Raise copyright years

[pyderasn.git] / pyderasn.py
diff --git a/pyderasn.py b/pyderasn.py

index 188e2ac49e1ca06582d2fba6270515461f158940..482b3456cc2eca5e6b5ea3936ee9927a89744d4f 100755 (executable)
--- a/pyderasn.py
+++ b/pyderasn.py
@@ -1,7 +1,7 @@
  #!/usr/bin/env python
  # coding: utf-8
  # PyDERASN -- Python ASN.1 DER/BER codec with abstract structures
-# Copyright (C) 2017-2018 Sergey Matveev <stargrave@stargrave.org>
+# Copyright (C) 2017-2019 Sergey Matveev <stargrave@stargrave.org>
  #
  # This program is free software: you can redistribute it and/or modify
  # it under the terms of the GNU Lesser General Public License as
@@ -189,9 +189,16 @@ use following properties:
  
  Pay attention that those values do **not** include anything related to
  explicit tag. If you want to know information about it, then use:
-``expled`` (to know if explicit tag is set), ``expl_offset`` (it is
-lesser than ``offset``), ``expl_tlen``, ``expl_llen``, ``expl_vlen``
-(that actually equals to ordinary ``tlvlen``).
+
+* ``expled`` -- to know if explicit tag is set
+* ``expl_offset`` (it is lesser than ``offset``)
+* ``expl_tlen``,
+* ``expl_llen``
+* ``expl_vlen`` (that actually equals to ordinary ``tlvlen``)
+* ``fulloffset`` -- it equals to ``expl_offset`` if explicit tag is set,
+  ``offset`` otherwise
+* ``fulllen`` -- it equals to ``expl_len`` if explicit tag is set,
+  ``tlvlen`` otherwise
  
  When error occurs, :py:exc:`pyderasn.DecodeError` is raised.
  
@@ -206,9 +213,11 @@ decoding process.
  
  Currently available context options:
  
+* :ref:`allow_default_values <allow_default_values_ctx>`
+* :ref:`allow_expl_oob <allow_expl_oob_ctx>`
+* :ref:`allow_unordered_set <allow_unordered_set_ctx>`
  * :ref:`bered <bered_ctx>`
  * :ref:`defines_by_path <defines_by_path_ctx>`
-* :ref:`strict_default_existence <strict_default_existence_ctx>`
  
  .. _pprinting:
  
@@ -267,7 +276,7 @@ You can specify multiple fields, that will be autodecoded -- that is why
  ``defines`` kwarg is a sequence. You can specify defined field
  relatively or absolutely to current decode path. For example ``defines``
  for AlgorithmIdentifier of X.509's
-``tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm``::
+``tbsCertificate:subjectPublicKeyInfo:algorithm:algorithm``::
  
          (
              (("parameters",), {
@@ -295,8 +304,7 @@ Following types can be automatically decoded (DEFINED BY):
  When any of those fields is automatically decoded, then ``.defined``
  attribute contains ``(OID, value)`` tuple. ``OID`` tells by which OID it
  was defined, ``value`` contains corresponding decoded value. For example
-above, ``content_info["content"].defined == (id_signedData,
-signed_data)``.
+above, ``content_info["content"].defined == (id_signedData, signed_data)``.
  
  .. _defines_by_path_ctx:
  
@@ -374,19 +382,41 @@ DER. But you can optionally enable BER decoding with setting ``bered``
  :ref:`context <ctx>` argument to True. Indefinite lengths and
  constructed primitive types should be parsed successfully.
  
-* If object is encoded in BER form (not the DER one), then ``bered``
+* If object is encoded in BER form (not the DER one), then ``ber_encoded``
    attribute is set to True. Only ``BOOLEAN``, ``BIT STRING``, ``OCTET
-  STRING`` can contain it.
+  STRING``, ``SEQUENCE``, ``SET``, ``SET OF`` can contain it.
  * If object has an indefinite length encoding, then its ``lenindef``
    attribute is set to True. Only ``BIT STRING``, ``OCTET STRING``,
    ``SEQUENCE``, ``SET``, ``SEQUENCE OF``, ``SET OF``, ``ANY`` can
    contain it.
  * If object has an indefinite length encoded explicit tag, then
    ``expl_lenindef`` is set to True.
+* If object has either any of BER-related encoding (explicit tag
+  indefinite length, object's indefinite length, BER-encoding) or any
+  underlying component has that kind of encoding, then ``bered``
+  attribute is set to True. For example SignedData CMS can have
+  ``ContentInfo:content:signerInfos:*`` ``bered`` value set to True, but
+  ``ContentInfo:content:signerInfos:*:signedAttrs`` won't.
  
  EOC (end-of-contents) token's length is taken in advance in object's
  value length.
  
+.. _allow_expl_oob_ctx:
+
+Allow explicit tag out-of-bound
+-------------------------------
+
+Invalid BER encoding could contain ``EXPLICIT`` tag containing more than
+one value, more than one object. If you set ``allow_expl_oob`` context
+option to True, then no error will be raised and that invalid encoding
+will be silently further processed. But pay attention that offsets and
+lengths will be invalid in that case.
+
+.. warning::
+
+   This option should be used only for skipping some decode errors, just
+   to see the decoded structure somehow.
+
  Primitive types
  ---------------
  
@@ -485,6 +515,7 @@ Various
  -------
  
  .. autofunction:: pyderasn.abs_decode_path
+.. autofunction:: pyderasn.colonize_hex
  .. autofunction:: pyderasn.hexenc
  .. autofunction:: pyderasn.hexdec
  .. autofunction:: pyderasn.tag_encode
@@ -509,9 +540,11 @@ from codecs import getdecoder
  from codecs import getencoder
  from collections import namedtuple
  from collections import OrderedDict
+from copy import copy
  from datetime import datetime
  from math import ceil
  from os import environ
+from string import ascii_letters
  from string import digits
  
  from six import add_metaclass
@@ -524,12 +557,13 @@ from six import iterbytes
  from six import PY2
  from six import string_types
  from six import text_type
+from six import unichr as six_unichr
  from six.moves import xrange as six_xrange
  
  
  try:
      from termcolor import colored
-except ImportError:
+except ImportError:  # pragma: no cover
      def colored(what, *args):
          return what
  
@@ -611,7 +645,11 @@ LENINDEF_PP_CHAR = "I" if PY2 else "∞"
  # Errors
  ########################################################################
  
