1#
2# This file is part of pyasn1-modules software.
3#
4# Created by Russ Housley
5# Copyright (c) 2019, Vigil Security, LLC
6# License: http://snmplabs.com/pyasn1/license.html
7#
8
9import sys
10
11from pyasn1.codec.der.decoder import decode as der_decode
12from pyasn1.codec.der.encoder import encode as der_encode
13
14from pyasn1_modules import pem
15from pyasn1_modules import rfc5280
16from pyasn1_modules import rfc6010
17
18try:
19    import unittest2 as unittest
20except ImportError:
21    import unittest
22
23
24class UnconstrainedCCCExtensionTestCase(unittest.TestCase):
25    unconstrained_pem_text = "MB0GCCsGAQUFBwESBBEwDzANBgsqhkiG9w0BCRABAA=="
26
27    def setUp(self):
28        self.asn1Spec = rfc5280.Extension()
29
30    def testDerCodec(self):
31        substrate = pem.readBase64fromText(self.unconstrained_pem_text)
32        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
33        assert not rest
34        assert asn1Object.prettyPrint()
35        assert der_encode(asn1Object) == substrate
36
37        assert asn1Object['extnID'] == rfc6010.id_pe_cmsContentConstraints
38        evalue, rest = der_decode(asn1Object['extnValue'],
39            asn1Spec=rfc6010.CMSContentConstraints())
40        assert not rest
41        assert evalue.prettyPrint()
42        assert der_encode(evalue) == asn1Object['extnValue']
43
44        assert evalue[0]['contentType'] == rfc6010.id_ct_anyContentType
45
46
47class ConstrainedCCCExtensionTestCase(unittest.TestCase):
48    constrained_pem_text = """\
49MIG7BggrBgEFBQcBEgSBrjCBqzA0BgsqhkiG9w0BCRABEDAlMCMGCyqGSIb3DQEJ
50EAwBMRQMElZpZ2lsIFNlY3VyaXR5IExMQzAwBgpghkgBZQIBAk4CMCIwIAYLKoZI
51hvcNAQkQDAsxEQwPa3RhLmV4YW1wbGUuY29tMDEGCyqGSIb3DQEJEAEZMCIwIAYL
52KoZIhvcNAQkQDAsxEQwPa3RhLmV4YW1wbGUuY29tMA4GCSqGSIb3DQEHAQoBAQ==
53"""
54
55    def setUp(self):
56        self.asn1Spec = rfc5280.Extension()
57
58    def testDerCodec(self):
59        substrate = pem.readBase64fromText(self.constrained_pem_text)
60        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
61        assert not rest
62        assert asn1Object.prettyPrint()
63        assert der_encode(asn1Object) == substrate
64
65        assert asn1Object['extnID'] == rfc6010.id_pe_cmsContentConstraints
66        evalue, rest = der_decode(asn1Object['extnValue'],
67            asn1Spec=rfc6010.CMSContentConstraints())
68        assert not rest
69        assert evalue.prettyPrint()
70        assert der_encode(evalue) == asn1Object['extnValue']
71
72        constraint_count = 0
73        attribute_count = 0
74        cannot_count = 0
75        for ccc in evalue:
76            constraint_count += 1
77            if ccc['canSource'] == 1:
78                cannot_count += 1
79            if ccc['attrConstraints'].hasValue():
80                for attr in ccc['attrConstraints']:
81                    attribute_count += 1
82        assert constraint_count == 4
83        assert attribute_count == 3
84        assert cannot_count == 1
85
86    def testExtensionsMap(self):
87        substrate = pem.readBase64fromText(self.constrained_pem_text)
88        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
89        assert asn1Object['extnID'] in rfc5280.certificateExtensionsMap.keys()
90
91
92suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
93
94if __name__ == '__main__':
95    unittest.TextTestRunner(verbosity=2).run(suite)
96