def testEncoding(self):
assert encoder.encode(
char.BMPString(version_info[0] == 3 and 'abc'
or unicode('abc'))) == ints2octs(
(30, 6, 0, 97, 0, 98, 0,
99)), 'Incorrect encoding'
class BMPStringDecoder(OctetStringDecoder):
protoComponent = char.BMPString()
subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
namedtype.NamedType(
'printableString',
char.PrintableString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
namedtype.NamedType(
'universalString',
char.UniversalString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
namedtype.NamedType(
'utf8String',
char.UTF8String().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
namedtype.NamedType(
'bmpString',
char.BMPString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))))
ub_organization_name = univ.Integer(64)
class X520OrganizationName(univ.Choice):
pass
X520OrganizationName.componentType = namedtype.NamedTypes(
namedtype.NamedType(
'teletexString',
char.TeletexString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1,
ub_organization_name))),
namedtype.NamedType(
def testDecoder(self):
assert decoder.decode(ints2octs((30, 6, 0, 97, 0, 98, 0, 99))) == (char.BMPString(sys.version_info[0] == 3 and 'abc' or unicode('abc')), null)
def testOpenTypes(self):
class ClientInformation(univ.Sequence):
pass
ClientInformation.componentType = namedtype.NamedTypes(
namedtype.NamedType('clientId', univ.Integer()),
namedtype.NamedType('MachineName', char.UTF8String()),
namedtype.NamedType('UserName', char.UTF8String()),
namedtype.NamedType('ProcessName', char.UTF8String()))
class EnrollmentCSP(univ.Sequence):
pass
EnrollmentCSP.componentType = namedtype.NamedTypes(
namedtype.NamedType('KeySpec', univ.Integer()),
namedtype.NamedType('Name', char.BMPString()),
namedtype.NamedType('Signature', univ.BitString()))
openTypeMap = {
# attributes
univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.3'):
char.IA5String(),
univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.2'):
EnrollmentCSP(),
univ.ObjectIdentifier('1.3.6.1.4.1.311.21.20'):
ClientInformation(),
# algorithm identifier parameters
univ.ObjectIdentifier('1.2.840.113549.1.1.1'):
univ.Null(""),
univ.ObjectIdentifier('1.2.840.113549.1.1.5'):
univ.Null(""),
univ.ObjectIdentifier('1.2.840.113549.1.1.11'):
univ.Null(""),
}
openTypeMap.update(rfc5652.cmsAttributesMap)
openTypeMap.update(rfc6402.cmcControlAttributesMap)
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder.decode(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder.encode(asn1Object))
eci = asn1Object['content']['encapContentInfo']
self.assertIn(eci['eContentType'], rfc5652.cmsContentTypesMap)
self.assertEqual(rfc6402.id_cct_PKIData, eci['eContentType'])
pkid, rest = der_decoder.decode(
eci['eContent'],
asn1Spec=rfc5652.cmsContentTypesMap[eci['eContentType']],
openTypes=openTypeMap,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(pkid.prettyPrint())
self.assertEqual(eci['eContent'], der_encoder.encode(pkid))
for req in pkid['reqSequence']:
cr = req['tcr']['certificationRequest']
sig_alg = cr['signatureAlgorithm']
self.assertIn(sig_alg['algorithm'], openTypeMap)
self.assertEqual(univ.Null(""), sig_alg['parameters'])
cri = cr['certificationRequestInfo']
spki_alg = cri['subjectPublicKeyInfo']['algorithm']
self.assertIn(spki_alg['algorithm'], openTypeMap)
self.assertEqual(univ.Null(""), spki_alg['parameters'])
attrs = cr['certificationRequestInfo']['attributes']
for attr in attrs:
self.assertIn(attr['attrType'], openTypeMap)
if attr['attrType'] == univ.ObjectIdentifier(
'1.3.6.1.4.1.311.13.2.3'):
self.assertEqual("6.2.9200.2", attr['attrValues'][0])
else:
self.assertTrue(attr['attrValues'][0].hasValue())
# DirectoryString is the same as RFC 5280, except the length is limited to 255
class DirectoryString(univ.Choice):
pass
DirectoryString.componentType = namedtype.NamedTypes(
namedtype.NamedType('teletexString', char.TeletexString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
namedtype.NamedType('printableString', char.PrintableString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
namedtype.NamedType('universalString', char.UniversalString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
namedtype.NamedType('utf8String', char.UTF8String().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
namedtype.NamedType('bmpString', char.BMPString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, 255)))
)
# OTP Challenge Attribute
id_aa_otpChallenge = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.56')
ub_aa_otpChallenge = univ.Integer(255)
otpChallenge = rfc5652.Attribute()
