def testOpenTypes(self): openTypesMap = { univ.ObjectIdentifier('1.2.840.113549.1.1.1'): univ.Null(""), univ.ObjectIdentifier('1.2.840.113549.1.1.5'): univ.Null(""), univ.ObjectIdentifier('1.2.840.113549.1.1.11'): univ.Null(""), } substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=rfc2986.CertificationRequest(), openTypes=openTypesMap, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) for rdn in asn1Object['certificationRequestInfo']['subject'][ 'rdnSequence']: for atv in rdn: if atv['type'] == rfc5280.id_at_countryName: self.assertEqual(char.PrintableString('US'), atv['value']) else: self.assertGreater(len(atv['value']['utf8String']), 2) spki_alg = asn1Object['certificationRequestInfo']['subjectPKInfo'][ 'algorithm'] self.assertEqual(univ.Null(""), spki_alg['parameters']) sig_alg = asn1Object['signatureAlgorithm'] self.assertEqual(univ.Null(""), sig_alg['parameters'])
def testOpenTypes(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) count = 0 for crm in asn1Object: rdnSeq = crm['certReq']['certTemplate']['subject']['rdnSequence'] for rdn in rdnSeq: self.assertEqual(rfc5280.id_at_commonName, rdn[0]['type']) self.assertEqual('user', rdn[0]['value']['printableString']) count += 1 algid = crm['popo']['signature']['algorithmIdentifier'] self.assertEqual(rfc3279.sha1WithRSAEncryption, algid['algorithm']) self.assertEqual(univ.Null(""), algid['parameters']) count += 1 self.assertEqual(2, count)
def testDerCodec(self): substrate = pem.readBase64fromText(self.oaep_default_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertTrue(rfc4055.id_RSAES_OAEP, asn1Object[0]) self.assertEqual(substrate, der_encoder(asn1Object))
def testOpenTypes(self): substrate = pem.readBase64fromText(self.cert_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) spki = asn1Object['tbsCertificate']['subjectPublicKeyInfo'] self.assertEqual(rfc4055.id_RSAES_OAEP, spki['algorithm']['algorithm']) oaep_p = spki['algorithm']['parameters'] self.assertEqual(rfc4055.id_pSpecified, oaep_p['pSourceFunc']['algorithm']) psf_p = oaep_p['pSourceFunc']['parameters'] self.assertEqual(psf_p, univ.OctetString(value='TCPA')) sig = asn1Object['tbsCertificate']['signature'] self.assertEqual(rfc4055.id_RSASSA_PSS, sig['algorithm']) self.assertEqual(222, sig['parameters']['saltLength']) mgf = sig['parameters']['maskGenAlgorithm'] self.assertEqual(rfc4055.id_mgf1, mgf['algorithm']) self.assertEqual(rfc4055.id_sha256, mgf['parameters']['algorithm'])
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) layers = {} layers.update(rfc5652.cmsContentTypesMap) getNextLayer = { rfc5652.id_ct_contentInfo: lambda x: x['contentType'], rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContentType'], } getNextSubstrate = { rfc5652.id_ct_contentInfo: lambda x: x['content'], rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContent'], } next_layer = rfc5652.id_ct_contentInfo while next_layer in layers: asn1Object, rest = der_decoder(substrate, asn1Spec=layers[next_layer]) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) substrate = getNextSubstrate[next_layer](asn1Object) next_layer = getNextLayer[next_layer](asn1Object) self.assertEqual(rfc8769.id_ct_cborSequence, next_layer)
def testDerCodec(self): openTypesMap = opentypemap.get('smimeCapabilityMap') substrate = pem.readBase64fromText(self.smime_capabilities_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) count = 0 for cap in asn1Object: self.assertEqual(der_encoder(univ.Null("")), cap['parameters']) self.assertIn(cap['capabilityID'], openTypesMap) count += 1 self.assertEqual(count, 2)
def generate_ecdsa_pem(pk): ecPrivateKey = ECPrivateKey() ecPrivateKey['version'] = 1 ecPrivateKey['privateKey'] = ints2octs(i2osp(pk, 32)) ecParam = ECParameters().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 0)) # 1.3.132.0.10 ansip256k1(10) ecParam.setComponentByName("namedCurve", _buildOid(1, 3, 132, 0, 10)) print ecParam.prettyPrint() ecPrivateKey.setComponentByName('parameters', ecParam) pub = ecdsa.expand_pub(ecdsa.point_mult(ecdsa.G, pk)) # pb = univ.BitString(long(pub, 16)) ecPrivateKey.setComponentByName('publicKey', long(pub, 16)) print ecPrivateKey.prettyPrint() res = "-----BEGIN EC PRIVATE KEY-----\n" b = base64.b64encode(der_encoder(ecPrivateKey)) n = 64 r = [b[i:i + n] for i in range(0, len(b), n)] for l in r: res += l + "\n" res += "-----END EC PRIVATE KEY-----\n" return res
