def testOpenTypes(self):
substrate = pem.readBase64fromText(self.tsr_pem_text)
asn1Object, rest = der_decode(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
eci = asn1Object['content']['encapContentInfo']
assert eci['eContentType'] in rfc5652.cmsContentTypesMap.keys()
assert eci['eContentType'] == rfc5934.id_ct_TAMP_statusResponse
tsr, rest = der_decode(
eci['eContent'],
asn1Spec=rfc5652.cmsContentTypesMap[eci['eContentType']],
decodeOpenTypes=True)
assert not rest
assert tsr.prettyPrint()
assert der_encode(tsr) == eci['eContent']
assert tsr['version'] == 2
assert tsr['query']['target'] == univ.Null("")
assert tsr['query']['seqNum'] == 1568307071
assert tsr['usesApex'] == False
count = 0
for tai in tsr['response']['verboseResponse']['taInfo']:
count += 1
assert tai['taInfo']['version'] == 1
assert count == 3
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.pem_text)
rfc5652.cmsAttributesMap.update(rfc2634.ESSAttributeMap)
rfc5652.cmsContentTypesMap.update(rfc4073.cmsContentTypesMapUpdate)
asn1Object, rest = der_decode(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc4073.id_ct_contentCollection
for ci in asn1Object['content']:
assert ci['contentType'] in rfc5652.cmsContentTypesMap.keys()
assert ci['contentType'] == rfc4073.id_ct_contentWithAttrs
next_ci = ci['content']['content']
assert next_ci['contentType'] in rfc5652.cmsContentTypesMap.keys()
assert next_ci['contentType'] == rfc5652.id_data
assert str2octs('Content-Type: text') in next_ci['content']
for attr in ci['content']['attrs']:
assert attr['attrType'] in rfc5652.cmsAttributesMap.keys()
if attr['attrType'] == rfc2634.id_aa_contentHint:
assert 'RFC 4073' in attr['attrValues'][0]['contentDescription']
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc4073.id_ct_contentCollection,
asn1Object['contentType'])
for ci in asn1Object['content']:
self.assertIn(ci['contentType'], rfc5652.cmsContentTypesMap)
self.assertEqual(rfc4073.id_ct_contentWithAttrs, ci['contentType'])
next_ci = ci['content']['content']
self.assertIn(next_ci['contentType'], rfc5652.cmsContentTypesMap)
self.assertEqual(rfc5652.id_data, next_ci['contentType'])
self.assertIn(str2octs('Content-Type: text'), next_ci['content'])
for attr in ci['content']['attrs']:
self.assertIn(attr['attrType'], rfc5652.cmsAttributesMap)
if attr['attrType'] == rfc2634.id_aa_contentHint:
self.assertIn('RFC 4073',
attr['attrValues'][0]['contentDescription'])
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.roa_pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
oid = asn1Object['content']['encapContentInfo']['eContentType']
substrate = asn1Object['content']['encapContentInfo']['eContent']
self.assertIn(oid, rfc5652.cmsContentTypesMap)
asn1Object, rest = der_decoder(
substrate,
asn1Spec=rfc5652.cmsContentTypesMap[oid],
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(0, asn1Object['version'])
self.assertEqual(58363, asn1Object['asID'])
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.tau_pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
eci = asn1Object['content']['encapContentInfo']
self.assertIn(eci['eContentType'], rfc5652.cmsContentTypesMap)
self.assertEqual(rfc5934.id_ct_TAMP_update, eci['eContentType'])
tau, rest = der_decoder(
eci['eContent'],
asn1Spec=rfc5652.cmsContentTypesMap[eci['eContentType']],
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(tau.prettyPrint())
self.assertEqual(eci['eContent'], der_encoder(tau))
self.assertEqual(2, tau['version'])
self.assertEqual(univ.Null(""), tau['msgRef']['target'])
self.assertEqual(1568307088, tau['msgRef']['seqNum'])
