def testOpenTypes(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
assert asn1Object['contentType'] == rfc5652.id_envelopedData
ed = asn1Object['content']
ukm_found = False
self.assertEqual(ed['version'], rfc5652.CMSVersion(value=2))
for ri in ed['recipientInfos']:
self.assertEqual(ri['kari']['version'],
rfc5652.CMSVersion(value=3))
opk_alg = ri['kari']['originator']['originatorKey']['algorithm']
self.assertEqual(opk_alg['algorithm'], rfc5753.id_ecPublicKey)
self.assertEqual(opk_alg['parameters']['namedCurve'],
rfc5480.secp384r1)
kek_alg = ri['kari']['keyEncryptionAlgorithm']
self.assertEqual(kek_alg['algorithm'],
rfc5753.dhSinglePass_stdDH_sha384kdf_scheme)
self.assertEqual(kek_alg['parameters']['algorithm'],
rfc3565.id_aes256_wrap)
ukm = ri['kari']['ukm']
self.assertEqual(
ukm, rfc5652.UserKeyingMaterial(hexValue='52464335373533'))
ukm_found = True
self.assertTrue(ukm_found)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.signed_message_pem_text)
asn1Object, rest = der_decode(substrate,
asn1Spec=self.asn1Spec, decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap.keys()
assert asn1Object['contentType'] == rfc5652.id_signedData
sd = asn1Object['content']
assert sd['version'] == rfc5652.CMSVersion().subtype(value='v1')
ect = sd['encapContentInfo']['eContentType']
assert ect in rfc5652.cmsContentTypesMap.keys()
assert ect == rfc5652.id_data
for sa in sd['signerInfos'][0]['signedAttrs']:
if sa['attrType'] == rfc6211.id_aa_cmsAlgorithmProtect:
assert sa['attrType'] in rfc5652.cmsAttributesMap.keys()
sav0 = sa['attrValues'][0]
digest_oid = univ.ObjectIdentifier('2.16.840.1.101.3.4.2.2')
sig_oid = univ.ObjectIdentifier('1.2.840.10045.4.3.3')
assert sav0['digestAlgorithm']['algorithm'] == digest_oid
assert sav0['signatureAlgorithm']['algorithm'] == sig_oid
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.signed_receipt_pem_text)
rfc5652.cmsContentTypesMap.update(rfc5035.cmsContentTypesMapUpdate)
rfc5652.cmsAttributesMap.update(rfc5035.ESSAttributeMap)
asn1Object, rest = der_decode(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap.keys()
assert asn1Object['contentType'] == rfc5652.id_signedData
sd = asn1Object['content']
assert sd['version'] == rfc5652.CMSVersion().subtype(value='v3')
assert sd['encapContentInfo'][
'eContentType'] in rfc5652.cmsContentTypesMap.keys()
assert sd['encapContentInfo']['eContentType'] == rfc5035.id_ct_receipt
for sa in sd['signerInfos'][0]['signedAttrs']:
assert sa['attrType'] in rfc5652.cmsAttributesMap.keys()
if sa['attrType'] == rfc5035.id_aa_msgSigDigest:
sa['attrValues'][0].prettyPrint()[:10] == '0x167378'
# Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot
# automatically decode it
receipt, rest = der_decode(sd['encapContentInfo']['eContent'],
asn1Spec=rfc5652.cmsContentTypesMap[
sd['encapContentInfo']['eContentType']])
assert receipt['version'] == rfc5035.ESSVersion().subtype(value='v1')
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.message3_pem_text)
asn1Object, rest = der_decode (substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc5652.id_signedData
v3 = rfc5652.CMSVersion().subtype(value='v3')
assert asn1Object['content']['version'] == v3
for sa in asn1Object['content']['signerInfos'][0]['signedAttrs']:
assert sa['attrType'] in rfc5652.cmsAttributesMap.keys()
if sa['attrType'] == rfc5652.id_messageDigest:
assert '0xa05c54d4737' in sa['attrValues'][0].prettyPrint()
ct_oid = asn1Object['content']['encapContentInfo']['eContentType']
assert ct_oid in rfc5652.cmsContentTypesMap.keys()
assert ct_oid == rfc7191.id_ct_KP_keyPackageError
# Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot
# automatically decode it
sd_eci = asn1Object['content']['encapContentInfo']
kpe, rest = der_decode(sd_eci['eContent'],
asn1Spec=rfc5652.cmsContentTypesMap[sd_eci['eContentType']])
package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0="
package_id = pem.readBase64fromText(package_id_pem_text)
assert kpe['errorOf']['pkgID'] == package_id
assert kpe['errorCode'] == rfc7191.EnumeratedErrorCode(value=10)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.signed_message_pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertIn(asn1Object['contentType'], rfc5652.cmsContentTypesMap)
