MB4XDTAwMDEwNTE1MDY1MVoXDTEwMDExNTE1MDY1MVowgYsx
+CzAJBgNVBAYTAlJVMQ8wDQYDVQQHEwZNb3Njb3cxFzAVBgNVBAoTDkdvbGRlbiBU
+ZWxlY29tMQwwCgYDVQQLEwNST0wxHjAcBgNVBAMTFUdvbGRlbiBUZWxlY29tIEFC
+UyBDQTEkMCIGCSqGSIb3DQEJARYVY2VydEBnb2xkZW50ZWxlY29tLnJ1MIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPFel/Svli6ogoUEb6eLtEvNSjyalETSMP
+MIZXdmWIkWijvEUhDnNJVAE3knAt6dVYqxWq0vc6CbAGFZNqEyioGU48IECLzV0G
+toiYejF/c9PuyIKDejeV9/YZnNFaZAUOXhOjREdZURLISKhX4tAbQyvK0Qka9AAR
+MEy9DoqV8QIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAHQzgqFkoSMQr077UCr5C0l1
+rxLA17TrocCmUC1/PLmN0LmUHD0d7TjjTQKJaJBHxcKIg6+FOY6LSSY4nAN79eXi
+nBz+jEUG7+NTU/jcEArI35yP7fi4Mwb96EYDmUkUGtcLNq3JBe/d1Zhmy9HnNBL1
+Dn9thM2Q8RPYAJIU3JnGMIICqTCCAhICAQAwDQYJKoZIhvcNAQEEBQAwgZwxCzAJ
+BgNVBAYTAlJVMQ8wDQYDVQQIEwZNb3Njb3cxDzANBgNVBAcTBk1vc2NvdzEXMBUG
+A1UEChMOR29sZGVuIFRlbGVjb20xDDAKBgNVBAsTA1JPTDEeMBwGA1UEAxMVR29s
+ZGVuIFRlbGVjb20gQUJTIENBMSQwIgYJKoZIhvcNAQkBFhVjZXJ0QGdvbGRlbnRl
+bGVjb20ucnUwHhcNMTAwMTE1MTU0MDI2WhcNMjAwMjIyMTU0MDI2WjCBnDELMAkG
+A1UEBhMCUlUxDzANBgNVBAgTBk1vc2NvdzEPMA0GA1UEBxMGTW9zY293MRcwFQYD
+VQQKEw5Hb2xkZW4gVGVsZWNvbTEMMAoGA1UECxMDUk9MMR4wHAYDVQQDExVHb2xk
+ZW4gVGVsZWNvbSBBQlMgQ0ExJDAiBgkqhkiG9w0BCQEWFWNlcnRAZ29sZGVudGVs
+ZWNvbS5ydTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzxXpf0r5YuqIKFBG
++ni7RLzUo8mpRE0jDzCGV3ZliJFoo7xFIQ5zSVQBN5JwLenVWKsVqtL3OgmwBhWT
+ahMoqBlOPCBAi81dBraImHoxf3PT7siCg3o3lff2GZzRWmQFDl4To0RHWVESyEio
+V+LQG0MrytEJGvQAETBMvQ6KlfECAwEAATANBgkqhkiG9w0BAQQFAAOBgQCMrS4T
+LIzxcpu8nwOq/xMcxW4Ctz/wjIoePWkmSLe+Tkb4zo7aTsvzn+ETaWb7qztUpyl0
+QvlXn4vC2iCJloPpofPqSzF1UV3g5Zb93ReZu7E6kEyW0ag8R5XZKv0xuR3b3Le+
+ZqolT8wQELd5Mmw5JPofZ+O2cGNvet8tYwOKFjCCAqUwggIOoAMCAQICAgboMA0G
+CSqGSIb3DQEBBAUAMIGcMQswCQYDVQQGEwJSVTEPMA0GA1UECBMGTW9zY293MQ8w
+DQYDVQQHEwZNb3Njb3cxFzAVBgNVBAoTDkdvbGRlbiBUZWxlY29tMQwwCgYDVQQL
+EwNST0wxHjAcBgNVBAMTFUdvbGRlbiBUZWxlY29tIEFCUyBDQTEkMCIGCSqGSIb3
+DQEJARYVY2VydEBnb2xkZW50ZWxlY29tLnJ1MB4XDTExMDEyODEyMTcwOVoXDTEy
+MDIwMTAwMDAwMFowdjELMAkGA1UEBhMCUlUxDDAKBgNVBAgTA04vQTEXMBUGA1UE
+ChMOR29sZGVuIFRlbGVjb20xDDAKBgNVBAsTA0lTUDEWMBQGA1UEAxMNY3JheS5n
+bGFzLm5ldDEaMBgGCSqGSIb3DQEJARYLZWxpZUByb2wucnUwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAPJAm8KG3ZCoJSvoGmLMPlGaMIpadu/EGSEYu+M/ybLp
+Cs8XmwB3876JVKKCbtGI6eqxOqvjedYXb+nKcyhz4Ztmm8RgAD7Z1WUItIpatejT
+79EYOUWrDN713SLZsImMyP4B4EySl4LZfHFRU2iOwLB6WozGCYuULLqYS9MDPrnT
+AgMBAAGjGzAZMBcGCWCGSAGG+EIBDQQKFghDPS07Uz0tOzANBgkqhkiG9w0BAQQF
+AAOBgQDEttS70qYCA+MGBA3hOR88XiBcTmuBarJDwn/rj31vRjYZUgp9bbFwscRI
+Ic4lDnlyvunwNitl+341bDg7u6Ebu9hCMbciyu4EtrsDh77DlLzbmNcXbnhlvbFL
+K9GiPz3dNyvQMfmaA0twd62zJDOVJ1SmO04lLmu/pAx8GhBZkqEAMQA=
+-----END PKCS7-----
+EOT
