Add m-esr52 at 52.6.0

50 files changed, 4358 insertions, 0 deletions

diff --git a/python/pyasn1-modules/CHANGES b/python/pyasn1-modules/CHANGES
new file mode 100644
index 000000000..40b7bb07c
--- /dev/null
+++ b/python/pyasn1-modules/CHANGES
@@ -0,0 +1,45 @@
+Revision 0.0.5
+--------------
+
+- License updated to vanilla BSD 2-Clause to ease package use
+  (http://opensource.org/licenses/BSD-2-Clause).
+
+Revision 0.0.4
+--------------
+
+- CMP structures (RFC4210), cmpdump.py tool and test case added.
+- SNMPv2c Message syntax (RFC1901) properly defined.
+- Package version established in form of __init__.__version__
+  which is in-sync with distutils.
+- Package meta information and classifiers updated.
+
+Revision 0.0.3
+--------------
+
+- Text cases implemented
+- X.509 CRMF structures (RFC2511) and crmfdump.py tool added
+- X.509 CRL structures and crldump.py tool added
+- PKCS#10 structures and pkcs10dump.py tool added
+- PKCS#8 structures and pkcs8dump.py tool added
+- PKCS#1 (rfc3447) structures added
+- OCSP request & response dumping tool added
+- SNMPv2c & SNMPv3/USM structures added
+- keydump.py moved into pkcs1dump.py
+- PEM files read function generalized to be used more universally.
+- complete PKIX1 '88 code implemented at rfc2459.py
+
+
+Revision 0.0.2
+--------------
+
+- Require pyasn1 >= 0.1.1
+- Fixes towards Py3K compatibility
+  + use either of existing urllib module
+  + adopt to the new bytes type
+  + print operator is now a function
+  + new exception syntax
+
+Revision 0.0.1a
+---------------
+
+- Initial revision, most code carried from pyasn1 examples.
diff --git a/python/pyasn1-modules/LICENSE b/python/pyasn1-modules/LICENSE
new file mode 100644
index 000000000..fac589b8c
--- /dev/null
+++ b/python/pyasn1-modules/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2005-2013, Ilya Etingof <ilya@glas.net>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+  * Redistributions of source code must retain the above copyright notice, 
+    this list of conditions and the following disclaimer.
+
+  * Redistributions in binary form must reproduce the above copyright notice,
+    this list of conditions and the following disclaimer in the documentation
+    and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE. 
diff --git a/python/pyasn1-modules/MANIFEST.in b/python/pyasn1-modules/MANIFEST.in
new file mode 100644
index 000000000..056c1d05a
--- /dev/null
+++ b/python/pyasn1-modules/MANIFEST.in
@@ -0,0 +1,3 @@
+include CHANGES README LICENSE
+recursive-include tools *.py
+recursive-include test *.sh
diff --git a/python/pyasn1-modules/PKG-INFO b/python/pyasn1-modules/PKG-INFO
new file mode 100644
index 000000000..059bb2045
--- /dev/null
+++ b/python/pyasn1-modules/PKG-INFO
@@ -0,0 +1,26 @@
+Metadata-Version: 1.0
+Name: pyasn1-modules
+Version: 0.0.5
+Summary: A collection of ASN.1-based protocols modules.
+Home-page: http://sourceforge.net/projects/pyasn1/
+Author: Ilya Etingof <ilya@glas.net>
+Author-email: ilya@glas.net
+License: BSD
+Description: A collection of ASN.1 modules expressed in form of pyasn1 classes. Includes protocols PDUs definition (SNMP, LDAP etc.) and various data structures (X.509, PKCS etc.).
+Platform: any
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Education
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: Science/Research
+Classifier: Intended Audience :: System Administrators
+Classifier: Intended Audience :: Telecommunications Industry
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Natural Language :: English
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Communications
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
diff --git a/python/pyasn1-modules/README b/python/pyasn1-modules/README
new file mode 100644
index 000000000..a49a22efe
--- /dev/null
+++ b/python/pyasn1-modules/README
@@ -0,0 +1,17 @@
+
+ASN.1 modules for Python
+------------------------
+
+This is a small but growing collection of ASN.1 data structures
+[1] expressed in Python terms using pyasn1 [2] data model.
+
+It's thought to be useful to protocol developers and testers.
+
+All modules are py2k/py3k-compliant.
+
+If you happen to convert some ASN.1 module into pyasn1 that is not
+yet present in this collection and wish to contribute - please send
+it to me.
+
+=-=-=
+mailto: ilya@glas.net
diff --git a/python/pyasn1-modules/pyasn1_modules/__init__.py b/python/pyasn1-modules/pyasn1_modules/__init__.py
new file mode 100644
index 000000000..824d8dfe5
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/__init__.py
@@ -0,0 +1,2 @@
+# http://www.python.org/dev/peps/pep-0396/
+__version__ = '0.0.5'
diff --git a/python/pyasn1-modules/pyasn1_modules/pem.py b/python/pyasn1-modules/pyasn1_modules/pem.py
new file mode 100644
index 000000000..d8d815873
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/pem.py
@@ -0,0 +1,51 @@
+import base64, sys
+
+stSpam, stHam, stDump = 0, 1, 2
+
+# The markers parameters is in form ('start1', 'stop1'), ('start2', 'stop2')...
+# Return is (marker-index, substrate)
+def readPemBlocksFromFile(fileObj, *markers):
+    startMarkers = dict(map(lambda x: (x[1],x[0]),
+                            enumerate(map(lambda x: x[0], markers))))
+    stopMarkers = dict(map(lambda x: (x[1],x[0]),
+                           enumerate(map(lambda x: x[1], markers))))
+    idx = -1; substrate = ''
+    state = stSpam
+    while 1:
+        certLine = fileObj.readline()
+        if not certLine:
+            break
+        certLine = certLine.strip()
+        if state == stSpam:
+            if certLine in startMarkers:
+                certLines = []
+                idx = startMarkers[certLine]
+                state = stHam
+                continue
+        if state == stHam:
+            if certLine in stopMarkers and stopMarkers[certLine] == idx:
+                state = stDump
+            else:
+                certLines.append(certLine)
+        if state == stDump:
+            if sys.version_info[0] <= 2:
+                substrate = ''.join([ base64.b64decode(x) for x in certLines ])
+            else:
+                substrate = ''.encode().join([ base64.b64decode(x.encode()) for x in certLines ])
+            break
+    return idx, substrate
+
+# Backward compatibility routine
+def readPemFromFile(fileObj, 
+                    startMarker='-----BEGIN CERTIFICATE-----',
+                    endMarker='-----END CERTIFICATE-----'):
+    idx, substrate = readPemBlocksFromFile(fileObj, (startMarker, endMarker))
+    return substrate
+
+def readBase64FromFile(fileObj):
+    if sys.version_info[0] <= 2:
+        return ''.join([ base64.b64decode(x) for x in fileObj.readlines() ])
+    else:
+        return ''.encode().join(
+            [ base64.b64decode(x.encode()) for x in fileObj.readlines() ]
+        )
diff --git a/python/pyasn1-modules/pyasn1_modules/pkcs12.py b/python/pyasn1-modules/pyasn1_modules/pkcs12.py
new file mode 100644
index 000000000..fb17675c4
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/pkcs12.py
@@ -0,0 +1,34 @@
+#
+# PKCS#12 syntax
+#
+# ASN.1 source from:
+# ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12.asn
+#
+# Sample captures could be obtained with "openssl pkcs12" command
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint
+from pyasn1_modules.rfc2459 import *
+from pyasn1_modules import rfc2251
+
+class Attributes(univ.SetOf):
+    componentType = rfc2251.Attribute()
+
+class Version(univ.Integer): pass
+
+class CertificationRequestInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('subject', Name()),
+        namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
+        namedtype.NamedType('attributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+class Signature(univ.BitString): pass
+class SignatureAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class CertificationRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certificationRequestInfo', CertificationRequestInfo()),
+        namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+        namedtype.NamedType('signature', Signature())
+    )
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc1155.py b/python/pyasn1-modules/pyasn1_modules/rfc1155.py
new file mode 100644
index 000000000..9e3c5cdbe
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc1155.py
@@ -0,0 +1,73 @@
+#
+# SNMPv1 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1155.txt
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+
+class ObjectName(univ.ObjectIdentifier): pass
+
+class SimpleSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('number', univ.Integer()),
+        namedtype.NamedType('string', univ.OctetString()),
+        namedtype.NamedType('object', univ.ObjectIdentifier()),
+        namedtype.NamedType('empty', univ.Null())
+        )
+
+class IpAddress(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(
+        4, 4
+        )
+class NetworkAddress(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('internet', IpAddress())
+        )
+
+class Counter(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 1)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+class Gauge(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 2)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+class TimeTicks(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 3)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+class Opaque(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 4)
+        )
+    
+class ApplicationSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('address', NetworkAddress()),
+        namedtype.NamedType('counter', Counter()),
+        namedtype.NamedType('gauge', Gauge()),
+        namedtype.NamedType('ticks', TimeTicks()),
+        namedtype.NamedType('arbitrary', Opaque())
+        )
+    
+class ObjectSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('simple', SimpleSyntax()),
+        namedtype.NamedType('application-wide', ApplicationSyntax())
+        )
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc1157.py b/python/pyasn1-modules/pyasn1_modules/rfc1157.py
new file mode 100644
index 000000000..6a36b06a3
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc1157.py
@@ -0,0 +1,90 @@
+#
+# SNMPv1 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1157.txt
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+from pyasn1_modules import rfc1155
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('version-1', 0)
+        )
+    defaultValue = 0
+
+class Community(univ.OctetString): pass
+
+class RequestID(univ.Integer): pass
+class ErrorStatus(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('noError', 0),
+        ('tooBig', 1),
+        ('noSuchName', 2),
+        ('badValue', 3),
+        ('readOnly', 4),
+        ('genErr', 5)
+        )
+class ErrorIndex(univ.Integer): pass
+
+class VarBind(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('name', rfc1155.ObjectName()),
+        namedtype.NamedType('value', rfc1155.ObjectSyntax())
+        )
+class VarBindList(univ.SequenceOf):
+    componentType = VarBind()
+
+class _RequestBase(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('request-id', RequestID()),
+        namedtype.NamedType('error-status', ErrorStatus()),
+        namedtype.NamedType('error-index', ErrorIndex()),
+        namedtype.NamedType('variable-bindings', VarBindList())
+        )
+                            
+class GetRequestPDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+        )    
+class GetNextRequestPDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+        )
+class GetResponsePDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)
+        )
+class SetRequestPDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)
+        )
+
+class TrapPDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('enterprise', univ.ObjectIdentifier()),
+        namedtype.NamedType('agent-addr', rfc1155.NetworkAddress()),
+        namedtype.NamedType('generic-trap', univ.Integer().clone(namedValues=namedval.NamedValues(('coldStart', 0), ('warmStart', 1), ('linkDown', 2), ('linkUp', 3), ('authenticationFailure', 4), ('egpNeighborLoss', 5), ('enterpriseSpecific', 6)))),
+        namedtype.NamedType('specific-trap', univ.Integer()),
+        namedtype.NamedType('time-stamp', rfc1155.TimeTicks()),
+        namedtype.NamedType('variable-bindings', VarBindList())
+        )
+    
+class Pdus(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('get-request', GetRequestPDU()),
+        namedtype.NamedType('get-next-request', GetNextRequestPDU()),
+        namedtype.NamedType('get-response', GetResponsePDU()),
+        namedtype.NamedType('set-request', SetRequestPDU()),
+        namedtype.NamedType('trap', TrapPDU())
+        )
+        
+class Message(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('community', Community()),
+        namedtype.NamedType('data', Pdus())
+        )
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc1901.py b/python/pyasn1-modules/pyasn1_modules/rfc1901.py
new file mode 100644
index 000000000..8cd7e7d12
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc1901.py
@@ -0,0 +1,15 @@
+#
+# SNMPv2c message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1901.txt
+#
+from pyasn1.type import univ, namedtype, namedval
+
+class Message(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer(namedValues = namedval.NamedValues(('version-2c', 1)))),
+        namedtype.NamedType('community', univ.OctetString()),
+        namedtype.NamedType('data', univ.Any())
+        )
+
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc1902.py b/python/pyasn1-modules/pyasn1_modules/rfc1902.py
new file mode 100644
index 000000000..df0b0c3dc
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc1902.py
@@ -0,0 +1,105 @@
+#
+# SNMPv2c message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1902.txt
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+
+class Integer(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        -2147483648, 2147483647
+        )
+
+class Integer32(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        -2147483648, 2147483647
+        )
+    
+class OctetString(univ.OctetString):
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueSizeConstraint(
+        0, 65535
+        )
+
+class IpAddress(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x00)
+        )
+    subtypeSpec = univ.OctetString.subtypeSpec+constraint.ValueSizeConstraint(
+        4, 4
+        )
+
+class Counter32(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x01)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+
+class Gauge32(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x02)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+
+class Unsigned32(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x02)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+
+class TimeTicks(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x03)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        0, 4294967295
+        )
+
+class Opaque(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x04)
+        )
+
+class Counter64(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x06)
+        )
+    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+        0, 18446744073709551615
+        )
+
+class Bits(univ.OctetString): pass
+
+class ObjectName(univ.ObjectIdentifier): pass
+
+class SimpleSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('integer-value', Integer()),
+        namedtype.NamedType('string-value', OctetString()),
+        namedtype.NamedType('objectID-value', univ.ObjectIdentifier())
+        )
+
+class ApplicationSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ipAddress-value', IpAddress()),
+        namedtype.NamedType('counter-value', Counter32()),
+        namedtype.NamedType('timeticks-value', TimeTicks()),
+        namedtype.NamedType('arbitrary-value', Opaque()),
+        namedtype.NamedType('big-counter-value', Counter64()),
+# This conflicts with Counter32
+#        namedtype.NamedType('unsigned-integer-value', Unsigned32()),
+        namedtype.NamedType('gauge32-value', Gauge32())
+        ) # BITS misplaced?
+
+class ObjectSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('simple', SimpleSyntax()),
+        namedtype.NamedType('application-wide', ApplicationSyntax())
+        )
+
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc1905.py b/python/pyasn1-modules/pyasn1_modules/rfc1905.py
new file mode 100644
index 000000000..bec60f8e3
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc1905.py
@@ -0,0 +1,100 @@
+#
+# SNMPv2c PDU syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1905.txt
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+from pyasn1_modules import rfc1902
+
+max_bindings = rfc1902.Integer(2147483647)
+
+class _BindValue(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('value', rfc1902.ObjectSyntax()),
+        namedtype.NamedType('unSpecified', univ.Null()),
+        namedtype.NamedType('noSuchObject', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('noSuchInstance', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('endOfMibView', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        )
+        
+class VarBind(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('name', rfc1902.ObjectName()),
+        namedtype.NamedType('', _BindValue())
+        )
+    
+class VarBindList(univ.SequenceOf):
+    componentType = VarBind()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(
+        0, max_bindings
+        )
+
+class PDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('request-id', rfc1902.Integer32()),
+        namedtype.NamedType('error-status', univ.Integer(namedValues=namedval.NamedValues(('noError', 0), ('tooBig', 1), ('noSuchName', 2), ('badValue', 3), ('readOnly', 4), ('genErr', 5), ('noAccess', 6), ('wrongType', 7), ('wrongLength', 8), ('wrongEncoding', 9), ('wrongValue', 10), ('noCreation', 11), ('inconsistentValue', 12), ('resourceUnavailable', 13), ('commitFailed', 14), ('undoFailed', 15), ('authorizationError', 16), ('notWritable', 17), ('inconsistentName', 18)))),
+        namedtype.NamedType('error-index', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+        namedtype.NamedType('variable-bindings', VarBindList())
+        )
+
+class BulkPDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('request-id', rfc1902.Integer32()),
+        namedtype.NamedType('non-repeaters', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+        namedtype.NamedType('max-repetitions', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+        namedtype.NamedType('variable-bindings', VarBindList())
+        )
+
+class GetRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+        )
+
+class GetNextRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+        )
+
+class ResponsePDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)
+        )
+
+class SetRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)
+        )
+
+class GetBulkRequestPDU(BulkPDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)
+        )
+
+class InformRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6)
+        )
+
+class SNMPv2TrapPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)
+        )
+
+class ReportPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8)
+        )
+
+class PDUs(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('get-request', GetRequestPDU()),
+        namedtype.NamedType('get-next-request', GetNextRequestPDU()),
+        namedtype.NamedType('get-bulk-request', GetBulkRequestPDU()),
+        namedtype.NamedType('response', ResponsePDU()),
+        namedtype.NamedType('set-request', SetRequestPDU()),
+        namedtype.NamedType('inform-request', InformRequestPDU()),
+        namedtype.NamedType('snmpV2-trap', SNMPv2TrapPDU()),
+        namedtype.NamedType('report', ReportPDU())
+        )
+
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc2251.py b/python/pyasn1-modules/pyasn1_modules/rfc2251.py
new file mode 100644
index 000000000..3074c67a3
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2251.py
@@ -0,0 +1,319 @@
+#
+# LDAP message syntax
+#
+# ASN.1 source from:
+# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/ldap.asn
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint,char,useful
+from pyasn1.codec.der import decoder, encoder
+
+maxInt = univ.Integer(2147483647)
+
+class LDAPString(univ.OctetString): pass
+class LDAPOID(univ.OctetString): pass
+
+class LDAPDN(LDAPString): pass
+class RelativeLDAPDN(LDAPString): pass
+class AttributeType(LDAPString): pass
+class AttributeDescription(LDAPString): pass
+
+class AttributeDescriptionList(univ.SequenceOf):
+    componentType = AttributeDescription()
+
+class AttributeValue(univ.OctetString): pass
+
+class AssertionValue(univ.OctetString): pass
+
+class AttributeValueAssertion(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('attributeDesc', AttributeDescription()),
+        namedtype.NamedType('assertionValue', AssertionValue())
+        )
+
+class Attribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeDescription()),
+        namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+        )
+
+class MatchingRuleId(LDAPString): pass
+
+class Control(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('controlType', LDAPOID()),
+        namedtype.DefaultedNamedType('criticality', univ.Boolean('False')),
+        namedtype.OptionalNamedType('controlValue', univ.OctetString())
+        )
+                         
+class Controls(univ.SequenceOf):
+    componentType = Control()
+
+class LDAPURL(LDAPString): pass
+
+class Referral(univ.SequenceOf):
+    componentType = LDAPURL()
+
+class SaslCredentials(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('mechanism', LDAPString()),
+        namedtype.OptionalNamedType('credentials', univ.OctetString())
+        )
+    
+class AuthenticationChoice(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('simple', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('reserved-1', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('reserved-2', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.NamedType('sasl', SaslCredentials().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+        )
+        
+class BindRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 0)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 127))),
+        namedtype.NamedType('name', LDAPDN()),
+        namedtype.NamedType('authentication', AuthenticationChoice())
+        )
+
+class PartialAttributeList(univ.SequenceOf):
+    componentType = univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))))
+    
+class SearchResultEntry(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 4)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('objectName', LDAPDN()),
+        namedtype.NamedType('attributes', PartialAttributeList())
+        )
+
+class MatchingRuleAssertion(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('matchingRule', MatchingRuleId().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('type', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.NamedType('matchValue', AssertionValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.DefaultedNamedType('dnAttributes', univ.Boolean('False').subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+        )
+        
+class SubstringFilter(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeDescription()),
+        namedtype.NamedType('substrings', univ.SequenceOf(componentType=univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('initial', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('any', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('final', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))))))
+        )
+
+# Ugly hack to handle recursive Filter reference (up to 3-levels deep).
