def testDerCodec(self):
substrate = pem.readBase64fromText(self.smime_capabilities_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
expectedCaps = [
rfc6664.rsaEncryption,
rfc6664.id_RSAES_OAEP,
rfc6664.id_RSASSA_PSS,
rfc6664.id_dsa,
rfc6664.dhpublicnumber,
rfc6664.id_ecPublicKey,
rfc6664.id_ecMQV,
]
count = 0
smimeCapabilityMap = opentypemap.get('smimeCapabilityMap')
for cap in asn1Object:
if cap['capabilityID'] in expectedCaps:
self.assertIn(cap['capabilityID'], smimeCapabilityMap)
cap_p, rest = der_decoder(
cap['parameters'],
asn1Spec=rfc5751.smimeCapabilityMap[cap['capabilityID']])
self.assertFalse(rest)
self.assertTrue(cap_p.prettyPrint())
self.assertEqual(cap['parameters'], der_encoder(cap_p))
count += 1
self.assertEqual(len(expectedCaps), count)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.cert_pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
perm_id_oid = rfc4043.id_on_permanentIdentifier
assigner_oid = univ.ObjectIdentifier('1.3.6.1.4.1.22112.48')
permanent_identifier_found = False
for extn in asn1Object['tbsCertificate']['extensions']:
if extn['extnID'] == rfc5280.id_ce_subjectAltName:
extnValue, rest = der_decoder(
extn['extnValue'],
asn1Spec=rfc5280.SubjectAltName(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(extnValue.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(extnValue))
for gn in extnValue:
if gn['otherName'].hasValue():
on = gn['otherName']
self.assertEqual(perm_id_oid, on['type-id'])
self.assertEqual(assigner_oid, on['value']['assigner'])
permanent_identifier_found = True
self.assertTrue(permanent_identifier_found)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.kea_cert_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo'][
'algorithm']
self.assertEqual(rfc3279.id_keyExchangeAlgorithm, spki_a['algorithm'])
spki_a_p, rest = der_decoder(spki_a['parameters'],
asn1Spec=rfc3279.KEA_Parms_Id())
self.assertFalse(rest)
self.assertTrue(spki_a_p.prettyPrint())
self.assertEqual(spki_a['parameters'], der_encoder(spki_a_p))
self.assertEqual(univ.OctetString(hexValue='5cf8f127e6569d6d88b3'),
spki_a_p)
self.assertEqual(
rfc3279.id_dsa_with_sha1,
asn1Object['tbsCertificate']['signature']['algorithm'])
self.assertEqual(rfc3279.id_dsa_with_sha1,
asn1Object['signatureAlgorithm']['algorithm'])
sig_value, rest = der_decoder(asn1Object['signature'].asOctets(),
asn1Spec=rfc3279.Dss_Sig_Value())
self.assertFalse(rest)
self.assertTrue(sig_value.prettyPrint())
self.assertEqual(asn1Object['signature'].asOctets(),
der_encoder(sig_value))
self.assertTrue(sig_value['r'].hasValue())
self.assertTrue(sig_value['s'].hasValue())
def testDerCodec(self):
substrate = pem.readBase64fromText(self.smime_capabilities_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
for cap in asn1Object:
self.assertIn(cap['algorithm'], rfc5280.algorithmIdentifierMap)
if cap['parameters'].hasValue():
p, rest = der_decoder(
cap['parameters'],
asn1Spec=rfc5280.algorithmIdentifierMap[cap['algorithm']])
self.assertFalse(rest)
if not p == univ.Null(""):
self.assertTrue(p.prettyPrint())
self.assertEqual(cap['parameters'], der_encoder(p))
if cap['algorithm'] == rfc8017.id_RSAES_OAEP:
self.assertEqual(
rfc8017.id_sha384, p['hashFunc']['algorithm'])
self.assertEqual(
rfc8017.id_mgf1, p['maskGenFunc']['algorithm'])
def testOpenTypes(self):
asn1Spec = rfc5652.ContentInfo()
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=asn1Spec,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
substrate = asn1Object['content']['encapContentInfo']['eContent']