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/test/pkcs8.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+pkcs8dump.py <<EOT
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBgTAbBgkqhkiG9w0BBQMwDgQIdtFgDWnipT8CAggABIIBYN0hkm2xqkTCt8dJ
+iZS8+HNiyHxy8g+rmWSXv/i+bTHFUReZA2GINtTRUkWpXqWcSHxNslgf7QdfgbVJ
+xQiUM+lLhwOFh85iAHR3xmPU1wfN9NvY9DiLSpM0DMhF3OvAMZD75zIhA0GSKu7w
+dUu7ey7H4fv7bez6RhEyLdKw9/Lf2KNStNOs4ow9CAtCoxeoMSniTt6CNhbvCkve
+9vNHKiGavX1tS/YTog4wiiGzh2YxuW1RiQpTdhWiKyECgD8qQVg2tY5t3QRcXrzi
+OkStpkiAPAbiwS/gyHpsqiLo0al63SCxRefugbn1ucZyc5Ya59e3xNFQXCNhYl+Z
+Hl3hIl3cssdWZkJ455Z/bBE29ks1HtsL+bTfFi+kw/4yuMzoaB8C7rXScpGNI/8E
+pvTU2+wtuoOFcttJregtR94ZHu5wgdYqRydmFNG8PnvZT1mRMmQgUe/vp88FMmsZ
+dLsZjNQ=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAx8CO8E0MNgEKXXDf
+I1xqBmQ+Gp3Srkqp45OApIu4lZ97n5VJ5HljU9wXcPIfx29Le3w8hCPEkugpLsdV
+GWx+EQIDAQABAkEAiv3f+DGEh6ddsPszKQXK+LuTwy2CRajKYgJnBxf5zpG50XK4
+899An+x/pGYVmVED1f0JCbk3BUbv7HViLq0qgQIhAOYlQJaQ8KJBijDpjF62lcVr
+QrqFPM4+ZrHsw0dVY2CZAiEA3jE5ngkVPfjFWEr7wS50EJhGiYlQeY4l+hADGIhd
+XDkCIQDIHt5xzmif/nOGop5/gS7ssp8ch1zfTh2IW4NWlOZMCQIgLZmYo5BlpaRK
+jAZHiKwJ8eXuhAeEVo4PyTREDmLeFjECIQCfyUPDclPo2O8ycPpozwoGwvKFrNZJ
+VWRpRKqYnOAIXQ==
+-----END PRIVATE KEY-----
+EOT
+
new file mode 100644
--- /dev/null
+++ b/python/pyasn1-modules/test/x509dump.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+x509dump.py <<EOT
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
+NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
+cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
+2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
+JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
+Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
+n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
+PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
+-----END CERTIFICATE-----
+EOT
+
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/cmpdump.py
@@ -0,0 +1,28 @@
+#!/usr/bin/python
+# Read ASN.1/PEM CMP message on stdin, parse into
+# plain text, then build substrate from it
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc4210, pem
+from pyasn1 import debug
+import sys
+
+if len(sys.argv) == 2 and sys.argv[1] == '-d':
+    debug.setLogger(debug.Debug('all'))
+elif len(sys.argv) != 1:
+    print("""Usage:
+$ cat cmp.pem | %s [-d]""" % sys.argv[0])
+    sys.exit(-1)
+    
+pkiMessage = rfc4210.PKIMessage()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+    sys.exit(0)
+        
+pkiMsg, rest = decoder.decode(substrate, asn1Spec=pkiMessage)
+
+print(pkiMsg.prettyPrint())
+
+assert encoder.encode(pkiMsg, defMode=False) == substrate or \
+       encoder.encode(pkiMsg, defMode=True) == substrate, \