+
+class Filter3(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+        )
+
+class Filter2(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('and', univ.SetOf(componentType=Filter3()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('or', univ.SetOf(componentType=Filter3()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('not', Filter3().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+        )
+
+class Filter(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('and', univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('or', univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('not', Filter2().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+        )
+
+# End of Filter hack
+
+class SearchRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('baseObject', LDAPDN()),
+        namedtype.NamedType('scope', univ.Enumerated(namedValues=namedval.NamedValues(('baseObject', 0), ('singleLevel', 1), ('wholeSubtree', 2)))),
+        namedtype.NamedType('derefAliases', univ.Enumerated(namedValues=namedval.NamedValues(('neverDerefAliases', 0), ('derefInSearching', 1), ('derefFindingBaseObj', 2), ('derefAlways', 3)))),
+        namedtype.NamedType('sizeLimit', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
+        namedtype.NamedType('timeLimit', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
+        namedtype.NamedType('typesOnly', univ.Boolean()),
+        namedtype.NamedType('filter', Filter()),
+        namedtype.NamedType('attributes', AttributeDescriptionList())
+        )
+
+class UnbindRequest(univ.Null):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 2)
+        )
+
+class BindResponse(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('matchedDN', LDAPDN()),
+        namedtype.NamedType('errorMessage', LDAPString()),
+        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('serverSaslCreds', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)))
+        )
+
+class LDAPResult(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('matchedDN', LDAPDN()),
+        namedtype.NamedType('errorMessage', LDAPString()),
+        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+        )
+
+class SearchResultReference(univ.SequenceOf):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 19)
+        )
+    componentType = LDAPURL()
+
+class SearchResultDone(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 5)
+        )
+
+class AttributeTypeAndValues(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeDescription()),
+        namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+        )
+    
+class ModifyRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 6)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('object', LDAPDN()),
+        namedtype.NamedType('modification', univ.SequenceOf(componentType=univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('operation', univ.Enumerated(namedValues=namedval.NamedValues(('add', 0), ('delete', 1), ('replace', 2)))), namedtype.NamedType('modification', AttributeTypeAndValues())))))
+        )
+
+class ModifyResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 7)
+        )
+
+class AttributeList(univ.SequenceOf):
+    componentType = univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))))
+                                                                     
+class AddRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 8)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('entry', LDAPDN()),
+        namedtype.NamedType('attributes', AttributeList())
+        )
+
+class AddResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 9)
+        )
+
+class DelRequest(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10)
+        )
+
+class DelResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 11)
+        )
+
+class ModifyDNRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('entry', LDAPDN()),
+        namedtype.NamedType('newrdn', RelativeLDAPDN()),
+        namedtype.NamedType('deleteoldrdn', univ.Boolean()),
+        namedtype.OptionalNamedType('newSuperior', LDAPDN().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        
+        )
+
+class ModifyDNResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 13)
+        )
+
+class CompareRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 14)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('entry', LDAPDN()),
+        namedtype.NamedType('ava', AttributeValueAssertion())
+        )
+
+class CompareResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 15)
+        )
+
+class AbandonRequest(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 16)
+        )
+
+class ExtendedRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 23)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('requestName', LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('requestValue', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+        )
+
+class ExtendedResponse(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 24)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('matchedDN', LDAPDN()),
+        namedtype.NamedType('errorMessage', LDAPString()),
+        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+
+        namedtype.OptionalNamedType('responseName', LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))),
+        namedtype.OptionalNamedType('response', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
+        )
+
+class MessageID(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, maxInt
+        )
+
+class LDAPMessage(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('messageID', MessageID()),
+        namedtype.NamedType('protocolOp', univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('bindRequest', BindRequest()), namedtype.NamedType('bindResponse', BindResponse()), namedtype.NamedType('unbindRequest', UnbindRequest()), namedtype.NamedType('searchRequest', SearchRequest()), namedtype.NamedType('searchResEntry', SearchResultEntry()), namedtype.NamedType('searchResDone', SearchResultDone()), namedtype.NamedType('searchResRef', SearchResultReference()), namedtype.NamedType('modifyRequest', ModifyRequest()), namedtype.NamedType('modifyResponse', ModifyResponse()), namedtype.NamedType('addRequest', AddRequest()), namedtype.NamedType('addResponse', AddResponse()), namedtype.NamedType('delRequest', DelRequest()), namedtype.NamedType('delResponse', DelResponse()), namedtype.NamedType('modDNRequest', ModifyDNRequest()), namedtype.NamedType('modDNResponse', ModifyDNResponse()), namedtype.NamedType('compareRequest', CompareRequest()), namedtype.NamedType('compareResponse', CompareResponse()), namedtype.NamedType('abandonRequest', AbandonRequest()), namedtype.NamedType('extendedReq', ExtendedRequest()), namedtype.NamedType('extendedResp', ExtendedResponse())))),
+        namedtype.OptionalNamedType('controls', Controls().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        )
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc2314.py b/python/pyasn1-modules/pyasn1_modules/rfc2314.py
new file mode 100644
index 000000000..86b11fb30
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2314.py
@@ -0,0 +1,33 @@
+#
+# PKCS#10 syntax
+#
+# ASN.1 source from:
+# http://tools.ietf.org/html/rfc2314
+#
+# Sample captures could be obtained with "openssl req" command
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint
+from pyasn1_modules.rfc2459 import *
+
+class Attributes(univ.SetOf):
+    componentType = Attribute()
+
+class Version(univ.Integer): pass
+
+class CertificationRequestInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('subject', Name()),
+        namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
+        namedtype.NamedType('attributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+class Signature(univ.BitString): pass
+class SignatureAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class CertificationRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certificationRequestInfo', CertificationRequestInfo()),
+        namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+        namedtype.NamedType('signature', Signature())
+    )
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc2315.py b/python/pyasn1-modules/pyasn1_modules/rfc2315.py
new file mode 100644
index 000000000..76bb9573c
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2315.py
@@ -0,0 +1,205 @@
+#
+# PKCS#7 message syntax
+#
+# ASN.1 source from:
+# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/pkcs7.asn
+#
+# Sample captures from:
+# openssl crl2pkcs7 -nocrl -certfile cert1.cer -out outfile.p7b
+#
+from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful
+from pyasn1_modules.rfc2459 import *
+
+class Attribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeType()),
+        namedtype.NamedType('values', univ.SetOf(componentType=AttributeValue()))
+        )
+
+class AttributeValueAssertion(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('attributeType', AttributeType()),
+        namedtype.NamedType('attributeValue', AttributeValue())
+        )
+
+pkcs_7 = univ.ObjectIdentifier('1.2.840.113549.1.7')
+data = univ.ObjectIdentifier('1.2.840.113549.1.7.1')
+signedData = univ.ObjectIdentifier('1.2.840.113549.1.7.2')
+envelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.3')
+signedAndEnvelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.4')
+digestedData = univ.ObjectIdentifier('1.2.840.113549.1.7.5')
+encryptedData = univ.ObjectIdentifier('1.2.840.113549.1.7.6')
+
+class ContentType(univ.ObjectIdentifier): pass
+
+class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class EncryptedContent(univ.OctetString): pass
+
+class EncryptedContentInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('contentType', ContentType()),
+        namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()),
+        namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        )
+
+class Version(univ.Integer): pass  # overrides x509.Version
+
+class EncryptedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
+        )
+
+class DigestAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class DigestAlgorithmIdentifiers(univ.SetOf):
+    componentType = DigestAlgorithmIdentifier()
+
+class Digest(univ.OctetString): pass
+
+class ContentInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('contentType', ContentType()),
+        namedtype.OptionalNamedType('content', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        )
+
+class DigestedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+        namedtype.NamedType('contentInfo', ContentInfo()),
+        namedtype.NamedType('digest', Digest)
+        )
+
+class IssuerAndSerialNumber(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('serialNumber', CertificateSerialNumber())
+        )
+
+class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class EncryptedKey(univ.OctetString): pass
+
+class RecipientInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+        namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+        namedtype.NamedType('encryptedKey', EncryptedKey())
+        )
+                    
+class RecipientInfos(univ.SetOf):
+    componentType = RecipientInfo()
+
+class Attributes(univ.SetOf):
+    componentType = Attribute()
+
+class ExtendedCertificateInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('certificate', Certificate()),
+        namedtype.NamedType('attributes', Attributes())
+        )
+
+class SignatureAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class Signature(univ.BitString): pass
+
+class ExtendedCertificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()),
+        namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+        namedtype.NamedType('signature', Signature())
+        )
+
+class ExtendedCertificateOrCertificate(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certificate', Certificate()),
+        namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        )
+
+class ExtendedCertificatesAndCertificates(univ.SetOf):
+    componentType = ExtendedCertificateOrCertificate()
+
+class SerialNumber(univ.Integer): pass
+
+class CRLEntry(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('userCertificate', SerialNumber()),
+        namedtype.NamedType('revocationDate', useful.UTCTime())
+        )
+
+class TBSCertificateRevocationList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signature', AlgorithmIdentifier()),
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('lastUpdate', useful.UTCTime()),
+        namedtype.NamedType('nextUpdate', useful.UTCTime()),
+        namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=CRLEntry()))
+        )
+                            
+class CertificateRevocationList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsCertificateRevocationList', TBSCertificateRevocationList()),
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString())
+        )
+
+class CertificateRevocationLists(univ.SetOf):
+    componentType = CertificateRevocationList()
+
+class DigestEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass
+
+class EncryptedDigest(univ.OctetString): pass
+
+class SignerInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+        namedtype.OptionalNamedType('authenticatedAttributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('digestEncryptionAlgorithm', DigestEncryptionAlgorithmIdentifier()),
+        namedtype.NamedType('encryptedDigest', EncryptedDigest()),
+        namedtype.OptionalNamedType('unauthenticatedAttributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+        )
+                    
+class SignerInfos(univ.SetOf):
+    componentType = SignerInfo()
+
+class SignedAndEnvelopedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('recipientInfos', RecipientInfos()),
+        namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
+        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
+        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('signerInfos', SignerInfos())
+        )
+
+class EnvelopedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('recipientInfos', RecipientInfos()),
+        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
+        )
+    
+class DigestInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+        namedtype.NamedType('digest', Digest())
+        )
+                    
+class SignedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
+        namedtype.NamedType('contentInfo', ContentInfo()),
+        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('signerInfos', SignerInfos())
+        )
+        
+class Data(univ.OctetString): pass
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc2437.py b/python/pyasn1-modules/pyasn1_modules/rfc2437.py
new file mode 100644
index 000000000..3abf6dc3a
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2437.py
@@ -0,0 +1,53 @@
+#
+# PKCS#1 syntax
+#
+# ASN.1 source from:
+# ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2.asn
+#
+# Sample captures could be obtained with "openssl genrsa" command
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint
+from pyasn1_modules.rfc2459 import AlgorithmIdentifier
+
+pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1')
+rsaEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1')
+md2WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.2')
+md4WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.3')
+md5WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.4')
+sha1WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.5')
+rsaOAEPEncryptionSET = univ.ObjectIdentifier('1.2.840.113549.1.1.6')
+id_RSAES_OAEP = univ.ObjectIdentifier('1.2.840.113549.1.1.7')
+id_mgf1 = univ.ObjectIdentifier('1.2.840.113549.1.1.8')
+id_pSpecified = univ.ObjectIdentifier('1.2.840.113549.1.1.9')
+id_sha1 = univ.ObjectIdentifier('1.3.14.3.2.26')
+
+MAX = 16
+
+class Version(univ.Integer): pass
+
+class RSAPrivateKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer()),
+        namedtype.NamedType('privateExponent', univ.Integer()),
+        namedtype.NamedType('prime1', univ.Integer()),
+        namedtype.NamedType('prime2', univ.Integer()),
+        namedtype.NamedType('exponent1', univ.Integer()),
+        namedtype.NamedType('exponent2', univ.Integer()),
+        namedtype.NamedType('coefficient', univ.Integer())
+    )
+
+class RSAPublicKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer())
+    )
+
+# XXX defaults not set
+class RSAES_OAEP_params(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('hashFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('maskGenFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('pSourceFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+    )
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc2459.py b/python/pyasn1-modules/pyasn1_modules/rfc2459.py
new file mode 100644
index 000000000..c5021e0db
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2459.py
@@ -0,0 +1,903 @@
+#
+# X.509 message syntax
+#
+# ASN.1 source from:
+# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/x509.asn
+# http://www.ietf.org/rfc/rfc2459.txt
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful
+
+MAX = 64  # XXX ?
+
+#
+# PKIX1Explicit88
+#
+
+# Upper Bounds
+ub_name = univ.Integer(32768)
+ub_common_name = univ.Integer(64)
+ub_locality_name = univ.Integer(128)
+ub_state_name = univ.Integer(128)
+ub_organization_name = univ.Integer(64)
+ub_organizational_unit_name = univ.Integer(64)
+ub_title = univ.Integer(64)
+ub_match = univ.Integer(128)
+ub_emailaddress_length = univ.Integer(128)
+ub_common_name_length = univ.Integer(64)
+ub_country_name_alpha_length = univ.Integer(2)
+ub_country_name_numeric_length = univ.Integer(3)
+ub_domain_defined_attributes = univ.Integer(4)
+ub_domain_defined_attribute_type_length = univ.Integer(8)
+ub_domain_defined_attribute_value_length = univ.Integer(128)
+ub_domain_name_length = univ.Integer(16)
+ub_extension_attributes = univ.Integer(256)
+ub_e163_4_number_length = univ.Integer(15)
+ub_e163_4_sub_address_length = univ.Integer(40)
+ub_generation_qualifier_length = univ.Integer(3)
+ub_given_name_length = univ.Integer(16)
+ub_initials_length = univ.Integer(5)
+ub_integer_options = univ.Integer(256)
+ub_numeric_user_id_length = univ.Integer(32)
+ub_organization_name_length = univ.Integer(64)
+ub_organizational_unit_name_length = univ.Integer(32)
+ub_organizational_units = univ.Integer(4)
+ub_pds_name_length = univ.Integer(16)
+ub_pds_parameter_length = univ.Integer(30)
+ub_pds_physical_address_lines = univ.Integer(6)
+ub_postal_code_length = univ.Integer(16)
+ub_surname_length = univ.Integer(40)
+ub_terminal_id_length = univ.Integer(24)
+ub_unformatted_address_length = univ.Integer(180)
+ub_x121_address_length = univ.Integer(16)
+
+class UniversalString(char.UniversalString): pass
+class BMPString(char.BMPString): pass
+class UTF8String(char.UTF8String): pass
+
+id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7')
+id_pe = univ.ObjectIdentifier('1.3.6.1.5.5.7.1')
+id_qt = univ.ObjectIdentifier('1.3.6.1.5.5.7.2')
+id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3')
+id_ad = univ.ObjectIdentifier('1.3.6.1.5.5.7.48')
+
+id_qt_cps = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.1')
+id_qt_unotice = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.2')
+
+id_ad_ocsp = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.1')
+id_ad_caIssuers = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.2')
+
+class AttributeValue(univ.Any): pass
+
+class AttributeType(univ.ObjectIdentifier): pass
+
+class AttributeTypeAndValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeType()),
+        namedtype.NamedType('value', AttributeValue())
+        )
+
+class Attribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeType()),
+        namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+        )
+
+id_at = univ.ObjectIdentifier('2.5.4')
+id_at_name = univ.ObjectIdentifier('2.5.4.41')
+id_at_sutname = univ.ObjectIdentifier('2.5.4.4')
+id_at_givenName = univ.ObjectIdentifier('2.5.4.42')
+id_at_initials = univ.ObjectIdentifier('2.5.4.43')
+id_at_generationQualifier = univ.ObjectIdentifier('2.5.4.44')
+
+class X520name(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name)))
+    )
+
+id_at_commonName = univ.ObjectIdentifier('2.5.4.3')
+
+class X520CommonName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name)))
+    )
+
+id_at_localityName = univ.ObjectIdentifier('2.5.4.7')
+
+class X520LocalityName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name)))
+    )
+
+id_at_stateOrProvinceName = univ.ObjectIdentifier('2.5.4.8')
+
+class X520StateOrProvinceName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name)))
+    )
+
+id_at_organizationName = univ.ObjectIdentifier('2.5.4.10')
+
+class X520OrganizationName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name)))
+    )
+
+id_at_organizationalUnitName = univ.ObjectIdentifier('2.5.4.11')
+
+class X520OrganizationalUnitName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name)))
+    )
+
+id_at_title = univ.ObjectIdentifier('2.5.4.12')
+
+class X520Title(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title)))
+    )
+
+id_at_dnQualifier = univ.ObjectIdentifier('2.5.4.46')
+
+class X520dnQualifier(char.PrintableString): pass
+
+id_at_countryName = univ.ObjectIdentifier('2.5.4.6')
+
+class X520countryName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(2, 2)
+
+pkcs_9 = univ.ObjectIdentifier('1.2.840.113549.1.9')
+
+emailAddress = univ.ObjectIdentifier('1.2.840.113549.1.9.1')
+
+class Pkcs9email(char.IA5String):
+    subtypeSpec = char.IA5String.subtypeSpec + constraint.ValueSizeConstraint(1, ub_emailaddress_length)
+
+# ----
+
+class DSAPrivateKey(univ.Sequence):
+    """PKIX compliant DSA private key structure"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 0)))),
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer()),
+        namedtype.NamedType('public', univ.Integer()),
+        namedtype.NamedType('private', univ.Integer())
+        )
+
+# ----
+
+class RelativeDistinguishedName(univ.SetOf):
+    componentType = AttributeTypeAndValue()
+
+class RDNSequence(univ.SequenceOf):
+    componentType = RelativeDistinguishedName()
+
+class Name(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('', RDNSequence())
+        )
+
+class DirectoryString(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('ia5String', char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) # hm, this should not be here!? XXX
+        )
+
+# certificate and CRL specific structures begin here
+                          
+class AlgorithmIdentifier(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('algorithm', univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('parameters', univ.Any())
+        )
+
+class Extension(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('extnID', univ.ObjectIdentifier()),
+        namedtype.DefaultedNamedType('critical', univ.Boolean('False')),
+        namedtype.NamedType('extnValue', univ.Any())
+        )
+
+class Extensions(univ.SequenceOf):
+    componentType = Extension()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class SubjectPublicKeyInfo(univ.Sequence):
+     componentType = namedtype.NamedTypes(
+         namedtype.NamedType('algorithm', AlgorithmIdentifier()),
+         namedtype.NamedType('subjectPublicKey', univ.BitString())
+         )
+
+class UniqueIdentifier(univ.BitString): pass
+
+class Time(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('utcTime', useful.UTCTime()),
+        namedtype.NamedType('generalTime', useful.GeneralizedTime())
+        )
+    
+class Validity(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('notBefore', Time()),
+        namedtype.NamedType('notAfter', Time())
+        )
+
+class CertificateSerialNumber(univ.Integer): pass
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('v1', 0), ('v2', 1), ('v3', 2)
+        )
+
+class TBSCertificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('serialNumber', CertificateSerialNumber()),
+        namedtype.NamedType('signature', AlgorithmIdentifier()),
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('validity', Validity()),
+        namedtype.NamedType('subject', Name()),
+        namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
+        namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('extensions', Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+        )
+
+class Certificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsCertificate', TBSCertificate()),
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signatureValue', univ.BitString())
+        )
+
+# CRL structures
+
+class RevokedCertificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('userCertificate', CertificateSerialNumber()),
+        namedtype.NamedType('revocationDate', Time()),
+        namedtype.OptionalNamedType('crlEntryExtensions', Extensions())
+    )
+ 
+class TBSCertList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('version', Version()),
+        namedtype.NamedType('signature', AlgorithmIdentifier()),
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('thisUpdate', Time()),
+        namedtype.OptionalNamedType('nextUpdate', Time()),
+        namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=RevokedCertificate())),
+        namedtype.OptionalNamedType('crlExtensions', Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+class CertificateList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsCertList', TBSCertList()),
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString())
+    )
+
+# Algorithm OIDs and parameter structures
+
+pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1')
+rsaEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1')
+md2WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.2')
+md5WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.4')
+sha1WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.5')
+id_dsa_with_sha1 = univ.ObjectIdentifier('1.2.840.10040.4.3')
+
+class Dss_Sig_Value(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('r', univ.Integer()),
+        namedtype.NamedType('s', univ.Integer())
+    )
+
+dhpublicnumber = univ.ObjectIdentifier('1.2.840.10046.2.1')
+
+class ValidationParms(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('seed', univ.BitString()),
+        namedtype.NamedType('pgenCounter', univ.Integer())
+    )
+
+class DomainParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.NamedType('j', univ.Integer()),
+        namedtype.OptionalNamedType('validationParms', ValidationParms())
+    )
+
+id_dsa = univ.ObjectIdentifier('1.2.840.10040.4.1')
+
+class Dss_Parms(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer())
+    )
+
+# x400 address syntax starts here
