1# 2# This file is part of pyasn1-modules software. 3# 4# Created by Russ Housley 5# Copyright (c) 2019, Vigil Security, LLC 6# License: http://snmplabs.com/pyasn1/license.html 7# 8 9import sys 10 11from pyasn1.codec.der.decoder import decode as der_decode 12from pyasn1.codec.der.encoder import encode as der_encode 13 14from pyasn1.type import univ 15 16from pyasn1_modules import pem 17from pyasn1_modules import rfc5280 18from pyasn1_modules import rfc5916 19 20try: 21 import unittest2 as unittest 22except ImportError: 23 import unittest 24 25 26class DeviceCertTestCase(unittest.TestCase): 27 cert_pem_text = """\ 28MIICpzCCAiygAwIBAgIJAKWzVCgbsG5FMAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT 29AlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9n 30dXMgQ0EwHhcNMTkxMDMxMTQwMDE1WhcNMjAxMDMwMTQwMDE1WjB4MQswCQYDVQQG 31EwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xEDAOBgNVBAoTB0V4 32YW1wbGUxGjAYBgNVBAsTEURldmljZSBPcGVyYXRpb25zMRwwGgYDVQQDExNleDEy 33MzQ1LmV4YW1wbGUuY29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7Lje3glS2qYl 345x6N9TOlD4CbnzfFeJQfbDaCa3vexEiwE0apuAP+4L5fqOsYeZC970iNW+z3PdUs 35GzkKDC2cCVy8nIxQ3mWhNQDvavT3iz5OGSwa1GjSXRFbGn2x9QjNo4G6MIG3MEIG 36CWCGSAGG+EIBDQQ1FjNUaGlzIGNlcnRpZmljYXRlIGNhbm5vdCBiZSB0cnVzdGVk 37IGZvciBhbnkgcHVycG9zZS4wHQYDVR0OBBYEFPTQN1kXEM5Rd4hNvQL5HyA+o2No 38MB8GA1UdIwQYMBaAFPI12zQE2qVV8r1pA5mwYuziFQjBMAsGA1UdDwQEAwIHgDAk 39BgNVHQkEHTAbMBkGCWCGSAFlAgEFRTEMBgorBgEEAYGsYDAYMAoGCCqGSM49BAMD 40A2kAMGYCMQCt6AceOEIwXFKFHIV8+wTK/vgs7ZYSA6jhXUpzNtzZw1xh9NxVUhmx 41pogu5Q9Vp28CMQC5YVF8dShC1tk9YImRftiVl8C6pbj//1K/+MwmR6nRk/WU+hKl 42+Qsc5Goi6At471s= 43""" 44 45 def setUp(self): 46 self.asn1Spec = rfc5280.Certificate() 47 48 def testDerCodec(self): 49 substrate = pem.readBase64fromText(self.cert_pem_text) 50 asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) 51 assert not rest 52 assert asn1Object.prettyPrint() 53 assert der_encode(asn1Object) == substrate 54 55 found_dev_owner = False 56 der_dev_own_oid = der_encode(univ.ObjectIdentifier('1.3.6.1.4.1.22112.48.24')) 57 58 for extn in asn1Object['tbsCertificate']['extensions']: 59 if extn['extnID'] == rfc5280.id_ce_subjectDirectoryAttributes: 60 assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys() 61 ev, rest = der_decode(extn['extnValue'], 62 asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) 63 assert not rest 64 assert ev.prettyPrint() 65 assert der_encode(ev) == extn['extnValue'] 66 67 for attr in ev: 68 if attr['type'] == rfc5916.id_deviceOwner: 69 assert attr['values'][0] == der_dev_own_oid 70 found_dev_owner = True 71 72 assert found_dev_owner 73 74 def testOpenTypes(self): 75 substrate = pem.readBase64fromText(self.cert_pem_text) 76 asn1Object, rest = der_decode(substrate, 77 asn1Spec=self.asn1Spec, 78 decodeOpenTypes=True) 79 assert not rest 80 assert asn1Object.prettyPrint() 81 assert der_encode(asn1Object) == substrate 82 83 found_dev_owner = False 84 dev_own_oid = univ.ObjectIdentifier('1.3.6.1.4.1.22112.48.24') 85 86 for extn in asn1Object['tbsCertificate']['extensions']: 87 if extn['extnID'] == rfc5280.id_ce_subjectDirectoryAttributes: 88 assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys() 89 ev, rest = der_decode(extn['extnValue'], 90 asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']], 91 decodeOpenTypes=True) 92 assert not rest 93 assert ev.prettyPrint() 94 assert der_encode(ev) == extn['extnValue'] 95 96 for attr in ev: 97 if attr['type'] == rfc5916.id_deviceOwner: 98 assert attr['values'][0] == dev_own_oid 99 found_dev_owner = True 100 101 assert found_dev_owner 102 103 104suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) 105 106if __name__ == '__main__': 107 import sys 108 109 result = unittest.TextTestRunner(verbosity=2).run(suite) 110 sys.exit(not result.wasSuccessful()) 111