-class DecodeError(Exception):
+class ASN1Error(ValueError):
+    pass
+
+
+class DecodeError(ASN1Error):
      def __init__(self, msg="", klass=None, decode_path=(), offset=0):
          """
          :param str msg: reason of decode failing
@@ -634,7 +672,7 @@ class DecodeError(Exception):
              c for c in (
                  "" if self.klass is None else self.klass.__name__,
                  (
-                    ("(%s)" % ".".join(str(dp) for dp in self.decode_path))
+                    ("(%s)" % ":".join(str(dp) for dp in self.decode_path))
                      if len(self.decode_path) > 0 else ""
                  ),
                  ("(at %d)" % self.offset) if self.offset > 0 else "",
@@ -666,7 +704,7 @@ class InvalidOID(DecodeError):
      pass
  
  
-class ObjUnknown(ValueError):
+class ObjUnknown(ASN1Error):
      def __init__(self, name):
          super(ObjUnknown, self).__init__()
          self.name = name
@@ -678,7 +716,7 @@ class ObjUnknown(ValueError):
          return "%s(%s)" % (self.__class__.__name__, self)
  
  
-class ObjNotReady(ValueError):
+class ObjNotReady(ASN1Error):
      def __init__(self, name):
          super(ObjNotReady, self).__init__()
          self.name = name
@@ -690,7 +728,7 @@ class ObjNotReady(ValueError):
          return "%s(%s)" % (self.__class__.__name__, self)
  
  
-class InvalidValueType(ValueError):
+class InvalidValueType(ASN1Error):
      def __init__(self, expected_types):
          super(InvalidValueType, self).__init__()
          self.expected_types = expected_types
@@ -704,7 +742,7 @@ class InvalidValueType(ValueError):
          return "%s(%s)" % (self.__class__.__name__, self)
  
  
-class BoundsError(ValueError):
+class BoundsError(ASN1Error):
      def __init__(self, bound_min, value, bound_max):
          super(BoundsError, self).__init__()
          self.bound_min = bound_min
@@ -898,7 +936,7 @@ class Obj(object):
          "vlen",
          "expl_lenindef",
          "lenindef",
-        "bered",
+        "ber_encoded",
      )
  
      def __init__(
@@ -920,7 +958,7 @@ class Obj(object):
          self.default = None
          self.expl_lenindef = False
          self.lenindef = False
-        self.bered = False
+        self.ber_encoded = False
  
      @property
      def ready(self):  # pragma: no cover
@@ -932,6 +970,12 @@ class Obj(object):
          if not self.ready:
              raise ObjNotReady(self.__class__.__name__)
  
+    @property
+    def bered(self):
+        """Is either object or any elements inside is BER encoded?
+        """
+        return self.expl_lenindef or self.lenindef or self.ber_encoded
+
      @property
      def decoded(self):
          """Is object decoded?
@@ -986,6 +1030,7 @@ class Obj(object):
              decode_path=(),
              ctx=None,
              tag_only=False,
+            _ctx_immutable=True,
      ):
          """Decode the data
  
@@ -993,14 +1038,17 @@ class Obj(object):
          :param int offset: initial data's offset
          :param bool leavemm: do we need to leave memoryview of remaining
                      data as is, or convert it to bytes otherwise
-        :param ctx: optional :ref:`context <ctx>` governing decoding process.
+        :param ctx: optional :ref:`context <ctx>` governing decoding process
          :param tag_only: decode only the tag, without length and contents
                           (used only in Choice and Set structures, trying to
                           determine if tag satisfies the scheme)
+        :param _ctx_immutable: do we need to copy ``ctx`` before using it
          :returns: (Obj, remaining data)
          """
          if ctx is None:
              ctx = {}
+        elif _ctx_immutable:
+            ctx = copy(ctx)
          tlv = memoryview(data)
          if self._expl is None:
              result = self._decode(
@@ -1048,7 +1096,7 @@ class Obj(object):
                      ctx=ctx,
                      tag_only=tag_only,
                  )
-                if tag_only:
+                if tag_only:  # pragma: no cover
                      return
                  obj, tail = result
                  eoc_expected, tail = tail[:EOC_LEN], tail[EOC_LEN:]
@@ -1083,9 +1131,16 @@ class Obj(object):
                      ctx=ctx,
                      tag_only=tag_only,
                  )
-                if tag_only:
+                if tag_only:  # pragma: no cover
                      return
                  obj, tail = result
+                if obj.tlvlen < l and not ctx.get("allow_expl_oob", False):
+                    raise DecodeError(
+                        "explicit tag out-of-bound, longer than data",
+                        klass=self.__class__,
+                        decode_path=decode_path,
+                        offset=offset,
+                    )
          return obj, (tail if leavemm else tail.tobytes())
  
      @property
@@ -1118,8 +1173,19 @@ class Obj(object):
      def expl_tlvlen(self):
          return self.expl_tlen + self.expl_llen + self.expl_vlen
  
+    @property
+    def fulloffset(self):
+        return self.expl_offset if self.expled else self.offset
+
+    @property
+    def fulllen(self):
+        return self.expl_tlvlen if self.expled else self.tlvlen
+
      def pps_lenindef(self, decode_path):
-        if self.lenindef:
+        if self.lenindef and not (
+            getattr(self, "defined", None) is not None and
+            self.defined[1].lenindef
+        ):
              yield _pp(
                  asn1_type_name="EOC",
                  obj_name="",
@@ -1131,6 +1197,7 @@ class Obj(object):
                  tlen=1,
                  llen=1,
                  vlen=0,
+                ber_encoded=True,
                  bered=True,
              )
          if self.expl_lenindef:
@@ -1142,6 +1209,7 @@ class Obj(object):
                  tlen=1,
                  llen=1,
                  vlen=0,
+                ber_encoded=True,
                  bered=True,
              )
  
@@ -1174,6 +1242,7 @@ class DecodePathDefBy(object):
  ########################################################################
  
  PP = namedtuple("PP", (
+    "obj",
      "asn1_type_name",
      "obj_name",
      "decode_path",
@@ -1193,11 +1262,13 @@ PP = namedtuple("PP", (
      "expl_vlen",
      "expl_lenindef",
      "lenindef",
+    "ber_encoded",
      "bered",
  ))
  
  
  def _pp(
+        obj=None,
          asn1_type_name="unknown",
          obj_name="unknown",
          decode_path=(),
@@ -1217,9 +1288,11 @@ def _pp(
          expl_vlen=None,
          expl_lenindef=False,
          lenindef=False,
+        ber_encoded=False,
          bered=False,
  ):
      return PP(
+        obj,
          asn1_type_name,
          obj_name,
          decode_path,
@@ -1239,20 +1312,29 @@ def _pp(
          expl_vlen,
          expl_lenindef,
          lenindef,
+        ber_encoded,
          bered,
      )
  