oid = asn1Object['content']['encapContentInfo']['eContentType']
cmsContentTypesMap = opentypemap.get('cmsContentTypesMap')
self.assertIn(oid, cmsContentTypesMap)
tac_token, rest = der_decoder(substrate,
asn1Spec=cmsContentTypesMap[oid],
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(tac_token.prettyPrint())
self.assertEqual(substrate, der_encoder(tac_token))
self.assertEqual('2019', tac_token['timeout'][:4])
self.assertEqual('5dcdf44e', tac_token['userKey'].prettyPrint()[-8:])
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
self.assertIn(rfc3820.id_pe_proxyCertInfo, certificateExtensionsMap)
found_ppl = False
for extn in asn1Object['tbsCertificate']['extensions']:
if extn['extnID'] == rfc3820.id_pe_proxyCertInfo:
pci, rest = der_decoder(extn['extnValue'],
asn1Spec=certificateExtensionsMap[
rfc3820.id_pe_proxyCertInfo])
self.assertFalse(rest)
self.assertTrue(pci.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(pci))
self.assertEqual(rfc3820.id_ppl_inheritAll,
pci['proxyPolicy']['policyLanguage'])
found_ppl = True
self.assertTrue(found_ppl)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc5652.id_ct_authData, asn1Object['contentType'])
ad, rest = der_decoder(asn1Object['content'],
asn1Spec=rfc5652.AuthenticatedData())
self.assertFalse(rest)
self.assertTrue(ad.prettyPrint())
self.assertEqual(asn1Object['content'], der_encoder(ad))
self.assertEqual(0, ad['version'])
self.assertEqual(rfc6210.id_alg_MD5_XOR_EXPERIMENT,
ad['digestAlgorithm']['algorithm'])
algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap')
mac_alg_p, rest = der_decoder(ad['digestAlgorithm']['parameters'],
asn1Spec=algorithmIdentifierMap[
ad['digestAlgorithm']['algorithm']])
self.assertFalse(rest)
self.assertTrue(mac_alg_p.prettyPrint())
self.assertEqual(ad['digestAlgorithm']['parameters'],
der_encoder(mac_alg_p))
self.assertEqual("0x01020304", mac_alg_p.prettyPrint()[:10])
def testOpenTypes(self):
ocspResponseMap = opentypemap.get('ocspResponseMap')
substrate = pem.readBase64fromText(self.ocsp_resp_pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(0, asn1Object['responseStatus'])
rb = asn1Object['responseBytes']
self.assertIn(rb['responseType'], ocspResponseMap)
resp, rest = der_decoder(rb['response'],
asn1Spec=ocspResponseMap[rb['responseType']],
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(resp.prettyPrint())
self.assertEqual(rb['response'], der_encoder(resp))
self.assertEqual(0, resp['tbsResponseData']['version'])
for rdn in resp['tbsResponseData']['responderID']['byName'][
'rdnSequence']:
for attr in rdn:
if attr['type'] == rfc5280.id_emailAddress:
self.assertEqual('*****@*****.**', attr['value'])
for r in resp['tbsResponseData']['responses']:
ha = r['certID']['hashAlgorithm']
self.assertEqual(rfc4055.id_sha1, ha['algorithm'])
self.assertEqual(univ.Null(""), ha['parameters'])
def testDerCodec(self):
substrate = pem.readBase64fromText(self.signed_message_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
sd, rest = der_decoder(asn1Object['content'],
asn1Spec=rfc5652.SignedData())
self.assertFalse(rest)
self.assertTrue(sd.prettyPrint())
self.assertEqual(asn1Object['content'], der_encoder(sd))
for sa in sd['signerInfos'][0]['signedAttrs']:
sat = sa['attrType']
sav0 = sa['attrValues'][0]
if sat in rfc6211.id_aa_cmsAlgorithmProtect:
sav, rest = der_decoder(
sav0, asn1Spec=rfc6211.CMSAlgorithmProtection())
self.assertFalse(rest)
self.assertTrue(sav.prettyPrint())
self.assertEqual(sav0, der_encoder(sav))
def testDerCodec(self):