+       'CMP message recode fails'
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/crldump.py
@@ -0,0 +1,38 @@
+#!/usr/bin/python
+#
+# Read X.509 CRL on stdin, print them pretty and encode back into 
+# original wire format.
+# CRL can be generated with "openssl openssl ca -gencrl ..." commands.
+#
+from pyasn1_modules import rfc2459, pem
+from pyasn1.codec.der import encoder, decoder
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat crl.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+asn1Spec = rfc2459.CertificateList()
+
+cnt = 0
+
+while 1:
+    idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN X509 CRL-----', '-----END X509 CRL-----'))
+    if not substrate:
+        break
+
+
+    key, rest = decoder.decode(substrate, asn1Spec=asn1Spec)
+
+    if rest: substrate = substrate[:-len(rest)]
+        
+    print(key.prettyPrint())
+
+    assert encoder.encode(key, defMode=False) == substrate or \
+           encoder.encode(key, defMode=True) == substrate, \
+           'pkcs8 recode fails'
+        
+    cnt = cnt + 1
+ 
+print('*** %s CRL(s) re/serialized' % cnt)
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/crmfdump.py
@@ -0,0 +1,25 @@
+#!/usr/bin/python
+# Read ASN.1/PEM X.509 CRMF request on stdin, parse into
+# plain text, then build substrate from it
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2511, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat crmf.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+certReq = rfc2511.CertReqMessages()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+    sys.exit(0)
+        
+cr, rest = decoder.decode(substrate, asn1Spec=certReq)
+
+print(cr.prettyPrint())
+
+assert encoder.encode(cr, defMode=False) == substrate or \
+       encoder.encode(cr, defMode=True) == substrate, \
+       'crmf recode fails'
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocspclient.py
@@ -0,0 +1,145 @@
+#!/usr/bin/python
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, rfc2459, pem
+from pyasn1.type import univ
+import sys, hashlib
+try:
+  import urllib2
+except ImportError:
+  import urllib.request as urllib2
+
+sha1oid = univ.ObjectIdentifier((1, 3, 14, 3, 2, 26))
+
+class ValueOnlyBitStringEncoder(encoder.encoder.BitStringEncoder):
+    # These methods just do not encode tag and length fields of TLV
+    def encodeTag(self, *args): return ''
+    def encodeLength(self, *args): return ''
+    def encodeValue(*args):
+        substrate, isConstructed = encoder.encoder.BitStringEncoder.encodeValue(*args)
+        # OCSP-specific hack follows: cut off the "unused bit count"
+        # encoded bit-string value.