  
-def _colorize(what, colour, with_colours, attrs=("bold",)):
+def _colourize(what, colour, with_colours, attrs=("bold",)):
      return colored(what, colour, attrs=attrs) if with_colours else what
  
  
+def colonize_hex(hexed):
+    """Separate hexadecimal string with colons
+    """
+    return ":".join(hexed[i:i + 2] for i in range(0, len(hexed), 2))
+
+
  def pp_console_row(
          pp,
          oids=None,
          with_offsets=False,
          with_blob=True,
          with_colours=False,
+        with_decode_path=False,
+        decode_path_len_decrease=0,
  ):
      cols = []
      if with_offsets:
@@ -1264,20 +1346,23 @@ def pp_console_row(
              ),
              LENINDEF_PP_CHAR if pp.expl_lenindef else " ",
          )
-        cols.append(_colorize(col, "red", with_colours, ()))
+        col = _colourize(col, "red", with_colours, ())
+        col += _colourize("B", "red", with_colours) if pp.bered else " "
+        cols.append(col)
          col = "[%d,%d,%4d]%s" % (
              pp.tlen,
              pp.llen,
              pp.vlen,
              LENINDEF_PP_CHAR if pp.lenindef else " "
          )
-        col = _colorize(col, "green", with_colours, ())
+        col = _colourize(col, "green", with_colours, ())
          cols.append(col)
-    if len(pp.decode_path) > 0:
-        cols.append(" ." * (len(pp.decode_path)))
+    decode_path_len = len(pp.decode_path) - decode_path_len_decrease
+    if decode_path_len > 0:
+        cols.append(" ." * decode_path_len)
          ent = pp.decode_path[-1]
          if isinstance(ent, DecodePathDefBy):
-            cols.append(_colorize("DEFINED BY", "red", with_colours, ("reverse",)))
+            cols.append(_colourize("DEFINED BY", "red", with_colours, ("reverse",)))
              value = str(ent.defined_by)
              if (
                      oids is not None and
@@ -1285,61 +1370,82 @@ def pp_console_row(
                      ObjectIdentifier.asn1_type_name and
                      value in oids
              ):
-                cols.append(_colorize("%s:" % oids[value], "green", with_colours))
+                cols.append(_colourize("%s:" % oids[value], "green", with_colours))
              else:
-                cols.append(_colorize("%s:" % value, "white", with_colours, ("reverse",)))
+                cols.append(_colourize("%s:" % value, "white", with_colours, ("reverse",)))
          else:
-            cols.append(_colorize("%s:" % ent, "yellow", with_colours, ("reverse",)))
+            cols.append(_colourize("%s:" % ent, "yellow", with_colours, ("reverse",)))
      if pp.expl is not None:
          klass, _, num = pp.expl
          col = "[%s%d] EXPLICIT" % (TagClassReprs[klass], num)
-        cols.append(_colorize(col, "blue", with_colours))
+        cols.append(_colourize(col, "blue", with_colours))
      if pp.impl is not None:
          klass, _, num = pp.impl
          col = "[%s%d]" % (TagClassReprs[klass], num)
-        cols.append(_colorize(col, "blue", with_colours))
+        cols.append(_colourize(col, "blue", with_colours))
      if pp.asn1_type_name.replace(" ", "") != pp.obj_name.upper():
-        cols.append(_colorize(pp.obj_name, "magenta", with_colours))
-    if pp.bered:
-        cols.append(_colorize("BER", "red", with_colours))
-    cols.append(_colorize(pp.asn1_type_name, "cyan", with_colours))
+        cols.append(_colourize(pp.obj_name, "magenta", with_colours))
+    if pp.ber_encoded:
+        cols.append(_colourize("BER", "red", with_colours))
+    cols.append(_colourize(pp.asn1_type_name, "cyan", with_colours))
      if pp.value is not None:
          value = pp.value
-        cols.append(_colorize(value, "white", with_colours, ("reverse",)))
+        cols.append(_colourize(value, "white", with_colours, ("reverse",)))
          if (
                  oids is not None and
                  pp.asn1_type_name == ObjectIdentifier.asn1_type_name and
                  value in oids
          ):
-            cols.append(_colorize("(%s)" % oids[value], "green", with_colours))
+            cols.append(_colourize("(%s)" % oids[value], "green", with_colours))
+        if pp.asn1_type_name == Integer.asn1_type_name:
+            hex_repr = hex(int(pp.obj._value))[2:].upper()
+            if len(hex_repr) % 2 != 0:
+                hex_repr = "0" + hex_repr
+            cols.append(_colourize(
+                "(%s)" % colonize_hex(hex_repr),
+                "green",
+                with_colours,
+            ))
      if with_blob:
          if isinstance(pp.blob, binary_type):
              cols.append(hexenc(pp.blob))
          elif isinstance(pp.blob, tuple):
              cols.append(", ".join(pp.blob))
      if pp.optional:
-        cols.append(_colorize("OPTIONAL", "red", with_colours))
+        cols.append(_colourize("OPTIONAL", "red", with_colours))
      if pp.default:
-        cols.append(_colorize("DEFAULT", "red", with_colours))
+        cols.append(_colourize("DEFAULT", "red", with_colours))
+    if with_decode_path:
+        cols.append(_colourize(
+            "[%s]" % ":".join(str(p) for p in pp.decode_path),
+            "grey",
+            with_colours,
+        ))
      return " ".join(cols)
  
  
-def pp_console_blob(pp):
-    cols = [" " * len("XXXXXYYZ [X,X,XXXX]Z")]
-    if len(pp.decode_path) > 0:
-        cols.append(" ." * (len(pp.decode_path) + 1))
+def pp_console_blob(pp, decode_path_len_decrease=0):
+    cols = [" " * len("XXXXXYYZZ [X,X,XXXX]Z")]
+    decode_path_len = len(pp.decode_path) - decode_path_len_decrease
+    if decode_path_len > 0:
+        cols.append(" ." * (decode_path_len + 1))
      if isinstance(pp.blob, binary_type):
          blob = hexenc(pp.blob).upper()
          for i in range(0, len(blob), 32):
              chunk = blob[i:i + 32]
-            yield " ".join(cols + [":".join(
-                chunk[j:j + 2] for j in range(0, len(chunk), 2)
-            )])
+            yield " ".join(cols + [colonize_hex(chunk)])
      elif isinstance(pp.blob, tuple):
          yield " ".join(cols + [", ".join(pp.blob)])
  
  
-def pprint(obj, oids=None, big_blobs=False, with_colours=False):
+def pprint(
+        obj,
+        oids=None,
+        big_blobs=False,
+        with_colours=False,
+        with_decode_path=False,
+        decode_path_only=(),
+):
      """Pretty print object
  
