1#
2# This file is part of pyasn1-modules software.
3#
4# Created by Russ Housley
5# Copyright (c) 2019, Vigil Security, LLC
6# License: http://snmplabs.com/pyasn1/license.html
7#
8
9import sys
10
11from pyasn1.codec.der.decoder import decode as der_decode
12from pyasn1.codec.der.encoder import encode as der_encode
13
14from pyasn1.type import univ
15
16from pyasn1_modules import pem
17from pyasn1_modules import rfc5280
18from pyasn1_modules import rfc4043
19
20try:
21    import unittest2 as unittest
22except ImportError:
23    import unittest
24
25
26class PermIdCertTestCase(unittest.TestCase):
27    cert_pem_text = """\
28MIIDDTCCApOgAwIBAgIJAKWzVCgbsG5HMAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT
29AlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9n
30dXMgQ0EwHhcNMTkxMTEwMDA0MDIyWhcNMjAxMTA5MDA0MDIyWjBNMQswCQYDVQQG
31EwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xEDAOBgNVBAoTB0V4
32YW1wbGUxDTALBgNVBAMTBEdhaWwwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQBoktg
33/68xL+uEQaWBoHyOjw8EMLeMEng3R2H7yiEzTGoaMJgPOKvSfzB2P0paHYPL+B5y
34Gc0CK5EHRujMl9ljH+Wydpk57rKBLo1ZzpWUS6anLGIkWs1sOakcgGGr7hGjggFL
35MIIBRzAdBgNVHQ4EFgQU1pCNZuMzfEaJ9GGhH7RKy6Mvz+cwbwYDVR0jBGgwZoAU
368jXbNATapVXyvWkDmbBi7OIVCMGhQ6RBMD8xCzAJBgNVBAYTAlVTMQswCQYDVQQI
37DAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9ndXMgQ0GCCQDokdYG
38kU/O8jAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBhjBCBglghkgBhvhCAQ0E
39NRYzVGhpcyBjZXJ0aWZpY2F0ZSBjYW5ub3QgYmUgdHJ1c3RlZCBmb3IgYW55IHB1
40cnBvc2UuMFMGA1UdEQRMMEqgNgYIKwYBBQUHCAOgKjAoDBs4MjYyMDgtNDE3MDI4
41LTU0ODE5NS0yMTUyMzMGCSsGAQQBgaxgMIEQZ2FpbEBleGFtcGxlLmNvbTAKBggq
42hkjOPQQDAwNoADBlAjBT+36Y/LPaGSu+61P7kR97M8jAjtH5DtUwrWR02ChshvYJ
43x0bpZq3PJaO0WlBgFicCMQCf+67wSvjxxtjI/OAg4t8NQIJW1LcehSXizlPDc772
44/FC5OiUAxO+iFaSVMeDFsCo=
45"""
46
47    def setUp(self):
48        self.asn1Spec = rfc5280.Certificate()
49
50    def testDerCodec(self):
51        substrate = pem.readBase64fromText(self.cert_pem_text)
52        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
53        assert not rest
54        assert asn1Object.prettyPrint()
55        assert der_encode(asn1Object) == substrate
56
57        perm_id_oid = rfc4043.id_on_permanentIdentifier
58        assigner_oid = univ.ObjectIdentifier('1.3.6.1.4.1.22112.48')
59        permanent_identifier_found = False
60
61        for extn in asn1Object['tbsCertificate']['extensions']:
62            if extn['extnID'] == rfc5280.id_ce_subjectAltName:
63                extnValue, rest = der_decode(extn['extnValue'],
64                    asn1Spec=rfc5280.SubjectAltName())
65                assert not rest
66                assert extnValue.prettyPrint()
67                assert der_encode(extnValue) == extn['extnValue']
68
69                for gn in extnValue:
70                    if gn['otherName'].hasValue():
71                        assert gn['otherName']['type-id'] == perm_id_oid
72                        onValue, rest = der_decode(gn['otherName']['value'],
73                            asn1Spec=rfc4043.PermanentIdentifier())
74                        assert not rest
75                        assert onValue.prettyPrint()
76                        assert der_encode(onValue) == gn['otherName']['value']
77                        assert onValue['assigner'] == assigner_oid
78                        permanent_identifier_found = True
79
80        assert permanent_identifier_found
81
82    def testOpenTypes(self):
83        substrate = pem.readBase64fromText(self.cert_pem_text)
84        asn1Object, rest = der_decode(substrate,
85            asn1Spec=self.asn1Spec,
86            decodeOpenTypes=True)
87        assert not rest
88        assert asn1Object.prettyPrint()
89        assert der_encode(asn1Object) == substrate
90
91        perm_id_oid = rfc4043.id_on_permanentIdentifier
92        assigner_oid = univ.ObjectIdentifier('1.3.6.1.4.1.22112.48')
93        permanent_identifier_found = False
94
95        for extn in asn1Object['tbsCertificate']['extensions']:
96            if extn['extnID'] == rfc5280.id_ce_subjectAltName:
97                extnValue, rest = der_decode(extn['extnValue'],
98                    asn1Spec=rfc5280.SubjectAltName(),
99                    decodeOpenTypes=True)
100                assert not rest
101                assert extnValue.prettyPrint()
102                assert der_encode(extnValue) == extn['extnValue']
103
104                for gn in extnValue:
105                    if gn['otherName'].hasValue():
106                        on = gn['otherName']
107                        assert on['type-id'] == perm_id_oid
108                        assert on['value']['assigner'] == assigner_oid
109                        permanent_identifier_found = True
110
111        assert permanent_identifier_found
112
113
114suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
115
116if __name__ == '__main__':
117    import sys
118
119    result = unittest.TextTestRunner(verbosity=2).run(suite)
120    sys.exit(not result.wasSuccessful())
121