+        return substrate[1:], isConstructed
+
+    def __call__(self, bitStringValue):
+        return self.encode(None, bitStringValue, defMode=1, maxChunkSize=0)
+
+valueOnlyBitStringEncoder = ValueOnlyBitStringEncoder()
+
+def mkOcspRequest(issuerCert, userCert):
+    issuerTbsCertificate = issuerCert.getComponentByName('tbsCertificate')
+    issuerSubject = issuerTbsCertificate.getComponentByName('subject')
+    
+    userTbsCertificate = userCert.getComponentByName('tbsCertificate')
+    userIssuer = userTbsCertificate.getComponentByName('issuer')
+
+    assert issuerSubject == userIssuer, '%s\n%s' % (
+        issuerSubject.prettyPrint(), userIssuer.prettyPrint()
+        )
+
+    userIssuerHash = hashlib.sha1(
+        encoder.encode(userIssuer)
+        ).digest()
+    
+    issuerSubjectPublicKey = issuerTbsCertificate.getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey')
+    
+    issuerKeyHash =  hashlib.sha1(
+        valueOnlyBitStringEncoder(issuerSubjectPublicKey)
+        ).digest()
+    
+    userSerialNumber = userTbsCertificate.getComponentByName('serialNumber')
+
+    # Build request object
+
+    request = rfc2560.Request()
+    
+    reqCert = request.setComponentByName('reqCert').getComponentByName('reqCert')
+    
+    hashAlgorithm = reqCert.setComponentByName('hashAlgorithm').getComponentByName('hashAlgorithm')
+    hashAlgorithm.setComponentByName('algorithm', sha1oid)
+    
+    reqCert.setComponentByName('issuerNameHash', userIssuerHash)
+    reqCert.setComponentByName('issuerKeyHash', issuerKeyHash)
+    reqCert.setComponentByName('serialNumber', userSerialNumber)
+
+    ocspRequest = rfc2560.OCSPRequest()
+    
+    tbsRequest = ocspRequest.setComponentByName('tbsRequest').getComponentByName('tbsRequest')
+    tbsRequest.setComponentByName('version', 'v1')
+    
+    requestList = tbsRequest.setComponentByName('requestList').getComponentByName('requestList')
+    requestList.setComponentByPosition(0, request)
+    
+    return ocspRequest
+
+def parseOcspResponse(ocspResponse):
+    responseStatus = ocspResponse.getComponentByName('responseStatus')
+    assert responseStatus == rfc2560.OCSPResponseStatus('successful'), responseStatus.prettyPrint()    
+    responseBytes = ocspResponse.getComponentByName('responseBytes')
+    responseType = responseBytes.getComponentByName('responseType')
+    assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint()
+    
+    response = responseBytes.getComponentByName('response')
+
+    basicOCSPResponse, _ = decoder.decode(
+        response, asn1Spec=rfc2560.BasicOCSPResponse()
+        )
+    
+    tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData')
+
+    response0 = tbsResponseData.getComponentByName('responses').getComponentByPosition(0)
+    
+    return (
+        tbsResponseData.getComponentByName('producedAt'),
+        response0.getComponentByName('certID'),
+        response0.getComponentByName('certStatus').getName(),
+        response0.getComponentByName('thisUpdate')
+        )
+
+if len(sys.argv) != 2:
+    print("""Usage:
+$ cat CACertificate.pem userCertificate.pem | %s <ocsp-responder-url>""" % sys.argv[0])
+    sys.exit(-1)
+else:
+    ocspUrl = sys.argv[1]
+