      :param Obj obj: object you want to pretty print
@@ -1350,10 +1456,19 @@ def pprint(obj, oids=None, big_blobs=False, with_colours=False):
                        lines
      :param with_colours: colourize output, if ``termcolor`` library
                           is available
+    :param with_decode_path: print decode path
+    :param decode_path_only: print only that specified decode path
      """
      def _pprint_pps(pps):
          for pp in pps:
              if hasattr(pp, "_fields"):
+                if (
+                    decode_path_only != () and
+                    tuple(
+                        str(p) for p in pp.decode_path[:len(decode_path_only)]
+                    ) != decode_path_only
+                ):
+                    continue
                  if big_blobs:
                      yield pp_console_row(
                          pp,
@@ -1361,8 +1476,13 @@ def pprint(obj, oids=None, big_blobs=False, with_colours=False):
                          with_offsets=True,
                          with_blob=False,
                          with_colours=with_colours,
+                        with_decode_path=with_decode_path,
+                        decode_path_len_decrease=len(decode_path_only),
                      )
-                    for row in pp_console_blob(pp):
+                    for row in pp_console_blob(
+                        pp,
+                        decode_path_len_decrease=len(decode_path_only),
+                    ):
                          yield row
                  else:
                      yield pp_console_row(
@@ -1371,6 +1491,8 @@ def pprint(obj, oids=None, big_blobs=False, with_colours=False):
                          with_offsets=True,
                          with_blob=True,
                          with_colours=with_colours,
+                        with_decode_path=with_decode_path,
+                        decode_path_len_decrease=len(decode_path_only),
                      )
              else:
                  for row in _pprint_pps(pp):
@@ -1533,14 +1655,14 @@ class Boolean(Obj):
                  offset=offset,
              )
          first_octet = byte2int(v)
-        bered = False
+        ber_encoded = False
          if first_octet == 0:
              value = False
          elif first_octet == 0xFF:
              value = True
          elif ctx.get("bered", False):
              value = True
-            bered = True
+            ber_encoded = True
          else:
              raise DecodeError(
                  "unacceptable Boolean value",
@@ -1556,7 +1678,7 @@ class Boolean(Obj):
              optional=self.optional,
              _decoded=(offset, 1, 1),
          )
-        obj.bered = bered
+        obj.ber_encoded = ber_encoded
          return obj, v[1:]
  
      def __repr__(self):
@@ -1564,6 +1686,7 @@ class Boolean(Obj):
  
      def pps(self, decode_path=()):
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -1581,6 +1704,7 @@ class Boolean(Obj):
              expl_llen=self.expl_llen if self.expled else None,
              expl_vlen=self.expl_vlen if self.expled else None,
              expl_lenindef=self.expl_lenindef,
+            ber_encoded=self.ber_encoded,
              bered=self.bered,
          )
          for pp in self.pps_lenindef(decode_path):
@@ -1890,6 +2014,7 @@ class Integer(Obj):
  
      def pps(self, decode_path=()):
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -1907,6 +2032,7 @@ class Integer(Obj):
              expl_llen=self.expl_llen if self.expled else None,
              expl_vlen=self.expl_vlen if self.expled else None,
              expl_lenindef=self.expl_lenindef,
+            bered=self.bered,
          )
          for pp in self.pps_lenindef(decode_path):
              yield pp
@@ -2221,7 +2347,7 @@ class BitString(Obj):
                  offset=offset,
              )
          if t == self.tag:
-            if tag_only:
+            if tag_only:  # pragma: no cover
                  return
              return self._decode_chunk(lv, offset, decode_path, ctx)
          if t == self.tag_constructed:
@@ -2232,7 +2358,7 @@ class BitString(Obj):
                      decode_path=decode_path,
                      offset=offset,
                  )
-            if tag_only:
+            if tag_only:  # pragma: no cover
                  return
              lenindef = False
              try:
@@ -2286,6 +2412,7 @@ class BitString(Obj):
                          decode_path=sub_decode_path,
                          leavemm=True,
                          ctx=ctx,
+                        _ctx_immutable=False,
                      )
                  except TagMismatch:
                      raise DecodeError(
@@ -2330,7 +2457,7 @@ class BitString(Obj):
                  _decoded=(offset, llen, vlen + (EOC_LEN if lenindef else 0)),
              )
              obj.lenindef = lenindef
-            obj.bered = True
+            obj.ber_encoded = True
              return obj, (v[EOC_LEN:] if lenindef else v)
          raise TagMismatch(
              klass=self.__class__,
@@ -2350,6 +2477,7 @@ class BitString(Obj):
              if len(self.specs) > 0:
                  blob = tuple(self.named)
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -2369,6 +2497,7 @@ class BitString(Obj):
              expl_vlen=self.expl_vlen if self.expled else None,
              expl_lenindef=self.expl_lenindef,
              lenindef=self.lenindef,
+            ber_encoded=self.ber_encoded,
              bered=self.bered,
          )
          defined_by, defined = self.defined or (None, None)
@@ -2649,6 +2778,7 @@ class OctetString(Obj):
                          decode_path=sub_decode_path,
                          leavemm=True,
                          ctx=ctx,
+                        _ctx_immutable=False,
                      )
                  except TagMismatch:
                      raise DecodeError(
@@ -2686,7 +2816,7 @@ class OctetString(Obj):
                      offset=offset,
                  )
              obj.lenindef = lenindef
-            obj.bered = True
+            obj.ber_encoded = True
              return obj, (v[EOC_LEN:] if lenindef else v)
          raise TagMismatch(
              klass=self.__class__,
@@ -2699,6 +2829,7 @@ class OctetString(Obj):
  
      def pps(self, decode_path=()):
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -2718,6 +2849,7 @@ class OctetString(Obj):
              expl_vlen=self.expl_vlen if self.expled else None,
              expl_lenindef=self.expl_lenindef,
              lenindef=self.lenindef,
+            ber_encoded=self.ber_encoded,
              bered=self.bered,
          )
          defined_by, defined = self.defined or (None, None)
@@ -2812,7 +2944,7 @@ class Null(Obj):
                  decode_path=decode_path,
                  offset=offset,
              )
-        if tag_only:
+        if tag_only:  # pragma: no cover
              return
          try:
              l, _, v = len_decode(lv)
@@ -2843,6 +2975,7 @@ class Null(Obj):
  
      def pps(self, decode_path=()):
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -2858,6 +2991,7 @@ class Null(Obj):
              expl_llen=self.expl_llen if self.expled else None,
              expl_vlen=self.expl_vlen if self.expled else None,
              expl_lenindef=self.expl_lenindef,
+            bered=self.bered,
          )
          for pp in self.pps_lenindef(decode_path):
              yield pp
@@ -3062,7 +3196,7 @@ class ObjectIdentifier(Obj):
                  decode_path=decode_path,
                  offset=offset,
              )
-        if tag_only:
+        if tag_only:  # pragma: no cover
              return
          try:
              l, llen, v = len_decode(lv)
@@ -3132,6 +3266,7 @@ class ObjectIdentifier(Obj):
  
