def testOpenTypes(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
sd_eci = asn1Object['content']['encapContentInfo']
self.assertEqual(rfc5652.id_data, sd_eci['eContentType'])
self.assertTrue(sd_eci['eContent'].hasValue())
for ri in asn1Object['content']['crls']:
if ri.getName() == 'crl':
v2 = rfc5280.Version(value='v2')
self.assertEqual(v2, ri['crl']['tbsCertList']['version'])
if ri.getName() == 'other':
ori = ri['other']
ocspr_oid = rfc5940.id_ri_ocsp_response
self.assertEqual(ocspr_oid, ori['otherRevInfoFormat'])
ocspr_status = ori['otherRevInfo']['responseStatus']
success = rfc2560.OCSPResponseStatus(value='successful')
self.assertEqual(success, ocspr_status)
def parse_ocsp_resp(ocsp_resp):
ocspResponse, _ = decoder.decode(ocsp_resp,
asn1Spec=rfc2560.OCSPResponse())
responseStatus = ocspResponse.getComponentByName('responseStatus')
assert responseStatus == rfc2560.OCSPResponseStatus(
'successful'), responseStatus.prettyPrint()
responseBytes = ocspResponse.getComponentByName('responseBytes')
responseType = responseBytes.getComponentByName('responseType')
assert responseType == rfc2560.id_pkix_ocsp_basic, responseType.prettyPrint(
)
response = responseBytes.getComponentByName('response')
basicOCSPResponse, _ = decoder.decode(response,
asn1Spec=rfc2560.BasicOCSPResponse())
tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData')
response0 = tbsResponseData.getComponentByName(
'responses').getComponentByPosition(0)
producedAt = datetime.datetime.strptime(
str(tbsResponseData.getComponentByName('producedAt')), '%Y%m%d%H%M%SZ')
certID = response0.getComponentByName('certID')
certStatus = response0.getComponentByName('certStatus').getName()
thisUpdate = datetime.datetime.strptime(
str(response0.getComponentByName('thisUpdate')), '%Y%m%d%H%M%SZ')
# let's assume that certID in response matches the certID sent in the request
# let's assume that response signed by trusted responder
print("[+] OCSP producedAt:", producedAt)
print("[+] OCSP thisUpdate:", thisUpdate)
print("[+] OCSP status:", certStatus)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.pem_text)
rfc5652.otherRevInfoFormatMap.update(
rfc5940.otherRevInfoFormatMapUpdate)
asn1Object, rest = der_decode(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc5652.id_signedData
sd_eci = asn1Object['content']['encapContentInfo']
assert sd_eci['eContentType'] == rfc5652.id_data
assert sd_eci['eContent'].hasValue()
for ri in asn1Object['content']['crls']:
if ri.getName() == 'crl':
v2 = rfc5280.Version(value='v2')
assert ri['crl']['tbsCertList']['version'] == v2
if ri.getName() == 'other':
ori = ri['other']
ocspr_oid = rfc5940.id_ri_ocsp_response
assert ori['otherRevInfoFormat'] == ocspr_oid
ocspr_status = ori['otherRevInfo']['responseStatus']
success = rfc2560.OCSPResponseStatus(value='successful')
assert ocspr_status == success
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc5652.id_signedData
sd, rest = der_decode(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
assert sd.prettyPrint()
assert sd['encapContentInfo']['eContentType'] == rfc5652.id_data
assert sd['encapContentInfo']['eContent']
v2 = rfc5280.Version(value='v2')
assert sd['crls'][0]['crl']['tbsCertList']['version'] == v2
ocspr_oid = rfc5940.id_ri_ocsp_response
assert sd['crls'][1]['other']['otherRevInfoFormat'] == ocspr_oid
ocspr, rest = der_decode(sd['crls'][1]['other']['otherRevInfo'],
asn1Spec=rfc5940.OCSPResponse())
assert ocspr.prettyPrint()
success = rfc2560.OCSPResponseStatus(value='successful')
assert ocspr['responseStatus'] == success
def parse_ocsp_response(ocsp_resp):
# extracts from an OCSP response certID_serial, certStatus and thisUpdate
ocspResponse, _ = decoder.decode(ocsp_resp,
asn1Spec=rfc2560.OCSPResponse())
responseStatus = ocspResponse.getComponentByName('responseStatus')
assert responseStatus == rfc2560.OCSPResponseStatus(
'successful'), responseStatus.prettyPrint()
responseBytes = ocspResponse.getComponentByName('responseBytes')
responseType = responseBytes.getComponentByName('responseType')
assert responseType == rfc2560.id_pkix_ocsp_basic, responseType.prettyPrint(
)
response = responseBytes.getComponentByName('response')
basicOCSPResponse, _ = decoder.decode(response,
asn1Spec=rfc2560.BasicOCSPResponse())
tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData')
response0 = tbsResponseData.getComponentByName(
'responses').getComponentByPosition(0)
# let's assume that the OCSP response has been signed by a trusted OCSP responder
certID = response0.getComponentByName('certID')
# let's assume that the issuer name and key hashes in certID are correct
certID_serial = certID[3]
certStatus = response0.getComponentByName('certStatus').getName()
thisUpdate = datetime.datetime.strptime(
str(response0.getComponentByName('thisUpdate')), '%Y%m%d%H%M%SZ')
return certID_serial, certStatus, thisUpdate
def parseOcspResponse(ocspResponse):
responseStatus = ocspResponse.getComponentByName('responseStatus')
assert responseStatus == rfc2560.OCSPResponseStatus(
'successful'), responseStatus.prettyPrint()
responseBytes = ocspResponse.getComponentByName('responseBytes')
responseType = responseBytes.getComponentByName('responseType')
assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint()
response = responseBytes.getComponentByName('response')
basicOCSPResponse, _ = decoder.decode(response,
asn1Spec=rfc2560.BasicOCSPResponse())
tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData')
response0 = tbsResponseData.getComponentByName(
'responses').getComponentByPosition(0)
return (tbsResponseData.getComponentByName('producedAt'),
response0.getComponentByName('certID'),
response0.getComponentByName('certStatus').getName(),
response0.getComponentByName('thisUpdate'))
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
sd, rest = der_decoder(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
self.assertTrue(sd.prettyPrint())
self.assertEqual(rfc5652.id_data,
sd['encapContentInfo']['eContentType'])
self.assertTrue(sd['encapContentInfo']['eContent'])
v2 = rfc5280.Version(value='v2')
self.assertEqual(v2, sd['crls'][0]['crl']['tbsCertList']['version'])
ocspr_oid = rfc5940.id_ri_ocsp_response
self.assertEqual(ocspr_oid,
sd['crls'][1]['other']['otherRevInfoFormat'])
ocspr, rest = der_decoder(sd['crls'][1]['other']['otherRevInfo'],
asn1Spec=rfc5940.OCSPResponse())
self.assertTrue(ocspr.prettyPrint())
success = rfc2560.OCSPResponseStatus(value='successful')
self.assertEqual(success, ocspr['responseStatus'])