self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
sd = asn1Object['content']
self.assertEqual(rfc5652.CMSVersion().subtype(value='v1'),
sd['version'])
ect = sd['encapContentInfo']['eContentType']
self.assertIn(ect, rfc5652.cmsContentTypesMap)
self.assertEqual(rfc5652.id_data, ect)
for sa in sd['signerInfos'][0]['signedAttrs']:
if sa['attrType'] == rfc6211.id_aa_cmsAlgorithmProtect:
self.assertIn(sa['attrType'], rfc5652.cmsAttributesMap)
sav0 = sa['attrValues'][0]
digest_oid = univ.ObjectIdentifier('2.16.840.1.101.3.4.2.2')
sig_oid = univ.ObjectIdentifier('1.2.840.10045.4.3.3')
self.assertEqual(digest_oid,
sav0['digestAlgorithm']['algorithm'])
self.assertEqual(sig_oid,
sav0['signatureAlgorithm']['algorithm'])
class KeyTransPSKRecipientInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('version', rfc5652.CMSVersion()),
namedtype.NamedType('pskid', PreSharedKeyIdentifier()),
namedtype.NamedType('kdfAlgorithm',
rfc5652.KeyDerivationAlgorithmIdentifier()),
namedtype.NamedType('keyEncryptionAlgorithm',
rfc5652.KeyEncryptionAlgorithmIdentifier()),
namedtype.NamedType('ktris', KeyTransRecipientInfos()),
namedtype.NamedType('encryptedKey', rfc5652.EncryptedKey()))
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.message1_pem_text)
asn1Object, rest = der_decode (substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc5652.id_signedData
v3 = rfc5652.CMSVersion().subtype(value='v3')
assert asn1Object['content']['version'] == v3
for sa in asn1Object['content']['signerInfos'][0]['signedAttrs']:
if sa['attrType'] == rfc7191.id_aa_KP_keyPkgIdAndReceiptReq:
package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0="
package_id = pem.readBase64fromText(package_id_pem_text)
assert sa['attrValues'][0]['pkgID'] == package_id
class KeyAgreePSKRecipientInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('version', rfc5652.CMSVersion()),
namedtype.NamedType('pskid', PreSharedKeyIdentifier()),
namedtype.NamedType(
'originator',
rfc5652.OriginatorIdentifierOrKey().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.OptionalNamedType(
'ukm',
rfc5652.UserKeyingMaterial().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('kdfAlgorithm',
rfc5652.KeyDerivationAlgorithmIdentifier()),
namedtype.NamedType('keyEncryptionAlgorithm',
rfc5652.KeyEncryptionAlgorithmIdentifier()),
namedtype.NamedType('recipientEncryptedKeys',
rfc5652.RecipientEncryptedKeys()))
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
rfc5652.cmsAttributesMap.update(rfc5035.ESSAttributeMap)
rfc5652.cmsContentTypesMap.update(rfc5083.cmsContentTypesMapUpdate)
asn1Object, rest = der_decoder.decode(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encoder.encode(asn1Object) == substrate
assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap
assert asn1Object['contentType'] == rfc5083.id_ct_authEnvelopedData
authenv = asn1Object['content']
assert authenv['version'] == rfc5652.CMSVersion().subtype(value='v0')
for attr in authenv['unauthAttrs']:
assert attr['attrType'] in rfc5652.cmsAttributesMap
if attr['attrType'] == rfc5035.id_aa_contentHint:
assert 'Watson' in attr['attrValues'][0]['contentDescription']
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.signed_receipt_pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertIn(asn1Object['contentType'],
rfc5652.cmsContentTypesMap.keys())
self.assertEqual(asn1Object['contentType'], rfc5652.id_signedData)
sd = asn1Object['content']
self.assertEqual(sd['version'],
rfc5652.CMSVersion().subtype(value='v3'))
self.assertIn(sd['encapContentInfo']['eContentType'],
rfc5652.cmsContentTypesMap)
self.assertEqual(sd['encapContentInfo']['eContentType'],
rfc2634.id_ct_receipt)
for sa in sd['signerInfos'][0]['signedAttrs']:
self.assertIn(sa['attrType'], rfc5652.cmsAttributesMap)
if sa['attrType'] == rfc2634.id_aa_msgSigDigest:
sa['attrValues'][0].prettyPrint()[:10] == '0x167378'
# Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot
# automatically decode it
receipt, rest = der_decoder(
sd['encapContentInfo']['eContent'],
asn1Spec=rfc5652.cmsContentTypesMap[sd['encapContentInfo']
['eContentType']])
self.assertEqual(receipt['version'],
rfc2634.ESSVersion().subtype(value='v1'))
