def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc5652.id_signedData
sd, rest = der_decode(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
assert sd.prettyPrint()
assert sd['encapContentInfo']['eContentType'] == rfc5652.id_data
assert sd['encapContentInfo']['eContent']
v2 = rfc5280.Version(value='v2')
assert sd['crls'][0]['crl']['tbsCertList']['version'] == v2
ocspr_oid = rfc5940.id_ri_ocsp_response
assert sd['crls'][1]['other']['otherRevInfoFormat'] == ocspr_oid
ocspr, rest = der_decode(sd['crls'][1]['other']['otherRevInfo'],
asn1Spec=rfc5940.OCSPResponse())
assert ocspr.prettyPrint()
success = rfc2560.OCSPResponseStatus(value='successful')
assert ocspr['responseStatus'] == success
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc5652.id_signedData
inner, rest = der_decode(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
assert inner['encapContentInfo'][
'eContentType'] == rfc4108.id_ct_firmwarePackage
assert inner['encapContentInfo']['eContent']
attribute_list = []
for attr in inner['signerInfos'][0]['signedAttrs']:
attribute_list.append(attr['attrType'])
if attr['attrType'] == rfc4108.id_aa_targetHardwareIDs:
av, rest = der_decode(
attr['attrValues'][0],
asn1Spec=rfc4108.TargetHardwareIdentifiers())
assert len(av) == 2
for oid in av:
assert '1.3.6.1.4.1.221121.1.1.' in oid.prettyPrint()
assert rfc5652.id_contentType in attribute_list
assert rfc5652.id_messageDigest in attribute_list
assert rfc4108.id_aa_targetHardwareIDs in attribute_list
assert rfc4108.id_aa_fwPkgMessageDigest in attribute_list
def testDerCodec(self):
substrate = pem.readBase64fromText(self.tsr_pem_text)
layers = {
rfc5652.id_ct_contentInfo: rfc5652.ContentInfo(),
rfc5652.id_signedData: rfc5652.SignedData(),
rfc5934.id_ct_TAMP_statusResponse: rfc5934.TAMPStatusResponse()
}
getNextLayer = {
rfc5652.id_ct_contentInfo: lambda x: x['contentType'],
rfc5652.id_signedData:
lambda x: x['encapContentInfo']['eContentType'],
rfc5934.id_ct_TAMP_statusResponse: lambda x: None
}
getNextSubstrate = {
rfc5652.id_ct_contentInfo: lambda x: x['content'],
rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContent'],
rfc5934.id_ct_TAMP_statusResponse: lambda x: None
}
next_layer = rfc5652.id_ct_contentInfo
while next_layer:
asn1Object, rest = der_decoder(substrate,
asn1Spec=layers[next_layer])
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
substrate = getNextSubstrate[next_layer](asn1Object)
next_layer = getNextLayer[next_layer](asn1Object)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.tau_pem_text)
layers = {
rfc5652.id_ct_contentInfo: rfc5652.ContentInfo(),
rfc5652.id_signedData: rfc5652.SignedData(),
rfc5934.id_ct_TAMP_update: rfc5934.TAMPUpdate()
}
getNextLayer = {
rfc5652.id_ct_contentInfo: lambda x: x['contentType'],
rfc5652.id_signedData:
lambda x: x['encapContentInfo']['eContentType'],
rfc5934.id_ct_TAMP_update: lambda x: None
}
getNextSubstrate = {
rfc5652.id_ct_contentInfo: lambda x: x['content'],
rfc5652.id_signedData: lambda x: x['encapContentInfo']['eContent'],
rfc5934.id_ct_TAMP_update: lambda x: None
}
next_layer = rfc5652.id_ct_contentInfo
while next_layer:
asn1Object, rest = der_decode(substrate,
asn1Spec=layers[next_layer])
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
substrate = getNextSubstrate[next_layer](asn1Object)
next_layer = getNextLayer[next_layer](asn1Object)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.signed_receipt_pem_text)
asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc5652.id_signedData
sd, rest = der_decode(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
assert not rest
assert sd.prettyPrint()