+# Parse CA and user certificates
+
+issuerCert, _ = decoder.decode(
+    pem.readPemBlocksFromFile(
+        sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----')
+    )[1],
+    asn1Spec=rfc2459.Certificate()
+    )
+userCert, _ = decoder.decode(
+    pem.readPemBlocksFromFile(
+        sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----')
+    )[1],
+    asn1Spec=rfc2459.Certificate()
+    )
+
+# Build OCSP request
+    
+ocspReq = mkOcspRequest(issuerCert, userCert)
+
+# Use HTTP POST to get response (see Appendix A of RFC 2560)
+# In case you need proxies, set the http_proxy env variable
+
+httpReq = urllib2.Request(
+    ocspUrl,
+    encoder.encode(ocspReq),
+    { 'Content-Type': 'application/ocsp-request' }
+    )
+httpRsp = urllib2.urlopen(httpReq).read()
+
+# Process OCSP response
+    
+ocspRsp, _ = decoder.decode(httpRsp, asn1Spec=rfc2560.OCSPResponse())
+
+producedAt, certId, certStatus, thisUpdate = parseOcspResponse(ocspRsp)
+
+print('Certificate ID %s is %s at %s till %s\n' % (
+       certId.getComponentByName('serialNumber'),
+       certStatus,
+       producedAt,
+       thisUpdate))
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocspreqdump.py
@@ -0,0 +1,27 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM X.509 CRMF request on stdin, parse into
+# plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat ocsp-request.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+ocspReq = rfc2560.OCSPRequest()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+    sys.exit(0)
+        
+cr, rest = decoder.decode(substrate, asn1Spec=ocspReq)
+
+print(cr.prettyPrint())
+
+assert encoder.encode(cr, defMode=False) == substrate or \
+       encoder.encode(cr, defMode=True) == substrate, \
+       'OCSP request recode fails'
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocsprspdump.py
@@ -0,0 +1,27 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM OCSP response on stdin, parse into
+# plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat ocsp-response.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+ocspReq = rfc2560.OCSPResponse()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+    sys.exit(0)
+        
+cr, rest = decoder.decode(substrate, asn1Spec=ocspReq)
+
+print(cr.prettyPrint())
+
+assert encoder.encode(cr, defMode=False) == substrate or \
+       encoder.encode(cr, defMode=True) == substrate, \
+       'OCSP request recode fails'
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocspserver.py
@@ -0,0 +1,143 @@
+#!/usr/bin/python
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, rfc2459, pem
+from pyasn1.type import univ
+import sys, hashlib
+try:
+    import urllib2
+except ImportError:
+    import urllib.request as urllib2
+
+sha1oid = univ.ObjectIdentifier((1, 3, 14, 3, 2, 26))
+
+class ValueOnlyBitStringEncoder(encoder.encoder.BitStringEncoder):
+    # These methods just do not encode tag and length fields of TLV
+    def encodeTag(self, *args): return ''
+    def encodeLength(self, *args): return ''
+    def encodeValue(*args):
+        substrate, isConstructed = encoder.encoder.BitStringEncoder.encodeValue(*args)
+        # OCSP-specific hack follows: cut off the "unused bit count"
+        # encoded bit-string value.
