def testOpenTypes(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
sd = asn1Object['content']
self.assertEqual(rfc6402.id_cct_PKIData,
sd['encapContentInfo']['eContentType'])
pkid, rest = der_decoder(sd['encapContentInfo']['eContent'],
asn1Spec=rfc6402.PKIData(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(pkid.prettyPrint())
self.assertEqual(sd['encapContentInfo']['eContent'], der_encoder(pkid))
found_gl_use_kek = False
for ctrl in pkid['controlSequence']:
if ctrl['attrType'] == rfc5275.id_skd_glUseKEK:
cv = ctrl['attrValues'][0]
self.assertIn('example.com',
cv['glInfo']['glAddress']['rfc822Name'])
self.assertIn(
'example.com',
cv['glOwnerInfo'][0]['glOwnerAddress']['rfc822Name'])
self.assertEqual(31, cv['glKeyAttributes']['duration'])
found_gl_use_kek = True
self.assertTrue(found_gl_use_kek)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
layers = {
rfc5652.id_ct_contentInfo: rfc5652.ContentInfo(),
rfc5652.id_signedData: rfc5652.SignedData(),
rfc6402.id_cct_PKIData: rfc6402.PKIData()
}
getNextLayer = {
rfc5652.id_ct_contentInfo: lambda x: x['contentType'],
rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContentType'],
rfc6402.id_cct_PKIData: lambda x: None
}
getNextSubstrate = {
rfc5652.id_ct_contentInfo: lambda x: x['content'],
rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContent'],
rfc6402.id_cct_PKIData: lambda x: None
}
next_layer = rfc5652.id_ct_contentInfo
while next_layer:
asn1Object, rest = der_decoder.decode(
substrate, asn1Spec=layers[next_layer]
)
assert not rest
assert asn1Object.prettyPrint()
assert der_encoder.encode(asn1Object) == substrate
substrate = getNextSubstrate[next_layer](asn1Object)
next_layer = getNextLayer[next_layer](asn1Object)
def testOpenTypes(self):
class ClientInformation(univ.Sequence):
pass
ClientInformation.componentType = namedtype.NamedTypes(
namedtype.NamedType('clientId', univ.Integer()),
namedtype.NamedType('MachineName', char.UTF8String()),
namedtype.NamedType('UserName', char.UTF8String()),
namedtype.NamedType('ProcessName', char.UTF8String())
)
class EnrollmentCSP(univ.Sequence):
pass
EnrollmentCSP.componentType = namedtype.NamedTypes(
namedtype.NamedType('KeySpec', univ.Integer()),
namedtype.NamedType('Name', char.BMPString()),
namedtype.NamedType('Signature', univ.BitString())
)
openTypeMap = {
# attributes
univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.3'): char.IA5String(),
univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.2'): EnrollmentCSP(),
univ.ObjectIdentifier('1.3.6.1.4.1.311.21.20'): ClientInformation(),
# algorithm identifier parameters
univ.ObjectIdentifier('1.2.840.113549.1.1.1'): univ.Null(""),
univ.ObjectIdentifier('1.2.840.113549.1.1.5'): univ.Null(""),
univ.ObjectIdentifier('1.2.840.113549.1.1.11'): univ.Null(""),
}
openTypeMap.update(rfc5652.cmsAttributesMap)
openTypeMap.update(rfc6402.cmcControlAttributesMap)
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(
substrate, asn1Spec=rfc5652.ContentInfo(), decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
eci = asn1Object['content']['encapContentInfo']
self.assertEqual(rfc6402.id_cct_PKIData, eci['eContentType'])
substrate = eci['eContent']
asn1Object, rest = der_decoder(
substrate, asn1Spec=rfc6402.PKIData(), openTypes=openTypeMap,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
for req in asn1Object['reqSequence']:
cr = req['tcr']['certificationRequest']
sig_alg = cr['signatureAlgorithm']