self.assertEqual(1, len(tau['updates']))
def testOpenTypes(self):
asn1Spec=rfc5652.ContentInfo()
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(
substrate, asn1Spec=asn1Spec, decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
substrate = asn1Object['content']['encapContentInfo']['eContent']
oid = asn1Object['content']['encapContentInfo']['eContentType']
self.assertIn(oid, rfc5652.cmsContentTypesMap)
tac_token, rest = der_decoder(
substrate,
asn1Spec=rfc5652.cmsContentTypesMap[oid],
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(tac_token.prettyPrint())
self.assertEqual(substrate, der_encoder(tac_token))
self.assertEqual('2019', tac_token['timeout'][:4])
self.assertEqual('5dcdf44e', tac_token['userKey'].prettyPrint()[-8:])
def testDerCodec(self):
substrate = pem.readBase64fromText(self.tsr_pem_text)
layers = {
rfc5652.id_ct_contentInfo: rfc5652.ContentInfo(),
rfc5652.id_signedData: rfc5652.SignedData(),
rfc5934.id_ct_TAMP_statusResponse: rfc5934.TAMPStatusResponse()
}
getNextLayer = {
rfc5652.id_ct_contentInfo: lambda x: x['contentType'],
rfc5652.id_signedData:
lambda x: x['encapContentInfo']['eContentType'],
rfc5934.id_ct_TAMP_statusResponse: lambda x: None
}
getNextSubstrate = {
rfc5652.id_ct_contentInfo: lambda x: x['content'],
rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContent'],
rfc5934.id_ct_TAMP_statusResponse: lambda x: None
}
next_layer = rfc5652.id_ct_contentInfo
while next_layer:
asn1Object, rest = der_decoder(substrate,
asn1Spec=layers[next_layer])
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
substrate = getNextSubstrate[next_layer](asn1Object)
next_layer = getNextLayer[next_layer](asn1Object)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.tau_pem_text)
layers = {
rfc5652.id_ct_contentInfo: rfc5652.ContentInfo(),
rfc5652.id_signedData: rfc5652.SignedData(),
rfc5934.id_ct_TAMP_update: rfc5934.TAMPUpdate()
}
getNextLayer = {
rfc5652.id_ct_contentInfo: lambda x: x['contentType'],
rfc5652.id_signedData:
lambda x: x['encapContentInfo']['eContentType'],
rfc5934.id_ct_TAMP_update: lambda x: None
}
getNextSubstrate = {
rfc5652.id_ct_contentInfo: lambda x: x['content'],
rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContent'],
rfc5934.id_ct_TAMP_update: lambda x: None
}
next_layer = rfc5652.id_ct_contentInfo
while next_layer:
asn1Object, rest = der_decode(substrate,
asn1Spec=layers[next_layer])
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
substrate = getNextSubstrate[next_layer](asn1Object)
next_layer = getNextLayer[next_layer](asn1Object)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.tau_pem_text)
asn1Object, rest = der_decode(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
eci = asn1Object['content']['encapContentInfo']
assert eci['eContentType'] in rfc5652.cmsContentTypesMap.keys()
assert eci['eContentType'] == rfc5934.id_ct_TAMP_update
tau, rest = der_decode(
eci['eContent'],
asn1Spec=rfc5652.cmsContentTypesMap[eci['eContentType']],
decodeOpenTypes=True)
assert not rest
assert tau.prettyPrint()
assert der_encode(tau) == eci['eContent']
assert tau['version'] == 2
assert tau['msgRef']['target'] == univ.Null("")
assert tau['msgRef']['seqNum'] == 1568307088
count = 0
for u in tau['updates']:
count += 1
assert count == 1
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=rfc5652.ContentInfo(), decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
alg = asn1Object['content']['signerInfos'][0]['signatureAlgorithm']
self.assertEqual(rfc4056.id_RSASSA_PSS, alg['algorithm'])
self.assertEqual(222, alg['parameters']['saltLength'])