otpChallenge['attrType'] = id_aa_otpChallenge
otpChallenge['attrValues'][0] = DirectoryString()
# Revocation Challenge Attribute
subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
namedtype.NamedType(
'printableString',
char.PrintableString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
namedtype.NamedType(
'universalString',
char.UniversalString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
namedtype.NamedType(
'utf8String',
char.UTF8String().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
namedtype.NamedType(
'bmpString',
char.BMPString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, 255))))
# OTP Challenge Attribute
id_aa_otpChallenge = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.56')
ub_aa_otpChallenge = univ.Integer(255)
otpChallenge = Attribute()
otpChallenge['attrType'] = id_aa_otpChallenge
otpChallenge['attrValues'][0] = DirectoryString()
# Revocation Challenge Attribute
id_aa_revocationChallenge = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.57')
def testOpenTypes(self):
class ClientInformation(univ.Sequence):
pass
ClientInformation.componentType = namedtype.NamedTypes(
namedtype.NamedType('clientId', univ.Integer()),
namedtype.NamedType('MachineName', char.UTF8String()),
namedtype.NamedType('UserName', char.UTF8String()),
namedtype.NamedType('ProcessName', char.UTF8String()))
class EnrollmentCSP(univ.Sequence):
pass
EnrollmentCSP.componentType = namedtype.NamedTypes(
namedtype.NamedType('KeySpec', univ.Integer()),
namedtype.NamedType('Name', char.BMPString()),
namedtype.NamedType('Signature', univ.BitString()))
attributesMapUpdate = {
univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.3'): char.IA5String(),
univ.ObjectIdentifier('1.3.6.1.4.1.311.13.2.2'): EnrollmentCSP(),
univ.ObjectIdentifier('1.3.6.1.4.1.311.21.20'):
ClientInformation(),
}
rfc5652.cmsAttributesMap.update(rfc6402.cmcControlAttributesMap)
rfc5652.cmsAttributesMap.update(attributesMapUpdate)
algorithmIdentifierMapUpdate = {
univ.ObjectIdentifier('1.2.840.113549.1.1.1'): univ.Null(""),
univ.ObjectIdentifier('1.2.840.113549.1.1.5'): univ.Null(""),
univ.ObjectIdentifier('1.2.840.113549.1.1.11'): univ.Null(""),
}
rfc5280.algorithmIdentifierMap.update(algorithmIdentifierMapUpdate)
rfc5652.cmsContentTypesMap.update(rfc6402.cmsContentTypesMapUpdate)
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder.decode(substrate,
asn1Spec=rfc5652.ContentInfo(),
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encoder.encode(asn1Object) == substrate
eci = asn1Object['content']['encapContentInfo']
assert eci['eContentType'] in rfc5652.cmsContentTypesMap.keys()
assert eci['eContentType'] == rfc6402.id_cct_PKIData
pkid, rest = der_decoder.decode(
eci['eContent'],
asn1Spec=rfc5652.cmsContentTypesMap[eci['eContentType']],
decodeOpenTypes=True)
assert not rest
assert pkid.prettyPrint()
assert der_encoder.encode(pkid) == eci['eContent']
for req in pkid['reqSequence']:
cr = req['tcr']['certificationRequest']
sig_alg = cr['signatureAlgorithm']
assert sig_alg['algorithm'] in rfc5280.algorithmIdentifierMap.keys(
)
assert sig_alg['parameters'] == univ.Null("")
cri = cr['certificationRequestInfo']
spki_alg = cri['subjectPublicKeyInfo']['algorithm']
assert spki_alg[
'algorithm'] in rfc5280.algorithmIdentifierMap.keys()
assert spki_alg['parameters'] == univ.Null("")
attrs = cr['certificationRequestInfo']['attributes']
for attr in attrs:
assert attr['attrType'] in rfc5652.cmsAttributesMap.keys()
if attr['attrType'] == univ.ObjectIdentifier(
'1.3.6.1.4.1.311.13.2.3'):
assert attr['attrValues'][0] == "6.2.9200.2"
else:
assert attr['attrValues'][0].hasValue()
print(dump(bytes))
print("REAL { 45 2 31 }")
bytes = ber_encode(univ.Real((45, 2, 31)))
print(dump(bytes))
print("ENUMERATED 5")
bytes = ber_encode(univ.Enumerated(5))
print(dump(bytes))
print("ENUMERATED 90000")
bytes = ber_encode(univ.Enumerated(90000))
print(dump(bytes))
print("BMPString 'HENLO BORTHERS'")
bytes = ber_encode(char.BMPString("HENLO BORTHERS"))
print(dump(bytes))
print("UniversalString 'HENLO BORTHERS'")
bytes = ber_encode(char.UniversalString("HENLO BORTHERS"))
print(dump(bytes))
print("\n")
# CER
print("*** CANONICAL ENCODING RULES ***")
print("BOOLEAN True")
bytes = cer_encode(univ.Boolean(True))
print(dump(bytes))
class DisplayText(univ.Choice):
componentType = namedtype.NamedTypes(
namedtype.NamedType('visibleString', char.VisibleString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200)))
)
class CertIssuer(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('1', univ.ObjectIdentifier()),
namedtype.NamedType('Info', char.BMPString()),
)