+        return substrate[1:], isConstructed
+
+    def __call__(self, bitStringValue):
+        return self.encode(None, bitStringValue, defMode=1, maxChunkSize=0)
+
+valueOnlyBitStringEncoder = ValueOnlyBitStringEncoder()
+
+def mkOcspRequest(issuerCert, userCert):
+    issuerTbsCertificate = issuerCert.getComponentByName('tbsCertificate')
+    issuerSubject = issuerTbsCertificate.getComponentByName('subject')
+    
+    userTbsCertificate = userCert.getComponentByName('tbsCertificate')
+    userIssuer = userTbsCertificate.getComponentByName('issuer')
+
+    assert issuerSubject == userIssuer, '%s\n%s' % (
+        issuerSubject.prettyPrint(), userIssuer.prettyPrint()
+        )
+
+    userIssuerHash = hashlib.sha1(
+        encoder.encode(userIssuer)
+        ).digest()
+    
+    issuerSubjectPublicKey = issuerTbsCertificate.getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey')
+    
+    issuerKeyHash =  hashlib.sha1(
+        valueOnlyBitStringEncoder(issuerSubjectPublicKey)
+        ).digest()
+    
+    userSerialNumber = userTbsCertificate.getComponentByName('serialNumber')
+
+    # Build request object
+
+    request = rfc2560.Request()
+    
+    reqCert = request.setComponentByName('reqCert').getComponentByName('reqCert')
+    
+    hashAlgorithm = reqCert.setComponentByName('hashAlgorithm').getComponentByName('hashAlgorithm')
+    hashAlgorithm.setComponentByName('algorithm', sha1oid)
+    
+    reqCert.setComponentByName('issuerNameHash', userIssuerHash)
+    reqCert.setComponentByName('issuerKeyHash', issuerKeyHash)
+    reqCert.setComponentByName('serialNumber', userSerialNumber)
+
+    ocspRequest = rfc2560.OCSPRequest()
+    
+    tbsRequest = ocspRequest.setComponentByName('tbsRequest').getComponentByName('tbsRequest')
+    tbsRequest.setComponentByName('version', 'v1')
+    
+    requestList = tbsRequest.setComponentByName('requestList').getComponentByName('requestList')
+    requestList.setComponentByPosition(0, request)
+    
+    return ocspRequest
+
+def parseOcspRequest(ocspRequest):
+    tbsRequest = ocspRequest['responseStatus']
+    
+    assert responseStatus == rfc2560.OCSPResponseStatus('successful'), responseStatus.prettyPrint()    
+    responseBytes = ocspResponse.getComponentByName('responseBytes')
+    responseType = responseBytes.getComponentByName('responseType')
+    assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint()
+    
+    response = responseBytes.getComponentByName('response')
+
+    basicOCSPResponse, _ = decoder.decode(
+        response, asn1Spec=rfc2560.BasicOCSPResponse()
+        )
+    
+    tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData')
+
+    response0 = tbsResponseData.getComponentByName('responses').getComponentByPosition(0)
+    
+    return (
+        tbsResponseData.getComponentByName('producedAt'),
+        response0.getComponentByName('certID'),
+        response0.getComponentByName('certStatus').getName(),
+        response0.getComponentByName('thisUpdate')
+        )
+
+if len(sys.argv) != 2:
+    print("""Usage:
+$ cat CACertificate.pem userCertificate.pem | %s <ocsp-responder-url>""" % sys.argv[0])
+    sys.exit(-1)
+else:
+    ocspUrl = sys.argv[1]
+
+# Parse CA and user certificates
+
+issuerCert, _ = decoder.decode(
+    pem.readPemFromFile(sys.stdin)[1],
+    asn1Spec=rfc2459.Certificate()
+    )
+userCert, _ = decoder.decode(
+    pem.readPemFromFile(sys.stdin)[1],
+    asn1Spec=rfc2459.Certificate()
+    )
+
+# Build OCSP request
+    
+ocspReq = mkOcspRequest(issuerCert, userCert)
+
+# Use HTTP POST to get response (see Appendix A of RFC 2560)
+# In case you need proxies, set the http_proxy env variable
+
+httpReq = urllib2.Request(
+    ocspUrl,
+    encoder.encode(ocspReq),
+    { 'Content-Type': 'application/ocsp-request' }
+    )
+httpRsp = urllib2.urlopen(httpReq).read()
+
+# Process OCSP response
+    
+ocspRsp, _ = decoder.decode(httpRsp, asn1Spec=rfc2560.OCSPResponse())
+
+producedAt, certId, certStatus, thisUpdate = parseOcspResponse(ocspRsp)
+
+print('Certificate ID %s is %s at %s till %s\n' % (
+    certId.getComponentByName('serialNumber'),
+    certStatus,
+    producedAt,
+    thisUpdate
+    ))
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs10dump.py
@@ -0,0 +1,39 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM X.509 certificate requests (PKCS#10 format) on stdin, 
+# parse each into plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2314, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat certificateRequest.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+certType = rfc2314.CertificationRequest()
+
+certCnt = 0
+
+while 1:
+    idx, substrate = pem.readPemBlocksFromFile(
+                      sys.stdin, ('-----BEGIN CERTIFICATE REQUEST-----',
+                                  '-----END CERTIFICATE REQUEST-----')
+                     )
+    if not substrate:
+        break
+        
+    cert, rest = decoder.decode(substrate, asn1Spec=certType)
+
+    if rest: substrate = substrate[:-len(rest)]
+        
+    print(cert.prettyPrint())
+
+    assert encoder.encode(cert, defMode=False) == substrate or \
+           encoder.encode(cert, defMode=True) == substrate, \
+           'cert recode fails'
+        
+    certCnt = certCnt + 1
+    
+print('*** %s PEM certificate request(s) de/serialized' % certCnt)
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs1dump.py
@@ -0,0 +1,42 @@
+#!/usr/bin/python
+#
+# Read unencrypted PKCS#1/PKIX-compliant, PEM&DER encoded private keys on
+# stdin, print them pretty and encode back into original wire format.