+
+teletex_domain_defined_attributes = univ.Integer(6)
+
+class TeletexDomainDefinedAttribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
+        namedtype.NamedType('value', char.TeletexString())
+    )
+
+class TeletexDomainDefinedAttributes(univ.SequenceOf):
+    componentType = TeletexDomainDefinedAttribute()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
+
+terminal_type = univ.Integer(23)
+
+class TerminalType(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, ub_integer_options)
+    namedValues = namedval.NamedValues(
+        ('telex', 3),
+        ('teletelex', 4),
+        ('g3-facsimile', 5),
+        ('g4-facsimile', 6),
+        ('ia5-terminal', 7),
+        ('videotex', 8)
+    )
+
+class PresentationAddress(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3), subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    )
+
+extended_network_address = univ.Integer(22)
+
+class E163_4_address(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('number', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_number_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('sub-address', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_sub_address_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+class ExtendedNetworkAddress(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('e163-4-address', E163_4_address()),
+        namedtype.NamedType('psap-address', PresentationAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+class PDSParameter(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('printable-string', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))),
+        namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)))
+    )
+
+local_postal_attributes = univ.Integer(21)
+
+class LocalPostalAttributes(PDSParameter): pass
+
+class UniquePostalName(PDSParameter): pass
+
+unique_postal_name = univ.Integer(20)
+
+poste_restante_address = univ.Integer(19)
+
+class PosteRestanteAddress(PDSParameter): pass
+
+post_office_box_address = univ.Integer(18)
+
+class PostOfficeBoxAddress(PDSParameter): pass
+
+street_address = univ.Integer(17)
+
+class StreetAddress(PDSParameter): pass
+
+class UnformattedPostalAddress(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('printable-address', univ.SequenceOf(componentType=char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_physical_address_lines)))),
+        namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_unformatted_address_length)))
+    )
+
+physical_delivery_office_name = univ.Integer(10)
+
+class PhysicalDeliveryOfficeName(PDSParameter): pass
+
+physical_delivery_office_number = univ.Integer(11)
+
+class PhysicalDeliveryOfficeNumber(PDSParameter): pass
+
+extension_OR_address_components = univ.Integer(12)
+
+class ExtensionORAddressComponents(PDSParameter): pass
+
+physical_delivery_personal_name = univ.Integer(13)
+
+class PhysicalDeliveryPersonalName(PDSParameter): pass
+
+physical_delivery_organization_name = univ.Integer(14)
+
+class PhysicalDeliveryOrganizationName(PDSParameter): pass
+
+extension_physical_delivery_address_components = univ.Integer(15)
+
+class ExtensionPhysicalDeliveryAddressComponents(PDSParameter): pass
+
+unformatted_postal_address = univ.Integer(16)
+
+postal_code = univ.Integer(9)
+
+class PostalCode(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('numeric-code', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))),
+        namedtype.NamedType('printable-code', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length)))
+    )
+
+class PhysicalDeliveryCountryName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, ub_country_name_numeric_length))),
+        namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
+    )
+
+class PDSName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_pds_name_length)
+
+physical_delivery_country_name = univ.Integer(8)
+
+class TeletexOrganizationalUnitName(char.TeletexString):
+    subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
+
+pds_name = univ.Integer(7)
+
+teletex_organizational_unit_names = univ.Integer(5)
+
+class TeletexOrganizationalUnitNames(univ.SequenceOf):
+    componentType = TeletexOrganizationalUnitName()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units)
+
+teletex_personal_name = univ.Integer(4)
+
+class TeletexPersonalName(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('surname', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('given-name', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('initials', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('generation-qualifier', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+    )
+
+teletex_organization_name = univ.Integer(3)
+
+class TeletexOrganizationName(char.TeletexString):
+    subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length)
+
+teletex_common_name = univ.Integer(2)
+
+class TeletexCommonName(char.TeletexString):
+    subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length)
+
+class CommonName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length)
+
+common_name = univ.Integer(1)
+
+class ExtensionAttribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('extension-attribute-type', univ.Integer().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, ub_extension_attributes), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('extension-attribute-value', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+class ExtensionAttributes(univ.SetOf):
+    componentType = ExtensionAttribute()
+    subtypeSpec = univ.SetOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_extension_attributes)
+
+class BuiltInDomainDefinedAttribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
+        namedtype.NamedType('value', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length)))
+    )
+
+class BuiltInDomainDefinedAttributes(univ.SequenceOf):
+    componentType = BuiltInDomainDefinedAttribute()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
+
+class OrganizationalUnitName(char.PrintableString):
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
+
+class OrganizationalUnitNames(univ.SequenceOf):
+    componentType = OrganizationalUnitName()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units)
+
+class PersonalName(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('surname', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('given-name', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('initials', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('generation-qualifier', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+    )
+
+class NumericUserIdentifier(char.NumericString):
+    subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_numeric_user_id_length)
+
+class OrganizationName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length)
+
+class PrivateDomainName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('numeric', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))),
+        namedtype.NamedType('printable', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length)))
+    )
+
+class TerminalIdentifier(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_terminal_id_length)
+
+class X121Address(char.NumericString):
+    subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_x121_address_length)
+
+class NetworkAddress(X121Address): pass
+
+class AdministrationDomainName(univ.Choice):
+    tagSet = univ.Choice.tagSet.tagExplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('numeric', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))),
+        namedtype.NamedType('printable', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length)))
+    )
+
+class CountryName(univ.Choice):
+    tagSet = univ.Choice.tagSet.tagExplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1)
+        )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, ub_country_name_numeric_length))),
+        namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
+    )
+
+class BuiltInStandardAttributes(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('country-name', CountryName()),
+        namedtype.OptionalNamedType('administration-domain-name', AdministrationDomainName()),
+        namedtype.OptionalNamedType('network-address', NetworkAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('terminal-identifier', TerminalIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('private-domain-name', PrivateDomainName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('organization-name', OrganizationName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.OptionalNamedType('numeric-user-identifier', NumericUserIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+        namedtype.OptionalNamedType('personal-name', PersonalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+        namedtype.OptionalNamedType('organizational-unit-names', OrganizationalUnitNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6)))
+    )
+
+class ORAddress(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('built-in-standard-attributes', BuiltInStandardAttributes()),
+        namedtype.OptionalNamedType('built-in-domain-defined-attributes', BuiltInDomainDefinedAttributes()),
+        namedtype.OptionalNamedType('extension-attributes', ExtensionAttributes())
+    )
+
+#
+# PKIX1Implicit88
+#
+
+id_ce_invalidityDate = univ.ObjectIdentifier('2.5.29.24')
+
+class InvalidityDate(useful.GeneralizedTime): pass
+
+id_holdinstruction_none = univ.ObjectIdentifier('2.2.840.10040.2.1')
+id_holdinstruction_callissuer = univ.ObjectIdentifier('2.2.840.10040.2.2')
+id_holdinstruction_reject = univ.ObjectIdentifier('2.2.840.10040.2.3')
+
+holdInstruction = univ.ObjectIdentifier('2.2.840.10040.2')
+
+id_ce_holdInstructionCode = univ.ObjectIdentifier('2.5.29.23')
+
+class HoldInstructionCode(univ.ObjectIdentifier): pass
+
+id_ce_cRLReasons = univ.ObjectIdentifier('2.5.29.21')
+
+class CRLReason(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('unspecified', 0),
+        ('keyCompromise', 1),
+        ('cACompromise', 2),
+        ('affiliationChanged', 3),
+        ('superseded', 4),
+        ('cessationOfOperation', 5),
+        ('certificateHold', 6),
+        ('removeFromCRL', 8)
+    )
+
+id_ce_cRLNumber = univ.ObjectIdentifier('2.5.29.20')
+
+class CRLNumber(univ.Integer):
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(0, MAX)
+
+class BaseCRLNumber(CRLNumber): pass
+
+id_kp_serverAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.1.1')
+id_kp_clientAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.2')
+id_kp_codeSigning = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.3')
+id_kp_emailProtection = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.4')
+id_kp_ipsecEndSystem = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.5')
+id_kp_ipsecTunnel = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.6')
+id_kp_ipsecUser = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.7')
+id_kp_timeStamping = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.8')
+id_pe_authorityInfoAccess = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.1')
+id_ce_extKeyUsage = univ.ObjectIdentifier('2.5.29.37')
+
+class KeyPurposeId(univ.ObjectIdentifier): pass
+
+class ExtKeyUsageSyntax(univ.SequenceOf):
+    componentType = KeyPurposeId()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class ReasonFlags(univ.BitString):
+    namedValues = namedval.NamedValues(
+        ('unused', 0),
+        ('keyCompromise', 1),
+        ('cACompromise', 2),
+        ('affiliationChanged', 3),
+        ('superseded', 4),
+        ('cessationOfOperation', 5),
+        ('certificateHold', 6)
+    )
+
+
+class SkipCerts(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, MAX)
+
+id_ce_policyConstraints = univ.ObjectIdentifier('2.5.29.36')
+
+class PolicyConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('requireExplicitPolicy', SkipCerts().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('inhibitPolicyMapping', SkipCerts().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+id_ce_basicConstraints = univ.ObjectIdentifier('2.5.29.19')
+
+class BasicConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('cA', univ.Boolean(False)),
+        namedtype.OptionalNamedType('pathLenConstraint', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX)))
+    )
+
+id_ce_subjectDirectoryAttributes = univ.ObjectIdentifier('2.5.29.9')
+
+class SubjectDirectoryAttributes(univ.SequenceOf):
+    componentType = Attribute()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class EDIPartyName(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('nameAssigner', DirectoryString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('partyName', DirectoryString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+class AnotherName(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type-id', univ.ObjectIdentifier()),
+        namedtype.NamedType('value', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+class GeneralName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('otherName', AnotherName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('rfc822Name', char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('dNSName', char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.NamedType('x400Address', ORAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.NamedType('directoryName', Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+        namedtype.NamedType('ediPartyName', EDIPartyName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+        namedtype.NamedType('uniformResourceIdentifier', char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+        namedtype.NamedType('iPAddress', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))
+    )
+
+class GeneralNames(univ.SequenceOf):
+    componentType = GeneralName()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class AccessDescription(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('accessMethod', univ.ObjectIdentifier()),
+        namedtype.NamedType('accessLocation', GeneralName())
+    )
+
+class AuthorityInfoAccessSyntax(univ.SequenceOf):
+    componentType = AccessDescription()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+id_ce_deltaCRLIndicator = univ.ObjectIdentifier('2.5.29.27')
+
+class DistributionPointName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('fullName', GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('nameRelativeToCRLIssuer', RelativeDistinguishedName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+class DistributionPoint(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('reasons', ReasonFlags().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('cRLIssuer', GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+    )
+class BaseDistance(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(0, MAX)
+
+id_ce_cRLDistributionPoints = univ.ObjectIdentifier('2.5.29.31')
+
+class CRLDistPointsSyntax(univ.SequenceOf):
+    componentType = DistributionPoint
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+id_ce_issuingDistributionPoint = univ.ObjectIdentifier('2.5.29.28')
+
+class IssuingDistributionPoint(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('onlyContainsUserCerts', univ.Boolean(False).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('onlyContainsCACerts', univ.Boolean(False).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('onlySomeReasons', ReasonFlags().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.NamedType('indirectCRL', univ.Boolean(False).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+    )
+
+class GeneralSubtree(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('base', GeneralName()),
+        namedtype.NamedType('minimum', BaseDistance(0).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('maximum', BaseDistance().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+class GeneralSubtrees(univ.SequenceOf):
+    componentType = GeneralSubtree()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+id_ce_nameConstraints = univ.ObjectIdentifier('2.5.29.30')
+
+class NameConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('permittedSubtrees', GeneralSubtrees().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('excludedSubtrees', GeneralSubtrees().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+
+class DisplayText(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('visibleString', char.VisibleString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200)))
+    )
+
+class NoticeReference(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('organization', DisplayText()),
+        namedtype.NamedType('noticeNumbers', univ.SequenceOf(componentType=univ.Integer()))
+    )
+
+class UserNotice(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('noticeRef', NoticeReference()),
+        namedtype.OptionalNamedType('explicitText', DisplayText())
+    )
+
+class CPSuri(char.IA5String): pass
+
+class PolicyQualifierId(univ.ObjectIdentifier):
+    subtypeSpec = univ.ObjectIdentifier.subtypeSpec + constraint.SingleValueConstraint(id_qt_cps, id_qt_unotice)
+
+class CertPolicyId(univ.ObjectIdentifier): pass
+
+class PolicyQualifierInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('policyQualifierId', PolicyQualifierId()),
+        namedtype.NamedType('qualifier', univ.Any())
+    )
+
+id_ce_certificatePolicies = univ.ObjectIdentifier('2.5.29.32')
+
+class PolicyInformation(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('policyIdentifier', CertPolicyId()),
+        namedtype.OptionalNamedType('policyQualifiers', univ.SequenceOf(componentType=PolicyQualifierInfo()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+class CertificatePolicies(univ.SequenceOf):
+    componentType = PolicyInformation()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+id_ce_policyMappings = univ.ObjectIdentifier('2.5.29.33')
+
+class PolicyMapping(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuerDomainPolicy', CertPolicyId()),
+        namedtype.NamedType('subjectDomainPolicy', CertPolicyId())
+    )
+
+class PolicyMappings(univ.SequenceOf):
+    componentType = PolicyMapping()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+id_ce_privateKeyUsagePeriod = univ.ObjectIdentifier('2.5.29.16')
+
+class PrivateKeyUsagePeriod(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('notBefore', useful.GeneralizedTime().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+id_ce_keyUsage = univ.ObjectIdentifier('2.5.29.15')
+
+class KeyUsage(univ.BitString):
+    namedValues = namedval.NamedValues(
+        ('digitalSignature', 0),
+        ('nonRepudiation', 1),
+        ('keyEncipherment', 2),
+        ('dataEncipherment', 3),
+        ('keyAgreement', 4),
+        ('keyCertSign', 5),
+        ('cRLSign', 6),
+        ('encipherOnly', 7),
+        ('decipherOnly', 8)
+    )
+
+id_ce = univ.ObjectIdentifier('2.5.29')
+
+id_ce_authorityKeyIdentifier = univ.ObjectIdentifier('2.5.29.35')
+
+class KeyIdentifier(univ.OctetString): pass
+
+id_ce_subjectKeyIdentifier = univ.ObjectIdentifier('2.5.29.14')
+
+class SubjectKeyIdentifier(KeyIdentifier): pass
+
+class AuthorityKeyIdentifier(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('keyIdentifier', KeyIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('authorityCertIssuer', GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('authorityCertSerialNumber', CertificateSerialNumber().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+id_ce_certificateIssuer = univ.ObjectIdentifier('2.5.29.29')
+
+class CertificateIssuer(GeneralNames): pass
+
+id_ce_subjectAltName = univ.ObjectIdentifier('2.5.29.17')
+
+class SubjectAltName(GeneralNames): pass
+
+id_ce_issuerAltName = univ.ObjectIdentifier('2.5.29.18')
+
+class IssuerAltName(GeneralNames): pass
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc2511.py b/python/pyasn1-modules/pyasn1_modules/rfc2511.py
new file mode 100644
index 000000000..132be134b
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2511.py
@@ -0,0 +1,176 @@
+#
+# X.509 certificate Request Message Format (CRMF) syntax
+#
+# ASN.1 source from:
+# http://tools.ietf.org/html/rfc2511
+#
+# Sample captures could be obtained with OpenSSL
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint, char,useful
+from pyasn1_modules.rfc2459 import *
+from pyasn1_modules import rfc2315
+
+MAX=16
+
+id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7')
+id_pkip = univ.ObjectIdentifier('1.3.6.1.5.5.7.5')
+id_regCtrl = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1')
+id_regCtrl_regToken = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.1')
+id_regCtrl_authenticator = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.2')
+id_regCtrl_pkiPublicationInfo = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.3')
+id_regCtrl_pkiArchiveOptions = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.4')
+id_regCtrl_oldCertID = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.5')
+id_regCtrl_protocolEncrKey = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.6')
+id_regInfo = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2')
+id_regInfo_utf8Pairs = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.1')
+id_regInfo_certReq = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.2')
+
+# This should be in PKIX Certificate Extensions module
+
+class GeneralName(univ.OctetString): pass
+
+# end of PKIX Certificate Extensions module
+
+class UTF8Pairs(char.UTF8String): pass
+
+class ProtocolEncrKey(SubjectPublicKeyInfo): pass
+
+class CertId(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuer', GeneralName()),
+        namedtype.NamedType('serialNumber', univ.Integer())
+    )
+
+class OldCertId(CertId): pass
+
+class KeyGenParameters(univ.OctetString): pass
+
+class EncryptedValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('intendedAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('symmAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('keyAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('encValue', univ.BitString())
+    )
+
+class EncryptedKey(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptedValue', EncryptedValue()),
+        namedtype.NamedType('envelopedData', rfc2315.EnvelopedData().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+class PKIArchiveOptions(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptedPrivKey', EncryptedKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('keyGenParameters', KeyGenParameters().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('archiveRemGenPrivKey', univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+class SinglePubInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('pubMethod', univ.Integer(namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))),
+        namedtype.OptionalNamedType('pubLocation', GeneralName())
+    )
+
+class PKIPublicationInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('action', univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))),
+        namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+class Authenticator(char.UTF8String): pass
+class RegToken(char.UTF8String): pass
+
+class SubsequentMessage(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('encrCert', 0),
+        ('challengeResp', 1)
+    )
+
+class POPOPrivKey(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('thisMessage', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('subsequentMessage', SubsequentMessage().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('dhMAC', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+class PBMParameter(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('salt', univ.OctetString()),
+        namedtype.NamedType('owf', AlgorithmIdentifier()),
+        namedtype.NamedType('iterationCount', univ.Integer()),
+        namedtype.NamedType('mac', AlgorithmIdentifier())
+    )
+
+class PKMACValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('algId', AlgorithmIdentifier()),
+        namedtype.NamedType('value', univ.BitString())
+    )
+
+class POPOSigningKeyInput(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('authInfo', univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('sender', GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('publicKeyMAC', PKMACValue())))),
+        namedtype.NamedType('publicKey', SubjectPublicKeyInfo())
+    )
+
+class POPOSigningKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('algorithmIdentifier', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString())
+    )
+
+class ProofOfPossession(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('raVerified', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('signature', POPOSigningKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('keyEncipherment', POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('keyAgreement', POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+    )
+
+class Controls(univ.SequenceOf):
+    componentType = AttributeTypeAndValue()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class OptionalValidity(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('notBefore', Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('notAfter', Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+	)
+
+class CertTemplate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('version', Version().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('signingAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('issuer', Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('validity', OptionalValidity().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.OptionalNamedType('subject', Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.OptionalNamedType('publicKey', SubjectPublicKeyInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.OptionalNamedType('issuerUID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.OptionalNamedType('subjectUID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
+        namedtype.OptionalNamedType('extensions', Extensions().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+	)
+  
+class CertRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certReqId', univ.Integer()),
+        namedtype.NamedType('certTemplate', CertTemplate()),
+        namedtype.OptionalNamedType('controls', Controls())
+	)
+
+class CertReq(CertRequest): pass
+
+class CertReqMsg(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certReq', CertRequest()),
+        namedtype.OptionalNamedType('pop', ProofOfPossession()),
+        namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+	)
+        
+class CertReqMessages(univ.SequenceOf):
+    componentType = CertReqMsg()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc2560.py b/python/pyasn1-modules/pyasn1_modules/rfc2560.py