assert der_encode(sd) == asn1Object['content']
assert sd['encapContentInfo']['eContentType'] == rfc5035.id_ct_receipt
receipt, rest = der_decode(sd['encapContentInfo']['eContent'],
asn1Spec=rfc5035.Receipt())
assert not rest
assert receipt.prettyPrint()
assert der_encode(receipt) == sd['encapContentInfo']['eContent']
for sa in sd['signerInfos'][0]['signedAttrs']:
sat = sa['attrType']
sav0 = sa['attrValues'][0]
if sat in rfc5035.ESSAttributeMap.keys():
sav, rest = der_decode(sav0,
asn1Spec=rfc5035.ESSAttributeMap[sat])
assert not rest
assert sav.prettyPrint()
assert der_encode(sav) == sav0
def testDerCodec(self):
substrate = pem.readBase64fromText(self.message3_pem_text)
asn1Object, rest = der_decode (substrate, asn1Spec=self.asn1Spec)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc5652.id_signedData
sd, rest = der_decode (asn1Object['content'],
asn1Spec=rfc5652.SignedData())
assert not rest
assert sd.prettyPrint()
assert der_encode(sd) == asn1Object['content']
oid = sd['encapContentInfo']['eContentType']
assert oid == rfc7191.id_ct_KP_keyPackageError
kpe, rest = der_decode(sd['encapContentInfo']['eContent'],
asn1Spec=rfc7191.KeyPackageError())
assert not rest
assert kpe.prettyPrint()
assert der_encode(kpe) == sd['encapContentInfo']['eContent']
package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0="
package_id = pem.readBase64fromText(package_id_pem_text)
assert kpe['errorOf']['pkgID'] == package_id
assert kpe['errorCode'] == rfc7191.EnumeratedErrorCode(value=10)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.message1_pem_text)
asn1Object, rest = der_decode (substrate, asn1Spec=self.asn1Spec)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc5652.id_signedData
sd, rest = der_decode (asn1Object['content'],
asn1Spec=rfc5652.SignedData())
for sa in sd['signerInfos'][0]['signedAttrs']:
sat = sa['attrType']
sav0 = sa['attrValues'][0]
if sat == rfc7191.id_aa_KP_keyPkgIdAndReceiptReq:
sav, rest = der_decode(sav0,
asn1Spec=rfc7191.KeyPkgIdentifierAndReceiptReq())
assert not rest
assert sav.prettyPrint()
assert der_encode(sav) == sav0
package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0="
package_id = pem.readBase64fromText(package_id_pem_text)
assert sav['pkgID'] == package_id
def testDerCodec(self):
substrate = pem.readBase64fromText(self.signed_message_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
sd, rest = der_decoder(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
self.assertFalse(rest)
self.assertTrue(sd.prettyPrint())
self.assertEqual(asn1Object['content'], der_encoder(sd))
for sa in sd['signerInfos'][0]['signedAttrs']:
sat = sa['attrType']
sav0 = sa['attrValues'][0]
if sat in rfc6211.id_aa_cmsAlgorithmProtect:
sav, rest = der_decoder(
sav0, asn1Spec=rfc6211.CMSAlgorithmProtection())
self.assertFalse(rest)
self.assertTrue(sav.prettyPrint())
self.assertEqual(sav0, der_encoder(sav))
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
inner, rest = der_decoder(asn1Object['content'], asn1Spec=rfc5652.SignedData())
self.assertEqual(
rfc4108.id_ct_firmwarePackage, inner['encapContentInfo']['eContentType'])
self.assertTrue(inner['encapContentInfo']['eContent'])
attribute_list = []
for attr in inner['signerInfos'][0]['signedAttrs']:
attribute_list.append(attr['attrType'])
if attr['attrType'] == rfc4108.id_aa_targetHardwareIDs:
av, rest = der_decoder(attr['attrValues'][0],
asn1Spec=rfc4108.TargetHardwareIdentifiers())
self.assertEqual(2, len(av))
for oid in av:
self.assertIn('1.3.6.1.4.1.221121.1.1.', oid.prettyPrint())
self.assertIn( rfc5652.id_contentType, attribute_list)
self.assertIn( rfc5652.id_messageDigest, attribute_list)