def testOpenTypes(self): substrate = pem.readBase64fromText(self.env_data_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) cmsContentTypesMap = opentypemap.get('cmsContentTypesMap') self.assertIn(asn1Object['contentType'], cmsContentTypesMap) kari_kea = asn1Object['content']['recipientInfos'][0]['kari'][ 'keyEncryptionAlgorithm'] self.assertEqual(rfc2876.id_kEAKeyEncryptionAlgorithm, kari_kea['algorithm']) self.assertEqual(rfc2876.id_fortezzaWrap80, kari_kea['parameters']['algorithm']) cea = asn1Object['content']['encryptedContentInfo'][ 'contentEncryptionAlgorithm'] self.assertEqual(rfc2876.id_fortezzaConfidentialityAlgorithm, cea['algorithm']) iv = univ.OctetString(hexValue='424f4755535f4956') self.assertEqual(iv, cea['parameters']['initialization-vector'])
def testOpenTypes(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=rfc5652.ContentInfo(), decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertEqual(rfc4073.id_ct_contentCollection, asn1Object['contentType']) for ci in asn1Object['content']: self.assertIn(ci['contentType'], rfc5652.cmsContentTypesMap) self.assertEqual(rfc4073.id_ct_contentWithAttrs, ci['contentType']) next_ci = ci['content']['content'] self.assertIn(next_ci['contentType'], rfc5652.cmsContentTypesMap) self.assertEqual(rfc5652.id_data, next_ci['contentType']) self.assertIn(str2octs('Content-Type: text'), next_ci['content']) for attr in ci['content']['attrs']: self.assertIn(attr['attrType'], rfc5652.cmsAttributesMap) if attr['attrType'] == rfc2634.id_aa_contentHint: self.assertIn('RFC 4073', attr['attrValues'][0]['contentDescription'])
def testOpenTypes(self): substrate = pem.readBase64fromText(self.signed_message_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertIn(asn1Object['contentType'], rfc5652.cmsContentTypesMap) self.assertEqual(rfc5652.id_signedData, asn1Object['contentType']) sd = asn1Object['content'] self.assertEqual(rfc5652.CMSVersion().subtype(value='v1'), sd['version']) ect = sd['encapContentInfo']['eContentType'] self.assertIn(ect, rfc5652.cmsContentTypesMap) self.assertEqual(rfc5652.id_data, ect) for sa in sd['signerInfos'][0]['signedAttrs']: if sa['attrType'] == rfc6211.id_aa_cmsAlgorithmProtect: self.assertIn(sa['attrType'], rfc5652.cmsAttributesMap) sav0 = sa['attrValues'][0] digest_oid = univ.ObjectIdentifier('2.16.840.1.101.3.4.2.2') sig_oid = univ.ObjectIdentifier('1.2.840.10045.4.3.3') self.assertEqual(digest_oid, sav0['digestAlgorithm']['algorithm']) self.assertEqual(sig_oid, sav0['signatureAlgorithm']['algorithm'])
def testOpenTypes(self): substrate = pem.readBase64fromText(self.key_pkg_pem_text) asn1Object, rest = der_decoder( substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertIn(asn1Object['contentType'], rfc5652.cmsContentTypesMap) self.assertTrue(asn1Object['content'].hasValue()) keypkg = asn1Object['content'] self.assertEqual( rfc6031.KeyPkgVersion().subtype(value='v1'), keypkg['version']) for attr in keypkg['sKeyPkgAttrs']: self.assertIn(attr['attrType'], rfc6031.sKeyPkgAttributesMap) self.assertNotEqual('0x', attr['attrValues'][0].prettyPrint()[:2]) # decodeOpenTypes=True did not decode if the value is shown in hex ... if attr['attrType'] == rfc6031.id_pskc_manufacturer: attr['attrValues'][0] == 'Vigil Security LLC' for osk in keypkg['sKeys']: for attr in osk['sKeyAttrs']: self.assertIn(attr['attrType'], rfc6031.sKeyAttributesMap) self.assertNotEqual( '0x', attr['attrValues'][0].prettyPrint()[:2]) # decodeOpenTypes=True did not decode if the value is shown in hex ... if attr['attrType'] == rfc6031.id_pskc_issuer: attr['attrValues'][0] == 'kta.example.com'
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) layers = { } layers.update(rfc5652.cmsContentTypesMap) getNextLayer = { rfc5652.id_ct_contentInfo: lambda x: x['contentType'], rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContentType'], rfc5636.id_kisa_tac_token: lambda x: None } getNextSubstrate = { rfc5652.id_ct_contentInfo: lambda x: x['content'], rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContent'], rfc5636.id_kisa_tac_token: lambda x: None } next_layer = rfc5652.id_ct_contentInfo while next_layer: asn1Object, rest = der_decoder( substrate, asn1Spec=layers[next_layer]) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) substrate = getNextSubstrate[next_layer](asn1Object) next_layer = getNextLayer[next_layer](asn1Object) self.assertEqual('2019', asn1Object['timeout'][:4]) self.assertEqual('5dcdf44e', asn1Object['userKey'].prettyPrint()[-8:])