      def pps(self, decode_path=()):
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -3149,6 +3284,7 @@ class ObjectIdentifier(Obj):
              expl_llen=self.expl_llen if self.expled else None,
              expl_vlen=self.expl_vlen if self.expled else None,
              expl_lenindef=self.expl_lenindef,
+            bered=self.bered,
          )
          for pp in self.pps_lenindef(decode_path):
              yield pp
@@ -3357,6 +3493,7 @@ class CommonString(OctetString):
          if self.ready:
              value = hexenc(bytes(self)) if no_unicode else self.__unicode__()
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -3374,6 +3511,8 @@ class CommonString(OctetString):
              expl_llen=self.expl_llen if self.expled else None,
              expl_vlen=self.expl_vlen if self.expled else None,
              expl_lenindef=self.expl_lenindef,
+            ber_encoded=self.ber_encoded,
+            bered=self.bered,
          )
          for pp in self.pps_lenindef(decode_path):
              yield pp
@@ -3386,29 +3525,57 @@ class UTF8String(CommonString):
      asn1_type_name = "UTF8String"
  
  
-class NumericString(CommonString):
+class AllowableCharsMixin(object):
+    @property
+    def allowable_chars(self):
+        if PY2:
+            return self._allowable_chars
+        return set(six_unichr(c) for c in self._allowable_chars)
+
+
+class NumericString(AllowableCharsMixin, CommonString):
      """Numeric string
  
-    Its value is properly sanitized: only ASCII digits can be stored.
+    Its value is properly sanitized: only ASCII digits with spaces can
+    be stored.
+
+    >>> NumericString().allowable_chars
+    set(['3', '4', '7', '5', '1', '0', '8', '9', ' ', '6', '2'])
      """
      __slots__ = ()
      tag_default = tag_encode(18)
      encoding = "ascii"
      asn1_type_name = "NumericString"
-    allowable_chars = set(digits.encode("ascii"))
+    _allowable_chars = set(digits.encode("ascii") + b" ")
  
      def _value_sanitize(self, value):
          value = super(NumericString, self)._value_sanitize(value)
-        if not set(value) <= self.allowable_chars:
+        if not set(value) <= self._allowable_chars:
              raise DecodeError("non-numeric value")
          return value
  
  
-class PrintableString(CommonString):
+class PrintableString(AllowableCharsMixin, CommonString):
+    """Printable string
+
+    Its value is properly sanitized: see X.680 41.4 table 10.
+
+    >>> PrintableString().allowable_chars
+    >>> set([' ', "'", ..., 'z'])
+    """
      __slots__ = ()
      tag_default = tag_encode(19)
      encoding = "ascii"
      asn1_type_name = "PrintableString"
+    _allowable_chars = set(
+        (ascii_letters + digits + " '()+,-./:=?").encode("ascii")
+    )
+
+    def _value_sanitize(self, value):
+        value = super(PrintableString, self)._value_sanitize(value)
+        if not set(value) <= self._allowable_chars:
+            raise DecodeError("non-printable value")
+        return value
  
  
  class TeletexString(CommonString):
@@ -3507,11 +3674,14 @@ class UTCTime(CommonString):
          if isinstance(value, datetime):
              return value.strftime(self.fmt).encode("ascii")
          if isinstance(value, binary_type):
-            value_decoded = value.decode("ascii")
+            try:
+                value_decoded = value.decode("ascii")
+            except (UnicodeEncodeError, UnicodeDecodeError) as err:
+                raise DecodeError("invalid UTCTime encoding")
              if len(value_decoded) == LEN_YYMMDDHHMMSSZ:
                  try:
                      datetime.strptime(value_decoded, self.fmt)
-                except ValueError:
+                except (TypeError, ValueError):
                      raise DecodeError("invalid UTCTime format")
                  return value
              else:
@@ -3556,6 +3726,7 @@ class UTCTime(CommonString):
  
      def pps(self, decode_path=()):
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -3573,6 +3744,8 @@ class UTCTime(CommonString):
              expl_llen=self.expl_llen if self.expled else None,
              expl_vlen=self.expl_vlen if self.expled else None,
              expl_lenindef=self.expl_lenindef,
+            ber_encoded=self.ber_encoded,
+            bered=self.bered,
          )
          for pp in self.pps_lenindef(decode_path):
              yield pp
@@ -3605,11 +3778,14 @@ class GeneralizedTime(UTCTime):
                  self.fmt_ms if value.microsecond > 0 else self.fmt
              ).encode("ascii")
          if isinstance(value, binary_type):
-            value_decoded = value.decode("ascii")
+            try:
+                value_decoded = value.decode("ascii")
+            except (UnicodeEncodeError, UnicodeDecodeError) as err:
+                raise DecodeError("invalid GeneralizedTime encoding")
              if len(value_decoded) == LEN_YYYYMMDDHHMMSSZ:
                  try:
                      datetime.strptime(value_decoded, self.fmt)
-                except ValueError:
+                except (TypeError, ValueError):
                      raise DecodeError(
                          "invalid GeneralizedTime (without ms) format",
                      )
@@ -3617,7 +3793,7 @@ class GeneralizedTime(UTCTime):
              elif len(value_decoded) >= LEN_YYYYMMDDHHMMSSDMZ:
                  try:
                      datetime.strptime(value_decoded, self.fmt_ms)
-                except ValueError:
+                except (TypeError, ValueError):
                      raise DecodeError(
                          "invalid GeneralizedTime (with ms) format",
                      )
@@ -3768,6 +3944,13 @@ class Choice(Obj):
      def ready(self):
          return self._value is not None and self._value[1].ready
  