self.assertIn(rfc4108.id_aa_targetHardwareIDs, attribute_list)
self.assertIn(rfc4108.id_aa_fwPkgMessageDigest, attribute_list)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.signed_message_pem_text)
asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
secure_header_field_attr_found = False
assert asn1Object['contentType'] == rfc5652.id_signedData
sd, rest = der_decode(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
for sa in sd['signerInfos'][0]['signedAttrs']:
sat = sa['attrType']
sav0 = sa['attrValues'][0]
if sat == rfc7508.id_aa_secureHeaderFieldsIdentifier:
assert sat in rfc5652.cmsAttributesMap.keys()
sav, rest = der_decode(sav0,
asn1Spec=rfc5652.cmsAttributesMap[sat])
assert not rest
assert sav.prettyPrint()
assert der_encode(sav) == sav0
from_field = rfc7508.HeaderFieldName('From')
alice_email = rfc7508.HeaderFieldValue('*****@*****.**')
for shf in sav['secHeaderFields']:
if shf['field-Name'] == from_field:
assert shf['field-Value'] == alice_email
secure_header_field_attr_found = True
assert secure_header_field_attr_found
def testDerCodec(self):
substrate = pem.readBase64fromText(self.signed_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
sd, rest = der_decoder(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
self.assertFalse(rest)
self.assertTrue(sd.prettyPrint())
self.assertEqual(asn1Object['content'], der_encoder(sd))
encoded_null = der_encoder(univ.Null(""))
si = sd['signerInfos'][0]
self.assertEqual(rfc4357.id_GostR3411_94,
si['digestAlgorithm']['algorithm'])
self.assertEqual(encoded_null, si['digestAlgorithm']['parameters'])
self.assertEqual(rfc4357.id_GostR3410_2001,
si['signatureAlgorithm']['algorithm'])
self.assertEqual(encoded_null, si['signatureAlgorithm']['parameters'])
self.assertEqual(64, len(si['signature']))
def testDerCodec(self):
substrate = pem.readBase64fromText(self.signed_data_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(asn1Object['contentType'], rfc5652.id_signedData)
sd, rest = der_decoder(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
oid = sd['signerInfos'][0]['signatureAlgorithm']['algorithm']
self.assertEqual(rfc8708.id_alg_hss_lms_hashsig, oid)
def _parse(self):
super()._parse()
# - Retrieve object from SpcSpOpusInfo from the authenticated attributes (for normal signer)
self.program_name = self.more_info = None
if asn1.spc.SpcSpOpusInfo in self.authenticated_attributes:
if len(self.authenticated_attributes[asn1.spc.SpcSpOpusInfo]) != 1:
raise AuthenticodeParseError(
"Only one SpcSpOpusInfo expected in SignerInfo.authenticatedAttributes"
)
self.program_name = self.authenticated_attributes[
asn1.spc.SpcSpOpusInfo][0]['programName'].to_python()
self.more_info = self.authenticated_attributes[
asn1.spc.SpcSpOpusInfo][0]['moreInfo'].to_python()
# - Authenticode can be signed using a RFC-3161 timestamp, so we discover this possibility here
if pkcs7.Countersignature in self.unauthenticated_attributes \
and asn1.spc.SpcRfc3161Timestamp in self.unauthenticated_attributes:
raise AuthenticodeParseError(
"Countersignature and RFC-3161 timestamp present in "
"SignerInfo.unauthenticatedAttributes")
if asn1.spc.SpcRfc3161Timestamp in self.unauthenticated_attributes:
if len(self.unauthenticated_attributes[
asn1.spc.SpcRfc3161Timestamp]) != 1:
raise AuthenticodeParseError(
"Only one RFC-3161 timestamp expected in "
"SignerInfo.unauthenticatedAttributes")
ts_data = self.unauthenticated_attributes[
asn1.spc.SpcRfc3161Timestamp][0]
content_type = asn1.oids.get(ts_data['contentType'])
if content_type is not rfc2315.SignedData:
raise AuthenticodeParseError(