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertEqual(rfc5652.id_signedData, asn1Object['contentType']) inner, rest = der_decoder(asn1Object['content'], asn1Spec=rfc5652.SignedData()) self.assertEqual( rfc4108.id_ct_firmwarePackage, inner['encapContentInfo']['eContentType']) self.assertTrue(inner['encapContentInfo']['eContent']) attribute_list = [] for attr in inner['signerInfos'][0]['signedAttrs']: attribute_list.append(attr['attrType']) if attr['attrType'] == rfc4108.id_aa_targetHardwareIDs: av, rest = der_decoder(attr['attrValues'][0], asn1Spec=rfc4108.TargetHardwareIdentifiers()) self.assertEqual(2, len(av)) for oid in av: self.assertIn('1.3.6.1.4.1.221121.1.1.', oid.prettyPrint()) self.assertIn( rfc5652.id_contentType, attribute_list) self.assertIn( rfc5652.id_messageDigest, attribute_list) self.assertIn(rfc4108.id_aa_targetHardwareIDs, attribute_list) self.assertIn(rfc4108.id_aa_fwPkgMessageDigest, attribute_list)
def testDerCodec(self): access_methods = [ rfc6487.id_ad_rpkiManifest, rfc6487.id_ad_signedObject, ] substrate = pem.readBase64fromText(self.rpki_cert_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) count = 0 for extn in asn1Object['tbsCertificate']['extensions']: if extn['extnID'] == rfc5280.id_pe_subjectInfoAccess: extnValue, rest = der_decoder( extn['extnValue'], asn1Spec=rfc5280.SubjectInfoAccessSyntax()) for ad in extnValue: if ad['accessMethod'] in access_methods: uri = ad['accessLocation']['uniformResourceIdentifier'] self.assertIn('rpki.apnic.net', uri) count += 1 self.assertEqual(1, count)
def testDerCodec(self): layers = { } layers.update(opentypemap.get('cmsContentTypesMap')) getNextLayer = { rfc5652.id_ct_contentInfo: lambda x: x['contentType'], rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContentType'], rfc6402.id_cct_PKIData: lambda x: None } getNextSubstrate = { rfc5652.id_ct_contentInfo: lambda x: x['content'], rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContent'], rfc6402.id_cct_PKIData: lambda x: None } substrate = pem.readBase64fromText(self.pem_text) next_layer = rfc5652.id_ct_contentInfo while next_layer: asn1Object, rest = der_decoder(substrate, asn1Spec=layers[next_layer]) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) substrate = getNextSubstrate[next_layer](asn1Object) next_layer = getNextLayer[next_layer](asn1Object)
def testOpenTypes(self): openTypesMap = rfc5652.cmsAttributesMap.copy() for at in self.the_attrTypes: openTypesMap.update({at: univ.ObjectIdentifier()}) substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, openTypes=openTypesMap, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) for attr_or_oid in asn1Object: if attr_or_oid.getName() == 'attribute': val = attr_or_oid['attribute']['attrValues'][0] valString = val.prettyPrint() aoo = attr_or_oid['attribute']['attrType'] if aoo == self.the_attrTypes[0]: self.assertEqual(self.the_attrVals[0], valString) if aoo == self.the_attrTypes[1]: self.assertEqual(self.the_attrVals[1], valString)
def testOpenTypes(self): openTypeMap = { rfc4357.id_GostR3410_2001: rfc4357.GostR3410_2001_PublicKeyParameters(), rfc4357.id_Gost28147_89: rfc4357.Gost28147_89_Parameters(), } substrate = pem.readBase64fromText(self.keytrans_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, openTypes=openTypeMap, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) ri = asn1Object['content']['recipientInfos'][0] alg1 = ri['ktri']['keyEncryptionAlgorithm'] self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm']) param1 = alg1['parameters'] self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet']) self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet']) alg2 = asn1Object['content']['encryptedContentInfo'][ 'contentEncryptionAlgorithm'] self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm']) param2 = alg2['parameters'] self.assertEqual(8, len(param2['iv'])) self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet'])