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.signed_message_pem_text)
asn1Object, rest = der_decoder(
substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertIn(asn1Object['contentType'], rfc5652.cmsContentTypesMap)
self.assertEqual(asn1Object['contentType'], rfc5652.id_signedData)
sd = asn1Object['content']
self.assertEqual(
rfc5652.CMSVersion().subtype(value='v1'), sd['version'])
ect = sd['encapContentInfo']['eContentType']
self.assertIn(ect, rfc5652.cmsContentTypesMap)
self.assertEqual(rfc5652.id_data, ect)
for sa in sd['signerInfos'][0]['signedAttrs']:
if sa['attrType'] == rfc7508.id_aa_secureHeaderFieldsIdentifier:
self.assertIn(sa['attrType'], rfc5652.cmsAttributesMap)
secure_header_field_attr_found = False
for sa in sd['signerInfos'][0]['signedAttrs']:
if sa['attrType'] == rfc7508.id_aa_secureHeaderFieldsIdentifier:
self.assertIn(sa['attrType'], rfc5652.cmsAttributesMap)
from_field = rfc7508.HeaderFieldName('From')
alice_email = rfc7508.HeaderFieldValue('*****@*****.**')
for shf in sa['attrValues'][0]['secHeaderFields']:
if shf['field-Name'] == from_field:
self.assertEqual(alice_email, shf['field-Value'])
secure_header_field_attr_found = True
self.assertTrue(secure_header_field_attr_found)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.signed_message_pem_text)
asn1Object, rest = der_decode(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap.keys()
assert asn1Object['contentType'] == rfc5652.id_signedData
sd = asn1Object['content']
assert sd['version'] == rfc5652.CMSVersion().subtype(value='v1')
ect = sd['encapContentInfo']['eContentType']
assert ect in rfc5652.cmsContentTypesMap.keys()
assert ect == rfc5652.id_data
for sa in sd['signerInfos'][0]['signedAttrs']:
if sa['attrType'] == rfc7508.id_aa_secureHeaderFieldsIdentifier:
assert sa['attrType'] in rfc5652.cmsAttributesMap.keys()
secure_header_field_attr_found = False
for sa in sd['signerInfos'][0]['signedAttrs']:
if sa['attrType'] == rfc7508.id_aa_secureHeaderFieldsIdentifier:
assert sa['attrType'] in rfc5652.cmsAttributesMap.keys(
)
from_field = rfc7508.HeaderFieldName('From')
alice_email = rfc7508.HeaderFieldValue(
'*****@*****.**')
for shf in sa['attrValues'][0]['secHeaderFields']:
if shf['field-Name'] == from_field:
assert shf['field-Value'] == alice_email
secure_header_field_attr_found = True
assert secure_header_field_attr_found
if isinstance(x, univ.ObjectIdentifier):
output.extend(list(x))
else:
output.append(int(x))
return univ.ObjectIdentifier(output)
id_ct_authEnvelopedData = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 23)
class AuthEnvelopedData(univ.Sequence):
pass
AuthEnvelopedData.componentType = namedtype.NamedTypes(
namedtype.NamedType('version', rfc5652.CMSVersion()),
namedtype.OptionalNamedType(
'originatorInfo',
rfc5652.OriginatorInfo().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.NamedType('recipientInfos', rfc5652.RecipientInfos()),
namedtype.NamedType('authEncryptedContentInfo',
rfc5652.EncryptedContentInfo()),
namedtype.OptionalNamedType(
'authAttrs',
rfc5652.AuthAttributes().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('mac', rfc5652.MessageAuthenticationCode()),
namedtype.OptionalNamedType(
'unauthAttrs',
rfc5652.UnauthAttributes().subtype(
class CompressionAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
pass
# The CMS Compressed Data Content Type
id_ct_compressedData = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.9')
class CompressedData(univ.Sequence):
pass
CompressedData.componentType = namedtype.NamedTypes(
namedtype.NamedType('version', rfc5652.CMSVersion()), # Always set to 0
namedtype.NamedType('compressionAlgorithm',
CompressionAlgorithmIdentifier()),
namedtype.NamedType('encapContentInfo', rfc5652.EncapsulatedContentInfo()))
# Algorithm identifier for the zLib Compression Algorithm
# This includes cpa_zlibCompress as defined in RFC 6268,
# from https://www.rfc-editor.org/rfc/rfc6268.txt
id_alg_zlibCompress = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.8')
cpa_zlibCompress = rfc5280.AlgorithmIdentifier()
cpa_zlibCompress['algorithm'] = id_alg_zlibCompress
# cpa_zlibCompress['parameters'] are absent
# Map of Content Type OIDs to Content Types is added to thr