new file mode 100644
index 000000000..0be1091b1
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc2560.py
@@ -0,0 +1,171 @@
+#
+# OCSP request/response syntax
+#
+# Derived from a minimal OCSP library (RFC2560) code written by
+# Bud P. Bruegger <bud@ancitel.it>
+# Copyright: Ancitel, S.p.a,  Rome, Italy
+# License: BSD
+#
+
+#
+# current limitations:
+# * request and response works only for a single certificate
+# * only some values are parsed out of the response
+# * the request does't set a nonce nor signature
+# * there is no signature validation of the response
+# * dates are left as strings in GeneralizedTime format -- datetime.datetime
+# would be nicer
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint, useful
+from pyasn1_modules import rfc2459
+
+# Start of OCSP module definitions
+
+# This should be in directory Authentication Framework (X.509) module
+
+class CRLReason(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('unspecified', 0),
+        ('keyCompromise', 1),
+        ('cACompromise', 2),
+        ('affiliationChanged', 3),
+        ('superseded', 4),
+        ('cessationOfOperation', 5),
+        ('certificateHold', 6),
+        ('removeFromCRL', 8),
+        ('privilegeWithdrawn', 9),
+        ('aACompromise', 10)
+        )
+
+# end of directory Authentication Framework (X.509) module
+
+# This should be in PKIX Certificate Extensions module
+
+class GeneralName(univ.OctetString): pass
+
+# end of PKIX Certificate Extensions module
+
+id_kp_OCSPSigning = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 3, 9))
+id_pkix_ocsp = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1))
+id_pkix_ocsp_basic = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 1))
+id_pkix_ocsp_nonce = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 2))
+id_pkix_ocsp_crl = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 3))
+id_pkix_ocsp_response = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 4))
+id_pkix_ocsp_nocheck = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 5))
+id_pkix_ocsp_archive_cutoff = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 6))
+id_pkix_ocsp_service_locator = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 7))
+
+class AcceptableResponses(univ.SequenceOf):
+    componentType = univ.ObjectIdentifier()
+
+class ArchiveCutoff(useful.GeneralizedTime): pass
+
+class UnknownInfo(univ.Null): pass
+
+class RevokedInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('revocationTime', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('revocationReason', CRLReason().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
+
+class CertID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('hashAlgorithm', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('issuerNameHash', univ.OctetString()),
+        namedtype.NamedType('issuerKeyHash', univ.OctetString()),
+        namedtype.NamedType('serialNumber', rfc2459.CertificateSerialNumber())
+        )
+
+class CertStatus(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('good', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('revoked', RevokedInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('unknown', UnknownInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        )
+
+class SingleResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certID', CertID()),
+        namedtype.NamedType('certStatus', CertStatus()),
+        namedtype.NamedType('thisUpdate', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('singleExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+        )
+
+class KeyHash(univ.OctetString): pass
+
+class ResponderID(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('byName', rfc2459.Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('byKey', KeyHash().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        )
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(('v1', 0))
+
+class ResponseData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('responderID', ResponderID()),
+        namedtype.NamedType('producedAt', useful.GeneralizedTime()),
+        namedtype.NamedType('responses', univ.SequenceOf(SingleResponse())),
+        namedtype.OptionalNamedType('responseExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+        )
+
+class BasicOCSPResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsResponseData', ResponseData()),
+        namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString()),
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(rfc2459.Certificate()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
+
+class ResponseBytes(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('responseType', univ.ObjectIdentifier()),
+        namedtype.NamedType('response', univ.OctetString())
+        )
+
+class OCSPResponseStatus(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('successful', 0),
+        ('malformedRequest', 1),
+        ('internalError', 2),
+        ('tryLater', 3),
+        ('undefinedStatus', 4),  # should never occur
+        ('sigRequired', 5),
+        ('unauthorized', 6)
+        )
+
+class OCSPResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('responseStatus',  OCSPResponseStatus()),
+        namedtype.OptionalNamedType('responseBytes', ResponseBytes().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
+
+class Request(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('reqCert', CertID()),
+        namedtype.OptionalNamedType('singleRequestExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
+
+class Signature(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString()),
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(rfc2459.Certificate()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
+
+class TBSRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('requestorName', GeneralName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('requestList', univ.SequenceOf(Request())),
+        namedtype.OptionalNamedType('requestExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        )
+
+class OCSPRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsRequest',  TBSRequest()),
+        namedtype.OptionalNamedType('optionalSignature', Signature().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        )
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc3412.py b/python/pyasn1-modules/pyasn1_modules/rfc3412.py
new file mode 100644
index 000000000..e80ce3155
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc3412.py
@@ -0,0 +1,38 @@
+#
+# SNMPv3 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc3412.txt
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+from pyasn1_modules import rfc1905
+
+class ScopedPDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('contextEngineId', univ.OctetString()),
+        namedtype.NamedType('contextName', univ.OctetString()),
+        namedtype.NamedType('data', rfc1905.PDUs())
+        )
+    
+class ScopedPduData(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('plaintext', ScopedPDU()),
+        namedtype.NamedType('encryptedPDU', univ.OctetString()),
+        )
+    
+class HeaderData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('msgID', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgMaxSize', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(484, 2147483647))),
+        namedtype.NamedType('msgFlags', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 1))),
+        namedtype.NamedType('msgSecurityModel', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 2147483647)))
+        )
+
+class SNMPv3Message(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+         namedtype.NamedType('msgVersion', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+         namedtype.NamedType('msgGlobalData', HeaderData()),
+         namedtype.NamedType('msgSecurityParameters', univ.OctetString()),
+         namedtype.NamedType('msgData', ScopedPduData())
+         )
+
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc3414.py b/python/pyasn1-modules/pyasn1_modules/rfc3414.py
new file mode 100644
index 000000000..580c88e97
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc3414.py
@@ -0,0 +1,17 @@
+#
+# SNMPv3 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc3414.txt
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint
+
+class UsmSecurityParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('msgAuthoritativeEngineID', univ.OctetString()),
+        namedtype.NamedType('msgAuthoritativeEngineBoots', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgAuthoritativeEngineTime', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgUserName', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 32))),
+        namedtype.NamedType('msgAuthenticationParameters', univ.OctetString()),
+        namedtype.NamedType('msgPrivacyParameters', univ.OctetString())
+        )
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc3447.py b/python/pyasn1-modules/pyasn1_modules/rfc3447.py
new file mode 100644
index 000000000..96dea7fcb
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc3447.py
@@ -0,0 +1,35 @@
+#
+# PKCS#1 syntax
+#
+# ASN.1 source from:
+# ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
+#
+# Sample captures could be obtained with "openssl genrsa" command
+#
+from pyasn1_modules.rfc2437 import *
+
+class OtherPrimeInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('prime', univ.Integer()),
+        namedtype.NamedType('exponent', univ.Integer()),
+        namedtype.NamedType('coefficient', univ.Integer())
+        )
+
+class OtherPrimeInfos(univ.SequenceOf):
+    componentType = OtherPrimeInfo()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + \
+                  constraint.ValueSizeConstraint(1, MAX)
+
+class RSAPrivateKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('two-prime', 0), ('multi', 1)))),
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer()),
+        namedtype.NamedType('privateExponent', univ.Integer()),
+        namedtype.NamedType('prime1', univ.Integer()),
+        namedtype.NamedType('prime2', univ.Integer()),
+        namedtype.NamedType('exponent1', univ.Integer()),
+        namedtype.NamedType('exponent2', univ.Integer()),
+        namedtype.NamedType('coefficient', univ.Integer()),
+        namedtype.OptionalNamedType('otherPrimeInfos', OtherPrimeInfos())
+    )
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc4210.py b/python/pyasn1-modules/pyasn1_modules/rfc4210.py
new file mode 100644
index 000000000..545e9f42f
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc4210.py
@@ -0,0 +1,695 @@
+#
+# Certificate Management Protocol structures as per RFC4210
+#
+# Based on Alex Railean's work
+#
+from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful
+from pyasn1_modules import rfc2459, rfc2511, rfc2314
+
+MAX = 64
+
+class KeyIdentifier(univ.OctetString): pass
+
+class CMPCertificate(rfc2459.Certificate): pass
+
+class OOBCert(CMPCertificate): pass
+
+class CertAnnContent(CMPCertificate): pass
+
+class PKIFreeText(univ.SequenceOf):
+    """
+    PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
+    """
+    componentType = char.UTF8String()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+class PollRepContent(univ.SequenceOf):
+    """
+         PollRepContent ::= SEQUENCE OF SEQUENCE {
+         certReqId              INTEGER,
+         checkAfter             INTEGER,  -- time in seconds
+         reason                 PKIFreeText OPTIONAL
+     }
+    """
+    class CertReq(univ.Sequence):
+        componentType = namedtype.NamedTypes(
+            namedtype.NamedType('certReqId', univ.Integer()),
+            namedtype.NamedType('checkAfter', univ.Integer()),
+            namedtype.OptionalNamedType('reason', PKIFreeText())
+        )
+    componentType = CertReq()
+
+class PollReqContent(univ.SequenceOf):
+    """
+         PollReqContent ::= SEQUENCE OF SEQUENCE {
+         certReqId              INTEGER
+     }
+
+    """
+    class CertReq(univ.Sequence):
+        componentType = namedtype.NamedTypes(
+            namedtype.NamedType('certReqId', univ.Integer())
+        )
+    componentType = CertReq()
+
+class InfoTypeAndValue(univ.Sequence):
+    """
+    InfoTypeAndValue ::= SEQUENCE {
+     infoType               OBJECT IDENTIFIER,
+     infoValue              ANY DEFINED BY infoType  OPTIONAL
+    }"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('infoType', univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('infoValue', univ.Any())
+    )
+
+class GenRepContent(univ.SequenceOf):
+    componentType = InfoTypeAndValue()
+
+class GenMsgContent(univ.SequenceOf):
+    componentType = InfoTypeAndValue()
+
+class PKIConfirmContent(univ.Null): pass
+
+class CRLAnnContent(univ.SequenceOf):
+    componentType = rfc2459.CertificateList()
+
+class CAKeyUpdAnnContent(univ.Sequence):
+    """
+    CAKeyUpdAnnContent ::= SEQUENCE {
+         oldWithNew   CMPCertificate,
+         newWithOld   CMPCertificate,
+         newWithNew   CMPCertificate
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('oldWithNew', CMPCertificate()),
+        namedtype.NamedType('newWithOld', CMPCertificate()),
+        namedtype.NamedType('newWithNew', CMPCertificate())
+    )
+
+class RevDetails(univ.Sequence):
+    """
+    RevDetails ::= SEQUENCE {
+         certDetails         CertTemplate,
+         crlEntryDetails     Extensions       OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certDetails', rfc2511.CertTemplate()),
+        namedtype.OptionalNamedType('crlEntryDetails', rfc2459.Extensions())
+    )
+ 
+class RevReqContent(univ.SequenceOf):
+    componentType = RevDetails()
+
+class CertOrEncCert(univ.Choice):
+    """
+     CertOrEncCert ::= CHOICE {
+         certificate     [0] CMPCertificate,
+         encryptedCert   [1] EncryptedValue
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certificate', CMPCertificate().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            )
+        ),
+        namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+            )
+        )
+    )
+
+class CertifiedKeyPair(univ.Sequence):
+    """
+    CertifiedKeyPair ::= SEQUENCE {
+         certOrEncCert       CertOrEncCert,
+         privateKey      [0] EncryptedValue      OPTIONAL,
+         publicationInfo [1] PKIPublicationInfo  OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certOrEncCert', CertOrEncCert()),
+        namedtype.OptionalNamedType('privateKey', rfc2511.EncryptedValue().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            )
+        ),
+        namedtype.OptionalNamedType('publicationInfo', rfc2511.PKIPublicationInfo().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+            )
+        )
+    )
+ 
+
+class POPODecKeyRespContent(univ.SequenceOf):
+    componentType = univ.Integer()
+
+class Challenge(univ.Sequence):
+    """
+    Challenge ::= SEQUENCE {
+         owf                 AlgorithmIdentifier  OPTIONAL,
+         witness             OCTET STRING,
+         challenge           OCTET STRING
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('owf', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('witness', univ.OctetString()),
+        namedtype.NamedType('challenge', univ.OctetString())
+    )
+
+class PKIStatus(univ.Integer):
+    """
+    PKIStatus ::= INTEGER {
+         accepted                (0),
+         grantedWithMods        (1),
+         rejection              (2),
+         waiting                (3),
+         revocationWarning      (4),
+         revocationNotification (5),
+         keyUpdateWarning       (6)
+     }
+    """
+    namedValues = namedval.NamedValues(
+        ('accepted', 0),
+        ('grantedWithMods', 1),
+        ('rejection', 2),
+        ('waiting', 3),
+        ('revocationWarning', 4),
+        ('revocationNotification', 5),
+        ('keyUpdateWarning', 6)
+    )
+ 
+class PKIFailureInfo(univ.BitString):
+    """
+    PKIFailureInfo ::= BIT STRING {
+         badAlg              (0),
+         badMessageCheck     (1),
+         badRequest          (2),
+         badTime             (3),
+         badCertId           (4),
+         badDataFormat       (5),
+         wrongAuthority      (6),
+         incorrectData       (7),
+         missingTimeStamp    (8),
+         badPOP              (9),
+         certRevoked         (10),
+         certConfirmed       (11),
+         wrongIntegrity      (12),
+         badRecipientNonce   (13),
+         timeNotAvailable    (14),
+         unacceptedPolicy    (15),
+         unacceptedExtension (16),
+         addInfoNotAvailable (17),
+         badSenderNonce      (18),
+         badCertTemplate     (19),
+         signerNotTrusted    (20),
+         transactionIdInUse  (21),
+         unsupportedVersion  (22),
+         notAuthorized       (23),
+         systemUnavail       (24),
+         systemFailure       (25),
+         duplicateCertReq    (26)
+    """
+    namedValues = namedval.NamedValues(
+        ('badAlg', 0),
+        ('badMessageCheck', 1),
+        ('badRequest', 2),
+        ('badTime', 3),
+        ('badCertId', 4),
+        ('badDataFormat', 5),
+        ('wrongAuthority', 6),
+        ('incorrectData', 7),
+        ('missingTimeStamp', 8),
+        ('badPOP', 9),
+        ('certRevoked', 10),
+        ('certConfirmed', 11),
+        ('wrongIntegrity', 12),
+        ('badRecipientNonce', 13),
+        ('timeNotAvailable', 14),
+        ('unacceptedPolicy', 15),
+        ('unacceptedExtension', 16),
+        ('addInfoNotAvailable', 17),
+        ('badSenderNonce', 18),
+        ('badCertTemplate', 19),
+        ('signerNotTrusted', 20),
+        ('transactionIdInUse', 21),
+        ('unsupportedVersion', 22),
+        ('notAuthorized', 23),
+        ('systemUnavail', 24),
+        ('systemFailure', 25),
+        ('duplicateCertReq', 26)
+    )
+
+class PKIStatusInfo(univ.Sequence):
+    """
+    PKIStatusInfo ::= SEQUENCE {
+         status        PKIStatus,
+         statusString  PKIFreeText     OPTIONAL,
+         failInfo      PKIFailureInfo  OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('status', PKIStatus()),
+        namedtype.OptionalNamedType('statusString', PKIFreeText()),
+        namedtype.OptionalNamedType('failInfo', PKIFailureInfo())
+        )
+
+class ErrorMsgContent(univ.Sequence):
+    """
+    ErrorMsgContent ::= SEQUENCE {
+         pKIStatusInfo          PKIStatusInfo,
+         errorCode              INTEGER           OPTIONAL,
+         -- implementation-specific error codes
+         errorDetails           PKIFreeText       OPTIONAL
+         -- implementation-specific error details
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('pKIStatusInfo', PKIStatusInfo()),
+        namedtype.OptionalNamedType('errorCode', univ.Integer()),
+        namedtype.OptionalNamedType('errorDetails', PKIFreeText())
+    )
+
+class CertStatus(univ.Sequence):
+    """
+    CertStatus ::= SEQUENCE {
+        certHash    OCTET STRING,
+        certReqId   INTEGER,
+        statusInfo  PKIStatusInfo OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certHash', univ.OctetString()),
+        namedtype.NamedType('certReqId', univ.Integer()),
+        namedtype.OptionalNamedType('statusInfo', PKIStatusInfo())
+    )
+
+class CertConfirmContent(univ.SequenceOf):
+    componentType = CertStatus()
+
+class RevAnnContent(univ.Sequence):
+    """
+    RevAnnContent ::= SEQUENCE {
+         status              PKIStatus,
+         certId              CertId,
+         willBeRevokedAt     GeneralizedTime,
+         badSinceDate        GeneralizedTime,
+         crlDetails          Extensions  OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('status', PKIStatus()),
+        namedtype.NamedType('certId', rfc2511.CertId()),
+        namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()),
+        namedtype.NamedType('badSinceDate', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions())
+    )
+
+class RevRepContent(univ.Sequence):
+    """
+    RevRepContent ::= SEQUENCE {
+         status       SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
+         revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId
+                                             OPTIONAL,
+         crls     [1] SEQUENCE SIZE (1..MAX) OF CertificateList
+                                             OPTIONAL
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('status', PKIStatusInfo()),
+        namedtype.OptionalNamedType('revCerts', univ.SequenceOf(
+                componentType=rfc2511.CertId()
+            ).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            )
+        ),
+        namedtype.OptionalNamedType('crls', univ.SequenceOf(
+                componentType=rfc2459.CertificateList()
+            ).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+            )
+        )
+    )
+
+class KeyRecRepContent(univ.Sequence):
+    """
+    KeyRecRepContent ::= SEQUENCE {
+         status                  PKIStatusInfo,
+         newSigCert          [0] CMPCertificate OPTIONAL,
+         caCerts             [1] SEQUENCE SIZE (1..MAX) OF
+                                             CMPCertificate OPTIONAL,
+         keyPairHist         [2] SEQUENCE SIZE (1..MAX) OF
+                                             CertifiedKeyPair OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('status', PKIStatusInfo()),
+        namedtype.OptionalNamedType('newSigCert', CMPCertificate().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            )
+        ),
+        namedtype.OptionalNamedType('caCerts', univ.SequenceOf(
+                componentType=CMPCertificate()
+            ).subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1),
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+            )
+        ),
+        namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf(
+                componentType=CertifiedKeyPair()
+            ).subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2),
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+            )
+        )
+    )
+ 
+class CertResponse(univ.Sequence):
+    """
+    CertResponse ::= SEQUENCE {
+         certReqId           INTEGER,
+         status              PKIStatusInfo,
+         certifiedKeyPair    CertifiedKeyPair    OPTIONAL,
+         rspInfo             OCTET STRING        OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certReqId', univ.Integer()),
+        namedtype.NamedType('status', PKIStatusInfo()),
+        namedtype.OptionalNamedType('certifiedKeyPair', CertifiedKeyPair()),
+        namedtype.OptionalNamedType('rspInfo', univ.OctetString())
+    )
+
+class CertRepMessage(univ.Sequence):
+    """
+    CertRepMessage ::= SEQUENCE {
+         caPubs       [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+                          OPTIONAL,
+         response         SEQUENCE OF CertResponse
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('caPubs', univ.SequenceOf(
+                componentType=CMPCertificate()
+            ).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
+            )
+        ),
+        namedtype.NamedType('response', univ.SequenceOf(
+                componentType=CertResponse())
+            )
+    )
+
+class POPODecKeyChallContent(univ.SequenceOf):
+    componentType = Challenge()
+
+class OOBCertHash(univ.Sequence):
+    """
+    OOBCertHash ::= SEQUENCE {
+         hashAlg     [0] AlgorithmIdentifier     OPTIONAL,
+         certId      [1] CertId                  OPTIONAL,
+         hashVal         BIT STRING
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('hashAlg',
+                                    rfc2459.AlgorithmIdentifier().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0)
+            )
+        ),
+        namedtype.OptionalNamedType('certId', rfc2511.CertId().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
+            )
+        ),
+        namedtype.NamedType('hashVal', univ.BitString())
+    )
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+class NestedMessageContent(univ.SequenceOf):
+    """
+    NestedMessageContent ::= PKIMessages
+    """
+    componentType = univ.Any()
+
+class DHBMParameter(univ.Sequence):
+    """
+    DHBMParameter ::= SEQUENCE {
+         owf                 AlgorithmIdentifier,
+         -- AlgId for a One-Way Function (SHA-1 recommended)
+         mac                 AlgorithmIdentifier
+         -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
+     }   -- or HMAC [RFC2104, RFC2202])
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
+    )
+
+id_DHBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.30')
+
+class PBMParameter(univ.Sequence):
+    """
+    PBMParameter ::= SEQUENCE {
+         salt                OCTET STRING,
+         owf                 AlgorithmIdentifier,
+         iterationCount      INTEGER,
+         mac                 AlgorithmIdentifier
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('salt', univ.OctetString().subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(0, 128)
+            )
+        ),
+        namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('iterationCount', univ.Integer()),
+        namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
+    )
+
+id_PasswordBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.13')
+
+class PKIProtection(univ.BitString): pass
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+nestedMessageContent = NestedMessageContent().subtype(explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20))
+ 
+class PKIBody(univ.Choice):
+    """
+    PKIBody ::= CHOICE {       -- message-specific body elements
+         ir       [0]  CertReqMessages,        --Initialization Request
+         ip       [1]  CertRepMessage,         --Initialization Response
+         cr       [2]  CertReqMessages,        --Certification Request
+         cp       [3]  CertRepMessage,         --Certification Response
+         p10cr    [4]  CertificationRequest,   --imported from [PKCS10]
+         popdecc  [5]  POPODecKeyChallContent, --pop Challenge
+         popdecr  [6]  POPODecKeyRespContent,  --pop Response
+         kur      [7]  CertReqMessages,        --Key Update Request
+         kup      [8]  CertRepMessage,         --Key Update Response
+         krr      [9]  CertReqMessages,        --Key Recovery Request
+         krp      [10] KeyRecRepContent,       --Key Recovery Response
+         rr       [11] RevReqContent,          --Revocation Request
+         rp       [12] RevRepContent,          --Revocation Response
+         ccr      [13] CertReqMessages,        --Cross-Cert. Request
+         ccp      [14] CertRepMessage,         --Cross-Cert. Response
+         ckuann   [15] CAKeyUpdAnnContent,     --CA Key Update Ann.