"RFC-3161 Timestamp does not contain SignedData structure")
# Note that we expect rfc5652 compatible data here
# This is a work-around for incorrectly tagged v2AttrCerts in the BER-encoded blob,
# see the docstring for patch_rfc5652_signeddata for more details
try:
signed_data = guarded_ber_decode(
ts_data['content'], asn1_spec=rfc5652.SignedData())
except ParseError:
with patch_rfc5652_signeddata() as asn1_spec:
signed_data = guarded_ber_decode(ts_data['content'],
asn1_spec=asn1_spec)
self.countersigner = RFC3161SignedData(signed_data)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(1, asn1Object['version'])
ts = asn1Object['archiveTimeStampSequence'][0][0]['timeStamp']
self.assertEqual(rfc5652.id_signedData, ts['contentType'])
sd, rest = der_decoder(ts['content'], asn1Spec=rfc5652.SignedData())
self.assertFalse(rest)
self.assertTrue(sd.prettyPrint())
self.assertEqual(ts['content'], der_encoder(sd))
self.assertEqual(3, sd['version'])
ect = sd['encapContentInfo']['eContentType']
self.assertEqual(rfc3161.id_ct_TSTInfo, ect)
def testDerCodec(self):
oids = []
for pem_text in self.pem_text_list:
substrate = pem.readBase64fromText(pem_text)
asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc5652.id_signedData
sd, rest = der_decode(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
assert not rest
assert sd.prettyPrint()
assert der_encode(sd) == asn1Object['content']
oids.append(sd['encapContentInfo']['eContentType'])
assert rfc8358.id_ct_asciiTextWithCRLF in oids
assert rfc8358.id_ct_pdf in oids
assert rfc8358.id_ct_xml in oids
def testDerCodec(self):
substrate = pem.readBase64fromText(self.signed_receipt_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(asn1Object['contentType'], rfc5652.id_signedData)
sd, rest = der_decoder(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
self.assertFalse(rest)
self.assertTrue(sd.prettyPrint())
self.assertEqual(asn1Object['content'], der_encoder(sd))
self.assertEqual(sd['encapContentInfo']['eContentType'],
rfc2634.id_ct_receipt)
receipt, rest = der_decoder(sd['encapContentInfo']['eContent'],
asn1Spec=rfc2634.Receipt())
self.assertFalse(rest)
self.assertTrue(receipt.prettyPrint())
self.assertEqual(sd['encapContentInfo']['eContent'],
der_encoder(receipt))
self.assertEqual(receipt['version'],
rfc2634.ESSVersion().subtype(value='v1'))
for sa in sd['signerInfos'][0]['signedAttrs']:
sat = sa['attrType']
sav0 = sa['attrValues'][0]
if sat in rfc5652.cmsAttributesMap.keys():
sav, rest = der_decoder(sav0,
asn1Spec=rfc5652.cmsAttributesMap[sat])
self.assertFalse(rest)
self.assertTrue(sav.prettyPrint())
self.assertEqual(sav0, der_encoder(sav))
def testDerCodec(self):
substrate = pem.readBase64fromText(self.signed_message_pem_text)
asn1Object, rest = der_decode (substrate, asn1Spec=self.asn1Spec)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
assert asn1Object['contentType'] == rfc5652.id_signedData
sd, rest = der_decode(asn1Object['content'], asn1Spec=rfc5652.SignedData())
assert not rest
assert sd.prettyPrint()
assert der_encode(sd) == asn1Object['content']
for sa in sd['signerInfos'][0]['signedAttrs']:
sat = sa['attrType']
sav0 = sa['attrValues'][0]
if sat in rfc6211.id_aa_cmsAlgorithmProtect:
sav, rest = der_decode(sav0, asn1Spec=rfc6211.CMSAlgorithmProtection())
assert not rest
assert sav.prettyPrint()
assert der_encode(sav) == sav0
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
sd, rest = der_decoder(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
self.assertTrue(sd.prettyPrint())
self.assertEqual(rfc5652.id_data,
sd['encapContentInfo']['eContentType'])
self.assertTrue(sd['encapContentInfo']['eContent'])