# The id_ce_criticalPoison is not automatically added to the map.
# Normally certificates that contiain it are rejected.
certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
self.assertNotIn(rfc6962.id_ce_criticalPoison, certificateExtensionsMap)
extn_map = { rfc6962.id_ce_criticalPoison: univ.Null(""), }
extn_map.update(certificateExtensionsMap)
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
extn_list = []
for extn in asn1Object['tbsCertificate']['extensions']:
extn_list.append(extn['extnID'])
ev, rest = der_decoder(extn['extnValue'],
asn1Spec=extn_map[extn['extnID']])
self.assertFalse(rest)
if not ev == univ.Null(""):
self.assertTrue(ev.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(ev))
self.assertIn(rfc6962.id_ce_criticalPoison, extn_list)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(1, asn1Object['acinfo']['version'])
attributeMap = {
rfc3281.id_at_role: rfc3281.RoleSyntax(),
rfc3281.id_aca_authenticationInfo: rfc3281.SvceAuthInfo(),
rfc3281.id_aca_accessIdentity: rfc3281.SvceAuthInfo(),
rfc3281.id_aca_chargingIdentity: rfc3281.IetfAttrSyntax(),
rfc3281.id_aca_group: rfc3281.IetfAttrSyntax(),
}
count = 0
for attr in asn1Object['acinfo']['attributes']:
self.assertIn(attr['type'], attributeMap)
av, rest = der_decoder(attr['values'][0],
asn1Spec=attributeMap[attr['type']])
self.assertFalse(rest)
self.assertTrue(av.prettyPrint())
self.assertEqual(attr['values'][0], der_encoder(av))
count += 1
self.assertEqual(5, count)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.cert_pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
clearance_sponsor_found = False
for extn in asn1Object['tbsCertificate']['extensions']:
if extn['extnID'] == rfc5280.id_ce_subjectDirectoryAttributes:
self.assertIn(extn['extnID'], rfc5280.certificateExtensionsMap)
ev, rest = der_decoder(
extn['extnValue'],
asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']],
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(ev.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(ev))
for attr in ev:
if attr['type'] == rfc5917.id_clearanceSponsor:
hrd = u'Human Resources Department'
self.assertEqual(hrd, attr['values'][0]['utf8String'])
clearance_sponsor_found = True
self.assertTrue(clearance_sponsor_found)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
extn_list = []
for extn in asn1Object['tbsCertificate']['extensions']:
extn_list.append(extn['extnID'])
if extn['extnID'] == rfc3709.id_pe_logotype:
s = extn['extnValue']
logotype, rest = der_decoder(s, rfc3709.LogotypeExtn())
self.assertFalse(rest)
self.assertTrue(logotype.prettyPrint())
self.assertEqual(s, der_encoder(logotype))
ids = logotype['subjectLogo']['direct']['image'][0][
'imageDetails']
self.assertEqual("image/png", ids['mediaType'])
expected = "http://www.vigilsec.com/vigilsec_logo.png"
self.assertEqual(expected, ids['logotypeURI'][0])
self.assertIn(rfc3709.id_pe_logotype, extn_list)
def testOtherRecipientInfoMap(self):
substrate = pem.readBase64fromText(self.key_trans_psk_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(
rfc5083.id_ct_authEnvelopedData, asn1Object['contentType'])
aed, rest = der_decoder(
asn1Object['content'],
asn1Spec=rfc5083.AuthEnvelopedData())
self.assertFalse(rest)
self.assertTrue(aed.prettyPrint())