+# Private keys can be generated with "openssl genrsa|gendsa" commands.
+#
+from pyasn1_modules import rfc2459, rfc2437, pem
+from pyasn1.codec.der import encoder, decoder
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat rsakey.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+cnt = 0
+
+while 1:
+    idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN RSA PRIVATE KEY-----', '-----END RSA PRIVATE KEY-----'), ('-----BEGIN DSA PRIVATE KEY-----', '-----END DSA PRIVATE KEY-----') )
+    if not substrate:
+        break
+
+    if idx == 0:
+        asn1Spec = rfc2437.RSAPrivateKey()
+    elif idx == 1:
+        asn1Spec = rfc2459.DSAPrivateKey()
+    else:
+        break
+
+    key, rest = decoder.decode(substrate, asn1Spec=asn1Spec)
+
+    if rest: substrate = substrate[:-len(rest)]
+        
+    print(key.prettyPrint())
+
+    assert encoder.encode(key, defMode=False) == substrate or \
+           encoder.encode(key, defMode=True) == substrate, \
+           'pkcs8 recode fails'
+        
+    cnt = cnt + 1
+ 
+print('*** %s key(s) re/serialized' % cnt)
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs7dump.py
@@ -0,0 +1,47 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM PKCS#7 on stdin, parse it into plain text,
+# then build substrate from it
+#
+from pyasn1_modules import rfc2315, pem
+from pyasn1.codec.der import encoder, decoder
+import sys
+    
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat pkcs7Certificate.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+idx, substrate = pem.readPemBlocksFromFile(
+    sys.stdin, ('-----BEGIN PKCS7-----', '-----END PKCS7-----')
+    )
+
+assert substrate, 'bad PKCS7 data on input'
+        
+contentInfo, rest = decoder.decode(substrate, asn1Spec=rfc2315.ContentInfo())
+
+if rest: substrate = substrate[:-len(rest)]
+    
+print(contentInfo.prettyPrint())
+
+assert encoder.encode(contentInfo, defMode=False) == substrate or \
+       encoder.encode(contentInfo, defMode=True) == substrate, \
+       're-encode fails'
+
+contentType = contentInfo.getComponentByName('contentType')
+
+contentInfoMap = {
+    (1, 2, 840, 113549, 1, 7, 1): rfc2315.Data(),
+    (1, 2, 840, 113549, 1, 7, 2): rfc2315.SignedData(),
+    (1, 2, 840, 113549, 1, 7, 3): rfc2315.EnvelopedData(),
+    (1, 2, 840, 113549, 1, 7, 4): rfc2315.SignedAndEnvelopedData(),
+    (1, 2, 840, 113549, 1, 7, 5): rfc2315.DigestedData(),
+    (1, 2, 840, 113549, 1, 7, 6): rfc2315.EncryptedData()
+    }
+
+content, _ = decoder.decode(
+    contentInfo.getComponentByName('content'),
+    asn1Spec=contentInfoMap[contentType]
+    )
+
+print(content.prettyPrint())
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs8dump.py
@@ -0,0 +1,41 @@
+#!/usr/bin/python
+#
+# Read  bunch of ASN.1/PEM plain/encrypted private keys in PKCS#8 
+# format on stdin, parse each into plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc5208, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat pkcs8key.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+cnt = 0
+
+while 1:
+    idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN PRIVATE KEY-----', '-----END PRIVATE KEY-----'), ('-----BEGIN ENCRYPTED PRIVATE KEY-----', '-----END ENCRYPTED PRIVATE KEY-----') )