+         cann     [16] CertAnnContent,         --Certificate Ann.
+         rann     [17] RevAnnContent,          --Revocation Ann.
+         crlann   [18] CRLAnnContent,          --CRL Announcement
+         pkiconf  [19] PKIConfirmContent,      --Confirmation
+         nested   [20] NestedMessageContent,   --Nested Message
+         genm     [21] GenMsgContent,          --General Message
+
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ir', rfc2511.CertReqMessages().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0)
+            )
+        ),
+        namedtype.NamedType('ip', CertRepMessage().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
+            )
+        ),
+        namedtype.NamedType('cr', rfc2511.CertReqMessages().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,2)
+            )
+        ),
+        namedtype.NamedType('cp', CertRepMessage().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,3)
+            )
+        ),
+        namedtype.NamedType('p10cr', rfc2314.CertificationRequest().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,4)
+            )
+        ),
+        namedtype.NamedType('popdecc', POPODecKeyChallContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,5)
+            )
+        ),
+        namedtype.NamedType('popdecr', POPODecKeyRespContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,6)
+            )
+        ),
+        namedtype.NamedType('kur', rfc2511.CertReqMessages().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,7)
+            )
+        ),
+        namedtype.NamedType('kup', CertRepMessage().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,8)
+            )
+        ),
+        namedtype.NamedType('krr', rfc2511.CertReqMessages().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,9)
+            )
+        ),
+        namedtype.NamedType('krp', KeyRecRepContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,10)
+            )
+        ),
+        namedtype.NamedType('rr', RevReqContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,11)
+            )
+        ),
+        namedtype.NamedType('rp', RevRepContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,12)
+            )
+        ),
+        namedtype.NamedType('ccr', rfc2511.CertReqMessages().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,13)
+            )
+        ),
+        namedtype.NamedType('ccp', CertRepMessage().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,14)
+            )
+        ),
+        namedtype.NamedType('ckuann', CAKeyUpdAnnContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,15)
+            )
+        ),
+        namedtype.NamedType('cann', CertAnnContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,16)
+            )
+        ),
+        namedtype.NamedType('rann', RevAnnContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,17)
+            )
+        ),
+        namedtype.NamedType('crlann', CRLAnnContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,18)
+            )
+        ),
+        namedtype.NamedType('pkiconf', PKIConfirmContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,19)
+            )
+        ),
+        namedtype.NamedType('nested', nestedMessageContent),
+#        namedtype.NamedType('nested', NestedMessageContent().subtype(
+#            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20)
+#            )
+#        ),
+        namedtype.NamedType('genm', GenMsgContent().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,21)
+            )
+        )
+    )
+
+
+class PKIHeader(univ.Sequence):
+    """
+    PKIHeader ::= SEQUENCE {
+    pvno                INTEGER     { cmp1999(1), cmp2000(2) },
+    sender              GeneralName,
+    recipient           GeneralName,
+    messageTime     [0] GeneralizedTime         OPTIONAL,
+    protectionAlg   [1] AlgorithmIdentifier     OPTIONAL,
+    senderKID       [2] KeyIdentifier           OPTIONAL,
+    recipKID        [3] KeyIdentifier           OPTIONAL,
+    transactionID   [4] OCTET STRING            OPTIONAL,
+    senderNonce     [5] OCTET STRING            OPTIONAL,
+    recipNonce      [6] OCTET STRING            OPTIONAL,
+    freeText        [7] PKIFreeText             OPTIONAL,
+    generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
+                     InfoTypeAndValue     OPTIONAL
+    }
+
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('pvno', univ.Integer(
+                namedValues=namedval.NamedValues(    
+                    ('cmp1999', 1), 
+                    ('cmp2000', 2)    
+                )
+            )
+        ),
+        namedtype.NamedType('sender', rfc2459.GeneralName()),
+        namedtype.NamedType('recipient', rfc2459.GeneralName()),
+        namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+        namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+        namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+        namedtype.OptionalNamedType('freeText', PKIFreeText().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))),
+        namedtype.OptionalNamedType('generalInfo',
+            univ.SequenceOf(
+                componentType=InfoTypeAndValue().subtype( 
+                    subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)
+                    )
+                )
+            )
+        )
+
+class ProtectedPart(univ.Sequence):
+    """
+     ProtectedPart ::= SEQUENCE {
+         header    PKIHeader,
+         body      PKIBody
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('header', PKIHeader()),
+        namedtype.NamedType('infoValue', PKIBody())
+        )
+
+class PKIMessage(univ.Sequence):
+    """
+    PKIMessage ::= SEQUENCE {
+    header           PKIHeader,
+    body             PKIBody,
+    protection   [0] PKIProtection OPTIONAL,
+    extraCerts   [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+                  OPTIONAL
+     }"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('header', PKIHeader()),
+        namedtype.NamedType('body', PKIBody()),
+        namedtype.OptionalNamedType('protection', PKIProtection().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType( 'extraCerts',
+            univ.SequenceOf(
+                componentType=CMPCertificate()
+            ).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+            )
+        )
+    )
+
+class PKIMessages(univ.SequenceOf):
+    """
+    PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
+    """
+    componentType = PKIMessage()
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+NestedMessageContent.componentType = PKIMessages()
+nestedMessageContent.componentType = PKIMessages()
diff --git a/python/pyasn1-modules/pyasn1_modules/rfc5208.py b/python/pyasn1-modules/pyasn1_modules/rfc5208.py
new file mode 100644
index 000000000..d1d2c1691
--- /dev/null
+++ b/python/pyasn1-modules/pyasn1_modules/rfc5208.py
@@ -0,0 +1,39 @@
+#
+# PKCS#8 syntax
+#
+# ASN.1 source from:
+# http://tools.ietf.org/html/rfc5208
+#
+# Sample captures could be obtained with "openssl pkcs8 -topk8" command
+#
+from pyasn1.type import tag, namedtype, namedval, univ, constraint
+from pyasn1_modules.rfc2459 import *
+from pyasn1_modules import rfc2251
+
+class KeyEncryptionAlgorithms(AlgorithmIdentifier): pass
+
+class PrivateKeyAlgorithms(AlgorithmIdentifier): pass
+
+class EncryptedData(univ.OctetString): pass
+
+class EncryptedPrivateKeyInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptionAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('encryptedData', EncryptedData())
+    )
+
+class PrivateKey(univ.OctetString): pass
+
+class Attributes(univ.SetOf):
+    componentType = rfc2251.Attribute()
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(('v1', 0), ('v2', 1)) 
+
+class PrivateKeyInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('privateKeyAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('privateKey', PrivateKey()),
+        namedtype.OptionalNamedType('attributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
diff --git a/python/pyasn1-modules/setup.cfg b/python/pyasn1-modules/setup.cfg
new file mode 100644
index 000000000..861a9f554
--- /dev/null
+++ b/python/pyasn1-modules/setup.cfg
@@ -0,0 +1,5 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+tag_svn_revision = 0
+
diff --git a/python/pyasn1-modules/setup.py b/python/pyasn1-modules/setup.py
new file mode 100644
index 000000000..b7530caa8
--- /dev/null
+++ b/python/pyasn1-modules/setup.py
@@ -0,0 +1,89 @@
+#!/usr/bin/env python
+"""A collection of ASN.1-based protocols modules.
+
+   A collection of ASN.1 modules expressed in form of pyasn1 classes.
+   Includes protocols PDUs definition (SNMP, LDAP etc.) and various
+   data structures (X.509, PKCS etc.).
+"""
+
+classifiers = """\
+Development Status :: 5 - Production/Stable
+Environment :: Console
+Intended Audience :: Developers
+Intended Audience :: Education
+Intended Audience :: Information Technology
+Intended Audience :: Science/Research
+Intended Audience :: System Administrators
+Intended Audience :: Telecommunications Industry
+License :: OSI Approved :: BSD License
+Natural Language :: English
+Operating System :: OS Independent
+Programming Language :: Python :: 2
+Programming Language :: Python :: 3
+Topic :: Communications
+Topic :: Security :: Cryptography
+Topic :: Software Development :: Libraries :: Python Modules
+"""
+
+def howto_install_distribute():
+    print("""
+   Error: You need the distribute Python package!
+
+   It's very easy to install it, just type (as root on Linux):
+
+   wget http://python-distribute.org/distribute_setup.py
+   python distribute_setup.py
+
+   Then you could make eggs from this package.
+""")
+
+def howto_install_setuptools():
+    print("""
+   Error: You need setuptools Python package!
+
+   It's very easy to install it, just type (as root on Linux):
+
+   wget http://peak.telecommunity.com/dist/ez_setup.py
+   python ez_setup.py
+
+   Then you could make eggs from this package.
+""")
+
+try:
+    from setuptools import setup
+    params = {
+        'install_requires': [ 'pyasn1>=0.1.4' ],
+        'zip_safe': True
+        }    
+except ImportError:
+    import sys
+    for arg in sys.argv:
+        if arg.find('egg') != -1:
+            if sys.version_info[0] > 2:
+                howto_install_distribute()
+            else:
+                howto_install_setuptools()
+            sys.exit(1)
+    from distutils.core import setup
+    params = {}
+    if sys.version_info[:2] > (2, 4):
+        params['requires'] = [ 'pyasn1(>=0.1.4)' ]
+
+doclines = [ x.strip() for x in __doc__.split('\n') if x ]
+
+params.update( {
+    'name': 'pyasn1-modules',
+    'version': open('pyasn1_modules/__init__.py').read().split('\'')[1],
+    'description': doclines[0],
+    'long_description': ' '.join(doclines[1:]),
+    'maintainer': 'Ilya Etingof <ilya@glas.net>',
+    'author': 'Ilya Etingof',
+    'author_email': 'ilya@glas.net',
+    'url': 'http://sourceforge.net/projects/pyasn1/',
+    'platforms': ['any'],
+    'classifiers': [ x for x in classifiers.split('\n') if x ],
+    'license': 'BSD',
+    'packages': [ 'pyasn1_modules' ]
+    } )
+
+setup(**params)
diff --git a/python/pyasn1-modules/test/cmp.sh b/python/pyasn1-modules/test/cmp.sh
new file mode 100644
index 000000000..f734f208c
--- /dev/null
+++ b/python/pyasn1-modules/test/cmp.sh
@@ -0,0 +1,93 @@
+#!/bin/sh
+
+cmpdump.py <<EOT
+MIITuTCCARECAQKkWTBXMQswCQYDVQQGEwJUUjEQMA4GA1UEChMHRS1HdXZlbjEUMBIGA1UECxML
+VHJ1c3RDZW50ZXIxIDAeBgNVBAMTF1JTQSBTZWN1cml0eSBDTVAgU2VydmVypC0wKzELMAkGA1UE
+BhMCVFIxHDAaBgNVBAMME1ZhbGltby1WZXR0b3ItMTdEZWOgERgPMjAxMjA1MDMxMTE2MTdaoQ8w
+DQYJKoZIhvcNAQEFBQCiIgQgZWVhMjg5MGU2ZGY5N2IyNzk5NWY2MWE0MzE2MzI1OWGkEgQQQ01Q
+VjJUMTIyMzM0NjI3MKUSBBCAAAABgAAAAYAAAAGAAAABphIEEDEzNjY0NDMwMjlSYW5kb22jghIZ