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=rfc5652.ContentInfo(), decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
ect = asn1Object['content']['encapContentInfo']['eContentType']
self.assertEqual(rfc6492.id_ct_xml, ect)
oid = None
for attr in asn1Object['content']['signerInfos'][0]['signedAttrs']:
if attr['attrType'] == rfc5652.id_contentType:
oid = attr['attrValues'][0]
self.assertEqual(rfc6492.id_ct_xml, oid)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.roa_pem_text)
asn1Object, rest = der_decode(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
oid = asn1Object['content']['encapContentInfo']['eContentType']
substrate = asn1Object['content']['encapContentInfo']['eContent']
assert oid in rfc5652.cmsContentTypesMap.keys()
asn1Object, rest = der_decode(substrate,
asn1Spec=rfc5652.cmsContentTypesMap[oid],
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['version'] == 0
assert asn1Object['asID'] == 58363
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
found_mult_sig1 = False
for attr in asn1Object['content']['signerInfos'][0]['signedAttrs']:
if attr['attrType'] == rfc5752.id_aa_multipleSignatures:
av = attr['attrValues'][0]
self.assertEqual(av['bodyHashAlg']['algorithm'],
rfc4055.id_sha384)
self.assertEqual(
'dfaf6c0a',
av['signAttrsHash']['hash'].prettyPrint()[2:10])
found_mult_sig1 = True
found_mult_sig2 = False
for attr in asn1Object['content']['signerInfos'][1]['signedAttrs']:
if attr['attrType'] == rfc5752.id_aa_multipleSignatures:
av = attr['attrValues'][0]
self.assertEqual(av['bodyHashAlg']['algorithm'],
rfc4055.id_sha256)
self.assertEqual(
'7329527d',
av['signAttrsHash']['hash'].prettyPrint()[2:10])
found_mult_sig2 = True
self.assertTrue(found_mult_sig1)
self.assertTrue(found_mult_sig2)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.manifest_pem_text)
asn1Object, rest = der_decode(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
oid = asn1Object['content']['encapContentInfo']['eContentType']
substrate = asn1Object['content']['encapContentInfo']['eContent']
assert oid in rfc5652.cmsContentTypesMap.keys()
asn1Object, rest = der_decode(substrate,
asn1Spec=rfc5652.cmsContentTypesMap[oid],
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['version'] == 0
for f in asn1Object['fileList']:
assert f['file'] == 'ZXSGBDBkL82TFGHuE4VOYtJP-E4.crl'
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
sd = asn1Object['content']
self.assertEqual(rfc6402.id_cct_PKIData,
sd['encapContentInfo']['eContentType'])
pkid, rest = der_decoder(sd['encapContentInfo']['eContent'],
asn1Spec=rfc6402.PKIData(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(pkid.prettyPrint())
self.assertEqual(sd['encapContentInfo']['eContent'], der_encoder(pkid))
found_gl_use_kek = False
for ctrl in pkid['controlSequence']:
if ctrl['attrType'] == rfc5275.id_skd_glUseKEK:
cv = ctrl['attrValues'][0]
self.assertIn('example.com',
cv['glInfo']['glAddress']['rfc822Name'])
self.assertIn(
'example.com',
cv['glOwnerInfo'][0]['glOwnerAddress']['rfc822Name'])
self.assertEqual(31, cv['glKeyAttributes']['duration'])
found_gl_use_kek = True
self.assertTrue(found_gl_use_kek)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.tsr_pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
eci = asn1Object['content']['encapContentInfo']
self.assertIn(eci['eContentType'], rfc5652.cmsContentTypesMap)
self.assertEqual(rfc5934.id_ct_TAMP_statusResponse,
eci['eContentType'])
tsr, rest = der_decoder(
eci['eContent'],
asn1Spec=rfc5652.cmsContentTypesMap[eci['eContentType']],
