Add support for opentype for RFC 2986 (#52)

author: Russ Housley <housley@vigilsec.com> 2019-07-17 02:11:39 -0400
committer: Ilya Etingof <etingof@gmail.com> 2019-07-17 08:11:39 +0200
commit: 06f5be85d5229cffeb24f9ae622df665d7ae506b (patch)
tree: 0d84dc3e62e1bb65c6ccf82c3f75ce7b79f61f1f
parent: e391feaffc72dd8ba3f9d5ec3d7bb93ce425fc9b (diff)
download: pyasn1-modules-06f5be85d5229cffeb24f9ae622df665d7ae506b.tar.gz
3 files changed, 38 insertions, 84 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 5123695..8141fa3 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -28,6 +28,8 @@ Revision 0.2.6, released XX-07-2019
   S/MIME
 - Added openType support for CMS Content Types and CMS Attributes
   in the RFC5652 module
+- Added openType support to RFC 2986 by importing definitions from
+  the RFC 5280 module so that the same maps are used.
 
 Revision 0.2.5, released 24-04-2019
 -----------------------------------
diff --git a/pyasn1_modules/rfc2986.py b/pyasn1_modules/rfc2986.py
index 18a9715..c3ccf04 100644
--- a/pyasn1_modules/rfc2986.py
+++ b/pyasn1_modules/rfc2986.py
@@ -3,118 +3,68 @@
 # This file is part of pyasn1-modules software.
 #
 # Created by Joel Johnson with asn1ate tool.
+# Modified by Russ Housley to add support for opentypes by importing
+#   definitions from rfc5280 so that the same maps are used.
+#
 # Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com>
 # License: http://snmplabs.com/pyasn1/license.html
 #
 # PKCS #10: Certification Request Syntax Specification
 #
 # ASN.1 source from:
-# http://www.ietf.org/rfc/rfc2986.txt
+# https://www.rfc-editor.org/rfc/rfc2986.txt
 #
-from pyasn1.type import constraint
 from pyasn1.type import namedtype
-from pyasn1.type import opentype
 from pyasn1.type import tag
 from pyasn1.type import univ
 
+from pyasn1_modules import rfc5280
+
 MAX = float('inf')
 
 
-class AttributeType(univ.ObjectIdentifier):
-    pass
+AttributeType = rfc5280.AttributeType
 
+AttributeValue = rfc5280.AttributeValue
 
-class AttributeValue(univ.Any):
-    pass
+AttributeTypeAndValue = rfc5280.AttributeTypeAndValue
 
+Attribute = rfc5280.Attribute
 
-certificateAttributesMap = {}
+RelativeDistinguishedName = rfc5280.RelativeDistinguishedName
 
+RDNSequence = rfc5280.RDNSequence
 
-class AttributeTypeAndValue(univ.Sequence):
-    componentType = namedtype.NamedTypes(
-        namedtype.NamedType('type', AttributeType()),
-        namedtype.NamedType(
-            'value', AttributeValue(),
-            openType=opentype.OpenType('type', certificateAttributesMap)
-        )
-    )
+Name = rfc5280.Name
 
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
 
-class Attribute(univ.Sequence):
-    componentType = namedtype.NamedTypes(
-        namedtype.NamedType('type', AttributeType()),
-        namedtype.NamedType('values',
-                            univ.SetOf(componentType=AttributeValue()),
-                            openType=opentype.OpenType('type', certificateAttributesMap))
-    )
+SubjectPublicKeyInfo = rfc5280.SubjectPublicKeyInfo
 
 
 class Attributes(univ.SetOf):
     pass
 
-
 Attributes.componentType = Attribute()
 
 
-class RelativeDistinguishedName(univ.SetOf):
-    pass
-
-
-RelativeDistinguishedName.componentType = AttributeTypeAndValue()
-RelativeDistinguishedName.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
-
-
-class RDNSequence(univ.SequenceOf):
-    pass
-
-
-RDNSequence.componentType = RelativeDistinguishedName()
-
-
-class Name(univ.Choice):
-    pass
-
-
-Name.componentType = namedtype.NamedTypes(
-    namedtype.NamedType('rdnSequence', RDNSequence())
-)
-
-
-class AlgorithmIdentifier(univ.Sequence):
-    componentType = namedtype.NamedTypes(
-        namedtype.NamedType('algorithm', univ.ObjectIdentifier()),
-        namedtype.OptionalNamedType('parameters', univ.Any())
-    )
-
-
-class SubjectPublicKeyInfo(univ.Sequence):
-    pass
-
-
-SubjectPublicKeyInfo.componentType = namedtype.NamedTypes(
-    namedtype.NamedType('algorithm', AlgorithmIdentifier()),
-    namedtype.NamedType('subjectPublicKey', univ.BitString())
-)
-
-
 class CertificationRequestInfo(univ.Sequence):
     pass
 