v2 = rfc5280.Version(value='v2')
self.assertEqual(v2, sd['crls'][0]['crl']['tbsCertList']['version'])
ocspr_oid = rfc5940.id_ri_ocsp_response
self.assertEqual(ocspr_oid,
sd['crls'][1]['other']['otherRevInfoFormat'])
ocspr, rest = der_decoder(sd['crls'][1]['other']['otherRevInfo'],
asn1Spec=rfc5940.OCSPResponse())
self.assertTrue(ocspr.prettyPrint())
success = rfc2560.OCSPResponseStatus(value='successful')
self.assertEqual(success, ocspr['responseStatus'])
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
assert not rest
assert asn1Object.prettyPrint()
assert der_encode(asn1Object) == substrate
openTypesMap = {
rfc2985.pkcs_9_at_smimeCapabilities: rfc2985.SMIMECapabilities(),
}
openTypesMap.update(rfc5280.certificateAttributesMap)
openTypesMap.update(rfc5652.cmsAttributesMap)
for attr in asn1Object:
assert attr['type'] in openTypesMap.keys()
av, rest = der_decode(attr['values'][0],
asn1Spec=openTypesMap[attr['type']])
assert not rest
assert av.prettyPrint()
assert der_encode(av) == attr['values'][0]
if attr['type'] == rfc2985.pkcs_9_at_userPKCS12:
assert av['version'] == univ.Integer(3)
assert av['authSafe']['contentType'] == rfc5652.id_data
outdata, rest = der_decode(av['authSafe']['content'],
asn1Spec=univ.OctetString())
assert not rest
authsafe, rest = der_decode(
outdata, asn1Spec=rfc7292.AuthenticatedSafe())
assert not rest
for ci in authsafe:
assert ci['contentType'] == rfc5652.id_data
indata, rest = der_decode(ci['content'],
asn1Spec=univ.OctetString())
assert not rest
sc, rest = der_decode(indata,
asn1Spec=rfc7292.SafeContents())
assert not rest
for sb in sc:
if sb['bagId'] in rfc7292.pkcs12BagTypeMap:
bv, rest = der_decode(
sb['bagValue'],
asn1Spec=rfc7292.pkcs12BagTypeMap[sb['bagId']])
assert not rest
for bagattr in sb['bagAttributes']:
if bagattr['attrType'] in openTypesMap:
inav, rest = der_decode(
bagattr['attrValues'][0],
asn1Spec=openTypesMap[
bagattr['attrType']])
assert not rest
if bagattr[
'attrType'] == rfc2985.pkcs_9_at_friendlyName:
assert inav == "3f71af65-1687-444a-9f46-c8be194c3e8e"
if bagattr[
'attrType'] == rfc2985.pkcs_9_at_localKeyId:
assert inav == univ.OctetString(
hexValue='01000000')
if attr['type'] == rfc2985.pkcs_9_at_pkcs7PDU:
ci, rest = der_decode(attr['values'][0],
asn1Spec=rfc5652.ContentInfo())
assert not rest
assert ci['contentType'] == rfc5652.id_signedData
sd, rest = der_decode(ci['content'],
asn1Spec=rfc5652.SignedData())
assert not rest
assert sd['version'] == 1
for si in sd['signerInfos']:
assert si['version'] == 1
for siattr in si['signedAttrs']:
if siattr['attrType'] in openTypesMap:
siav, rest = der_decode(
siattr['attrValues'][0],
asn1Spec=openTypesMap[siattr['attrType']])
assert not rest
if siattr[
'attrType'] == rfc2985.pkcs_9_at_contentType:
assert siav == rfc5652.id_data
if siattr[
'attrType'] == rfc2985.pkcs_9_at_messageDigest:
assert siav.prettyPrint()[2:10] == 'b6e422a4'
if siattr[
'attrType'] == rfc2985.pkcs_9_at_signingTime:
assert siav['utcTime'] == '190529182319Z'
for choices in sd['certificates']:
for rdn in choices[0]['tbsCertificate']['subject'][
'rdnSequence']:
if rdn[0]['type'] in openTypesMap:
nv, rest = der_decode(
rdn[0]['value'],
asn1Spec=openTypesMap[rdn[0]['type']])
assert not rest
if rdn[0][
'type'] == rfc2985.pkcs_9_at_emailAddress:
assert nv == '*****@*****.**'
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(der_encoder(asn1Object), substrate)
openTypesMap = {
rfc2985.pkcs_9_at_smimeCapabilities: rfc2985.SMIMECapabilities(),
}
openTypesMap.update(rfc5280.certificateAttributesMap)
openTypesMap.update(rfc5652.cmsAttributesMap)
for attr in asn1Object:
self.assertIn(attr['type'], openTypesMap)
