diff options
author | Russ Housley <housley@vigilsec.com> | 2019-11-02 04:37:20 -0400 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2019-11-02 09:37:20 +0100 |
commit | 2e6acd120f89a18945b5ae49c9710f9cc90c1bda (patch) | |
tree | 1cd2a9ec8f89207a1e99f8dbbc7c3588a5249949 | |
parent | ca9a0541d1fda5581a07f36b4fd46a0161f67f7a (diff) | |
download | pyasn1-modules-2e6acd120f89a18945b5ae49c9710f9cc90c1bda.tar.gz |
Add support for RFC 5924 (#97)
-rw-r--r-- | CHANGES.txt | 2 | ||||
-rw-r--r-- | pyasn1_modules/rfc5924.py | 19 | ||||
-rw-r--r-- | tests/__main__.py | 1 | ||||
-rw-r--r-- | tests/test_rfc5924.py | 73 |
4 files changed, 95 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 487c0b8..c898fa5 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -21,6 +21,8 @@ Revision 0.2.8, released XX-XX-2019 names in certificates - Added RFC4985 providing Subject Alternative Name for expression of service names in certificates +- Added RFC5924 providing Extended Key Usage for Session Initiation + Protocol (SIP) in X.509 certificates Revision 0.2.7, released 09-10-2019 ----------------------------------- diff --git a/pyasn1_modules/rfc5924.py b/pyasn1_modules/rfc5924.py new file mode 100644 index 0000000..4358e4f --- /dev/null +++ b/pyasn1_modules/rfc5924.py @@ -0,0 +1,19 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# Extended Key Usage (EKU) for Session Initiation Protocol (SIP) +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc5924.txt +# + +from pyasn1.type import univ + +id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3') + +id_kp_sipDomain = id_kp + (20, ) diff --git a/tests/__main__.py b/tests/__main__.py index 27e279d..2d0337c 100644 --- a/tests/__main__.py +++ b/tests/__main__.py @@ -50,6 +50,7 @@ suite = unittest.TestLoader().loadTestsFromNames( 'tests.test_rfc5751.suite', 'tests.test_rfc5914.suite', 'tests.test_rfc5915.suite', + 'tests.test_rfc5924.suite', 'tests.test_rfc5934.suite', 'tests.test_rfc5940.suite', 'tests.test_rfc5958.suite', diff --git a/tests/test_rfc5924.py b/tests/test_rfc5924.py new file mode 100644 index 0000000..ca623fa --- /dev/null +++ b/tests/test_rfc5924.py @@ -0,0 +1,73 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# + +import sys + +from pyasn1.codec.der.decoder import decode as der_decode +from pyasn1.codec.der.encoder import encode as der_encode + +from pyasn1_modules import pem +from pyasn1_modules import rfc5280 +from pyasn1_modules import rfc5924 + +try: + import unittest2 as unittest +except ImportError: + import unittest + + +class SIPDomainCertTestCase(unittest.TestCase): + cert_pem_text = """\ +MIICiTCCAg+gAwIBAgIJAKWzVCgbsG5EMAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT +AlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9n +dXMgQ0EwHhcNMTkxMDMwMjEwMDM0WhcNMjAxMDI5MjEwMDM0WjBsMQswCQYDVQQG +EwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xEDAOBgNVBAoTB0V4 +YW1wbGUxEjAQBgNVBAsTCVNJUCBQcm94eTEYMBYGA1UEAxMPc2lwLmV4YW1wbGUu +Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEcY3ckttSa6z3CfOFwZvPmZY8C9Ml +D1XOydz00+Vqifh1lydhDuulHrJaQ+QgVjG1TzlTAssD9GeABit/M98DPS/IC3wi +TsTMSyQ9/Oz4hKAw7x7lYEvufvycsZ7pJGRso4GpMIGmMEIGCWCGSAGG+EIBDQQ1 +FjNUaGlzIGNlcnRpZmljYXRlIGNhbm5vdCBiZSB0cnVzdGVkIGZvciBhbnkgcHVy +cG9zZS4wHQYDVR0OBBYEFEcJ8iFWmJOl3Hg/44UFgFWNbe7FMB8GA1UdIwQYMBaA +FPI12zQE2qVV8r1pA5mwYuziFQjBMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggr +BgEFBQcDFDAKBggqhkjOPQQDAwNoADBlAjAXEPPNyXBUj40dzy+ZOqafuM3/6Fy6 +bkgiIObcQImra96X10fe6qacanrbu4uU6d8CMQCQ+BCjCnOP4dBbNC3vB0WypxLo +UwZ6TjS0Rfr+dRvlyilVjP+hPVwbyb7ZOSZR6zk= +""" + + def setUp(self): + self.asn1Spec = rfc5280.Certificate() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.cert_pem_text) + asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + found_kp_sipDomain = False + for extn in asn1Object['tbsCertificate']['extensions']: + if extn['extnID'] == rfc5280.id_ce_extKeyUsage: + assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys() + ev, rest = der_decode(extn['extnValue'], + asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) + assert not rest + assert ev.prettyPrint() + assert der_encode(ev) == extn['extnValue'] + assert rfc5924.id_kp_sipDomain in ev + found_kp_sipDomain = True + + assert found_kp_sipDomain + + +suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) + +if __name__ == '__main__': + import sys + + result = unittest.TextTestRunner(verbosity=2).run(suite) + sys.exit(not result.wasSuccessful()) |