def testOpenTypes(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) assert asn1Object['contentType'] == rfc5652.id_envelopedData ed = asn1Object['content'] ukm_found = False self.assertEqual(ed['version'], rfc5652.CMSVersion(value=2)) for ri in ed['recipientInfos']: self.assertEqual(ri['kari']['version'], rfc5652.CMSVersion(value=3)) opk_alg = ri['kari']['originator']['originatorKey']['algorithm'] self.assertEqual(opk_alg['algorithm'], rfc5753.id_ecPublicKey) self.assertEqual(opk_alg['parameters']['namedCurve'], rfc5480.secp384r1) kek_alg = ri['kari']['keyEncryptionAlgorithm'] self.assertEqual(kek_alg['algorithm'], rfc5753.dhSinglePass_stdDH_sha384kdf_scheme) self.assertEqual(kek_alg['parameters']['algorithm'], rfc3565.id_aes256_wrap) ukm = ri['kari']['ukm'] self.assertEqual( ukm, rfc5652.UserKeyingMaterial(hexValue='52464335373533')) ukm_found = True self.assertTrue(ukm_found)
def testOpenTypes(self): substrate = pem.readBase64fromText(self.signed_message_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap.keys() assert asn1Object['contentType'] == rfc5652.id_signedData sd = asn1Object['content'] assert sd['version'] == rfc5652.CMSVersion().subtype(value='v1') ect = sd['encapContentInfo']['eContentType'] assert ect in rfc5652.cmsContentTypesMap.keys() assert ect == rfc5652.id_data for sa in sd['signerInfos'][0]['signedAttrs']: if sa['attrType'] == rfc6211.id_aa_cmsAlgorithmProtect: assert sa['attrType'] in rfc5652.cmsAttributesMap.keys() sav0 = sa['attrValues'][0] digest_oid = univ.ObjectIdentifier('2.16.840.1.101.3.4.2.2') sig_oid = univ.ObjectIdentifier('1.2.840.10045.4.3.3') assert sav0['digestAlgorithm']['algorithm'] == digest_oid assert sav0['signatureAlgorithm']['algorithm'] == sig_oid
def testOpenTypes(self): substrate = pem.readBase64fromText(self.signed_receipt_pem_text) rfc5652.cmsContentTypesMap.update(rfc5035.cmsContentTypesMapUpdate) rfc5652.cmsAttributesMap.update(rfc5035.ESSAttributeMap) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap.keys() assert asn1Object['contentType'] == rfc5652.id_signedData sd = asn1Object['content'] assert sd['version'] == rfc5652.CMSVersion().subtype(value='v3') assert sd['encapContentInfo'][ 'eContentType'] in rfc5652.cmsContentTypesMap.keys() assert sd['encapContentInfo']['eContentType'] == rfc5035.id_ct_receipt for sa in sd['signerInfos'][0]['signedAttrs']: assert sa['attrType'] in rfc5652.cmsAttributesMap.keys() if sa['attrType'] == rfc5035.id_aa_msgSigDigest: sa['attrValues'][0].prettyPrint()[:10] == '0x167378' # Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot # automatically decode it receipt, rest = der_decode(sd['encapContentInfo']['eContent'], asn1Spec=rfc5652.cmsContentTypesMap[ sd['encapContentInfo']['eContentType']]) assert receipt['version'] == rfc5035.ESSVersion().subtype(value='v1')
def testOpenTypes(self): substrate = pem.readBase64fromText(self.message3_pem_text) asn1Object, rest = der_decode (substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_signedData v3 = rfc5652.CMSVersion().subtype(value='v3') assert asn1Object['content']['version'] == v3 for sa in asn1Object['content']['signerInfos'][0]['signedAttrs']: assert sa['attrType'] in rfc5652.cmsAttributesMap.keys() if sa['attrType'] == rfc5652.id_messageDigest: assert '0xa05c54d4737' in sa['attrValues'][0].prettyPrint() ct_oid = asn1Object['content']['encapContentInfo']['eContentType'] assert ct_oid in rfc5652.cmsContentTypesMap.keys() assert ct_oid == rfc7191.id_ct_KP_keyPackageError # Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot # automatically decode it sd_eci = asn1Object['content']['encapContentInfo'] kpe, rest = der_decode(sd_eci['eContent'], asn1Spec=rfc5652.cmsContentTypesMap[sd_eci['eContentType']]) package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0=" package_id = pem.readBase64fromText(package_id_pem_text) assert kpe['errorOf']['pkgID'] == package_id assert kpe['errorCode'] == rfc7191.EnumeratedErrorCode(value=10)