+    if not substrate:
+        break
+
+    if idx == 0:
+        asn1Spec = rfc5208.PrivateKeyInfo()
+    elif idx == 1:
+        asn1Spec = rfc5208.EncryptedPrivateKeyInfo()
+    else:
+        break
+
+    key, rest = decoder.decode(substrate, asn1Spec=asn1Spec)
+
+    if rest: substrate = substrate[:-len(rest)]
+        
+    print(key.prettyPrint())
+
+    assert encoder.encode(key, defMode=False) == substrate or \
+           encoder.encode(key, defMode=True) == substrate, \
+           'pkcs8 recode fails'
+        
+    cnt = cnt + 1
+    
+print('*** %s PKCS#8 key(s) de/serialized' % cnt)
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/snmpget.py
@@ -0,0 +1,37 @@
+#!/usr/bin/python
+#
+# Generate SNMPGET request, parse response
+#
+from pyasn1.codec.ber import encoder, decoder
+from pyasn1_modules import rfc1157
+import sys, socket
+
+if len(sys.argv) != 4:
+    print("""Usage:
+$ %s <community> <host> <OID>""" % sys.argv[0])
+    sys.exit(-1)
+
+msg = rfc1157.Message()
+msg.setComponentByPosition(0)
+msg.setComponentByPosition(1, sys.argv[1])
+# pdu
+pdus = msg.setComponentByPosition(2).getComponentByPosition(2)
+pdu = pdus.setComponentByPosition(0).getComponentByPosition(0)
+pdu.setComponentByPosition(0, 123)
+pdu.setComponentByPosition(1, 0)
+pdu.setComponentByPosition(2, 0)
+vbl = pdu.setComponentByPosition(3).getComponentByPosition(3)
+vb = vbl.setComponentByPosition(0).getComponentByPosition(0)
+vb.setComponentByPosition(0, sys.argv[3])
+v = vb.setComponentByPosition(1).getComponentByPosition(1).setComponentByPosition(0).getComponentByPosition(0).setComponentByPosition(3).getComponentByPosition(3)
+
+print('sending: %s' % msg.prettyPrint())
+
+sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+sock.sendto(encoder.encode(msg), (sys.argv[2], 161))
+
+substrate, _ = sock.recvfrom(2048)
+
+rMsg, _ = decoder.decode(substrate, asn1Spec=msg)
+
+print('received: %s' % rMsg.prettyPrint())
new file mode 100755
--- /dev/null
+++ b/python/pyasn1-modules/tools/x509dump.py
@@ -0,0 +1,40 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM X.509 certificates on stdin, parse each into plain text,
+# then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2459, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat CACertificate.pem | %s
+$ cat userCertificate.pem | %s""" % (sys.argv[0], sys.argv[0]))
+    sys.exit(-1)
+    
+certType = rfc2459.Certificate()
+
+certCnt = 0
+
+while 1:
+    idx, substrate = pem.readPemBlocksFromFile(
+                        sys.stdin, ('-----BEGIN CERTIFICATE-----',
+                                    '-----END CERTIFICATE-----')
+                     )
+    if not substrate:
+        break
+        
+    cert, rest = decoder.decode(substrate, asn1Spec=certType)
+
+    if rest: substrate = substrate[:-len(rest)]
+        
+    print(cert.prettyPrint())
+
+    assert encoder.encode(cert, defMode=False) == substrate or \
+           encoder.encode(cert, defMode=True) == substrate, \
+           'cert recode fails'
+        
+    certCnt = certCnt + 1
+    
+print('*** %s PEM cert(s) de/serialized' % certCnt)