def testOpenTypes(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertEqual(rfc5652.id_signedData, asn1Object['contentType']) sd_eci = asn1Object['content']['encapContentInfo'] self.assertEqual(rfc5652.id_data, sd_eci['eContentType']) self.assertTrue(sd_eci['eContent'].hasValue()) for ri in asn1Object['content']['crls']: if ri.getName() == 'crl': v2 = rfc5280.Version(value='v2') self.assertEqual(v2, ri['crl']['tbsCertList']['version']) if ri.getName() == 'other': ori = ri['other'] ocspr_oid = rfc5940.id_ri_ocsp_response self.assertEqual(ocspr_oid, ori['otherRevInfoFormat']) ocspr_status = ori['otherRevInfo']['responseStatus'] success = rfc2560.OCSPResponseStatus(value='successful') self.assertEqual(success, ocspr_status)
def parse_ocsp_resp(ocsp_resp): ocspResponse, _ = decoder.decode(ocsp_resp, asn1Spec=rfc2560.OCSPResponse()) responseStatus = ocspResponse.getComponentByName('responseStatus') assert responseStatus == rfc2560.OCSPResponseStatus( 'successful'), responseStatus.prettyPrint() responseBytes = ocspResponse.getComponentByName('responseBytes') responseType = responseBytes.getComponentByName('responseType') assert responseType == rfc2560.id_pkix_ocsp_basic, responseType.prettyPrint( ) response = responseBytes.getComponentByName('response') basicOCSPResponse, _ = decoder.decode(response, asn1Spec=rfc2560.BasicOCSPResponse()) tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData') response0 = tbsResponseData.getComponentByName( 'responses').getComponentByPosition(0) producedAt = datetime.datetime.strptime( str(tbsResponseData.getComponentByName('producedAt')), '%Y%m%d%H%M%SZ') certID = response0.getComponentByName('certID') certStatus = response0.getComponentByName('certStatus').getName() thisUpdate = datetime.datetime.strptime( str(response0.getComponentByName('thisUpdate')), '%Y%m%d%H%M%SZ') # let's assume that certID in response matches the certID sent in the request # let's assume that response signed by trusted responder print("[+] OCSP producedAt:", producedAt) print("[+] OCSP thisUpdate:", thisUpdate) print("[+] OCSP status:", certStatus)
def testOpenTypes(self): substrate = pem.readBase64fromText(self.pem_text) rfc5652.otherRevInfoFormatMap.update( rfc5940.otherRevInfoFormatMapUpdate) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_signedData sd_eci = asn1Object['content']['encapContentInfo'] assert sd_eci['eContentType'] == rfc5652.id_data assert sd_eci['eContent'].hasValue() for ri in asn1Object['content']['crls']: if ri.getName() == 'crl': v2 = rfc5280.Version(value='v2') assert ri['crl']['tbsCertList']['version'] == v2 if ri.getName() == 'other': ori = ri['other'] ocspr_oid = rfc5940.id_ri_ocsp_response assert ori['otherRevInfoFormat'] == ocspr_oid ocspr_status = ori['otherRevInfo']['responseStatus'] success = rfc2560.OCSPResponseStatus(value='successful') assert ocspr_status == success
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_signedData sd, rest = der_decode(asn1Object['content'], asn1Spec=rfc5652.SignedData()) assert sd.prettyPrint() assert sd['encapContentInfo']['eContentType'] == rfc5652.id_data assert sd['encapContentInfo']['eContent'] v2 = rfc5280.Version(value='v2') assert sd['crls'][0]['crl']['tbsCertList']['version'] == v2 ocspr_oid = rfc5940.id_ri_ocsp_response assert sd['crls'][1]['other']['otherRevInfoFormat'] == ocspr_oid ocspr, rest = der_decode(sd['crls'][1]['other']['otherRevInfo'], asn1Spec=rfc5940.OCSPResponse()) assert ocspr.prettyPrint() success = rfc2560.OCSPResponseStatus(value='successful') assert ocspr['responseStatus'] == success
def parse_ocsp_response(ocsp_resp): # extracts from an OCSP response certID_serial, certStatus and thisUpdate ocspResponse, _ = decoder.decode(ocsp_resp, asn1Spec=rfc2560.OCSPResponse()) responseStatus = ocspResponse.getComponentByName('responseStatus') assert responseStatus == rfc2560.OCSPResponseStatus( 'successful'), responseStatus.prettyPrint() responseBytes = ocspResponse.getComponentByName('responseBytes') responseType = responseBytes.getComponentByName('responseType') assert responseType == rfc2560.id_pkix_ocsp_basic, responseType.prettyPrint( ) response = responseBytes.getComponentByName('response') basicOCSPResponse, _ = decoder.decode(response, asn1Spec=rfc2560.BasicOCSPResponse()) tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData') response0 = tbsResponseData.getComponentByName( 'responses').getComponentByPosition(0) # let's assume that the OCSP response has been signed by a trusted OCSP responder certID = response0.getComponentByName('certID') # let's assume that the issuer name and key hashes in certID are correct certID_serial = certID[3] certStatus = response0.getComponentByName('certStatus').getName() thisUpdate = datetime.datetime.strptime( str(response0.getComponentByName('thisUpdate')), '%Y%m%d%H%M%SZ') return certID_serial, certStatus, thisUpdate
def parseOcspResponse(ocspResponse): responseStatus = ocspResponse.getComponentByName('responseStatus') assert responseStatus == rfc2560.OCSPResponseStatus( 'successful'), responseStatus.prettyPrint() responseBytes = ocspResponse.getComponentByName('responseBytes') responseType = responseBytes.getComponentByName('responseType') assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint() response = responseBytes.getComponentByName('response') basicOCSPResponse, _ = decoder.decode(response, asn1Spec=rfc2560.BasicOCSPResponse()) tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData') response0 = tbsResponseData.getComponentByName( 'responses').getComponentByPosition(0) return (tbsResponseData.getComponentByName('producedAt'), response0.getComponentByName('certID'), response0.getComponentByName('certStatus').getName(), response0.getComponentByName('thisUpdate'))
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertEqual(rfc5652.id_signedData, asn1Object['contentType']) sd, rest = der_decoder(asn1Object['content'], asn1Spec=rfc5652.SignedData()) self.assertTrue(sd.prettyPrint()) self.assertEqual(rfc5652.id_data, sd['encapContentInfo']['eContentType']) self.assertTrue(sd['encapContentInfo']['eContent']) v2 = rfc5280.Version(value='v2') self.assertEqual(v2, sd['crls'][0]['crl']['tbsCertList']['version']) ocspr_oid = rfc5940.id_ri_ocsp_response self.assertEqual(ocspr_oid, sd['crls'][1]['other']['otherRevInfoFormat']) ocspr, rest = der_decoder(sd['crls'][1]['other']['otherRevInfo'], asn1Spec=rfc5940.OCSPResponse()) self.assertTrue(ocspr.prettyPrint()) success = rfc2560.OCSPResponseStatus(value='successful') self.assertEqual(success, ocspr['responseStatus'])