self.assertEqual(asn1Object['content'], der_encoder(aed))
self.assertEqual(0, aed['version'])
ri = aed['recipientInfos'][0]
self.assertIn(ri['ori']['oriType'], rfc5652.otherRecipientInfoMap)
ori, rest = der_decoder(
ri['ori']['oriValue'],
asn1Spec=rfc5652.otherRecipientInfoMap[ri['ori']['oriType']])
self.assertFalse(rest)
self.assertTrue(ori.prettyPrint())
self.assertEqual(ri['ori']['oriValue'], der_encoder(ori))
def testDerCodec(self):
layers = {}
layers.update(opentypemap.get('cmsContentTypesMap'))
self.assertIn(rfc5544.id_ct_timestampedData, layers)
getNextLayer = {
rfc5652.id_ct_contentInfo: lambda x: x['contentType'],
}
getNextSubstrate = {
rfc5652.id_ct_contentInfo: lambda x: x['content'],
}
substrate = pem.readBase64fromText(self.pem_text)
layer = rfc5652.id_ct_contentInfo
while layer in getNextLayer:
asn1Object, rest = der_decoder(substrate, asn1Spec=layers[layer])
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
substrate = getNextSubstrate[layer](asn1Object)
layer = getNextLayer[layer](asn1Object)
asn1Object, rest = der_decoder(substrate, asn1Spec=layers[layer])
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertIn(b'come here', asn1Object['content'])
def testDerCodec(self):
ocspResponseMap = opentypemap.get('ocspResponseMap')
certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
substrate = pem.readBase64fromText(self.ocsp_resp_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(0, asn1Object['responseStatus'])
rb = asn1Object['responseBytes']
self.assertIn(rb['responseType'], ocspResponseMap)
resp, rest = der_decoder(rb['response'],
asn1Spec=ocspResponseMap[rb['responseType']])
self.assertFalse(rest)
self.assertTrue(resp.prettyPrint())
self.assertEqual(rb['response'], der_encoder(resp))
self.assertEqual(0, resp['tbsResponseData']['version'])
count = 0
for extn in resp['tbsResponseData']['responseExtensions']:
self.assertIn(extn['extnID'], certificateExtensionsMap)
ev, rest = der_decoder(
extn['extnValue'],
asn1Spec=certificateExtensionsMap[extn['extnID']])
self.assertFalse(rest)
self.assertTrue(ev.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(ev))
count += 1
self.assertEqual(1, count)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.cert_pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
cat_value_found = False
for extn in asn1Object['tbsCertificate']['extensions']:
if extn['extnID'] == rfc5913.id_pe_clearanceConstraints:
self.assertIn(extn['extnID'], rfc5280.certificateExtensionsMap)
ev, rest = der_decoder(
extn['extnValue'],
asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']],
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(ev.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(ev))
for c in ev:
if c['policyId'] == rfc3114.id_tsp_TEST_Whirlpool:
for sc in c['securityCategories']:
self.assertIn(sc['type'],
rfc5755.securityCategoryMap)
for cat in sc['value']:
self.assertIn('USE ONLY', cat)
cat_value_found = True
self.assertTrue(cat_value_found)
def testDerCodec(self):
access_methods = [
rfc6487.id_ad_rpkiManifest,
rfc6487.id_ad_signedObject,
]
substrate = pem.readBase64fromText(self.rpki_cert_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
count = 0
for extn in asn1Object['tbsCertificate']['extensions']:
if extn['extnID'] == rfc5280.id_pe_subjectInfoAccess:
