diff options
author | Russ Housley <housley@vigilsec.com> | 2019-07-17 02:11:39 -0400 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2019-07-17 08:11:39 +0200 |
commit | 06f5be85d5229cffeb24f9ae622df665d7ae506b (patch) | |
tree | 0d84dc3e62e1bb65c6ccf82c3f75ce7b79f61f1f | |
parent | e391feaffc72dd8ba3f9d5ec3d7bb93ce425fc9b (diff) | |
download | pyasn1-modules-06f5be85d5229cffeb24f9ae622df665d7ae506b.tar.gz |
Add support for opentype for RFC 2986 (#52)
-rw-r--r-- | CHANGES.txt | 2 | ||||
-rw-r--r-- | pyasn1_modules/rfc2986.py | 86 | ||||
-rw-r--r-- | tests/test_rfc2986.py | 34 |
3 files changed, 38 insertions, 84 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 5123695..8141fa3 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -28,6 +28,8 @@ Revision 0.2.6, released XX-07-2019 S/MIME - Added openType support for CMS Content Types and CMS Attributes in the RFC5652 module +- Added openType support to RFC 2986 by importing definitions from + the RFC 5280 module so that the same maps are used. Revision 0.2.5, released 24-04-2019 ----------------------------------- diff --git a/pyasn1_modules/rfc2986.py b/pyasn1_modules/rfc2986.py index 18a9715..c3ccf04 100644 --- a/pyasn1_modules/rfc2986.py +++ b/pyasn1_modules/rfc2986.py @@ -3,118 +3,68 @@ # This file is part of pyasn1-modules software. # # Created by Joel Johnson with asn1ate tool. +# Modified by Russ Housley to add support for opentypes by importing +# definitions from rfc5280 so that the same maps are used. +# # Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com> # License: http://snmplabs.com/pyasn1/license.html # # PKCS #10: Certification Request Syntax Specification # # ASN.1 source from: -# http://www.ietf.org/rfc/rfc2986.txt +# https://www.rfc-editor.org/rfc/rfc2986.txt # -from pyasn1.type import constraint from pyasn1.type import namedtype -from pyasn1.type import opentype from pyasn1.type import tag from pyasn1.type import univ +from pyasn1_modules import rfc5280 + MAX = float('inf') -class AttributeType(univ.ObjectIdentifier): - pass +AttributeType = rfc5280.AttributeType +AttributeValue = rfc5280.AttributeValue -class AttributeValue(univ.Any): - pass +AttributeTypeAndValue = rfc5280.AttributeTypeAndValue +Attribute = rfc5280.Attribute -certificateAttributesMap = {} +RelativeDistinguishedName = rfc5280.RelativeDistinguishedName +RDNSequence = rfc5280.RDNSequence -class AttributeTypeAndValue(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('type', AttributeType()), - namedtype.NamedType( - 'value', AttributeValue(), - openType=opentype.OpenType('type', certificateAttributesMap) - ) - ) +Name = rfc5280.Name +AlgorithmIdentifier = rfc5280.AlgorithmIdentifier -class Attribute(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('type', AttributeType()), - namedtype.NamedType('values', - univ.SetOf(componentType=AttributeValue()), - openType=opentype.OpenType('type', certificateAttributesMap)) - ) +SubjectPublicKeyInfo = rfc5280.SubjectPublicKeyInfo class Attributes(univ.SetOf): pass - Attributes.componentType = Attribute() -class RelativeDistinguishedName(univ.SetOf): - pass - - -RelativeDistinguishedName.componentType = AttributeTypeAndValue() -RelativeDistinguishedName.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) - - -class RDNSequence(univ.SequenceOf): - pass - - -RDNSequence.componentType = RelativeDistinguishedName() - - -class Name(univ.Choice): - pass - - -Name.componentType = namedtype.NamedTypes( - namedtype.NamedType('rdnSequence', RDNSequence()) -) - - -class AlgorithmIdentifier(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('algorithm', univ.ObjectIdentifier()), - namedtype.OptionalNamedType('parameters', univ.Any()) - ) - - -class SubjectPublicKeyInfo(univ.Sequence): - pass - - -SubjectPublicKeyInfo.componentType = namedtype.NamedTypes( - namedtype.NamedType('algorithm', AlgorithmIdentifier()), - namedtype.NamedType('subjectPublicKey', univ.BitString()) -) - - class CertificationRequestInfo(univ.Sequence): pass - CertificationRequestInfo.componentType = namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer()), namedtype.NamedType('subject', Name()), namedtype.NamedType('subjectPKInfo', SubjectPublicKeyInfo()), namedtype.NamedType('attributes', - Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) + Attributes().subtype(implicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0)) + ) ) class CertificationRequest(univ.Sequence): pass - CertificationRequest.componentType = namedtype.NamedTypes( namedtype.NamedType('certificationRequestInfo', CertificationRequestInfo()), namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), diff --git a/tests/test_rfc2986.py b/tests/test_rfc2986.py index 77ba061..17d5daa 100644 --- a/tests/test_rfc2986.py +++ b/tests/test_rfc2986.py @@ -14,6 +14,7 @@ from pyasn1.type import univ from pyasn1_modules import pem from pyasn1_modules import rfc2986 +from pyasn1_modules import rfc5280 try: @@ -56,32 +57,33 @@ fi6h7i9VVAZpslaKFfkNg12gLbbsCB1q36l5VXjHY/qe0FIUa9ogRrOi assert der_encoder.encode(asn1Object) == substrate def testOpenTypes(self): + algorithmIdentifierMapUpdate = { + univ.ObjectIdentifier('1.2.840.113549.1.1.1'): univ.Null(""), + univ.ObjectIdentifier('1.2.840.113549.1.1.5'): univ.Null(""), + univ.ObjectIdentifier('1.2.840.113549.1.1.11'): univ.Null(""), + } - id_at_commonName = (2, 5, 4, 3) - id_at_countryName = (2, 5, 4, 6) - + rfc5280.algorithmIdentifierMap.update(algorithmIdentifierMapUpdate) substrate = pem.readBase64fromText(self.pem_text) - - rfc2986.certificateAttributesMap.update( - { - id_at_countryName: char.PrintableString() - } - ) - asn1Object, rest = der_decoder.decode(substrate, asn1Spec=rfc2986.CertificationRequest(), decodeOpenTypes=True) - assert not rest assert asn1Object.prettyPrint() assert der_encoder.encode(asn1Object) == substrate for rdn in asn1Object['certificationRequestInfo']['subject']['rdnSequence']: - if rdn[0]['type'] == id_at_countryName: - assert rdn[0]['value'] == char.PrintableString('US') - elif rdn[0]['type'] == id_at_commonName: - assert rdn[0]['value'] == univ.OctetString( - hexValue='0c146663752e66616b652e616464726573732e6f7267') + for atv in rdn: + if atv['type'] == rfc5280.id_at_countryName: + assert atv['value'] == char.PrintableString('US') + else: + assert len(atv['value']['utf8String']) > 2 + + spki_alg = asn1Object['certificationRequestInfo']['subjectPKInfo']['algorithm'] + assert spki_alg['parameters'] == univ.Null("") + + sig_alg = asn1Object['signatureAlgorithm'] + assert sig_alg['parameters'] == univ.Null("") suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) |