-
 CertificationRequestInfo.componentType = namedtype.NamedTypes(
     namedtype.NamedType('version', univ.Integer()),
     namedtype.NamedType('subject', Name()),
     namedtype.NamedType('subjectPKInfo', SubjectPublicKeyInfo()),
     namedtype.NamedType('attributes',
-                        Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+                        Attributes().subtype(implicitTag=tag.Tag(
+                            tag.tagClassContext, tag.tagFormatSimple, 0))
+    )
 )
 
 
 class CertificationRequest(univ.Sequence):
     pass
 
-
 CertificationRequest.componentType = namedtype.NamedTypes(
     namedtype.NamedType('certificationRequestInfo', CertificationRequestInfo()),
     namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
diff --git a/tests/test_rfc2986.py b/tests/test_rfc2986.py
index 77ba061..17d5daa 100644
--- a/tests/test_rfc2986.py
+++ b/tests/test_rfc2986.py
@@ -14,6 +14,7 @@ from pyasn1.type import univ
 
 from pyasn1_modules import pem
 from pyasn1_modules import rfc2986
+from pyasn1_modules import rfc5280
 
 
 try:
@@ -56,32 +57,33 @@ fi6h7i9VVAZpslaKFfkNg12gLbbsCB1q36l5VXjHY/qe0FIUa9ogRrOi
         assert der_encoder.encode(asn1Object) == substrate
 
     def testOpenTypes(self):
+        algorithmIdentifierMapUpdate = {
+            univ.ObjectIdentifier('1.2.840.113549.1.1.1'): univ.Null(""),
+            univ.ObjectIdentifier('1.2.840.113549.1.1.5'): univ.Null(""),
+           univ.ObjectIdentifier('1.2.840.113549.1.1.11'): univ.Null(""),
+        }
 
-        id_at_commonName = (2, 5, 4, 3)
-        id_at_countryName = (2, 5, 4, 6)
-
+        rfc5280.algorithmIdentifierMap.update(algorithmIdentifierMapUpdate)
         substrate = pem.readBase64fromText(self.pem_text)
-
-        rfc2986.certificateAttributesMap.update(
-            {
-                id_at_countryName: char.PrintableString()
-            }
-        )
-
         asn1Object, rest = der_decoder.decode(substrate,
             asn1Spec=rfc2986.CertificationRequest(),
             decodeOpenTypes=True)
-
         assert not rest
         assert asn1Object.prettyPrint()
         assert der_encoder.encode(asn1Object) == substrate
 
         for rdn in asn1Object['certificationRequestInfo']['subject']['rdnSequence']:
-            if rdn[0]['type'] == id_at_countryName:
-                assert rdn[0]['value'] == char.PrintableString('US')
-            elif rdn[0]['type'] == id_at_commonName:
-                assert rdn[0]['value'] == univ.OctetString(
-                    hexValue='0c146663752e66616b652e616464726573732e6f7267')
+            for atv in rdn:
+                if atv['type'] == rfc5280.id_at_countryName:
+                    assert atv['value'] == char.PrintableString('US')
+                else:
+                    assert len(atv['value']['utf8String']) > 2
+
+        spki_alg = asn1Object['certificationRequestInfo']['subjectPKInfo']['algorithm']
+        assert spki_alg['parameters'] == univ.Null("")
+
+        sig_alg = asn1Object['signatureAlgorithm']
+        assert sig_alg['parameters'] == univ.Null("")
 
 
 suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
author	Russ Housley <housley@vigilsec.com>	2019-07-17 02:11:39 -0400
committer	Ilya Etingof <etingof@gmail.com>	2019-07-17 08:11:39 +0200
commit	06f5be85d5229cffeb24f9ae622df665d7ae506b (patch)
tree	0d84dc3e62e1bb65c6ccf82c3f75ce7b79f61f1f
parent	e391feaffc72dd8ba3f9d5ec3d7bb93ce425fc9b (diff)
download	pyasn1-modules-06f5be85d5229cffeb24f9ae622df665d7ae506b.tar.gz