extnValue, rest = der_decoder(
extn['extnValue'],
asn1Spec=rfc5280.SubjectInfoAccessSyntax())
for ad in extnValue:
if ad['accessMethod'] in access_methods:
uri = ad['accessLocation']['uniformResourceIdentifier']
self.assertIn('rpki.apnic.net', uri)
count += 1
self.assertEqual(1, count)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.keytrans_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType'])
ed, rest = der_decoder(
asn1Object['content'], asn1Spec=rfc5652.EnvelopedData())
self.assertFalse(rest)
self.assertTrue(ed.prettyPrint())
self.assertEqual(asn1Object['content'], der_encoder(ed))
ri = ed['recipientInfos'][0]
alg1 = ri['ktri']['keyEncryptionAlgorithm']
self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm'])
param1, rest = der_decoder(
alg1['parameters'], asn1Spec=rfc4357.GostR3410_2001_PublicKeyParameters())
self.assertFalse(rest)
self.assertTrue(param1.prettyPrint())
self.assertEqual(alg1['parameters'], der_encoder(param1))
self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet'])
self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet'])
alg2 = ed['encryptedContentInfo']['contentEncryptionAlgorithm']
self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm'])
param2, rest = der_decoder(
alg2['parameters'], asn1Spec=rfc4357.Gost28147_89_Parameters())
self.assertFalse(rest)
self.assertTrue(param2.prettyPrint())
self.assertEqual(alg2['parameters'], der_encoder(param2))
self.assertEqual(8, len(param2['iv']))
self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet'])
def testDerCodec(self):
substrate = pem.readBase64fromText(self.constrained_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc6010.id_pe_cmsContentConstraints,
asn1Object['extnID'])
evalue, rest = der_decoder(asn1Object['extnValue'],
asn1Spec=rfc6010.CMSContentConstraints())
self.assertFalse(rest)
self.assertTrue(evalue.prettyPrint())
self.assertEqual(asn1Object['extnValue'], der_encoder(evalue))
constraint_count = 0
attribute_count = 0
cannot_count = 0
for ccc in evalue:
constraint_count += 1
if ccc['canSource'] == 1:
cannot_count += 1
if ccc['attrConstraints'].hasValue():
for attr in ccc['attrConstraints']:
attribute_count += 1
self.assertEqual(4, constraint_count)
self.assertEqual(3, attribute_count)
self.assertEqual(1, cannot_count)
def testDerCodec(self):
layers = { }
layers.update(rfc5652.cmsContentTypesMap)
getNextLayer = {
rfc5652.id_ct_contentInfo: lambda x: x['contentType'],
}
getNextSubstrate = {
rfc5652.id_ct_contentInfo: lambda x: x['content'],
}
substrate = pem.readBase64fromText(self.cvrequest_pem_text)
layer = rfc5652.id_ct_contentInfo
while layer in getNextLayer:
asn1Object, rest = der_decoder(substrate, asn1Spec=layers[layer])
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
substrate = getNextSubstrate[layer](asn1Object)
layer = getNextLayer[layer](asn1Object)
asn1Object, rest = der_decoder(substrate, asn1Spec=layers[layer])
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertIn(rfc5276.id_swb_ers_all, asn1Object['query']['wantBack'])
def testDerCodec(self):
substrate = pem.readBase64fromText(self.dsa_cert_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo'][
'algorithm']
self.assertEqual(rfc3279.id_dsa, spki_a['algorithm'])
spki_a_p, rest = der_decoder(spki_a['parameters'],