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(tsr.prettyPrint())
self.assertEqual(eci['eContent'], der_encoder(tsr))
self.assertEqual(2, tsr['version'])
self.assertEqual(univ.Null(""), tsr['query']['target'])
self.assertEqual(1568307071, tsr['query']['seqNum'])
self.assertFalse(tsr['usesApex'])
count = 0
for tai in tsr['response']['verboseResponse']['taInfo']:
count += 1
self.assertEqual(1, tai['taInfo']['version'])
self.assertEqual(3, count)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(der_encoder(asn1Object), substrate)
openTypesMap = {
rfc2985.pkcs_9_at_smimeCapabilities: rfc2985.SMIMECapabilities(),
}
openTypesMap.update(rfc5280.certificateAttributesMap)
openTypesMap.update(rfc5652.cmsAttributesMap)
for attr in asn1Object:
self.assertIn(attr['type'], openTypesMap)
av, rest = der_decoder(attr['values'][0],
asn1Spec=openTypesMap[attr['type']])
self.assertFalse(rest)
self.assertTrue(av.prettyPrint())
self.assertEqual(attr['values'][0], der_encoder(av))
if attr['type'] == rfc2985.pkcs_9_at_userPKCS12:
self.assertEqual(univ.Integer(3), av['version'])
self.assertEqual(rfc5652.id_data,
av['authSafe']['contentType'])
outdata, rest = der_decoder(av['authSafe']['content'],
asn1Spec=univ.OctetString())
self.assertFalse(rest)
authsafe, rest = der_decoder(
outdata, asn1Spec=rfc7292.AuthenticatedSafe())
self.assertFalse(rest)
for ci in authsafe:
self.assertEqual(rfc5652.id_data, ci['contentType'])
indata, rest = der_decoder(ci['content'],
asn1Spec=univ.OctetString())
self.assertFalse(rest)
sc, rest = der_decoder(indata,
asn1Spec=rfc7292.SafeContents())
self.assertFalse(rest)
for sb in sc:
if sb['bagId'] in rfc7292.pkcs12BagTypeMap:
bv, rest = der_decoder(
sb['bagValue'],
asn1Spec=rfc7292.pkcs12BagTypeMap[sb['bagId']])
self.assertFalse(rest)
for bagattr in sb['bagAttributes']:
if bagattr['attrType'] in openTypesMap:
inav, rest = der_decoder(
bagattr['attrValues'][0],
asn1Spec=openTypesMap[
bagattr['attrType']])
self.assertFalse(rest)
if bagattr[
'attrType'] == rfc2985.pkcs_9_at_friendlyName:
self.assertEqual(
"3f71af65-1687-444a-9f46-c8be194c3e8e",
inav)
if bagattr[
'attrType'] == rfc2985.pkcs_9_at_localKeyId:
self.assertEqual(
univ.OctetString(
hexValue='01000000'), inav)
if attr['type'] == rfc2985.pkcs_9_at_pkcs7PDU:
ci, rest = der_decoder(attr['values'][0],
asn1Spec=rfc5652.ContentInfo())
self.assertFalse(rest)
self.assertEqual(rfc5652.id_signedData, ci['contentType'])
sd, rest = der_decoder(ci['content'],
asn1Spec=rfc5652.SignedData())
self.assertFalse(rest)
self.assertEqual(1, sd['version'])
for si in sd['signerInfos']:
self.assertEqual(1, si['version'])
for siattr in si['signedAttrs']:
if siattr['attrType'] in openTypesMap:
siav, rest = der_decoder(
siattr['attrValues'][0],
asn1Spec=openTypesMap[siattr['attrType']])
self.assertFalse(rest)
if siattr[
'attrType'] == rfc2985.pkcs_9_at_contentType:
self.assertEqual(rfc5652.id_data, siav)
if siattr[
'attrType'] == rfc2985.pkcs_9_at_messageDigest:
self.assertEqual('b6e422a4',
siav.prettyPrint()[2:10])
if siattr[
'attrType'] == rfc2985.pkcs_9_at_signingTime:
self.assertEqual('190529182319Z',
siav['utcTime'])
for choices in sd['certificates']:
for rdn in choices[0]['tbsCertificate']['subject'][
'rdnSequence']:
if rdn[0]['type'] in openTypesMap:
nv, rest = der_decoder(
rdn[0]['value'],
asn1Spec=openTypesMap[rdn[0]['type']])
self.assertFalse(rest)
if rdn[0][
'type'] == rfc2985.pkcs_9_at_emailAddress:
self.assertEqual('*****@*****.**', nv)
def setUp(self):
self.asn1Spec = rfc5652.ContentInfo()
namedtype.OptionalNamedType('invalidityDate', useful.GeneralizedTime()),
