1#
2# This file is part of pyasn1-modules software.
3#
4# Copyright (c) 2005-2019, Ilya Etingof <[email protected]>
5# License: http://snmplabs.com/pyasn1/license.html
6#
7import sys
8
9from pyasn1.codec.der.decoder import decode as der_decode
10from pyasn1.codec.der.encoder import encode as der_encode
11
12from pyasn1.type import univ
13
14from pyasn1_modules import pem
15from pyasn1_modules import rfc5280
16
17try:
18    import unittest2 as unittest
19
20except ImportError:
21    import unittest
22
23
24class CertificateTestCase(unittest.TestCase):
25    pem_text = """\
26MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
27IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
28BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
29aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
309w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
31NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
32azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
33YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
34Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
35cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
36cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
372Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
38JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
39Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
40n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
41PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
42"""
43
44    def setUp(self):
45        self.asn1Spec = rfc5280.Certificate()
46
47    def testDerCodec(self):
48
49        substrate = pem.readBase64fromText(self.pem_text)
50
51        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
52
53        assert not rest
54        assert asn1Object.prettyPrint()
55        assert der_encode(asn1Object) == substrate
56
57
58class CertificateListTestCase(unittest.TestCase):
59    pem_text = """\
60MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTETMBEGA1UE
61CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
62MRUwEwYDVQQDEwxzbm1wbGFicy5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ac25t
63cGxhYnMuY29tFw0xMjA0MTExMzQwNTlaFw0xMjA1MTExMzQwNTlaoA4wDDAKBgNV
64HRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQC1D/wwnrcY/uFBHGc6SyoYss2kn+nY
65RTwzXmmldbNTCQ03x5vkWGGIaRJdN8QeCzbEi7gpgxgpxAx6Y5WkxkMQ1UPjNM5n
66DGVDOtR0dskFrrbHuNpWqWrDaBN0/ryZiWKjr9JRbrpkHgVY29I1gLooQ6IHuKHY
67vjnIhxTFoCb5vA==
68"""
69
70    def setUp(self):
71        self.asn1Spec = rfc5280.CertificateList()
72
73    def testDerCodec(self):
74
75        substrate = pem.readBase64fromText(self.pem_text)
76
77        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
78
79        assert not rest
80        assert asn1Object.prettyPrint()
81        assert der_encode(asn1Object) == substrate
82
83
84class CertificateOpenTypeTestCase(unittest.TestCase):
85    pem_text = """\
86MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
87IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
88BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
89aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
909w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
91NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
92azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
93YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
94Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
95cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
96cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
972Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
98JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
99Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
100n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
101PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
102"""
103
104    def setUp(self):
105        self.asn1Spec = rfc5280.Certificate()
106
107    def testDerCodec(self):
108
109        substrate = pem.readBase64fromText(self.pem_text)
110
111        openTypesMap = {
112            univ.ObjectIdentifier('1.2.840.113549.1.1.1'): univ.Null(""),
113            univ.ObjectIdentifier('1.2.840.113549.1.1.5'): univ.Null(""),
114            univ.ObjectIdentifier('1.2.840.113549.1.1.11'): univ.Null(""),
115        }
116
117        asn1Object, rest = der_decode(substrate,
118            asn1Spec=self.asn1Spec,
119            openTypes=openTypesMap,
120            decodeOpenTypes=True)
121        assert not rest
122        assert asn1Object.prettyPrint()
123        assert der_encode(asn1Object) == substrate
124
125        sig_alg = asn1Object['tbsCertificate']['signature']
126        assert sig_alg['parameters'] == univ.Null("")
127
128        spki_alg = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm']