def testOpenTypes(self): substrate = pem.readBase64fromText(self.signed_message_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertIn(asn1Object['contentType'], rfc5652.cmsContentTypesMap) self.assertEqual(rfc5652.id_signedData, asn1Object['contentType']) sd = asn1Object['content'] self.assertEqual(rfc5652.CMSVersion().subtype(value='v1'), sd['version']) ect = sd['encapContentInfo']['eContentType'] self.assertIn(ect, rfc5652.cmsContentTypesMap) self.assertEqual(rfc5652.id_data, ect) for sa in sd['signerInfos'][0]['signedAttrs']: if sa['attrType'] == rfc6211.id_aa_cmsAlgorithmProtect: self.assertIn(sa['attrType'], rfc5652.cmsAttributesMap) sav0 = sa['attrValues'][0] digest_oid = univ.ObjectIdentifier('2.16.840.1.101.3.4.2.2') sig_oid = univ.ObjectIdentifier('1.2.840.10045.4.3.3') self.assertEqual(digest_oid, sav0['digestAlgorithm']['algorithm']) self.assertEqual(sig_oid, sav0['signatureAlgorithm']['algorithm'])
class KeyTransPSKRecipientInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', rfc5652.CMSVersion()), namedtype.NamedType('pskid', PreSharedKeyIdentifier()), namedtype.NamedType('kdfAlgorithm', rfc5652.KeyDerivationAlgorithmIdentifier()), namedtype.NamedType('keyEncryptionAlgorithm', rfc5652.KeyEncryptionAlgorithmIdentifier()), namedtype.NamedType('ktris', KeyTransRecipientInfos()), namedtype.NamedType('encryptedKey', rfc5652.EncryptedKey()))
def testOpenTypes(self): substrate = pem.readBase64fromText(self.message1_pem_text) asn1Object, rest = der_decode (substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_signedData v3 = rfc5652.CMSVersion().subtype(value='v3') assert asn1Object['content']['version'] == v3 for sa in asn1Object['content']['signerInfos'][0]['signedAttrs']: if sa['attrType'] == rfc7191.id_aa_KP_keyPkgIdAndReceiptReq: package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0=" package_id = pem.readBase64fromText(package_id_pem_text) assert sa['attrValues'][0]['pkgID'] == package_id
class KeyAgreePSKRecipientInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', rfc5652.CMSVersion()), namedtype.NamedType('pskid', PreSharedKeyIdentifier()), namedtype.NamedType( 'originator', rfc5652.OriginatorIdentifierOrKey().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType( 'ukm', rfc5652.UserKeyingMaterial().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('kdfAlgorithm', rfc5652.KeyDerivationAlgorithmIdentifier()), namedtype.NamedType('keyEncryptionAlgorithm', rfc5652.KeyEncryptionAlgorithmIdentifier()), namedtype.NamedType('recipientEncryptedKeys', rfc5652.RecipientEncryptedKeys()))
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) rfc5652.cmsAttributesMap.update(rfc5035.ESSAttributeMap) rfc5652.cmsContentTypesMap.update(rfc5083.cmsContentTypesMapUpdate) asn1Object, rest = der_decoder.decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encoder.encode(asn1Object) == substrate assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap assert asn1Object['contentType'] == rfc5083.id_ct_authEnvelopedData authenv = asn1Object['content'] assert authenv['version'] == rfc5652.CMSVersion().subtype(value='v0') for attr in authenv['unauthAttrs']: assert attr['attrType'] in rfc5652.cmsAttributesMap if attr['attrType'] == rfc5035.id_aa_contentHint: assert 'Watson' in attr['attrValues'][0]['contentDescription']
def testOpenTypes(self): substrate = pem.readBase64fromText(self.signed_receipt_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertIn(asn1Object['contentType'], rfc5652.cmsContentTypesMap.keys()) self.assertEqual(asn1Object['contentType'], rfc5652.id_signedData) sd = asn1Object['content'] self.assertEqual(sd['version'], rfc5652.CMSVersion().subtype(value='v3')) self.assertIn(sd['encapContentInfo']['eContentType'], rfc5652.cmsContentTypesMap) self.assertEqual(sd['encapContentInfo']['eContentType'], rfc2634.id_ct_receipt) for sa in sd['signerInfos'][0]['signedAttrs']: self.assertIn(sa['attrType'], rfc5652.cmsAttributesMap) if sa['attrType'] == rfc2634.id_aa_msgSigDigest: sa['attrValues'][0].prettyPrint()[:10] == '0x167378' # Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot # automatically decode it receipt, rest = der_decoder( sd['encapContentInfo']['eContent'], asn1Spec=rfc5652.cmsContentTypesMap[sd['encapContentInfo'] ['eContentType']]) self.assertEqual(receipt['version'], rfc2634.ESSVersion().subtype(value='v1'))