self.assertIn(sig_alg['algorithm'], openTypeMap)
self.assertEqual(univ.Null(""), sig_alg['parameters'])
cri = cr['certificationRequestInfo']
spki_alg = cri['subjectPublicKeyInfo']['algorithm']
self.assertIn(spki_alg['algorithm'], openTypeMap)
self.assertEqual(univ.Null(""), spki_alg['parameters'])
attrs = cr['certificationRequestInfo']['attributes']
for attr in attrs:
self.assertIn( attr['attrType'], openTypeMap)
if attr['attrType'] == univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.3'):
self.assertEqual("6.2.9200.2", attr['attrValues'][0])
else:
self.assertTrue(attr['attrValues'][0].hasValue())
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
layers = {
rfc3852.id_ct_contentInfo: rfc3852.ContentInfo(),
rfc3852.id_signedData: rfc3852.SignedData(),
rfc6402.id_cct_PKIData: rfc6402.PKIData()
}
getNextLayer = {
rfc3852.id_ct_contentInfo: lambda x: x['contentType'],
rfc3852.id_signedData:
lambda x: x['encapContentInfo']['eContentType'],
rfc6402.id_cct_PKIData: lambda x: None
}
getNextSubstrate = {
rfc3852.id_ct_contentInfo: lambda x: x['content'],
rfc3852.id_signedData: lambda x: x['encapContentInfo']['eContent'],
rfc6402.id_cct_PKIData: lambda x: None
}
alg_oids = (
univ.ObjectIdentifier('1.3.14.3.2.26'),
univ.ObjectIdentifier('1.2.840.113549.1.1.1'),
univ.ObjectIdentifier('1.2.840.113549.1.1.5'),
univ.ObjectIdentifier('1.2.840.113549.1.1.11'),
)
encoded_null = der_encode(univ.Null(""))
next_layer = rfc3852.id_ct_contentInfo
count = 0
while next_layer:
asn1Object, rest = der_decode(substrate,
asn1Spec=layers[next_layer])
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
if next_layer == rfc3852.id_signedData:
for d in asn1Object['digestAlgorithms']:
assert d['algorithm'] in alg_oids
assert d['parameters'] == encoded_null
count += 1
for si in asn1Object['signerInfos']:
assert si['digestAlgorithm']['algorithm'] in alg_oids
assert si['digestAlgorithm']['parameters'] == encoded_null
count += 1
assert si['signatureAlgorithm']['algorithm'] in alg_oids
assert si['signatureAlgorithm'][
'parameters'] == encoded_null
count += 1
if next_layer == rfc6402.id_cct_PKIData:
for req in asn1Object['reqSequence']:
cr = req['tcr']['certificationRequest']
assert cr['signatureAlgorithm']['algorithm'] in alg_oids
assert cr['signatureAlgorithm'][
'parameters'] == encoded_null
count += 1
cri_spki = cr['certificationRequestInfo'][
'subjectPublicKeyInfo']
assert cri_spki['algorithm']['algorithm'] in alg_oids
assert cri_spki['algorithm']['parameters'] == encoded_null
count += 1
substrate = getNextSubstrate[next_layer](asn1Object)
next_layer = getNextLayer[next_layer](asn1Object)
assert count == 5
assert encoder.encode(layer) == data, 'wrapper recode fails'
assert not rest
print(" * New layer (wrapper):")
print(layer.prettyPrint())
next_layer = layer['contentType']
data = layer['content']
elif next_layer == rfc5652.id_signedData:
layer, rest = decoder.decode(data, asn1Spec=rfc5652.SignedData())
assert encoder.encode(layer) == data, 'wrapper recode fails'
assert not rest
print(" * New layer (wrapper):")
print(layer.prettyPrint())
next_layer = layer['encapContentInfo']['eContentType']
data = layer['encapContentInfo']['eContent']
elif next_layer == rfc6402.id_cct_PKIData:
layer, rest = decoder.decode(data, asn1Spec=rfc6402.PKIData())
assert encoder.encode(layer) == data, 'pkidata recode fails'
assert not rest
print(" * New layer (pkidata):")
print(layer.prettyPrint())
next_layer = None
data = None