def testDerCodec(self): substrate = pem.readBase64fromText(self.cert_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object))
def testOpenTypes(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder( substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) assert asn1Object['contentType'] == rfc5652.id_envelopedData ed = asn1Object['content'] ukm_found = False self.assertEqual(ed['version'], rfc5652.CMSVersion(value=2)) for ri in ed['recipientInfos']: self.assertEqual(ri['kari']['version'], rfc5652.CMSVersion(value=3)) opk_alg = ri['kari']['originator']['originatorKey']['algorithm'] self.assertEqual(opk_alg['algorithm'], rfc5753.id_ecPublicKey) self.assertEqual(opk_alg['parameters']['namedCurve'], rfc5480.secp384r1) kek_alg = ri['kari']['keyEncryptionAlgorithm'] self.assertEqual(kek_alg['algorithm'], rfc5753.dhSinglePass_stdDH_sha384kdf_scheme) self.assertEqual(kek_alg['parameters']['algorithm'], rfc3565.id_aes256_wrap) ukm = ri['kari']['ukm'] self.assertEqual(ukm, rfc5652.UserKeyingMaterial(hexValue='52464335373533')) ukm_found = True self.assertTrue(ukm_found)
def testDerCodec(self): substrate = pem.readBase64fromText(self.cert_bundle_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) cert_count = 0 crl_count = 0 unk_count = 0 for item in asn1Object: if item.getName() == 'cert': cert_count += 1 elif item.getName() == 'crl': crl_count += 1 else: unk_count += 1 self.assertEqual(3, cert_count) self.assertEqual(2, crl_count) self.assertEqual(0, unk_count)
def testOpenTypes(self): openTypesMap = { rfc4491.id_GostR3410_94: rfc4491.GostR3410_94_PublicKeyParameters(), } substrate = pem.readBase64fromText(self.gostR3410_94_cert_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, openTypes=openTypesMap, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) sa1 = asn1Object['signatureAlgorithm']['algorithm'] self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa1) sa2 = asn1Object['tbsCertificate']['signature']['algorithm'] self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa2) spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo'][ 'algorithm'] self.assertEqual(rfc4491.id_GostR3410_94, spki_a['algorithm']) self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, spki_a['parameters']['digestParamSet'])
def testDerCodec(self): substrate = pem.readBase64fromText(self.roa_pem_text) layers = {} layers.update(rfc5652.cmsContentTypesMap) getNextLayer = { rfc5652.id_ct_contentInfo: lambda x: x['contentType'], rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContentType'], rfc6482.id_ct_routeOriginAuthz: lambda x: None } getNextSubstrate = { rfc5652.id_ct_contentInfo: lambda x: x['content'], rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContent'], rfc6482.id_ct_routeOriginAuthz: lambda x: None } next_layer = rfc5652.id_ct_contentInfo while next_layer: asn1Object, rest = der_decoder(substrate, asn1Spec=layers[next_layer]) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) substrate = getNextSubstrate[next_layer](asn1Object) next_layer = getNextLayer[next_layer](asn1Object) self.assertEqual(0, asn1Object['version']) self.assertEqual(58363, asn1Object['asID'])
def testOpenTypes(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertEqual(rfc5652.id_signedData, asn1Object['contentType']) sd_eci = asn1Object['content']['encapContentInfo'] self.assertEqual(rfc5652.id_data, sd_eci['eContentType']) self.assertTrue(sd_eci['eContent'].hasValue()) for ri in asn1Object['content']['crls']: if ri.getName() == 'crl': v2 = rfc5280.Version(value='v2') self.assertEqual(v2, ri['crl']['tbsCertList']['version']) if ri.getName() == 'other': ori = ri['other'] ocspr_oid = rfc5940.id_ri_ocsp_response self.assertEqual(ocspr_oid, ori['otherRevInfoFormat']) ocspr_status = ori['otherRevInfo']['responseStatus'] success = rfc2560.OCSPResponseStatus(value='successful') self.assertEqual(success, ocspr_status)