+MIISFaGCC84wggvKMIIFwDCCBKigAwIBAgIQfOVE05R616R6Nqgu3drXHzANBgkqhkiG9w0BAQUF
+ADBxMQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5T
+LjE4MDYGA1UEAxMvZS1HdXZlbiBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2FnbGF5aWNp
+c2kwHhcNMDgxMTI0MTAwMzI0WhcNMTYxMjE0MTExNzI0WjBdMQswCQYDVQQGEwJUUjEoMCYGA1UE
+CgwfRWxla3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5TLjEkMCIGA1UEAwwbZS1HdXZlbiBNb2Jp
+bCBUZXN0VVRGLTgtU09OMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqaymRo5chRK
+EKrhjWQky1HOm6b/Jy4tSUuo4vq3O9U3G2osOU/hHb6fyMmznLpc6CaZ3qKYiuDMFRW8g1kNjEjV
+sFSvH0Yd4qgwP1+qqzhBSe+nCAnEbRUrz+nXJ4fKhmGaQ+ZSic+MeyoqDsf/zENKqdV7ea9l3Ilu
+Rj93bmTxas9aWPWQ/U/fpwkwRXaqaONlM5e4GWdgA7T1aq106NvH1z6LDNXcMYw4lSZkj/UjmM/0
+NhVz+57Ib4a0bogTaBmm8a1E5NtzkcA7pgnZT8576T0UoiOpEo+NAELA1B0mRh1/82HK1/0xn1zt
+1ym4XZRtn2r2l/wTeEwU79ALVQIDAQABo4ICZjCCAmIwfAYIKwYBBQUHAQEEcDBuMDIGCCsGAQUF
+BzABhiZodHRwOi8vdGVzdG9jc3AyLmUtZ3V2ZW4uY29tL29jc3AueHVkYTA4BggrBgEFBQcwAoYs
+aHR0cDovL3d3dy5lLWd1dmVuLmNvbS9kb2N1bWVudHMvVGVzdEtvay5jcnQwDgYDVR0PAQH/BAQD
+AgEGMA8GA1UdEwEB/wQFMAMBAf8wggElBgNVHSAEggEcMIIBGDCCARQGCWCGGAMAAQECATCCAQUw
+NgYIKwYBBQUHAgEWKmh0dHA6Ly93d3cuZS1ndXZlbi5jb20vZG9jdW1lbnRzL05FU1VFLnBkZjCB
+ygYIKwYBBQUHAgIwgb0egboAQgB1ACAAcwBlAHIAdABpAGYAaQBrAGEAIABpAGwAZQAgAGkAbABn
+AGkAbABpACAAcwBlAHIAdABpAGYAaQBrAGEAIAB1AHkAZwB1AGwAYQBtAGEAIABlAHMAYQBzAGwA
+YQByATEAbgExACAAbwBrAHUAbQBhAGsAIABpAOcAaQBuACAAYgBlAGwAaQByAHQAaQBsAGUAbgAg
+AGQAbwBrAPwAbQBhAG4BMQAgAGEA5wExAG4BMQB6AC4wWAYDVR0fBFEwTzBNoEugSYZHaHR0cDov
+L3Rlc3RzaWwuZS1ndXZlbi5jb20vRWxla3Ryb25pa0JpbGdpR3V2ZW5saWdpQVNSb290L0xhdGVz
+dENSTC5jcmwwHQYDVR0OBBYEFLMoTImEKeXbqNjbYZkKshQi2vwzMB8GA1UdIwQYMBaAFGCI4dY9
+qCIkag0hwBgz5haCSNl0MA0GCSqGSIb3DQEBBQUAA4IBAQAWOsmvpoFB9sX2aq1/LjPDJ+A5Fpxm
+0XkOGM9yD/FsLfWgyv2HqBY1cVM7mjJfJ1ezkS0ODdlU6TyN5ouvAi21V9CIk69I3eUYSDjPpGia
+qcCCvJoMF0QD7B70kj2zW7IJ7pF11cbvPLaatdzojsH9fVfKtxtn/ZLrXtKsyUW5vKHOeniU6BBB
+Gl/ZZkFNXNN4mrB+B+wDV9OmdMw+Mc8KPq463hJQRat5a9lrXMdNtMAJOkvsUUzOemAsITjXWlyg
+BULijBhi8ZmMp0W7p6oKENX3vH2HCPCGQU29WIrK4iUoscjz93fB6oa4FQpxY0k3JRnWvD5FqkRD
+FKJdq/q9MIIDzzCCAregAwIBAgIQa34pJYdDFNXx90OkMkKzIjANBgkqhkiG9w0BAQUFADBxMQsw
+CQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5TLjE4MDYG
+A1UEAxMvZS1HdXZlbiBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2FnbGF5aWNpc2kwHhcN
+MDYxMjE1MTUxMzU0WhcNMTYxMjE1MTExMzU0WjBxMQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxl
+a3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5TLjE4MDYGA1UEAxMvZS1HdXZlbiBFbGVrdHJvbmlr
+IFNlcnRpZmlrYSBIaXptZXQgU2FnbGF5aWNpc2kwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCU/PTxSkcWPJMx4UO8L8ep9/JqRgAZ79EqYWgR4K2bNLgENpc5j0hO+QydgovFODzkEIBP
+RIBavMz9Cw2PONpSBmxd4K1A/5hGqoGEz8UCA2tIx4+Z2A9AQ2O3BYi9FWM+0D1brJDO+6yvX4m5
+Rf3mLlso52NIVV705fIkmOExHjdAj/xB0/LICZMfwKn8F19Jae/SQv9cFnptbNRCq8hU5zLRngpR
+eT1PYrZVV0XLbzbDPwgzLXCzDxG1atdGd5JRTnD58qM1foC3+hGafuyissMQVGnBQFlsx7V6OdlD
+bsxUXegCl2li0RpRJXLqyqMdtEplaznKp8NnbddylfrPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB
+hjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFGCI4dY9qCIkag0hwBgz5haCSNl0MB0GA1Ud
+DgQWBBRgiOHWPagiJGoNIcAYM+YWgkjZdDANBgkqhkiG9w0BAQUFAAOCAQEAKftTVjgltZJxXwDs
+MumguOSlljOQjotVVpES1QYwo3a5RQVpKuS4KYDEdWLD4ITtDNOA/iGKYWCNyKsE1BCL66irknZw
+iR6p6P+q2Wf7fGYSwUBcSBwWBTA+0EgpvPL3/vRuVVCVgC8XHBr72jKKTg9Nwcj+1FwXGZTDpjX8
+dzPhTXEWceQcDn2FRdNt6BQad9Hdq08lMHiyozsWniYZYuWpud91i8Pl698H9t0KqiJg6rPKc9kd
+z9QyC8E/cLIJgYhvfzXMxvmSjeSSFSqTHioqfpU3k8AWXuxqJUxbdQ8QrVaTXRByzEr1Ze0TYpDs
+oel1PjC9ouO8bC7cGrbCWzCCAi8wggGYAhBlEjJUo9asY2ISG4oHjcpzMA0GCSqGSIb3DQEBBQUA
+MFoxCzAJBgNVBAYTAlRSMRAwDgYDVQQKEwdFLUd1dmVuMRQwEgYDVQQLEwtUcnVzdENlbnRlcjEj
+MCEGA1UEAxMaRS1HdXZlblRFU1RDQUhTTSBTeXN0ZW0gQ0EwHhcNMDkxMTMwMjIxMzEzWhcNMTYx
+MTMwMTkxMTUxWjBXMQswCQYDVQQGEwJUUjEQMA4GA1UEChMHRS1HdXZlbjEUMBIGA1UECxMLVHJ1
+c3RDZW50ZXIxIDAeBgNVBAMTF1JTQSBTZWN1cml0eSBDTVAgU2VydmVyMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDCaZeJerGULW+1UPSu9T0voPNgzPcihXX6G5Q45nS4RNCe+pOc226EtD51
+wu6Eq2oARpZmCrKPn63EFmHEE04dRDr8MS2LHuZK8xslIx/AvPnV568795EPoAyhGIX9Na9ZHhnI
+zSPWmWfBd9bsQiLVF7C9dOvfW125mtywWXELewIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAAiIse/x
+aWwRWUM0CIzfnoXfrgyLdKVykK7dTPgoMJgAx229uN6VTPyk+E+lTKq9PhK+e/VJNNg9PjSFjKFd
+lfSDOi9ne1xOrb7cNTjw+sGf1mfNWyzizLXa7su7ISFN+GaClmAstH9vXsRxg1oh3pFMJv47I6iw
+gUQlwwg8WsY/MIIGPzCCBjsCAQAwAwIBADCCBi+gggYrMIIGJzCCBQ+gAwIBAgIRALGVtVAeoM1x
+gjgOX3alZ5MwDQYJKoZIhvcNAQEFBQAwXTELMAkGA1UEBhMCVFIxKDAmBgNVBAoMH0VsZWt0cm9u
+aWsgQmlsZ2kgR3V2ZW5saWdpIEEuUy4xJDAiBgNVBAMMG2UtR3V2ZW4gTW9iaWwgVGVzdFVURi04
+LVNPTjAeFw0xMjA1MDMxMTE2MTdaFw0xMzA1MDMxMTE2MTdaMGoxCzAJBgNVBAYTAlRSMREwDwYD
+VQQKDAhGaXJlIExMVDEbMBkGA1UECwwScG9wQ29kZSAtIDEyMzQ1Njc4MRQwEgYDVQQFEws3NjU0
+MzQ1Njc2NTEVMBMGA1UEAwwMQnVyYWsgWW9uZGVtMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQCpfSB7xcsHZR4E27yGHkzUJx1y2iknzX4gRM2acyPljRw/V5Lm7POrfWIX9UF2sxfYfRqxYmD0
++nw72nx8R/5AFQK0BfjHxIc5W1YekMHF8PSORo9rJqcX+qn+NBYwqcJl4EdObTcOtMWC6ws6n0uA
+oDvYYN0ujkua496sp+INiQIDAQABo4IDVzCCA1MwQgYIKwYBBQUHAQEENjA0MDIGCCsGAQUFBzAB
+hiZodHRwOi8vdGVzdG9jc3AyLmUtZ3V2ZW4uY29tL29jc3AueHVkYTAfBgNVHSMEGDAWgBSzKEyJ
+hCnl26jY22GZCrIUItr8MzCCAXIGA1UdIASCAWkwggFlMIGxBgZghhgDAAEwgaYwNgYIKwYBBQUH
+AgEWKmh0dHA6Ly93d3cuZS1ndXZlbi5jb20vZG9jdW1lbnRzL05FU1VFLnBkZjBsBggrBgEFBQcC
+AjBgGl5CdSBzZXJ0aWZpa2EsIDUwNzAgc2F5xLFsxLEgRWxla3Ryb25payDEsG16YSBLYW51bnVu
+YSBnw7ZyZSBuaXRlbGlrbGkgZWxla3Ryb25payBzZXJ0aWZpa2FkxLFyMIGuBglghhgDAAEBAQMw
+gaAwNwYIKwYBBQUHAgEWK2h0dHA6Ly93d3cuZS1ndXZlbi5jb20vZG9jdW1lbnRzL01LTkVTSS5w
+ZGYwZQYIKwYBBQUHAgIwWRpXQnUgc2VydGlmaWthLCBNS05FU0kga2Fwc2FtxLFuZGEgeWF5xLFu
+bGFubcSxxZ8gYmlyIG5pdGVsaWtsaSBlbGVrdHJvbmlrIHNlcnRpZmlrYWTEsXIuMA4GA1UdDwEB
+/wQEAwIGwDCBgwYIKwYBBQUHAQMEdzB1MAgGBgQAjkYBATBpBgtghhgBPQABp04BAQxaQnUgc2Vy
+dGlmaWthLCA1MDcwIHNheWlsaSBFbGVrdHJvbmlrIEltemEgS2FudW51bmEgZ8O2cmUgbml0ZWxp
+a2xpIGVsZWt0cm9uaWsgc2VydGlmaWthZGlyMEUGA1UdCQQ+MDwwFAYIKwYBBQUHCQIxCAQGQW5r
+YXJhMBIGCCsGAQUFBwkBMQYEBDE5NzkwEAYIKwYBBQUHCQQxBAQCVFIwGAYDVR0RBBEwD4ENZmly
+ZUBmaXJlLmNvbTBgBgNVHR8EWTBXMFWgU6BRhk9odHRwOi8vdGVzdHNpbC5lLWd1dmVuLmNvbS9F
+bGVrdHJvbmlrQmlsZ2lHdXZlbmxpZ2lBU01LTkVTSS1VVEYtOC9MYXRlc3RDUkwuY3JsMB0GA1Ud
+DgQWBBSLG9aIb1k2emFLCpM93kXJkWhzuTANBgkqhkiG9w0BAQUFAAOCAQEACoGCn4bzDWLzs799
+rndpB971UD2wbwt8Hkw1MGZkkJVQeVF4IS8FacAyYk5vY8ONuTA/Wsh4x23v9WTCtO89HMTz81eU
+BclqZ2Gc2UeMq7Y4FQWR8PNCMdCsxVVhpRRE6jQAyyR9YEBHQYVLfy34e3+9G/h/BR73VGHZJdZI
+DDJYd+VWXmUD9kGk/mI35qYdzN3O28KI8sokqX0z2hvkpDKuP4jNXSCHcVkK23tX2x5m6m0LdqVn
+vnCx2LfBn1wf1u7q30p/GgMVX+mR3QHs7feGewEjlkxuEyLVVD+uBwWCT6zcad17oaAyXV5RV28L
+vH0WNg6pFUpwOP0l+nIOqqCBhAOBgQBAtTB5Qd18sTxEKhSzRiN2OycFPrqoqlZZTHBohe8bE2D4
+Xc1ejkFWUEvQivkqJxCD6C7I37xgDaq8DZnaczIBxbPkY0QMdeL4MiEqlw/tlrJGrWoC5Twb0t/m
+JA5RSwQoMDYTj2WrwtM/nsP12T39or4JRZhlLSM43IaTwEBtQw==
+EOT
diff --git a/python/pyasn1-modules/test/crl.sh b/python/pyasn1-modules/test/crl.sh
new file mode 100644
index 000000000..76526cbeb
--- /dev/null
+++ b/python/pyasn1-modules/test/crl.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+crldump.py <<EOT
+-----BEGIN X509 CRL-----
+MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTETMBEGA1UE
+CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
+MRUwEwYDVQQDEwxzbm1wbGFicy5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ac25t
+cGxhYnMuY29tFw0xMjA0MTExMzQwNTlaFw0xMjA1MTExMzQwNTlaoA4wDDAKBgNV
+HRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQC1D/wwnrcY/uFBHGc6SyoYss2kn+nY
+RTwzXmmldbNTCQ03x5vkWGGIaRJdN8QeCzbEi7gpgxgpxAx6Y5WkxkMQ1UPjNM5n
+DGVDOtR0dskFrrbHuNpWqWrDaBN0/ryZiWKjr9JRbrpkHgVY29I1gLooQ6IHuKHY
+vjnIhxTFoCb5vA==
+-----END X509 CRL-----
+EOT
diff --git a/python/pyasn1-modules/test/crmf.sh b/python/pyasn1-modules/test/crmf.sh
new file mode 100644
index 000000000..487159858
--- /dev/null
+++ b/python/pyasn1-modules/test/crmf.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+crmfdump.py <<EOT
+MIIBozCCAZ8wggEFAgUAwTnj2jCByoABAqURMA8xDTALBgNVBAMTBHVzZXKmgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ6ZQ2cYbn/lFsmBOlRltbRbFQUvvE0Q
+nbopOu1kC7Bmaaz7QTx8nxeiHi4m7uxCbGGxHNoGCt7EmdG8eZUBNAcHyGlXrJdm
+0z3/uNEGiBHq+xB8FnFJCA5EIJ3RWFnlbu9otSITLxWK7c5+/NHmWM+yaeHD/f/h
+rp01c/8qXZfZAgMBAAGpEDAOBgNVHQ8BAf8EBAMCBeAwLzASBgkrBgEFBQcFAQEM
+BTExMTExMBkGCSsGAQUFBwUBAgwMc2VydmVyX21hZ2ljoYGTMA0GCSqGSIb3DQEB
+BQUAA4GBAEI3KNEvTq/n1kNVhNhPkovk1AZxyJrN1u1+7Gkc4PLjWwjLOjcEVWt4
+AajUk/gkIJ6bbeO+fZlMjHfPSDKcD6AV2hN+n72QZwfzcw3icNvBG1el9EU4XfIm
+xfu5YVWi81/fw8QQ6X6YGHFQkomLd7jxakVyjxSng9BhO6GpjJNF
+EOT
+
diff --git a/python/pyasn1-modules/test/ocspreq.sh b/python/pyasn1-modules/test/ocspreq.sh
new file mode 100644
index 000000000..fff23c36a
--- /dev/null
+++ b/python/pyasn1-modules/test/ocspreq.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+ocspreqdump.py <<EOT
+MGowaDBBMD8wPTAJBgUrDgMCGgUABBS3ZrMV9C5Dko03aH13cEZeppg3wgQUkqR1LKSevoFE63n8
+isWVpesQdXMCBDXe9M+iIzAhMB8GCSsGAQUFBzABAgQSBBBjdJOiIW9EKJGELNNf/rdA
+EOT
+
diff --git a/python/pyasn1-modules/test/ocsprsp.sh b/python/pyasn1-modules/test/ocsprsp.sh
new file mode 100644
index 000000000..62090484c
--- /dev/null
+++ b/python/pyasn1-modules/test/ocsprsp.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+ocsprspdump.py <<EOT
+MIIEvQoBAKCCBLYwggSyBgkrBgEFBQcwAQEEggSjMIIEnzCCAQ+hgYAwfjELMAkGA1UEBhMCQVUx
+EzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEV
+MBMGA1UEAxMMc25tcGxhYnMuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHNubXBsYWJzLmNvbRgP
+MjAxMjA0MTExNDA5MjJaMFQwUjA9MAkGBSsOAwIaBQAEFLdmsxX0LkOSjTdofXdwRl6mmDfCBBSS
+pHUspJ6+gUTrefyKxZWl6xB1cwIENd70z4IAGA8yMDEyMDQxMTE0MDkyMlqhIzAhMB8GCSsGAQUF
+BzABAgQSBBBjdJOiIW9EKJGELNNf/rdAMA0GCSqGSIb3DQEBBQUAA4GBADk7oRiCy4ew1u0N52QL
+RFpW+tdb0NfkV2Xyu+HChKiTThZPr9ZXalIgkJ1w3BAnzhbB0JX/zq7Pf8yEz/OrQ4GGH7HyD3Vg
+PkMu+J6I3A2An+bUQo99AmCbZ5/tSHtDYQMQt3iNbv1fk0yvDmh7UdKuXUNSyJdHeg27dMNy4k8A
+oIIC9TCCAvEwggLtMIICVqADAgECAgEBMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFTAT
+BgNVBAMTDHNubXBsYWJzLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0Bzbm1wbGFicy5jb20wHhcN
+MTIwNDExMTMyNTM1WhcNMTMwNDExMTMyNTM1WjB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRUwEwYDVQQDEwxzbm1w
+bGFicy5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ac25tcGxhYnMuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDDDU5HOnNV8I2CojxB8ilIWRHYQuaAjnjrETMOprouDHFXnwWqQo/I3m0b
+XYmocrh9kDefb+cgc7+eJKvAvBqrqXRnU38DmQU/zhypCftGGfP8xjuBZ1n23lR3hplN1yYA0J2X
+SgBaAg6e8OsKf1vcX8Es09rDo8mQpt4G2zR56wIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG
++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU8Ys2dpJFLMHl
+yY57D4BNmlqnEcYwHwYDVR0jBBgwFoAU8Ys2dpJFLMHlyY57D4BNmlqnEcYwDQYJKoZIhvcNAQEF
+BQADgYEAWR0uFJVlQId6hVpUbgXFTpywtNitNXFiYYkRRv77McSJqLCa/c1wnuLmqcFcuRUK0oN6
+8ZJDP2HDDKe8MCZ8+sx+CF54eM8VCgN9uQ9XyE7x9XrXDd3Uw9RJVaWSIezkNKNeBE0lDM2jUjC4
+HAESdf7nebz1wtqAOXE1jWF/y8g=
+EOT
diff --git a/python/pyasn1-modules/test/pkcs1.sh b/python/pyasn1-modules/test/pkcs1.sh
new file mode 100644
index 000000000..cc45f94e7
--- /dev/null
+++ b/python/pyasn1-modules/test/pkcs1.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+pkcs1dump.py <<EOT
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCN91+Cma8UPw09gjwP9WOJCdpv3mv3/qFqzgiODGZx0Q002iTl
+1dq36m5TsWYFEcMCEyC3tFuoQ0mGq5zUUOmJvHCIPufs0g8Av0fhY77uFqneHHUi
+VQMCPCHX9vTCWskmDE21LJppU27bR4H2q+ysE30d6u3+84qrItsn4bjpcQIVAPR5
+QrmooOXDn7fHJzshmxImGC4VAoGAXxKyEnlvzq93d4V6KLWX3H5Jk2JP771Ss1bT
+6D/mSbLlvjjo7qsj6diul1axu6Wny31oPertzA2FeGEzkqvjSNmSxyYYMDB3kEcx
+ahntt37I1FgSlgdZHuhdtl1h1DBKXqCCneOZuNj+kW5ib14u5HDfFIbec2HJbvVs
+lJ/k83kCgYB4TD8vgHetXHxqsiZDoy5wOnQ3mmFAfl8ZdQsIfov6kEgArwPYUOVB
+JsX84f+MFjIOKXUV8dHZ8VRrGCLAbXcxKqLNWKlKHUnEsvt63pkaTy/RKHyQS+pn
+wontdTt9EtbF+CqIWnm2wpn3O+SbdtawzPOL1CcGB0jYABwbeQ81RwIUFKdyRYaa
+INow2I3/ks+0MxDabTY=
+-----END DSA PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAMfAjvBNDDYBCl1w3yNcagZkPhqd0q5KqeOTgKSLuJWfe5+VSeR5
+Y1PcF3DyH8dvS3t8PIQjxJLoKS7HVRlsfhECAwEAAQJBAIr93/gxhIenXbD7MykF
+yvi7k8MtgkWoymICZwcX+c6RudFyuPPfQJ/sf6RmFZlRA9X9CQm5NwVG7+x1Yi6t
+KoECIQDmJUCWkPCiQYow6YxetpXFa0K6hTzOPmax7MNHVWNgmQIhAN4xOZ4JFT34