+    @property
+    def bered(self):
+        return self.expl_lenindef or (
+            (self._value is not None) and
+            self._value[1].bered
+        )
+
      def copy(self):
          obj = self.__class__(schema=self.specs)
          obj._expl = self._expl
@@ -3857,6 +4040,7 @@ class Choice(Obj):
                      decode_path=sub_decode_path,
                      ctx=ctx,
                      tag_only=True,
+                    _ctx_immutable=False,
                  )
              except TagMismatch:
                  continue
@@ -3867,7 +4051,7 @@ class Choice(Obj):
                  decode_path=decode_path,
                  offset=offset,
              )
-        if tag_only:
+        if tag_only:  # pragma: no cover
              return
          value, tail = spec.decode(
              tlv,
@@ -3875,13 +4059,14 @@ class Choice(Obj):
              leavemm=True,
              decode_path=sub_decode_path,
              ctx=ctx,
+            _ctx_immutable=False,
          )
          obj = self.__class__(
              schema=self.specs,
              expl=self._expl,
              default=self.default,
              optional=self.optional,
-            _decoded=(offset, 0, value.tlvlen),
+            _decoded=(offset, 0, value.fulllen),
          )
          obj._value = (choice, value)
          return obj, tail
@@ -3894,6 +4079,7 @@ class Choice(Obj):
  
      def pps(self, decode_path=()):
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -3907,6 +4093,7 @@ class Choice(Obj):
              llen=self.llen,
              vlen=self.vlen,
              expl_lenindef=self.expl_lenindef,
+            bered=self.bered,
          )
          if self.ready:
              yield self.value.pps(decode_path=decode_path + (self.choice,))
@@ -3995,6 +4182,14 @@ class Any(Obj):
      def ready(self):
          return self._value is not None
  
+    @property
+    def bered(self):
+        if self.expl_lenindef or self.lenindef:
+            return True
+        if self.defined is None:
+            return False
+        return self.defined[1].bered
+
      def copy(self):
          obj = self.__class__()
          obj._value = self._value
@@ -4067,6 +4262,7 @@ class Any(Obj):
                      decode_path=decode_path + (str(chunk_i),),
                      leavemm=True,
                      ctx=ctx,
+                    _ctx_immutable=False,
                  )
                  vlen += chunk.tlvlen
                  sub_offset += chunk.tlvlen
@@ -4111,6 +4307,7 @@ class Any(Obj):
  
      def pps(self, decode_path=()):
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -4129,6 +4326,7 @@ class Any(Obj):
              expl_vlen=self.expl_vlen if self.expled else None,
              expl_lenindef=self.expl_lenindef,
              lenindef=self.lenindef,
+            bered=self.bered,
          )
          defined_by, defined = self.defined or (None, None)
          if defined_by is not None:
@@ -4159,8 +4357,7 @@ def get_def_by_path(defines_by_path, sub_decode_path):
  def abs_decode_path(decode_path, rel_path):
      """Create an absolute decode path from current and relative ones
  
-    :param decode_path: current decode path, starting point.
-                        Tuple of strings
+    :param decode_path: current decode path, starting point. Tuple of strings
      :param rel_path: relative path to ``decode_path``. Tuple of strings.
                       If first tuple's element is "/", then treat it as
                       an absolute path, ignoring ``decode_path`` as
@@ -4261,18 +4458,14 @@ class Sequence(Obj):
  
      All defaulted values are always optional.
  
-    .. _strict_default_existence_ctx:
+    .. _allow_default_values_ctx:
  
-    .. warning::
-
-       When decoded DER contains defaulted value inside, then
-       technically this is not valid DER encoding. But we allow and pass
-       it **by default**. Of course reencoding of that kind of DER will
-       result in different binary representation (validly without
-       defaulted value inside). You can enable strict defaulted values
-       existence validation by setting ``"strict_default_existence":
-       True`` :ref:`context <ctx>` option -- decoding process will raise
-       an exception if defaulted value is met.
+    DER prohibits default value encoding and will raise an error if
+    default value is unexpectedly met during decode.
+    If :ref:`bered <bered_ctx>` context option is set, then no error
+    will be raised, but ``bered`` attribute set. You can disable strict
+    defaulted values existence validation by setting
+    ``"allow_default_values": True`` :ref:`context <ctx>` option.
  
      Two sequences are equal if they have equal specification (schema),
      implicit/explicit tagging and the same values.
@@ -4330,6 +4523,12 @@ class Sequence(Obj):
                      return False
          return True
  
+    @property
+    def bered(self):
+        if self.expl_lenindef or self.lenindef or self.ber_encoded:
+            return True
+        return any(value.bered for value in self._value.values())
+
      def copy(self):
          obj = self.__class__(schema=self.specs)
          obj.tag = self.tag
@@ -4429,13 +4628,14 @@ class Sequence(Obj):
                  decode_path=decode_path,
                  offset=offset,
              )
-        if tag_only:
+        if tag_only:  # pragma: no cover
              return
          lenindef = False
+        ctx_bered = ctx.get("bered", False)
          try:
              l, llen, v = len_decode(lv)
          except LenIndefForm as err:
-            if not ctx.get("bered", False):
+            if not ctx_bered:
                  raise err.__class__(
                      msg=err.msg,
                      klass=self.__class__,
@@ -4463,6 +4663,8 @@ class Sequence(Obj):
          vlen = 0
          sub_offset = offset + tlen + llen
          values = {}
+        ber_encoded = False
+        ctx_allow_default_values = ctx.get("allow_default_values", False)
          for name, spec in self.specs.items():
              if spec.optional and (
                      (lenindef and v[:EOC_LEN].tobytes() == EOC) or
@@ -4477,13 +4679,14 @@ class Sequence(Obj):
                      leavemm=True,
                      decode_path=sub_decode_path,
                      ctx=ctx,
+                    _ctx_immutable=False,
                  )
              except TagMismatch:
                  if spec.optional:
                      continue
                  raise
  
-            defined = get_def_by_path(ctx.get("defines", ()), sub_decode_path)
+            defined = get_def_by_path(ctx.get("_defines", ()), sub_decode_path)
              if defined is not None:
                  defined_by, defined_spec = defined
                  if issubclass(value.__class__, SequenceOf):
@@ -4501,6 +4704,7 @@ class Sequence(Obj):
                              leavemm=True,
                              decode_path=sub_sub_decode_path,
                              ctx=ctx,
+                            _ctx_immutable=False,
                          )
                          if len(defined_tail) > 0:
                              raise DecodeError(
@@ -4520,6 +4724,7 @@ class Sequence(Obj):
                          leavemm=True,
                          decode_path=sub_decode_path + (DecodePathDefBy(defined_by),),
                          ctx=ctx,
+                        _ctx_immutable=False,
                      )
                      if len(defined_tail) > 0:
                          raise DecodeError(
@@ -4530,20 +4735,20 @@ class Sequence(Obj):
                          )
                      value.defined = (defined_by, defined_value)
  