def testOpenTypes(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) attr_type_list = [] spid_oid = rfc5126.SigPolicyId('1.3.6.1.4.1.22112.48.20') for attr in asn1Object: if attr['attrType'] == rfc5126.id_aa_ets_sigPolicyId: spid = attr['attrValues'][0]['signaturePolicyId'] self.assertEqual(spid_oid, spid['sigPolicyId']) attr_type_list.append(rfc5126.id_aa_ets_sigPolicyId) if attr['attrType'] == rfc5126.id_aa_ets_signerLocation: cn = attr['attrValues'][0]['countryName'] self.assertEqual('US', cn['printableString']) attr_type_list.append(rfc5126.id_aa_ets_signerLocation) if attr['attrType'] == rfc5126.id_aa_signingCertificateV2: ha = attr['attrValues'][0]['certs'][0]['hashAlgorithm'] self.assertEqual(rfc4055.id_sha256, ha['algorithm']) attr_type_list.append(rfc5126.id_aa_signingCertificateV2) self.assertIn(rfc5126.id_aa_ets_sigPolicyId, attr_type_list) self.assertIn(rfc5126.id_aa_ets_signerLocation, attr_type_list) self.assertIn(rfc5126.id_aa_signingCertificateV2, attr_type_list)
def testDerCodec(self): substrate = pem.readBase64fromText(self.tau_pem_text) layers = { rfc5652.id_ct_contentInfo: rfc5652.ContentInfo(), rfc5652.id_signedData: rfc5652.SignedData(), rfc5934.id_ct_TAMP_update: rfc5934.TAMPUpdate() } getNextLayer = { rfc5652.id_ct_contentInfo: lambda x: x['contentType'], rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContentType'], rfc5934.id_ct_TAMP_update: lambda x: None } getNextSubstrate = { rfc5652.id_ct_contentInfo: lambda x: x['content'], rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContent'], rfc5934.id_ct_TAMP_update: lambda x: None } next_layer = rfc5652.id_ct_contentInfo while next_layer: asn1Object, rest = der_decoder(substrate, asn1Spec=layers[next_layer]) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) substrate = getNextSubstrate[next_layer](asn1Object) next_layer = getNextLayer[next_layer](asn1Object)
def testDerCodec(self): substrate = pem.readBase64fromText(self.cert_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) certificateAttributesMap = opentypemap.get('certificateAttributesMap') certificateExtensionsMap = opentypemap.get('certificateExtensionsMap') securityCategoryMap = opentypemap.get('securityCategoryMap') clearance_found = False for extn in asn1Object['tbsCertificate']['extensions']: if extn['extnID'] == rfc5280.id_ce_subjectDirectoryAttributes: self.assertIn(extn['extnID'], certificateExtensionsMap) ev, rest = der_decoder( extn['extnValue'], asn1Spec=certificateExtensionsMap[extn['extnID']]) self.assertFalse(rest) self.assertTrue(ev.prettyPrint()) self.assertEqual(extn['extnValue'], der_encoder(ev)) for attr in ev: if attr['type'] == rfc5755.id_at_clearance: self.assertIn(attr['type'], certificateAttributesMap) av, rest = der_decoder( attr['values'][0], asn1Spec=certificateAttributesMap[attr['type']]) self.assertFalse(rest) self.assertTrue(av.prettyPrint()) self.assertEqual(attr['values'][0], der_encoder(av)) self.assertEqual(rfc3114.id_tsp_TEST_Whirlpool, av['policyId']) for cat in av['securityCategories']: self.assertEqual( rfc3114.id_tsp_TEST_Whirlpool_Categories, cat['type']) self.assertIn(cat['type'], securityCategoryMap) catv, rest = der_decoder( cat['value'], asn1Spec=securityCategoryMap[cat['type']]) self.assertIn('USE ONLY', catv[0]) clearance_found = True self.assertTrue(clearance_found)
def testDerCodec(self): substrate = pem.readBase64fromText(self.extn_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertEqual(rfc8649.id_ce_hashOfRootKey, asn1Object['extnID']) hashed_root_key, rest = der_decoder( asn1Object['extnValue'], rfc8649.HashedRootKey()) self.assertFalse(rest) self.assertTrue(hashed_root_key.prettyPrint()) self.assertEqual(asn1Object['extnValue'], der_encoder(hashed_root_key)) self.assertEqual( rfc4055.id_sha512, hashed_root_key['hashAlg']['algorithm'])
def testOpenTypes(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object))
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertEqual( asn1Object['thisMech'], univ.ObjectIdentifier('1.3.6.1.5.5.2'))
def testDerCodec(self): substrate = pem.readBase64fromText(self.othername_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertEqual(rfc9174.id_on_bundleEID, asn1Object['otherName']['type-id']) othername, rest = der_decoder(asn1Object['otherName']['value'], rfc9174.BundleEID()) self.assertFalse(rest) self.assertTrue(othername.prettyPrint()) self.assertEqual(asn1Object['otherName']['value'], der_encoder(othername)) self.assertIn('example', othername)