+xVhK+8EudBCYRomJUHmOJfoQAxiIXVw5AiEAyB7ecc5on/5zhqKef4Eu7LKfHIdc
+304diFuDVpTmTAkCIC2ZmKOQZaWkSowGR4isCfHl7oQHhFaOD8k0RA5i3hYxAiEA
+n8lDw3JT6NjvMnD6aM8KBsLyhazWSVVkaUSqmJzgCF0=
+-----END RSA PRIVATE KEY-----
+EOT
+
diff --git a/python/pyasn1-modules/test/pkcs10.sh b/python/pyasn1-modules/test/pkcs10.sh
new file mode 100644
index 000000000..d8f9e07df
--- /dev/null
+++ b/python/pyasn1-modules/test/pkcs10.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+pkcs10dump.py <<EOT
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDATCCAekCAQAwgZkxCzAJBgNVBAYTAlJVMRYwFAYDVQQIEw1Nb3Njb3cgUmVn
+aW9uMQ8wDQYDVQQHEwZNb3Njb3cxGjAYBgNVBAoTEVNOTVAgTGFib3JhdG9yaWVz
+MQwwCgYDVQQLFANSJkQxFTATBgNVBAMTDHNubXBsYWJzLmNvbTEgMB4GCSqGSIb3
+DQEJARYRaW5mb0Bzbm1wbGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC9n2NfGS98JDBmAXQn+vNUyPB3QPYC1cwpX8UMYh9MdAmBZJCnvXrQ
+Pp14gNAv6AQKxefmGES1b+Yd+1we9HB8AKm1/8xvRDUjAvy4iO0sqFCPvIfSujUy
+pBcfnR7QE2itvyrMxCDSEVnMhKdCNb23L2TptUmpvLcb8wfAMLFsSu2yaOtJysep
+oH/mvGqlRv2ti2+E2YA0M7Pf83wyV1XmuEsc9tQ225rprDk2uyshUglkDD2235rf
+0QyONq3Aw3BMrO9ss1qj7vdDhVHVsxHnTVbEgrxEWkq2GkVKh9QReMZ2AKxe40j4
+og+OjKXguOCggCZHJyXKxccwqCaeCztbAgMBAAGgIjAgBgkqhkiG9w0BCQIxExMR
+U05NUCBMYWJvcmF0b3JpZXMwDQYJKoZIhvcNAQEFBQADggEBAAihbwmN9M2bsNNm
+9KfxqiGMqqcGCtzIlpDz/2NVwY93cEZsbz3Qscc0QpknRmyTSoDwIG+1nUH0vzkT
+Nv8sBmp9I1GdhGg52DIaWwL4t9O5WUHgfHSJpPxZ/zMP2qIsdPJ+8o19BbXRlufc
+73c03H1piGeb9VcePIaulSHI622xukI6f4Sis49vkDaoi+jadbEEb6TYkJQ3AMRD
+WdApGGm0BePdLqboW1Yv70WRRFFD8sxeT7Yw4qrJojdnq0xMHPGfKpf6dJsqWkHk
+b5DRbjil1Zt9pJuF680S9wtBzSi0hsMHXR9TzS7HpMjykL2nmCVY6A78MZapsCzn
+GGbx7DI=
+-----END CERTIFICATE REQUEST-----
+EOT
+
diff --git a/python/pyasn1-modules/test/pkcs7.sh b/python/pyasn1-modules/test/pkcs7.sh
new file mode 100644
index 000000000..45b86c2ea
--- /dev/null
+++ b/python/pyasn1-modules/test/pkcs7.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+pkcs7dump.py <<EOT
+-----BEGIN PKCS7-----
+MIIKdQYJKoZIhvcNAQcCoIIKZjCCCmICAQExADALBgkqhkiG9w0BBwGgggpIMIIC
+XjCCAcegAwIBAgIBADANBgkqhkiG9w0BAQQFADB1MQswCQYDVQQGEwJSVTEPMA0G
+A1UEBxMGTW9zY293MRcwFQYDVQQKEw5Tb3ZhbSBUZWxlcG9ydDEMMAoGA1UECxMD
+TklTMQ8wDQYDVQQDEwZBQlMgQ0ExHTAbBgkqhkiG9w0BCQEWDmNlcnRAb25saW5l
+LnJ1MB4XDTk5MDgxNTE5MDI1OFoXDTAwMDExMjE5MDI1OFowdTELMAkGA1UEBhMC
+UlUxDzANBgNVBAcTBk1vc2NvdzEXMBUGA1UEChMOU292YW0gVGVsZXBvcnQxDDAK
+BgNVBAsTA05JUzEPMA0GA1UEAxMGQUJTIENBMR0wGwYJKoZIhvcNAQkBFg5jZXJ0
+QG9ubGluZS5ydTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw0g1P0yQAZIi
+ml2XOCOxnCcuhHmAgj4Ei9M2ebrrGwUMONPzr1a8W7JcpnR3FeOjxEIxrzkHr6UA
+oj4l/oC7Rv28uIig+Okf+82ekhH6VgAQNr5LAzfN8J6dZLx2OXAmmLleAqHuisT7
+I40vEFRoRmC5hiMlILE2rIlIKJn6cUkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBZ
+7ELDfGUNb+fbpHl5W3d9JMXsdOgd96+HG+X1SPgeiRAMjkla8WFCSaQPIR4vCy0m
+tm5a2bWSji6+vP5FGbjOz5iMlHMrCtu0He7Eim2zpaGI06ZIY75Cn1h2r3+KS0/R
+h01TJUbmsfV1tZm6Wk3bayJ+/K8A4mBHv8P6rhYacDCCAowwggH1oAMCAQICAQAw
+DQYJKoZIhvcNAQEEBQAwgYsxCzAJBgNVBAYTAlJVMQ8wDQYDVQQHEwZNb3Njb3cx
+FzAVBgNVBAoTDkdvbGRlbiBUZWxlY29tMQwwCgYDVQQLEwNST0wxHjAcBgNVBAMT
+FUdvbGRlbiBUZWxlY29tIEFCUyBDQTEkMCIGCSqGSIb3DQEJARYVY2VydEBnb2xk
+ZW50ZWxlY29tLnJ1MB4XDTAwMDEwNTE1MDY1MVoXDTEwMDExNTE1MDY1MVowgYsx
+CzAJBgNVBAYTAlJVMQ8wDQYDVQQHEwZNb3Njb3cxFzAVBgNVBAoTDkdvbGRlbiBU
+ZWxlY29tMQwwCgYDVQQLEwNST0wxHjAcBgNVBAMTFUdvbGRlbiBUZWxlY29tIEFC
+UyBDQTEkMCIGCSqGSIb3DQEJARYVY2VydEBnb2xkZW50ZWxlY29tLnJ1MIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPFel/Svli6ogoUEb6eLtEvNSjyalETSMP
+MIZXdmWIkWijvEUhDnNJVAE3knAt6dVYqxWq0vc6CbAGFZNqEyioGU48IECLzV0G
+toiYejF/c9PuyIKDejeV9/YZnNFaZAUOXhOjREdZURLISKhX4tAbQyvK0Qka9AAR
+MEy9DoqV8QIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAHQzgqFkoSMQr077UCr5C0l1
+rxLA17TrocCmUC1/PLmN0LmUHD0d7TjjTQKJaJBHxcKIg6+FOY6LSSY4nAN79eXi
+nBz+jEUG7+NTU/jcEArI35yP7fi4Mwb96EYDmUkUGtcLNq3JBe/d1Zhmy9HnNBL1
+Dn9thM2Q8RPYAJIU3JnGMIICqTCCAhICAQAwDQYJKoZIhvcNAQEEBQAwgZwxCzAJ
+BgNVBAYTAlJVMQ8wDQYDVQQIEwZNb3Njb3cxDzANBgNVBAcTBk1vc2NvdzEXMBUG
+A1UEChMOR29sZGVuIFRlbGVjb20xDDAKBgNVBAsTA1JPTDEeMBwGA1UEAxMVR29s
+ZGVuIFRlbGVjb20gQUJTIENBMSQwIgYJKoZIhvcNAQkBFhVjZXJ0QGdvbGRlbnRl
+bGVjb20ucnUwHhcNMTAwMTE1MTU0MDI2WhcNMjAwMjIyMTU0MDI2WjCBnDELMAkG
+A1UEBhMCUlUxDzANBgNVBAgTBk1vc2NvdzEPMA0GA1UEBxMGTW9zY293MRcwFQYD
+VQQKEw5Hb2xkZW4gVGVsZWNvbTEMMAoGA1UECxMDUk9MMR4wHAYDVQQDExVHb2xk
+ZW4gVGVsZWNvbSBBQlMgQ0ExJDAiBgkqhkiG9w0BCQEWFWNlcnRAZ29sZGVudGVs
+ZWNvbS5ydTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzxXpf0r5YuqIKFBG
++ni7RLzUo8mpRE0jDzCGV3ZliJFoo7xFIQ5zSVQBN5JwLenVWKsVqtL3OgmwBhWT
+ahMoqBlOPCBAi81dBraImHoxf3PT7siCg3o3lff2GZzRWmQFDl4To0RHWVESyEio
+V+LQG0MrytEJGvQAETBMvQ6KlfECAwEAATANBgkqhkiG9w0BAQQFAAOBgQCMrS4T
+LIzxcpu8nwOq/xMcxW4Ctz/wjIoePWkmSLe+Tkb4zo7aTsvzn+ETaWb7qztUpyl0
+QvlXn4vC2iCJloPpofPqSzF1UV3g5Zb93ReZu7E6kEyW0ag8R5XZKv0xuR3b3Le+
+ZqolT8wQELd5Mmw5JPofZ+O2cGNvet8tYwOKFjCCAqUwggIOoAMCAQICAgboMA0G
+CSqGSIb3DQEBBAUAMIGcMQswCQYDVQQGEwJSVTEPMA0GA1UECBMGTW9zY293MQ8w
+DQYDVQQHEwZNb3Njb3cxFzAVBgNVBAoTDkdvbGRlbiBUZWxlY29tMQwwCgYDVQQL
+EwNST0wxHjAcBgNVBAMTFUdvbGRlbiBUZWxlY29tIEFCUyBDQTEkMCIGCSqGSIb3
+DQEJARYVY2VydEBnb2xkZW50ZWxlY29tLnJ1MB4XDTExMDEyODEyMTcwOVoXDTEy
+MDIwMTAwMDAwMFowdjELMAkGA1UEBhMCUlUxDDAKBgNVBAgTA04vQTEXMBUGA1UE
+ChMOR29sZGVuIFRlbGVjb20xDDAKBgNVBAsTA0lTUDEWMBQGA1UEAxMNY3JheS5n
+bGFzLm5ldDEaMBgGCSqGSIb3DQEJARYLZWxpZUByb2wucnUwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAPJAm8KG3ZCoJSvoGmLMPlGaMIpadu/EGSEYu+M/ybLp
+Cs8XmwB3876JVKKCbtGI6eqxOqvjedYXb+nKcyhz4Ztmm8RgAD7Z1WUItIpatejT
+79EYOUWrDN713SLZsImMyP4B4EySl4LZfHFRU2iOwLB6WozGCYuULLqYS9MDPrnT
+AgMBAAGjGzAZMBcGCWCGSAGG+EIBDQQKFghDPS07Uz0tOzANBgkqhkiG9w0BAQQF
+AAOBgQDEttS70qYCA+MGBA3hOR88XiBcTmuBarJDwn/rj31vRjYZUgp9bbFwscRI
+Ic4lDnlyvunwNitl+341bDg7u6Ebu9hCMbciyu4EtrsDh77DlLzbmNcXbnhlvbFL
+K9GiPz3dNyvQMfmaA0twd62zJDOVJ1SmO04lLmu/pAx8GhBZkqEAMQA=
+-----END PKCS7-----
+EOT
+
diff --git a/python/pyasn1-modules/test/pkcs8.sh b/python/pyasn1-modules/test/pkcs8.sh
new file mode 100644
index 000000000..add2d7e76
--- /dev/null
+++ b/python/pyasn1-modules/test/pkcs8.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+pkcs8dump.py <<EOT
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBgTAbBgkqhkiG9w0BBQMwDgQIdtFgDWnipT8CAggABIIBYN0hkm2xqkTCt8dJ
+iZS8+HNiyHxy8g+rmWSXv/i+bTHFUReZA2GINtTRUkWpXqWcSHxNslgf7QdfgbVJ
+xQiUM+lLhwOFh85iAHR3xmPU1wfN9NvY9DiLSpM0DMhF3OvAMZD75zIhA0GSKu7w
+dUu7ey7H4fv7bez6RhEyLdKw9/Lf2KNStNOs4ow9CAtCoxeoMSniTt6CNhbvCkve
+9vNHKiGavX1tS/YTog4wiiGzh2YxuW1RiQpTdhWiKyECgD8qQVg2tY5t3QRcXrzi
+OkStpkiAPAbiwS/gyHpsqiLo0al63SCxRefugbn1ucZyc5Ya59e3xNFQXCNhYl+Z
+Hl3hIl3cssdWZkJ455Z/bBE29ks1HtsL+bTfFi+kw/4yuMzoaB8C7rXScpGNI/8E
+pvTU2+wtuoOFcttJregtR94ZHu5wgdYqRydmFNG8PnvZT1mRMmQgUe/vp88FMmsZ
+dLsZjNQ=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAx8CO8E0MNgEKXXDf
+I1xqBmQ+Gp3Srkqp45OApIu4lZ97n5VJ5HljU9wXcPIfx29Le3w8hCPEkugpLsdV
+GWx+EQIDAQABAkEAiv3f+DGEh6ddsPszKQXK+LuTwy2CRajKYgJnBxf5zpG50XK4
+899An+x/pGYVmVED1f0JCbk3BUbv7HViLq0qgQIhAOYlQJaQ8KJBijDpjF62lcVr
+QrqFPM4+ZrHsw0dVY2CZAiEA3jE5ngkVPfjFWEr7wS50EJhGiYlQeY4l+hADGIhd
+XDkCIQDIHt5xzmif/nOGop5/gS7ssp8ch1zfTh2IW4NWlOZMCQIgLZmYo5BlpaRK
+jAZHiKwJ8eXuhAeEVo4PyTREDmLeFjECIQCfyUPDclPo2O8ycPpozwoGwvKFrNZJ
+VWRpRKqYnOAIXQ==
+-----END PRIVATE KEY-----
+EOT
+
diff --git a/python/pyasn1-modules/test/x509dump.sh b/python/pyasn1-modules/test/x509dump.sh
new file mode 100644
index 000000000..62904971a
--- /dev/null
+++ b/python/pyasn1-modules/test/x509dump.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+x509dump.py <<EOT
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
+NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
+cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
+2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
+JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
+Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
+n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
+PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
+-----END CERTIFICATE-----
+EOT
+
diff --git a/python/pyasn1-modules/tools/cmpdump.py b/python/pyasn1-modules/tools/cmpdump.py
new file mode 100755
index 000000000..74c4f77a4
--- /dev/null
+++ b/python/pyasn1-modules/tools/cmpdump.py
@@ -0,0 +1,28 @@
+#!/usr/bin/python
+# Read ASN.1/PEM CMP message on stdin, parse into
+# plain text, then build substrate from it
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc4210, pem
+from pyasn1 import debug
+import sys
+
+if len(sys.argv) == 2 and sys.argv[1] == '-d':
+    debug.setLogger(debug.Debug('all'))
+elif len(sys.argv) != 1:
+    print("""Usage:
+$ cat cmp.pem | %s [-d]""" % sys.argv[0])
+    sys.exit(-1)
+    
+pkiMessage = rfc4210.PKIMessage()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+    sys.exit(0)
+        
+pkiMsg, rest = decoder.decode(substrate, asn1Spec=pkiMessage)
+
+print(pkiMsg.prettyPrint())
+
+assert encoder.encode(pkiMsg, defMode=False) == substrate or \
+       encoder.encode(pkiMsg, defMode=True) == substrate, \
+       'CMP message recode fails'
diff --git a/python/pyasn1-modules/tools/crldump.py b/python/pyasn1-modules/tools/crldump.py
new file mode 100755
index 000000000..d4b0a547c
--- /dev/null
+++ b/python/pyasn1-modules/tools/crldump.py
@@ -0,0 +1,38 @@
+#!/usr/bin/python
+#
+# Read X.509 CRL on stdin, print them pretty and encode back into 
+# original wire format.
+# CRL can be generated with "openssl openssl ca -gencrl ..." commands.
+#
+from pyasn1_modules import rfc2459, pem
+from pyasn1.codec.der import encoder, decoder
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat crl.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+asn1Spec = rfc2459.CertificateList()
+
+cnt = 0
+
+while 1:
+    idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN X509 CRL-----', '-----END X509 CRL-----'))
+    if not substrate:
+        break
+
+
+    key, rest = decoder.decode(substrate, asn1Spec=asn1Spec)
+
+    if rest: substrate = substrate[:-len(rest)]
+        
+    print(key.prettyPrint())
+
+    assert encoder.encode(key, defMode=False) == substrate or \
+           encoder.encode(key, defMode=True) == substrate, \
+           'pkcs8 recode fails'
+        
+    cnt = cnt + 1
+ 
+print('*** %s CRL(s) re/serialized' % cnt)
diff --git a/python/pyasn1-modules/tools/crmfdump.py b/python/pyasn1-modules/tools/crmfdump.py
new file mode 100755
index 000000000..22bfc9d95
--- /dev/null
+++ b/python/pyasn1-modules/tools/crmfdump.py
@@ -0,0 +1,25 @@
+#!/usr/bin/python
+# Read ASN.1/PEM X.509 CRMF request on stdin, parse into
+# plain text, then build substrate from it
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2511, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat crmf.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+certReq = rfc2511.CertReqMessages()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+    sys.exit(0)
+        
+cr, rest = decoder.decode(substrate, asn1Spec=certReq)
+
+print(cr.prettyPrint())
+
+assert encoder.encode(cr, defMode=False) == substrate or \
+       encoder.encode(cr, defMode=True) == substrate, \
+       'crmf recode fails'
diff --git a/python/pyasn1-modules/tools/ocspclient.py b/python/pyasn1-modules/tools/ocspclient.py
new file mode 100755
index 000000000..b2d1dfc54
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocspclient.py
@@ -0,0 +1,145 @@
+#!/usr/bin/python
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, rfc2459, pem
+from pyasn1.type import univ
+import sys, hashlib
+try:
+  import urllib2
+except ImportError:
+  import urllib.request as urllib2
+
+sha1oid = univ.ObjectIdentifier((1, 3, 14, 3, 2, 26))
+
+class ValueOnlyBitStringEncoder(encoder.encoder.BitStringEncoder):
+    # These methods just do not encode tag and length fields of TLV
+    def encodeTag(self, *args): return ''
+    def encodeLength(self, *args): return ''
+    def encodeValue(*args):
+        substrate, isConstructed = encoder.encoder.BitStringEncoder.encodeValue(*args)
+        # OCSP-specific hack follows: cut off the "unused bit count"
+        # encoded bit-string value.