namedtype.OptionalNamedType('passphrase', univ.OctetString()),
namedtype.OptionalNamedType('comment', char.UTF8String()))
id_cmc_senderNonce = _buildOid(id_cmc, 6)
id_cmc_authData = _buildOid(id_cmc, 27)
class TaggedContentInfo(univ.Sequence):
pass
TaggedContentInfo.componentType = namedtype.NamedTypes(
namedtype.NamedType('bodyPartID', BodyPartID()),
namedtype.NamedType('contentInfo', rfc5652.ContentInfo()))
class IdentifyProofV2(univ.Sequence):
pass
IdentifyProofV2.componentType = namedtype.NamedTypes(
namedtype.NamedType('proofAlgID', rfc5280.AlgorithmIdentifier()),
namedtype.NamedType('macAlgId', rfc5280.AlgorithmIdentifier()),
namedtype.NamedType('witness', univ.OctetString()))
class CMCPublicationInfo(univ.Sequence):
pass
# plain text, then build substrate from it
#
from pyasn1.codec.der import decoder, encoder
from pyasn1_modules import rfc5652, rfc6402, pem
import sys
if len(sys.argv) != 1:
print("""Usage:
$ cat cmc_request.pem | %s""" % (sys.argv[0], ))
sys.exit(-1)
reqCnt = 0
substrate = pem.readBase64FromFile(sys.stdin)
_, rest = decoder.decode(substrate, asn1Spec=rfc5652.ContentInfo())
assert not rest
next_layer = rfc5652.id_ct_contentInfo
data = substrate
while next_layer:
if next_layer == rfc5652.id_ct_contentInfo:
layer, rest = decoder.decode(data, asn1Spec=rfc5652.ContentInfo())
assert encoder.encode(layer) == data, 'wrapper recode fails'
assert not rest
print(" * New layer (wrapper):")
print(layer.prettyPrint())
next_layer = layer['contentType']
data = layer['content']
from pyasn1.type import univ
from pyasn1_modules import rfc5652
MAX = float('inf')
# Content Collection Content Type and Object Identifier
id_ct_contentCollection = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.19')
class ContentCollection(univ.SequenceOf):
pass
ContentCollection.componentType = rfc5652.ContentInfo()
ContentCollection.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
# Content With Attributes Content Type and Object Identifier
id_ct_contentWithAttrs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.20')
class ContentWithAttributes(univ.Sequence):
pass
ContentWithAttributes.componentType = namedtype.NamedTypes(
namedtype.NamedType('content', rfc5652.ContentInfo()),
namedtype.NamedType(
'attrs',
def testOpenTypes(self):
class ClientInformation(univ.Sequence):
pass
ClientInformation.componentType = namedtype.NamedTypes(
namedtype.NamedType('clientId', univ.Integer()),
namedtype.NamedType('MachineName', char.UTF8String()),
namedtype.NamedType('UserName', char.UTF8String()),
namedtype.NamedType('ProcessName', char.UTF8String())
)
class EnrollmentCSP(univ.Sequence):
pass
EnrollmentCSP.componentType = namedtype.NamedTypes(
namedtype.NamedType('KeySpec', univ.Integer()),
namedtype.NamedType('Name', char.BMPString()),
namedtype.NamedType('Signature', univ.BitString())
)
openTypeMap = {
# attributes
univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.3'): char.IA5String(),
univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.2'): EnrollmentCSP(),
univ.ObjectIdentifier('1.3.6.1.4.1.311.21.20'): ClientInformation(),
# algorithm identifier parameters
univ.ObjectIdentifier('1.2.840.113549.1.1.1'): univ.Null(""),
univ.ObjectIdentifier('1.2.840.113549.1.1.5'): univ.Null(""),
univ.ObjectIdentifier('1.2.840.113549.1.1.11'): univ.Null(""),
}
openTypeMap.update(rfc5652.cmsAttributesMap)
openTypeMap.update(rfc6402.cmcControlAttributesMap)
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(
substrate, asn1Spec=rfc5652.ContentInfo(), decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
eci = asn1Object['content']['encapContentInfo']