asn1Spec=rfc3279.Dss_Parms())
self.assertFalse(rest)
self.assertTrue(spki_a_p.prettyPrint())
self.assertEqual(spki_a['parameters'], der_encoder(spki_a_p))
q_value = 1260916123897116834511257683105158021801897369967
self.assertEqual(q_value, spki_a_p['q'])
sig_value, rest = der_decoder(asn1Object['signature'].asOctets(),
asn1Spec=rfc3279.Dss_Sig_Value())
self.assertFalse(rest)
self.assertTrue(sig_value.prettyPrint())
self.assertEqual(asn1Object['signature'].asOctets(),
der_encoder(sig_value))
self.assertTrue(sig_value['r'].hasValue())
self.assertTrue(sig_value['s'].hasValue())
def testDerCodec(self):
kw_oid_list = (
rfc4490.id_Gost28147_89_None_KeyWrap,
rfc4490.id_Gost28147_89_CryptoPro_KeyWrap,
)
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
count = 0
for algid in asn1Object:
if algid['capabilityID'] in kw_oid_list:
kw_param, rest = der_decoder(
algid['parameters'],
asn1Spec=rfc4357.Gost28147_89_Parameters())
self.assertFalse(rest)
self.assertTrue(kw_param.prettyPrint())
self.assertEqual(algid['parameters'], der_encoder(kw_param))
self.assertEqual(rfc7836.id_tc26_gost_28147_param_Z,
kw_param['encryptionParamSet'])
count += 1
self.assertEqual(4, count)
def testDerCodec(self):
substrate = pem.readBase64fromText(self.rsa_cert_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo'][
'algorithm']
self.assertEqual(rfc3279.rsaEncryption, spki_a['algorithm'])
spki_pk = asn1Object['tbsCertificate']['subjectPublicKeyInfo'][
'subjectPublicKey'].asOctets()
pk, rest = der_decoder(spki_pk, asn1Spec=rfc3279.RSAPublicKey())
self.assertFalse(rest)
self.assertTrue(pk.prettyPrint())
self.assertEqual(spki_pk, der_encoder(pk))
self.assertEqual(65537, pk['publicExponent'])
self.assertEqual(
rfc3279.sha1WithRSAEncryption,
asn1Object['tbsCertificate']['signature']['algorithm'])
self.assertEqual(rfc3279.sha1WithRSAEncryption,
asn1Object['signatureAlgorithm']['algorithm'])
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(1, asn1Object['acinfo']['version'])
count = 0
for attr in asn1Object['acinfo']['attributes']:
self.assertIn(attr['type'], rfc5280.certificateAttributesMap)
av, rest = der_decoder(
attr['values'][0],
asn1Spec=rfc5280.certificateAttributesMap[attr['type']])
self.assertFalse(rest)
self.assertTrue(av.prettyPrint())
self.assertEqual(attr['values'][0], der_encoder(av))
count += 1
self.assertEqual(5, count)
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.cert_pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
nai_realm_oid = rfc7585.id_on_naiRealm
nai_realm_found = False
for extn in asn1Object['tbsCertificate']['extensions']:
if extn['extnID'] == rfc5280.id_ce_subjectAltName:
extnValue, rest = der_decoder(
extn['extnValue'],
asn1Spec=rfc5280.SubjectAltName(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(extnValue.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(extnValue))
for gn in extnValue:
if gn['otherName'].hasValue():
self.assertEqual(nai_realm_oid,
gn['otherName']['type-id'])
self.assertIn('example', gn['otherName']['value'])
nai_realm_found = True
self.assertTrue(nai_realm_found)
def scts_from_cert(cert_der):
'''Return list of SCTs of the SCTList SAN extension of the certificate.
Args:
cert_der(bytes): DER encoded ASN.1 Certificate
Return:
[<ctutlz.rfc6962.SignedCertificateTimestamp>, ...]