129        assert spki_alg['parameters'] == univ.Null("")
130
131        for rdn in asn1Object['tbsCertificate']['subject']['rdnSequence']:
132            for atv in rdn:
133                if atv['type'] == rfc5280.id_emailAddress:
134                    assert "valicert.com" in atv['value']
135                else:
136                    atv_ps = str(atv['value']['printableString'])
137                    assert "valicert" in atv_ps.lower()
138
139
140class CertificateListOpenTypeTestCase(unittest.TestCase):
141    pem_text = """\
142MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTETMBEGA1UE
143CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
144MRUwEwYDVQQDEwxzbm1wbGFicy5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ac25t
145cGxhYnMuY29tFw0xMjA0MTExMzQwNTlaFw0xMjA1MTExMzQwNTlaoA4wDDAKBgNV
146HRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQC1D/wwnrcY/uFBHGc6SyoYss2kn+nY
147RTwzXmmldbNTCQ03x5vkWGGIaRJdN8QeCzbEi7gpgxgpxAx6Y5WkxkMQ1UPjNM5n
148DGVDOtR0dskFrrbHuNpWqWrDaBN0/ryZiWKjr9JRbrpkHgVY29I1gLooQ6IHuKHY
149vjnIhxTFoCb5vA==
150"""
151
152    def setUp(self):
153        self.asn1Spec = rfc5280.CertificateList()
154
155    def testDerCodec(self):
156
157        substrate = pem.readBase64fromText(self.pem_text)
158
159        openTypesMap = {
160            univ.ObjectIdentifier('1.2.840.113549.1.1.1'): univ.Null(""),
161            univ.ObjectIdentifier('1.2.840.113549.1.1.5'): univ.Null(""),
162            univ.ObjectIdentifier('1.2.840.113549.1.1.11'): univ.Null(""),
163        }
164
165        asn1Object, rest = der_decode(substrate,
166            asn1Spec=self.asn1Spec,
167            openTypes=openTypesMap,
168            decodeOpenTypes=True)
169        assert not rest
170        assert asn1Object.prettyPrint()
171        assert der_encode(asn1Object) == substrate
172
173        sig_alg = asn1Object['tbsCertList']['signature']
174        assert sig_alg['parameters'] == univ.Null("")
175
176        for rdn in asn1Object['tbsCertList']['issuer']['rdnSequence']:
177            for atv in rdn:
178                if atv['type'] == rfc5280.id_emailAddress:
179                    assert "snmplabs.com" in atv['value']
180                elif atv['type'] == rfc5280.id_at_countryName:
181                    assert atv['value'] == 'AU'
182                else:
183                    assert len(atv['value']['printableString']) > 9
184
185        crl_extn_count = 0
186        for extn in asn1Object['tbsCertList']['crlExtensions']:
187            if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
188                ev, rest = der_decode(extn['extnValue'],
189                    asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
190                assert not rest
191                assert ev.prettyPrint()
192                assert der_encode(ev) == extn['extnValue']
193                crl_extn_count += 1
194        assert crl_extn_count == 1
195
196    def testExtensionsMap(self):
197        substrate = pem.readBase64fromText(self.pem_text)
198        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
199        assert not rest
200        assert asn1Object.prettyPrint()
201        assert der_encode(asn1Object) == substrate
202
203        cert_extn_count = 0
204        for extn in asn1Object['tbsCertList']['crlExtensions']:
205            if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
206                extnValue, rest = der_decode(extn['extnValue'],
207                    asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
208                assert der_encode(extnValue) == extn['extnValue']
209                cert_extn_count += 1
210        assert cert_extn_count == 1
211
212class ORAddressOpenTypeTestCase(unittest.TestCase):
213    oraddress_pem_text = """\
214MEMwK2EEEwJHQmIKEwhHT0xEIDQwMKIHEwVVSy5BQ4MHU2FsZm9yZKYFEwNSLUQx
215FDASgAEBoQ0TC1N0ZXZlIEtpbGxl
216"""
217
218    def setUp(self):
219        self.asn1Spec = rfc5280.ORAddress()
220
221    def testDecodeOpenTypes(self):
222        substrate = pem.readBase64fromText(self.oraddress_pem_text)
223
224        asn1Object, rest = der_decode(substrate,
225            asn1Spec=self.asn1Spec,
226            decodeOpenTypes=True)
227        assert not rest
228        assert asn1Object.prettyPrint()
229        assert der_encode(asn1Object) == substrate
230
231        ea0 = asn1Object['extension-attributes'][0]
232        assert ea0['extension-attribute-type'] == rfc5280.common_name
233        assert ea0['extension-attribute-value'] == "Steve Kille"
234
235
236suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
237
238if __name__ == '__main__':
239    import sys
240
241    result = unittest.TextTestRunner(verbosity=2).run(suite)
242    sys.exit(not result.wasSuccessful())
243