1#
2# This file is part of pyasn1-modules software.
3#
4# Created by Russ Housley
5# Copyright (c) 2019, Vigil Security, LLC
6# License: http://snmplabs.com/pyasn1/license.html
7#
8
9import sys
10
11from pyasn1.codec.der.decoder import decode as der_decode
12from pyasn1.codec.der.encoder import encode as der_encode
13
14from pyasn1.type import univ
15
16from pyasn1_modules import pem
17from pyasn1_modules import rfc5280
18from pyasn1_modules import rfc7585
19
20try:
21    import unittest2 as unittest
22except ImportError:
23    import unittest
24
25
26class NAIRealmCertTestCase(unittest.TestCase):
27    cert_pem_text = """\
28MIIEZzCCA0+gAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCRlIx
29DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYDVQQKDAtF
30eGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5vcmcxJjAk
31BgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE5MTExMTE4
32MDQyMVoXDTIwMDExMDE4MDQyMVowezELMAkGA1UEBhMCRlIxDzANBgNVBAgMBlJh
33ZGl1czEUMBIGA1UECgwLRXhhbXBsZSBJbmMxIzAhBgNVBAMMGkV4YW1wbGUgU2Vy
34dmVyIENlcnRpZmljYXRlMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLm9y
35ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM9HqbuyWpsTMKo739Dm
36DwmQo2HUkNdQYbvsB+e7ILsw8fWa2qnsF1CoRr/1bcZqXUR1To/QbHse7xSMZH9t
37F7rdlDMc7QtgdwVfn8TiL3hCg5LSE8iaBzfJUjrts/V5WOByP1DwJVM7W3Va/5dN
38oOiceVeC7ThghMlwIx/wN5cy78a8fPYV2FvPR6e+U2HG35zaIv2PizYcliF/QmZG
39gnw4Q9dYC1Lw/ogVBZBALlv+/MuGheb/xIuL8lu1PFZ0YbW65WLD9Cx4wvytAke7
40tKlhL/Kd4OBSeOY3OYmpxbc1gEUmFoLTlZesY2NP9Jyl5mGsIHtPdvVkh/tSBy8o
41VLUCAwEAAaOB3TCB2jAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK
42BggrBgEFBQcDATA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vd3d3LmV4YW1wbGUu
43Y29tL2V4YW1wbGVfY2EuY3JsMDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAYYb
44aHR0cDovL3d3dy5leGFtcGxlLm9yZy9vY3NwMDoGA1UdEQQzMDGCEnJhZGl1cy5l
45eGFtcGxlLm9yZ6AbBggrBgEFBQcICKAPDA0qLmV4YW1wbGUuY29tMA0GCSqGSIb3
46DQEBCwUAA4IBAQBOhtH2Jpi0b0MZ8FBKTqDl44rIHL1rHG2mW/YYmRI4jZo8kFhA
47yWm/T8ZpdaotJgRqbQbeXvTXIg4/JNFheyLG4yLOzS1esdMAYDD5EN9/dXE++jND
48/wrfPU+QtTgzAjkgFDKuqO7gr1/vSizxLYTWLKBPRHhiQo7GGlEC6/CPb38x4mfQ
495Y9DsKCp6BEZu+LByCho/HMDzcIPCdtXRX7Fs8rtX4/zRpVIdm6D+vebuo6CwRKp
50mIljfssCvZjb9YIxSVDmA/6Lapqsfsfo922kb+MTXvPrq2ynPx8LrPDrxKc8maYc
51Jiw8B0yjkokwojxyRGftMT8uxNjWQVsMDbxl
52"""
53
54    def setUp(self):
55        self.asn1Spec = rfc5280.Certificate()
56
57    def testDerCodec(self):
58        substrate = pem.readBase64fromText(self.cert_pem_text)
59        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
60        assert not rest
61        assert asn1Object.prettyPrint()
62        assert der_encode(asn1Object) == substrate
63
64        nai_realm_oid = rfc7585.id_on_naiRealm
65        nai_realm_found = False
66
67        for extn in asn1Object['tbsCertificate']['extensions']:
68            if extn['extnID'] == rfc5280.id_ce_subjectAltName:
69                extnValue, rest = der_decode(extn['extnValue'],
70                    asn1Spec=rfc5280.SubjectAltName())
71                assert not rest
72                assert extnValue.prettyPrint()
73                assert der_encode(extnValue) == extn['extnValue']
74
75                for gn in extnValue:
76                    if gn['otherName'].hasValue():
77                        assert gn['otherName']['type-id'] == nai_realm_oid
78                        onValue, rest = der_decode(gn['otherName']['value'],
79                            asn1Spec=rfc7585.NAIRealm())
80                        assert not rest
81                        assert onValue.prettyPrint()
82                        assert der_encode(onValue) == gn['otherName']['value']
83                        assert 'example' in onValue
84                        nai_realm_found = True
85
86        assert nai_realm_found
87
88    def testOpenTypes(self):
89        substrate = pem.readBase64fromText(self.cert_pem_text)
90        asn1Object, rest = der_decode(substrate,
91            asn1Spec=self.asn1Spec,
92            decodeOpenTypes=True)
93        assert not rest
94        assert asn1Object.prettyPrint()
95        assert der_encode(asn1Object) == substrate
96
97        nai_realm_oid = rfc7585.id_on_naiRealm
98        nai_realm_found = False
99
100        for extn in asn1Object['tbsCertificate']['extensions']:
101            if extn['extnID'] == rfc5280.id_ce_subjectAltName:
102                extnValue, rest = der_decode(extn['extnValue'],
103                    asn1Spec=rfc5280.SubjectAltName(),
104                    decodeOpenTypes=True)
105                assert not rest
106                assert extnValue.prettyPrint()
107                assert der_encode(extnValue) == extn['extnValue']
108
109                for gn in extnValue:
110                    if gn['otherName'].hasValue():
111                        assert gn['otherName']['type-id'] == nai_realm_oid
112                        assert 'example' in gn['otherName']['value']
113                        nai_realm_found = True
114
115        assert nai_realm_found
116
117
118suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
119
120if __name__ == '__main__':
121    import sys
122
123    result = unittest.TextTestRunner(verbosity=2).run(suite)
124    sys.exit(not result.wasSuccessful())
125