'''
cert, _ = der_decoder(
cert_der, asn1Spec=pyasn1_modules.rfc5280.Certificate())
sctlist_oid = ObjectIdentifier(value='1.3.6.1.4.1.11129.2.4.2')
exts = []
if 'extensions' in cert['tbsCertificate'].keys():
exts = [extension
for extension
in cert['tbsCertificate']['extensions']
if extension['extnID'] == sctlist_oid]
if len(exts) != 0:
extension_sctlist = exts[0]
os_inner_der = extension_sctlist['extnValue'] # type: OctetString()
os_inner, _ = der_decoder(os_inner_der, OctetString())
sctlist_hex = os_inner.prettyPrint().split('0x')[-1]
sctlist_der = binascii.unhexlify(sctlist_hex)
sctlist = SignedCertificateTimestampList(sctlist_der)
return [SignedCertificateTimestamp(entry.sct_der)
for entry
in sctlist.sct_list]
return []
def testDerCodec(self):
substrate = pem.readBase64fromText(self.env_data_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType'])
ed, rest = der_decoder(asn1Object['content'],
asn1Spec=rfc5652.EnvelopedData())
self.assertFalse(rest)
self.assertTrue(ed.prettyPrint())
self.assertEqual(asn1Object['content'], der_encoder(ed))
kwa = ed['recipientInfos'][0]['kekri']['keyEncryptionAlgorithm']
self.assertEqual(rfc3058.id_alg_CMSIDEAwrap, kwa['algorithm'])
self.assertEqual(kwa['parameters'], der_encoder(univ.Null("")))
cea = ed['encryptedContentInfo']['contentEncryptionAlgorithm']
self.assertEqual(rfc3058.id_IDEA_CBC, cea['algorithm'])
param, rest = der_decoder(cea['parameters'],
asn1Spec=rfc3058.IDEA_CBCPar())
self.assertFalse(rest)
self.assertTrue(param.prettyPrint())
self.assertEqual(cea['parameters'], der_encoder(param))
iv = univ.OctetString(hexValue='424f4755535f4956')
self.assertEqual(iv, param['iv'])
def scts_from_ocsp_resp(ocsp_resp_der):
'''Return list of SCTs of the OCSP status response.
Args:
ocsp_resp_der(bytes): DER encoded OCSP status response
Return:
[<ctutlz.rfc6962.SignedCertificateTimestamp>, ...]
'''
if ocsp_resp_der:
ocsp_resp, _ = der_decoder(
ocsp_resp_der, asn1Spec=pyasn1_modules.rfc2560.OCSPResponse())
response_bytes = ocsp_resp.getComponentByName('responseBytes')
if response_bytes is not None:
# os: octet string
response_os = response_bytes.getComponentByName('response')
der_decoder.defaultErrorState = ber.decoder.stDumpRawValue
response, _ = der_decoder(response_os, Sequence())
sctlist_os_hex = sctlist_hex_from_ocsp_pretty_print(
response.prettyPrint())
if sctlist_os_hex:
sctlist_os_der = binascii.unhexlify(sctlist_os_hex)
sctlist_os, _ = der_decoder(sctlist_os_der, OctetString())
sctlist_hex = sctlist_os.prettyPrint().split('0x')[-1]
sctlist_der = binascii.unhexlify(sctlist_hex)
sctlist = SignedCertificateTimestampList(sctlist_der)
return [SignedCertificateTimestamp(entry.sct_der)
for entry
in sctlist.sct_list]
return []
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.xmpp_server_cert_pem_text)
asn1Object, rest = der_decoder(substrate,
asn1Spec=self.asn1Spec,
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
count = 0
for extn in asn1Object['tbsCertificate']['extensions']:
if extn['extnID'] == rfc5280.id_ce_subjectAltName:
extnValue, rest = der_decoder(
extn['extnValue'],
asn1Spec=rfc5280.SubjectAltName(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(extnValue.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(extnValue))
for gn in extnValue:
if gn['otherName'].hasValue():
if gn['otherName']['type-id'] == rfc4985.id_on_dnsSRV:
self.assertIn('im.example.com',
gn['otherName']['value'])
count += 1
self.assertEqual(2, count)
def getpeercert(self, binary_form=False):
"""
:return: The remote peer certificate in a tuple
"""
x509 = self.ssl_conn.get_peer_certificate()
if not x509:
raise ssl.SSLError("No peer certificate")
if binary_form:
return OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, x509)
dns_name = []
general_names = SubjectAltName()
for i in range(x509.get_extension_count()):
ext = x509.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != "subjectAltName":
continue
ext_dat = ext.get_data()
decoded_dat = der_decoder(ext_dat, asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != "dNSName":
continue
dns_name.append(("DNS", str(component.getComponent())))
return {"subject": ((("commonName", x509.get_subject().CN),),), "subjectAltName": dns_name}