self.assertEqual(rfc6402.id_cct_PKIData, eci['eContentType'])
substrate = eci['eContent']
asn1Object, rest = der_decoder(
substrate, asn1Spec=rfc6402.PKIData(), openTypes=openTypeMap,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
for req in asn1Object['reqSequence']:
cr = req['tcr']['certificationRequest']
sig_alg = cr['signatureAlgorithm']
self.assertIn(sig_alg['algorithm'], openTypeMap)
self.assertEqual(univ.Null(""), sig_alg['parameters'])
cri = cr['certificationRequestInfo']
spki_alg = cri['subjectPublicKeyInfo']['algorithm']
self.assertIn(spki_alg['algorithm'], openTypeMap)
self.assertEqual(univ.Null(""), spki_alg['parameters'])
attrs = cr['certificationRequestInfo']['attributes']
for attr in attrs:
self.assertIn( attr['attrType'], openTypeMap)
if attr['attrType'] == univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.3'):
self.assertEqual("6.2.9200.2", attr['attrValues'][0])
else:
self.assertTrue(attr['attrValues'][0].hasValue())
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
openTypesMap = {
rfc2985.pkcs_9_at_smimeCapabilities: rfc2985.SMIMECapabilities(),
}
openTypesMap.update(rfc5280.certificateAttributesMap)
openTypesMap.update(rfc5652.cmsAttributesMap)
for attr in asn1Object:
assert attr['type'] in openTypesMap.keys()
av, rest = der_decode(attr['values'][0],
asn1Spec=openTypesMap[attr['type']])
assert not rest
assert av.prettyPrint()
assert der_encode(av) == attr['values'][0]
if attr['type'] == rfc2985.pkcs_9_at_userPKCS12:
assert av['version'] == univ.Integer(3)
assert av['authSafe']['contentType'] == rfc5652.id_data
outdata, rest = der_decode(av['authSafe']['content'],
asn1Spec=univ.OctetString())
assert not rest
authsafe, rest = der_decode(
outdata, asn1Spec=rfc7292.AuthenticatedSafe())
assert not rest
for ci in authsafe:
assert ci['contentType'] == rfc5652.id_data
indata, rest = der_decode(ci['content'],
asn1Spec=univ.OctetString())
assert not rest
sc, rest = der_decode(indata,
asn1Spec=rfc7292.SafeContents())
assert not rest
for sb in sc:
if sb['bagId'] in rfc7292.pkcs12BagTypeMap:
bv, rest = der_decode(
sb['bagValue'],
asn1Spec=rfc7292.pkcs12BagTypeMap[sb['bagId']])
assert not rest
for bagattr in sb['bagAttributes']:
if bagattr['attrType'] in openTypesMap:
inav, rest = der_decode(
bagattr['attrValues'][0],
asn1Spec=openTypesMap[
bagattr['attrType']])
assert not rest
if bagattr[
'attrType'] == rfc2985.pkcs_9_at_friendlyName:
assert inav == "3f71af65-1687-444a-9f46-c8be194c3e8e"
if bagattr[
'attrType'] == rfc2985.pkcs_9_at_localKeyId:
assert inav == univ.OctetString(
hexValue='01000000')
if attr['type'] == rfc2985.pkcs_9_at_pkcs7PDU:
ci, rest = der_decode(attr['values'][0],
asn1Spec=rfc5652.ContentInfo())
assert not rest
assert ci['contentType'] == rfc5652.id_signedData
sd, rest = der_decode(ci['content'],
asn1Spec=rfc5652.SignedData())
assert not rest
assert sd['version'] == 1
for si in sd['signerInfos']:
assert si['version'] == 1
for siattr in si['signedAttrs']:
if siattr['attrType'] in openTypesMap:
siav, rest = der_decode(
siattr['attrValues'][0],
asn1Spec=openTypesMap[siattr['attrType']])
assert not rest
if siattr[
'attrType'] == rfc2985.pkcs_9_at_contentType:
assert siav == rfc5652.id_data
if siattr[
'attrType'] == rfc2985.pkcs_9_at_messageDigest:
assert siav.prettyPrint()[2:10] == 'b6e422a4'
if siattr[
'attrType'] == rfc2985.pkcs_9_at_signingTime:
assert siav['utcTime'] == '190529182319Z'
for choices in sd['certificates']:
for rdn in choices[0]['tbsCertificate']['subject'][
'rdnSequence']:
if rdn[0]['type'] in openTypesMap:
nv, rest = der_decode(
rdn[0]['value'],