-            value_len = value.expl_tlvlen if value.expled else value.tlvlen
+            value_len = value.fulllen
              vlen += value_len
              sub_offset += value_len
              v = v_tail
              if spec.default is not None and value == spec.default:
-                if ctx.get("strict_default_existence", False):
+                if ctx_bered or ctx_allow_default_values:
+                    ber_encoded = True
+                else:
                      raise DecodeError(
                          "DEFAULT value met",
                          klass=self.__class__,
                          decode_path=sub_decode_path,
                          offset=sub_offset,
                      )
-                else:
-                    continue
              values[name] = value
  
              spec_defines = getattr(spec, "defines", ())
@@ -4555,7 +4760,7 @@ class Sequence(Obj):
                  for rel_path, schema in spec_defines:
                      defined = schema.get(value, None)
                      if defined is not None:
-                        ctx.setdefault("defines", []).append((
+                        ctx.setdefault("_defines", []).append((
                              abs_decode_path(sub_decode_path[:-1], rel_path),
                              (value, defined),
                          ))
@@ -4586,6 +4791,7 @@ class Sequence(Obj):
          )
          obj._value = values
          obj.lenindef = lenindef
+        obj.ber_encoded = ber_encoded
          return obj, tail
  
      def __repr__(self):
@@ -4600,6 +4806,7 @@ class Sequence(Obj):
  
      def pps(self, decode_path=()):
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -4617,6 +4824,8 @@ class Sequence(Obj):
              expl_vlen=self.expl_vlen if self.expled else None,
              expl_lenindef=self.expl_lenindef,
              lenindef=self.lenindef,
+            ber_encoded=self.ber_encoded,
+            bered=self.bered,
          )
          for name in self.specs:
              value = self._value.get(name)
@@ -4631,6 +4840,14 @@ class Set(Sequence):
      """``SET`` structure type
  
      Its usage is identical to :py:class:`pyderasn.Sequence`.
+
+    .. _allow_unordered_set_ctx:
+
+    DER prohibits unordered values encoding and will raise an error
+    during decode. If If :ref:`bered <bered_ctx>` context option is set,
+    then no error will occure. Also you can disable strict values
+    ordering check by setting ``"allow_unordered_set": True``
+    :ref:`context <ctx>` option.
      """
      __slots__ = ()
      tag_default = tag_encode(form=TagFormConstructed, num=17)
@@ -4661,10 +4878,11 @@ class Set(Sequence):
          if tag_only:
              return
          lenindef = False
+        ctx_bered = ctx.get("bered", False)
          try:
              l, llen, v = len_decode(lv)
          except LenIndefForm as err:
-            if not ctx.get("bered", False):
+            if not ctx_bered:
                  raise err.__class__(
                      msg=err.msg,
                      klass=self.__class__,
@@ -4691,6 +4909,10 @@ class Set(Sequence):
          vlen = 0
          sub_offset = offset + tlen + llen
          values = {}
+        ber_encoded = False
+        ctx_allow_default_values = ctx.get("allow_default_values", False)
+        ctx_allow_unordered_set = ctx.get("allow_unordered_set", False)
+        value_prev = memoryview(v[:0])
          specs_items = self.specs.items
          while len(v) > 0:
              if lenindef and v[:EOC_LEN].tobytes() == EOC:
@@ -4705,6 +4927,7 @@ class Set(Sequence):
                          decode_path=sub_decode_path,
                          ctx=ctx,
                          tag_only=True,
+                        _ctx_immutable=False,
                      )
                  except TagMismatch:
                      continue
@@ -4721,14 +4944,35 @@ class Set(Sequence):
                  leavemm=True,
                  decode_path=sub_decode_path,
                  ctx=ctx,
+                _ctx_immutable=False,
              )
-            value_len = value.expl_tlvlen if value.expled else value.tlvlen
+            value_len = value.fulllen
+            if value_prev.tobytes() > v[:value_len].tobytes():
+                if ctx_bered or ctx_allow_unordered_set:
+                    ber_encoded = True
+                else:
+                    raise DecodeError(
+                        "unordered " + self.asn1_type_name,
+                        klass=self.__class__,
+                        decode_path=sub_decode_path,
+                        offset=sub_offset,
+                    )
+            if spec.default is None or value != spec.default:
+                pass
+            elif ctx_bered or ctx_allow_default_values:
+                ber_encoded = True
+            else:
+                raise DecodeError(
+                    "DEFAULT value met",
+                    klass=self.__class__,
+                    decode_path=sub_decode_path,
+                    offset=sub_offset,
+                )
+            values[name] = value
+            value_prev = v[:value_len]
              sub_offset += value_len
              vlen += value_len
              v = v_tail
-            if spec.default is None or value != spec.default:  # pragma: no cover
-                # SeqMixing.test_encoded_default_accepted covers that place
-                values[name] = value
          obj = self.__class__(
              schema=self.specs,
              impl=self.tag,
@@ -4737,7 +4981,6 @@ class Set(Sequence):
              optional=self.optional,
              _decoded=(offset, llen, vlen + (EOC_LEN if lenindef else 0)),
          )
-        obj._value = values
          if lenindef:
              if v[:EOC_LEN].tobytes() != EOC:
                  raise DecodeError(
@@ -4748,6 +4991,7 @@ class Set(Sequence):
                  )
              tail = v[EOC_LEN:]
              obj.lenindef = True
+        obj._value = values
          if not obj.ready:
              raise DecodeError(
                  "not all values are ready",
@@ -4755,6 +4999,7 @@ class Set(Sequence):
                  decode_path=decode_path,
                  offset=offset,
              )
+        obj.ber_encoded = ber_encoded
          return obj, tail
  
  
@@ -4853,6 +5098,12 @@ class SequenceOf(Obj):
      def ready(self):
          return all(v.ready for v in self._value)
  
+    @property
+    def bered(self):
+        if self.expl_lenindef or self.lenindef or self.ber_encoded:
+            return True
+        return any(v.bered for v in self._value)
+
      def copy(self):
          obj = self.__class__(schema=self.spec)
          obj._bound_min = self._bound_min
@@ -4938,7 +5189,7 @@ class SequenceOf(Obj):
          v = b"".join(self._encoded_values())
          return b"".join((self.tag, len_encode(len(v)), v))
  