av, rest = der_decoder(attr['values'][0],
asn1Spec=openTypesMap[attr['type']])
self.assertFalse(rest)
self.assertTrue(av.prettyPrint())
self.assertEqual(attr['values'][0], der_encoder(av))
if attr['type'] == rfc2985.pkcs_9_at_userPKCS12:
self.assertEqual(univ.Integer(3), av['version'])
self.assertEqual(rfc5652.id_data,
av['authSafe']['contentType'])
outdata, rest = der_decoder(av['authSafe']['content'],
asn1Spec=univ.OctetString())
self.assertFalse(rest)
authsafe, rest = der_decoder(
outdata, asn1Spec=rfc7292.AuthenticatedSafe())
self.assertFalse(rest)
for ci in authsafe:
self.assertEqual(rfc5652.id_data, ci['contentType'])
indata, rest = der_decoder(ci['content'],
asn1Spec=univ.OctetString())
self.assertFalse(rest)
sc, rest = der_decoder(indata,
asn1Spec=rfc7292.SafeContents())
self.assertFalse(rest)
for sb in sc:
if sb['bagId'] in rfc7292.pkcs12BagTypeMap:
bv, rest = der_decoder(
sb['bagValue'],
asn1Spec=rfc7292.pkcs12BagTypeMap[sb['bagId']])
self.assertFalse(rest)
for bagattr in sb['bagAttributes']:
if bagattr['attrType'] in openTypesMap:
inav, rest = der_decoder(
bagattr['attrValues'][0],
asn1Spec=openTypesMap[
bagattr['attrType']])
self.assertFalse(rest)
if bagattr[
'attrType'] == rfc2985.pkcs_9_at_friendlyName:
self.assertEqual(
"3f71af65-1687-444a-9f46-c8be194c3e8e",
inav)
if bagattr[
'attrType'] == rfc2985.pkcs_9_at_localKeyId:
self.assertEqual(
univ.OctetString(
hexValue='01000000'), inav)
if attr['type'] == rfc2985.pkcs_9_at_pkcs7PDU:
ci, rest = der_decoder(attr['values'][0],
asn1Spec=rfc5652.ContentInfo())
self.assertFalse(rest)
self.assertEqual(rfc5652.id_signedData, ci['contentType'])
sd, rest = der_decoder(ci['content'],
asn1Spec=rfc5652.SignedData())
self.assertFalse(rest)
self.assertEqual(1, sd['version'])
for si in sd['signerInfos']:
self.assertEqual(1, si['version'])
for siattr in si['signedAttrs']:
if siattr['attrType'] in openTypesMap:
siav, rest = der_decoder(
siattr['attrValues'][0],
asn1Spec=openTypesMap[siattr['attrType']])
self.assertFalse(rest)
if siattr[
'attrType'] == rfc2985.pkcs_9_at_contentType:
self.assertEqual(rfc5652.id_data, siav)
if siattr[
'attrType'] == rfc2985.pkcs_9_at_messageDigest:
self.assertEqual('b6e422a4',
siav.prettyPrint()[2:10])
if siattr[
'attrType'] == rfc2985.pkcs_9_at_signingTime:
self.assertEqual('190529182319Z',
siav['utcTime'])
for choices in sd['certificates']:
for rdn in choices[0]['tbsCertificate']['subject'][
'rdnSequence']:
if rdn[0]['type'] in openTypesMap:
nv, rest = der_decoder(
rdn[0]['value'],
asn1Spec=openTypesMap[rdn[0]['type']])
self.assertFalse(rest)
if rdn[0][
'type'] == rfc2985.pkcs_9_at_emailAddress:
self.assertEqual('*****@*****.**', nv)
next_layer = rfc5652.id_ct_contentInfo
data = substrate
while next_layer:
if next_layer == rfc5652.id_ct_contentInfo:
layer, rest = decoder.decode(data, asn1Spec=rfc5652.ContentInfo())
assert encoder.encode(layer) == data, 'wrapper recode fails'
assert not rest
print(" * New layer (wrapper):")
print(layer.prettyPrint())
next_layer = layer['contentType']
data = layer['content']
elif next_layer == rfc5652.id_signedData:
layer, rest = decoder.decode(data, asn1Spec=rfc5652.SignedData())
assert encoder.encode(layer) == data, 'wrapper recode fails'
assert not rest
print(" * New layer (wrapper):")
print(layer.prettyPrint())
next_layer = layer['encapContentInfo']['eContentType']
data = layer['encapContentInfo']['eContent']
elif next_layer == rfc6402.id_cct_PKIData:
layer, rest = decoder.decode(data, asn1Spec=rfc6402.PKIData())
assert encoder.encode(layer) == data, 'pkidata recode fails'
assert not rest
print(" * New layer (pkidata):")