def testOpenTypes(self): substrate = pem.readBase64fromText(self.signed_message_pem_text) asn1Object, rest = der_decoder( substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertIn(asn1Object['contentType'], rfc5652.cmsContentTypesMap) self.assertEqual(asn1Object['contentType'], rfc5652.id_signedData) sd = asn1Object['content'] self.assertEqual( rfc5652.CMSVersion().subtype(value='v1'), sd['version']) ect = sd['encapContentInfo']['eContentType'] self.assertIn(ect, rfc5652.cmsContentTypesMap) self.assertEqual(rfc5652.id_data, ect) for sa in sd['signerInfos'][0]['signedAttrs']: if sa['attrType'] == rfc7508.id_aa_secureHeaderFieldsIdentifier: self.assertIn(sa['attrType'], rfc5652.cmsAttributesMap) secure_header_field_attr_found = False for sa in sd['signerInfos'][0]['signedAttrs']: if sa['attrType'] == rfc7508.id_aa_secureHeaderFieldsIdentifier: self.assertIn(sa['attrType'], rfc5652.cmsAttributesMap) from_field = rfc7508.HeaderFieldName('From') alice_email = rfc7508.HeaderFieldValue('*****@*****.**') for shf in sa['attrValues'][0]['secHeaderFields']: if shf['field-Name'] == from_field: self.assertEqual(alice_email, shf['field-Value']) secure_header_field_attr_found = True self.assertTrue(secure_header_field_attr_found)
def testOpenTypes(self): substrate = pem.readBase64fromText(self.signed_message_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap.keys() assert asn1Object['contentType'] == rfc5652.id_signedData sd = asn1Object['content'] assert sd['version'] == rfc5652.CMSVersion().subtype(value='v1') ect = sd['encapContentInfo']['eContentType'] assert ect in rfc5652.cmsContentTypesMap.keys() assert ect == rfc5652.id_data for sa in sd['signerInfos'][0]['signedAttrs']: if sa['attrType'] == rfc7508.id_aa_secureHeaderFieldsIdentifier: assert sa['attrType'] in rfc5652.cmsAttributesMap.keys() secure_header_field_attr_found = False for sa in sd['signerInfos'][0]['signedAttrs']: if sa['attrType'] == rfc7508.id_aa_secureHeaderFieldsIdentifier: assert sa['attrType'] in rfc5652.cmsAttributesMap.keys( ) from_field = rfc7508.HeaderFieldName('From') alice_email = rfc7508.HeaderFieldValue( '*****@*****.**') for shf in sa['attrValues'][0]['secHeaderFields']: if shf['field-Name'] == from_field: assert shf['field-Value'] == alice_email secure_header_field_attr_found = True assert secure_header_field_attr_found
if isinstance(x, univ.ObjectIdentifier): output.extend(list(x)) else: output.append(int(x)) return univ.ObjectIdentifier(output) id_ct_authEnvelopedData = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 23) class AuthEnvelopedData(univ.Sequence): pass AuthEnvelopedData.componentType = namedtype.NamedTypes( namedtype.NamedType('version', rfc5652.CMSVersion()), namedtype.OptionalNamedType( 'originatorInfo', rfc5652.OriginatorInfo().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('recipientInfos', rfc5652.RecipientInfos()), namedtype.NamedType('authEncryptedContentInfo', rfc5652.EncryptedContentInfo()), namedtype.OptionalNamedType( 'authAttrs', rfc5652.AuthAttributes().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('mac', rfc5652.MessageAuthenticationCode()), namedtype.OptionalNamedType( 'unauthAttrs', rfc5652.UnauthAttributes().subtype(
class CompressionAlgorithmIdentifier(rfc5280.AlgorithmIdentifier): pass # The CMS Compressed Data Content Type id_ct_compressedData = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.9') class CompressedData(univ.Sequence): pass CompressedData.componentType = namedtype.NamedTypes( namedtype.NamedType('version', rfc5652.CMSVersion()), # Always set to 0 namedtype.NamedType('compressionAlgorithm', CompressionAlgorithmIdentifier()), namedtype.NamedType('encapContentInfo', rfc5652.EncapsulatedContentInfo())) # Algorithm identifier for the zLib Compression Algorithm # This includes cpa_zlibCompress as defined in RFC 6268, # from https://www.rfc-editor.org/rfc/rfc6268.txt id_alg_zlibCompress = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.8') cpa_zlibCompress = rfc5280.AlgorithmIdentifier() cpa_zlibCompress['algorithm'] = id_alg_zlibCompress # cpa_zlibCompress['parameters'] are absent # Map of Content Type OIDs to Content Types is added to thr