-    def _decode(self, tlv, offset, decode_path, ctx, tag_only):
+    def _decode(self, tlv, offset, decode_path, ctx, tag_only, ordering_check=False):
          try:
              t, tlen, lv = tag_strip(tlv)
          except DecodeError as err:
@@ -4957,10 +5208,11 @@ class SequenceOf(Obj):
          if tag_only:
              return
          lenindef = False
+        ctx_bered = ctx.get("bered", False)
          try:
              l, llen, v = len_decode(lv)
          except LenIndefForm as err:
-            if not ctx.get("bered", False):
+            if not ctx_bered:
                  raise err.__class__(
                      msg=err.msg,
                      klass=self.__class__,
@@ -4988,32 +5240,57 @@ class SequenceOf(Obj):
          vlen = 0
          sub_offset = offset + tlen + llen
          _value = []
+        ctx_allow_unordered_set = ctx.get("allow_unordered_set", False)
+        value_prev = memoryview(v[:0])
+        ber_encoded = False
          spec = self.spec
          while len(v) > 0:
              if lenindef and v[:EOC_LEN].tobytes() == EOC:
                  break
+            sub_decode_path = decode_path + (str(len(_value)),)
              value, v_tail = spec.decode(
                  v,
                  sub_offset,
                  leavemm=True,
-                decode_path=decode_path + (str(len(_value)),),
+                decode_path=sub_decode_path,
                  ctx=ctx,
+                _ctx_immutable=False,
              )
-            value_len = value.expl_tlvlen if value.expled else value.tlvlen
+            value_len = value.fulllen
+            if ordering_check:
+                if value_prev.tobytes() > v[:value_len].tobytes():
+                    if ctx_bered or ctx_allow_unordered_set:
+                        ber_encoded = True
+                    else:
+                        raise DecodeError(
+                            "unordered " + self.asn1_type_name,
+                            klass=self.__class__,
+                            decode_path=sub_decode_path,
+                            offset=sub_offset,
+                        )
+                value_prev = v[:value_len]
+            _value.append(value)
              sub_offset += value_len
              vlen += value_len
              v = v_tail
-            _value.append(value)
-        obj = self.__class__(
-            value=_value,
-            schema=spec,
-            bounds=(self._bound_min, self._bound_max),
-            impl=self.tag,
-            expl=self._expl,
-            default=self.default,
-            optional=self.optional,
-            _decoded=(offset, llen, vlen + (EOC_LEN if lenindef else 0)),
-        )
+        try:
+            obj = self.__class__(
+                value=_value,
+                schema=spec,
+                bounds=(self._bound_min, self._bound_max),
+                impl=self.tag,
+                expl=self._expl,
+                default=self.default,
+                optional=self.optional,
+                _decoded=(offset, llen, vlen + (EOC_LEN if lenindef else 0)),
+            )
+        except BoundsError as err:
+            raise DecodeError(
+                msg=str(err),
+                klass=self.__class__,
+                decode_path=decode_path,
+                offset=offset,
+            )
          if lenindef:
              if v[:EOC_LEN].tobytes() != EOC:
                  raise DecodeError(
@@ -5024,6 +5301,7 @@ class SequenceOf(Obj):
                  )
              obj.lenindef = True
              tail = v[EOC_LEN:]
+        obj.ber_encoded = ber_encoded
          return obj, tail
  
      def __repr__(self):
@@ -5034,6 +5312,7 @@ class SequenceOf(Obj):
  
      def pps(self, decode_path=()):
          yield _pp(
+            obj=self,
              asn1_type_name=self.asn1_type_name,
              obj_name=self.__class__.__name__,
              decode_path=decode_path,
@@ -5051,6 +5330,8 @@ class SequenceOf(Obj):
              expl_vlen=self.expl_vlen if self.expled else None,
              expl_lenindef=self.expl_lenindef,
              lenindef=self.lenindef,
+            ber_encoded=self.ber_encoded,
+            bered=self.bered,
          )
          for i, value in enumerate(self._value):
              yield value.pps(decode_path=decode_path + (str(i),))
@@ -5073,6 +5354,16 @@ class SetOf(SequenceOf):
          v = b"".join(raws)
          return b"".join((self.tag, len_encode(len(v)), v))
  
+    def _decode(self, tlv, offset, decode_path, ctx, tag_only):
+        return super(SetOf, self)._decode(
+            tlv,
+            offset,
+            decode_path,
+            ctx,
+            tag_only,
+            ordering_check=True,
+        )
+
  
  def obj_by_path(pypath):  # pragma: no cover
      """Import object specified as string Python path
@@ -5109,10 +5400,21 @@ def generic_decoder():  # pragma: no cover
          __slots__ = ()
          schema = choice
  
-    def pprint_any(obj, oids=None, with_colours=False):
+    def pprint_any(
+            obj,
+            oids=None,
+            with_colours=False,
+            with_decode_path=False,
+            decode_path_only=(),
+    ):
          def _pprint_pps(pps):
              for pp in pps:
                  if hasattr(pp, "_fields"):
+                    if (
+                        decode_path_only != () and
+                        pp.decode_path[:len(decode_path_only)] != decode_path_only
+                    ):
+                        continue
                      if pp.asn1_type_name == Choice.asn1_type_name:
                          continue
                      pp_kwargs = pp._asdict()
@@ -5124,8 +5426,13 @@ def generic_decoder():  # pragma: no cover
                          with_offsets=True,
                          with_blob=False,
                          with_colours=with_colours,
+                        with_decode_path=with_decode_path,
+                        decode_path_len_decrease=len(decode_path_only),
                      )
-                    for row in pp_console_blob(pp):
+                    for row in pp_console_blob(
+                        pp,
+                        decode_path_len_decrease=len(decode_path_only),
+                    ):
                          yield row
                  else:
                      for row in _pprint_pps(pp):
@@ -5157,9 +5464,23 @@ def main():  # pragma: no cover
      )
      parser.add_argument(
          "--nobered",
-        action='store_true',
+        action="store_true",
          help="Disallow BER encoding",
      )
+    parser.add_argument(
+        "--print-decode-path",
+        action="store_true",
+        help="Print decode paths",
+    )
+    parser.add_argument(
+        "--decode-path-only",
+        help="Print only specified decode path",
+    )
+    parser.add_argument(
+        "--allow-expl-oob",
+        action="store_true",
+        help="Allow explicit tag out-of-bound",
+    )
      parser.add_argument(
          "DERFile",
          type=argparse.FileType("rb"),
@@ -5176,7 +5497,10 @@ def main():  # pragma: no cover
          pprinter = partial(pprint, big_blobs=True)
      else:
          schema, pprinter = generic_decoder()
-    ctx = {"bered": not args.nobered}
+    ctx = {
+        "bered": not args.nobered,
+        "allow_expl_oob": args.allow_expl_oob,
+    }
      if args.defines_by_path is not None:
          ctx["defines_by_path"] = obj_by_path(args.defines_by_path)
      obj, tail = schema().decode(der, ctx=ctx)
@@ -5184,6 +5508,11 @@ def main():  # pragma: no cover
          obj,
          oids=oids,
          with_colours=True if environ.get("NO_COLOR") is None else False,
+        with_decode_path=args.print_decode_path,
+        decode_path_only=(
+            () if args.decode_path_only is None else
+            tuple(args.decode_path_only.split(":"))
+        ),
      ))
      if tail != b"":
          print("\nTrailing data: %s" % hexenc(tail))