+        return substrate[1:], isConstructed
+
+    def __call__(self, bitStringValue):
+        return self.encode(None, bitStringValue, defMode=1, maxChunkSize=0)
+
+valueOnlyBitStringEncoder = ValueOnlyBitStringEncoder()
+
+def mkOcspRequest(issuerCert, userCert):
+    issuerTbsCertificate = issuerCert.getComponentByName('tbsCertificate')
+    issuerSubject = issuerTbsCertificate.getComponentByName('subject')
+    
+    userTbsCertificate = userCert.getComponentByName('tbsCertificate')
+    userIssuer = userTbsCertificate.getComponentByName('issuer')
+
+    assert issuerSubject == userIssuer, '%s\n%s' % (
+        issuerSubject.prettyPrint(), userIssuer.prettyPrint()
+        )
+
+    userIssuerHash = hashlib.sha1(
+        encoder.encode(userIssuer)
+        ).digest()
+    
+    issuerSubjectPublicKey = issuerTbsCertificate.getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey')
+    
+    issuerKeyHash =  hashlib.sha1(
+        valueOnlyBitStringEncoder(issuerSubjectPublicKey)
+        ).digest()
+    
+    userSerialNumber = userTbsCertificate.getComponentByName('serialNumber')
+
+    # Build request object
+
+    request = rfc2560.Request()
+    
+    reqCert = request.setComponentByName('reqCert').getComponentByName('reqCert')
+    
+    hashAlgorithm = reqCert.setComponentByName('hashAlgorithm').getComponentByName('hashAlgorithm')
+    hashAlgorithm.setComponentByName('algorithm', sha1oid)
+    
+    reqCert.setComponentByName('issuerNameHash', userIssuerHash)
+    reqCert.setComponentByName('issuerKeyHash', issuerKeyHash)
+    reqCert.setComponentByName('serialNumber', userSerialNumber)
+
+    ocspRequest = rfc2560.OCSPRequest()
+    
+    tbsRequest = ocspRequest.setComponentByName('tbsRequest').getComponentByName('tbsRequest')
+    tbsRequest.setComponentByName('version', 'v1')
+    
+    requestList = tbsRequest.setComponentByName('requestList').getComponentByName('requestList')
+    requestList.setComponentByPosition(0, request)
+    
+    return ocspRequest
+
+def parseOcspResponse(ocspResponse):
+    responseStatus = ocspResponse.getComponentByName('responseStatus')
+    assert responseStatus == rfc2560.OCSPResponseStatus('successful'), responseStatus.prettyPrint()    
+    responseBytes = ocspResponse.getComponentByName('responseBytes')
+    responseType = responseBytes.getComponentByName('responseType')
+    assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint()
+    
+    response = responseBytes.getComponentByName('response')
+
+    basicOCSPResponse, _ = decoder.decode(
+        response, asn1Spec=rfc2560.BasicOCSPResponse()
+        )
+    
+    tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData')
+
+    response0 = tbsResponseData.getComponentByName('responses').getComponentByPosition(0)
+    
+    return (
+        tbsResponseData.getComponentByName('producedAt'),
+        response0.getComponentByName('certID'),
+        response0.getComponentByName('certStatus').getName(),
+        response0.getComponentByName('thisUpdate')
+        )
+
+if len(sys.argv) != 2:
+    print("""Usage:
+$ cat CACertificate.pem userCertificate.pem | %s <ocsp-responder-url>""" % sys.argv[0])
+    sys.exit(-1)
+else:
+    ocspUrl = sys.argv[1]
+
+# Parse CA and user certificates
+
+issuerCert, _ = decoder.decode(
+    pem.readPemBlocksFromFile(
+        sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----')
+    )[1],
+    asn1Spec=rfc2459.Certificate()
+    )
+userCert, _ = decoder.decode(
+    pem.readPemBlocksFromFile(
+        sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----')
+    )[1],
+    asn1Spec=rfc2459.Certificate()
+    )
+
+# Build OCSP request
+    
+ocspReq = mkOcspRequest(issuerCert, userCert)
+
+# Use HTTP POST to get response (see Appendix A of RFC 2560)
+# In case you need proxies, set the http_proxy env variable
+
+httpReq = urllib2.Request(
+    ocspUrl,
+    encoder.encode(ocspReq),
+    { 'Content-Type': 'application/ocsp-request' }
+    )
+httpRsp = urllib2.urlopen(httpReq).read()
+
+# Process OCSP response
+    
+ocspRsp, _ = decoder.decode(httpRsp, asn1Spec=rfc2560.OCSPResponse())
+
+producedAt, certId, certStatus, thisUpdate = parseOcspResponse(ocspRsp)
+
+print('Certificate ID %s is %s at %s till %s\n' % (
+       certId.getComponentByName('serialNumber'),
+       certStatus,
+       producedAt,
+       thisUpdate))
diff --git a/python/pyasn1-modules/tools/ocspreqdump.py b/python/pyasn1-modules/tools/ocspreqdump.py
new file mode 100755
index 000000000..3a03115ea
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocspreqdump.py
@@ -0,0 +1,27 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM X.509 CRMF request on stdin, parse into
+# plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat ocsp-request.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+ocspReq = rfc2560.OCSPRequest()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+    sys.exit(0)
+        
+cr, rest = decoder.decode(substrate, asn1Spec=ocspReq)
+
+print(cr.prettyPrint())
+
+assert encoder.encode(cr, defMode=False) == substrate or \
+       encoder.encode(cr, defMode=True) == substrate, \
+       'OCSP request recode fails'
diff --git a/python/pyasn1-modules/tools/ocsprspdump.py b/python/pyasn1-modules/tools/ocsprspdump.py
new file mode 100755
index 000000000..9e49ce038
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocsprspdump.py
@@ -0,0 +1,27 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM OCSP response on stdin, parse into
+# plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat ocsp-response.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+ocspReq = rfc2560.OCSPResponse()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+    sys.exit(0)
+        
+cr, rest = decoder.decode(substrate, asn1Spec=ocspReq)
+
+print(cr.prettyPrint())
+
+assert encoder.encode(cr, defMode=False) == substrate or \
+       encoder.encode(cr, defMode=True) == substrate, \
+       'OCSP request recode fails'
diff --git a/python/pyasn1-modules/tools/ocspserver.py b/python/pyasn1-modules/tools/ocspserver.py
new file mode 100755
index 000000000..2d12d5399
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocspserver.py
@@ -0,0 +1,143 @@
+#!/usr/bin/python
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, rfc2459, pem
+from pyasn1.type import univ
+import sys, hashlib
+try:
+    import urllib2
+except ImportError:
+    import urllib.request as urllib2
+
+sha1oid = univ.ObjectIdentifier((1, 3, 14, 3, 2, 26))
+
+class ValueOnlyBitStringEncoder(encoder.encoder.BitStringEncoder):
+    # These methods just do not encode tag and length fields of TLV
+    def encodeTag(self, *args): return ''
+    def encodeLength(self, *args): return ''
+    def encodeValue(*args):
+        substrate, isConstructed = encoder.encoder.BitStringEncoder.encodeValue(*args)
+        # OCSP-specific hack follows: cut off the "unused bit count"
+        # encoded bit-string value.
+        return substrate[1:], isConstructed
+
+    def __call__(self, bitStringValue):
+        return self.encode(None, bitStringValue, defMode=1, maxChunkSize=0)
+
+valueOnlyBitStringEncoder = ValueOnlyBitStringEncoder()
+
+def mkOcspRequest(issuerCert, userCert):
+    issuerTbsCertificate = issuerCert.getComponentByName('tbsCertificate')
+    issuerSubject = issuerTbsCertificate.getComponentByName('subject')
+    
+    userTbsCertificate = userCert.getComponentByName('tbsCertificate')
+    userIssuer = userTbsCertificate.getComponentByName('issuer')
+
+    assert issuerSubject == userIssuer, '%s\n%s' % (
+        issuerSubject.prettyPrint(), userIssuer.prettyPrint()
+        )
+
+    userIssuerHash = hashlib.sha1(
+        encoder.encode(userIssuer)
+        ).digest()
+    
+    issuerSubjectPublicKey = issuerTbsCertificate.getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey')
+    
+    issuerKeyHash =  hashlib.sha1(
+        valueOnlyBitStringEncoder(issuerSubjectPublicKey)
+        ).digest()
+    
+    userSerialNumber = userTbsCertificate.getComponentByName('serialNumber')
+
+    # Build request object
+
+    request = rfc2560.Request()
+    
+    reqCert = request.setComponentByName('reqCert').getComponentByName('reqCert')
+    
+    hashAlgorithm = reqCert.setComponentByName('hashAlgorithm').getComponentByName('hashAlgorithm')
+    hashAlgorithm.setComponentByName('algorithm', sha1oid)
+    
+    reqCert.setComponentByName('issuerNameHash', userIssuerHash)
+    reqCert.setComponentByName('issuerKeyHash', issuerKeyHash)
+    reqCert.setComponentByName('serialNumber', userSerialNumber)
+
+    ocspRequest = rfc2560.OCSPRequest()
+    
+    tbsRequest = ocspRequest.setComponentByName('tbsRequest').getComponentByName('tbsRequest')
+    tbsRequest.setComponentByName('version', 'v1')
+    
+    requestList = tbsRequest.setComponentByName('requestList').getComponentByName('requestList')
+    requestList.setComponentByPosition(0, request)
+    
+    return ocspRequest
+
+def parseOcspRequest(ocspRequest):
+    tbsRequest = ocspRequest['responseStatus']
+    
+    assert responseStatus == rfc2560.OCSPResponseStatus('successful'), responseStatus.prettyPrint()    
+    responseBytes = ocspResponse.getComponentByName('responseBytes')
+    responseType = responseBytes.getComponentByName('responseType')
+    assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint()
+    
+    response = responseBytes.getComponentByName('response')
+
+    basicOCSPResponse, _ = decoder.decode(
+        response, asn1Spec=rfc2560.BasicOCSPResponse()
+        )
+    
+    tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData')
+
+    response0 = tbsResponseData.getComponentByName('responses').getComponentByPosition(0)
+    
+    return (
+        tbsResponseData.getComponentByName('producedAt'),
+        response0.getComponentByName('certID'),
+        response0.getComponentByName('certStatus').getName(),
+        response0.getComponentByName('thisUpdate')
+        )
+
+if len(sys.argv) != 2:
+    print("""Usage:
+$ cat CACertificate.pem userCertificate.pem | %s <ocsp-responder-url>""" % sys.argv[0])
+    sys.exit(-1)
+else:
+    ocspUrl = sys.argv[1]
+
+# Parse CA and user certificates
+
+issuerCert, _ = decoder.decode(
+    pem.readPemFromFile(sys.stdin)[1],
+    asn1Spec=rfc2459.Certificate()
+    )
+userCert, _ = decoder.decode(
+    pem.readPemFromFile(sys.stdin)[1],
+    asn1Spec=rfc2459.Certificate()
+    )
+
+# Build OCSP request
+    
+ocspReq = mkOcspRequest(issuerCert, userCert)
+
+# Use HTTP POST to get response (see Appendix A of RFC 2560)
+# In case you need proxies, set the http_proxy env variable
+
+httpReq = urllib2.Request(
+    ocspUrl,
+    encoder.encode(ocspReq),
+    { 'Content-Type': 'application/ocsp-request' }
+    )
+httpRsp = urllib2.urlopen(httpReq).read()
+
+# Process OCSP response
+    
+ocspRsp, _ = decoder.decode(httpRsp, asn1Spec=rfc2560.OCSPResponse())
+
+producedAt, certId, certStatus, thisUpdate = parseOcspResponse(ocspRsp)
+
+print('Certificate ID %s is %s at %s till %s\n' % (
+    certId.getComponentByName('serialNumber'),
+    certStatus,
+    producedAt,
+    thisUpdate
+    ))
diff --git a/python/pyasn1-modules/tools/pkcs10dump.py b/python/pyasn1-modules/tools/pkcs10dump.py
new file mode 100755
index 000000000..ea979c0cf
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs10dump.py
@@ -0,0 +1,39 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM X.509 certificate requests (PKCS#10 format) on stdin, 
+# parse each into plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2314, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat certificateRequest.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+certType = rfc2314.CertificationRequest()
+
+certCnt = 0
+
+while 1:
+    idx, substrate = pem.readPemBlocksFromFile(
+                      sys.stdin, ('-----BEGIN CERTIFICATE REQUEST-----',
+                                  '-----END CERTIFICATE REQUEST-----')
+                     )
+    if not substrate:
+        break
+        
+    cert, rest = decoder.decode(substrate, asn1Spec=certType)
+
+    if rest: substrate = substrate[:-len(rest)]
+        
+    print(cert.prettyPrint())
+
+    assert encoder.encode(cert, defMode=False) == substrate or \
+           encoder.encode(cert, defMode=True) == substrate, \
+           'cert recode fails'
+        
+    certCnt = certCnt + 1
+    
+print('*** %s PEM certificate request(s) de/serialized' % certCnt)
diff --git a/python/pyasn1-modules/tools/pkcs1dump.py b/python/pyasn1-modules/tools/pkcs1dump.py
new file mode 100755
index 000000000..d0da82b2f
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs1dump.py
@@ -0,0 +1,42 @@
+#!/usr/bin/python
+#
+# Read unencrypted PKCS#1/PKIX-compliant, PEM&DER encoded private keys on
+# stdin, print them pretty and encode back into original wire format.
+# Private keys can be generated with "openssl genrsa|gendsa" commands.
+#
+from pyasn1_modules import rfc2459, rfc2437, pem
+from pyasn1.codec.der import encoder, decoder
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat rsakey.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+cnt = 0
+
+while 1:
+    idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN RSA PRIVATE KEY-----', '-----END RSA PRIVATE KEY-----'), ('-----BEGIN DSA PRIVATE KEY-----', '-----END DSA PRIVATE KEY-----') )
+    if not substrate:
+        break
+
+    if idx == 0:
+        asn1Spec = rfc2437.RSAPrivateKey()
+    elif idx == 1:
+        asn1Spec = rfc2459.DSAPrivateKey()
+    else:
+        break
+
+    key, rest = decoder.decode(substrate, asn1Spec=asn1Spec)
+
+    if rest: substrate = substrate[:-len(rest)]
+        
+    print(key.prettyPrint())
+
+    assert encoder.encode(key, defMode=False) == substrate or \
+           encoder.encode(key, defMode=True) == substrate, \
+           'pkcs8 recode fails'
+        
+    cnt = cnt + 1
+ 
+print('*** %s key(s) re/serialized' % cnt)
diff --git a/python/pyasn1-modules/tools/pkcs7dump.py b/python/pyasn1-modules/tools/pkcs7dump.py
new file mode 100755
index 000000000..779487162
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs7dump.py
@@ -0,0 +1,47 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM PKCS#7 on stdin, parse it into plain text,
+# then build substrate from it
+#
+from pyasn1_modules import rfc2315, pem
+from pyasn1.codec.der import encoder, decoder
+import sys
+    
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat pkcs7Certificate.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+idx, substrate = pem.readPemBlocksFromFile(
+    sys.stdin, ('-----BEGIN PKCS7-----', '-----END PKCS7-----')
+    )
+
+assert substrate, 'bad PKCS7 data on input'
+        
+contentInfo, rest = decoder.decode(substrate, asn1Spec=rfc2315.ContentInfo())
+
+if rest: substrate = substrate[:-len(rest)]
+    
+print(contentInfo.prettyPrint())
+
+assert encoder.encode(contentInfo, defMode=False) == substrate or \
+       encoder.encode(contentInfo, defMode=True) == substrate, \
+       're-encode fails'
+
+contentType = contentInfo.getComponentByName('contentType')
+
+contentInfoMap = {
+    (1, 2, 840, 113549, 1, 7, 1): rfc2315.Data(),
+    (1, 2, 840, 113549, 1, 7, 2): rfc2315.SignedData(),
+    (1, 2, 840, 113549, 1, 7, 3): rfc2315.EnvelopedData(),
+    (1, 2, 840, 113549, 1, 7, 4): rfc2315.SignedAndEnvelopedData(),
+    (1, 2, 840, 113549, 1, 7, 5): rfc2315.DigestedData(),
+    (1, 2, 840, 113549, 1, 7, 6): rfc2315.EncryptedData()
+    }
+
+content, _ = decoder.decode(
+    contentInfo.getComponentByName('content'),
+    asn1Spec=contentInfoMap[contentType]
+    )
+
+print(content.prettyPrint())
diff --git a/python/pyasn1-modules/tools/pkcs8dump.py b/python/pyasn1-modules/tools/pkcs8dump.py
new file mode 100755
index 000000000..d1d125f8c
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs8dump.py
@@ -0,0 +1,41 @@
+#!/usr/bin/python
+#
+# Read  bunch of ASN.1/PEM plain/encrypted private keys in PKCS#8 
+# format on stdin, parse each into plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc5208, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat pkcs8key.pem | %s""" % sys.argv[0])
+    sys.exit(-1)
+    
+cnt = 0
+
+while 1:
+    idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN PRIVATE KEY-----', '-----END PRIVATE KEY-----'), ('-----BEGIN ENCRYPTED PRIVATE KEY-----', '-----END ENCRYPTED PRIVATE KEY-----') )
+    if not substrate:
+        break
+
+    if idx == 0:
+        asn1Spec = rfc5208.PrivateKeyInfo()
+    elif idx == 1:
+        asn1Spec = rfc5208.EncryptedPrivateKeyInfo()
+    else:
+        break
+
+    key, rest = decoder.decode(substrate, asn1Spec=asn1Spec)
+
+    if rest: substrate = substrate[:-len(rest)]
+        
+    print(key.prettyPrint())
+
+    assert encoder.encode(key, defMode=False) == substrate or \
+           encoder.encode(key, defMode=True) == substrate, \
+           'pkcs8 recode fails'
+        
+    cnt = cnt + 1
+    
+print('*** %s PKCS#8 key(s) de/serialized' % cnt)
diff --git a/python/pyasn1-modules/tools/snmpget.py b/python/pyasn1-modules/tools/snmpget.py
new file mode 100755
index 000000000..372510329
--- /dev/null
+++ b/python/pyasn1-modules/tools/snmpget.py
@@ -0,0 +1,37 @@
+#!/usr/bin/python
+#
+# Generate SNMPGET request, parse response
+#
+from pyasn1.codec.ber import encoder, decoder
+from pyasn1_modules import rfc1157
+import sys, socket
+
+if len(sys.argv) != 4:
+    print("""Usage:
+$ %s <community> <host> <OID>""" % sys.argv[0])
+    sys.exit(-1)
+
+msg = rfc1157.Message()
+msg.setComponentByPosition(0)
+msg.setComponentByPosition(1, sys.argv[1])
+# pdu
+pdus = msg.setComponentByPosition(2).getComponentByPosition(2)
+pdu = pdus.setComponentByPosition(0).getComponentByPosition(0)
+pdu.setComponentByPosition(0, 123)
+pdu.setComponentByPosition(1, 0)
+pdu.setComponentByPosition(2, 0)
+vbl = pdu.setComponentByPosition(3).getComponentByPosition(3)
+vb = vbl.setComponentByPosition(0).getComponentByPosition(0)
+vb.setComponentByPosition(0, sys.argv[3])
+v = vb.setComponentByPosition(1).getComponentByPosition(1).setComponentByPosition(0).getComponentByPosition(0).setComponentByPosition(3).getComponentByPosition(3)
+
+print('sending: %s' % msg.prettyPrint())
+
+sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+sock.sendto(encoder.encode(msg), (sys.argv[2], 161))
+
+substrate, _ = sock.recvfrom(2048)
+
+rMsg, _ = decoder.decode(substrate, asn1Spec=msg)
+
+print('received: %s' % rMsg.prettyPrint())
diff --git a/python/pyasn1-modules/tools/x509dump.py b/python/pyasn1-modules/tools/x509dump.py
new file mode 100755
index 000000000..64cba7e30
--- /dev/null
+++ b/python/pyasn1-modules/tools/x509dump.py
@@ -0,0 +1,40 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM X.509 certificates on stdin, parse each into plain text,
+# then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2459, pem
+import sys
+
+if len(sys.argv) != 1:
+    print("""Usage:
+$ cat CACertificate.pem | %s
+$ cat userCertificate.pem | %s""" % (sys.argv[0], sys.argv[0]))
+    sys.exit(-1)
+    
+certType = rfc2459.Certificate()
+
+certCnt = 0
+
+while 1:
+    idx, substrate = pem.readPemBlocksFromFile(
+                        sys.stdin, ('-----BEGIN CERTIFICATE-----',
+                                    '-----END CERTIFICATE-----')
+                     )
+    if not substrate:
+        break
+        
+    cert, rest = decoder.decode(substrate, asn1Spec=certType)
+
+    if rest: substrate = substrate[:-len(rest)]
+        
+    print(cert.prettyPrint())
+
+    assert encoder.encode(cert, defMode=False) == substrate or \
+           encoder.encode(cert, defMode=True) == substrate, \
+           'cert recode fails'
+        
+    certCnt = certCnt + 1
+    
+print('*** %s PEM cert(s) de/serialized' % certCnt)