asn1Spec=openTypesMap[rdn[0]['type']])
assert not rest
if rdn[0][
'type'] == rfc2985.pkcs_9_at_emailAddress:
assert nv == '*****@*****.**'
def testOpenTypes(self):
class ClientInformation(univ.Sequence):
pass
ClientInformation.componentType = namedtype.NamedTypes(
namedtype.NamedType('clientId', univ.Integer()),
namedtype.NamedType('MachineName', char.UTF8String()),
namedtype.NamedType('UserName', char.UTF8String()),
namedtype.NamedType('ProcessName', char.UTF8String())
)
class EnrollmentCSP(univ.Sequence):
pass
EnrollmentCSP.componentType = namedtype.NamedTypes(
namedtype.NamedType('KeySpec', univ.Integer()),
namedtype.NamedType('Name', char.BMPString()),
namedtype.NamedType('Signature', univ.BitString())
)
attributesMapUpdate = {
univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.3'): char.IA5String(),
univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.2'): EnrollmentCSP(),
univ.ObjectIdentifier('1.3.6.1.4.1.311.21.20'): ClientInformation(),
}
rfc5652.cmsAttributesMap.update(rfc6402.cmcControlAttributesMap)
rfc5652.cmsAttributesMap.update(attributesMapUpdate)
algorithmIdentifierMapUpdate = {
univ.ObjectIdentifier('1.2.840.113549.1.1.1'): univ.Null(""),
univ.ObjectIdentifier('1.2.840.113549.1.1.5'): univ.Null(""),
univ.ObjectIdentifier('1.2.840.113549.1.1.11'): univ.Null(""),
}
rfc5280.algorithmIdentifierMap.update(algorithmIdentifierMapUpdate)
rfc5652.cmsContentTypesMap.update(rfc6402.cmsContentTypesMapUpdate)
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder.decode(substrate,
asn1Spec=rfc5652.ContentInfo(), decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encoder.encode(asn1Object) == substrate
eci = asn1Object['content']['encapContentInfo']
assert eci['eContentType'] in rfc5652.cmsContentTypesMap.keys()
assert eci['eContentType'] == rfc6402.id_cct_PKIData
pkid, rest = der_decoder.decode(eci['eContent'],
asn1Spec=rfc5652.cmsContentTypesMap[eci['eContentType']],
decodeOpenTypes=True)
assert not rest
assert pkid.prettyPrint()
assert der_encoder.encode(pkid) == eci['eContent']
for req in pkid['reqSequence']:
cr = req['tcr']['certificationRequest']
sig_alg = cr['signatureAlgorithm']
assert sig_alg['algorithm'] in rfc5280.algorithmIdentifierMap.keys()
assert sig_alg['parameters'] == univ.Null("")
cri = cr['certificationRequestInfo']
spki_alg = cri['subjectPublicKeyInfo']['algorithm']
assert spki_alg['algorithm'] in rfc5280.algorithmIdentifierMap.keys()
assert spki_alg['parameters'] == univ.Null("")
attrs = cr['certificationRequestInfo']['attributes']
for attr in attrs:
assert attr['attrType'] in rfc5652.cmsAttributesMap.keys()
if attr['attrType'] == univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.3'):
assert attr['attrValues'][0] == "6.2.9200.2"
else:
assert attr['attrValues'][0].hasValue()
class TAMPStatusQuery(univ.Sequence):
pass
TAMPStatusQuery.componentType = namedtype.NamedTypes(
namedtype.DefaultedNamedType(
'version',
TAMPVersion().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(value='v2')),
namedtype.DefaultedNamedType(
'terse',
TerseOrVerbose().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)).subtype(
value='verbose')), namedtype.NamedType('query', TAMPMsgRef()))
tamp_status_query = rfc5652.ContentInfo()
tamp_status_query['contentType'] = id_ct_TAMP_statusQuery
tamp_status_query['content'] = TAMPStatusQuery()
# TAMP Status Response Message
id_ct_TAMP_statusResponse = _OID(id_tamp, 2)
class KeyIdentifiers(univ.SequenceOf):
pass
KeyIdentifiers.componentType = KeyIdentifier()
KeyIdentifiers.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)