diff options
author | Russ Housley <housley@vigilsec.com> | 2019-10-12 02:04:45 -0400 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2019-10-12 08:04:45 +0200 |
commit | a9ba285df7e5973a28b23d48bbb597980ca9ad94 (patch) | |
tree | 010e8ca394ecde137b91af6e92059e228803f9f1 | |
parent | 71123fb26b001938f339903a4fe62cbe2c8315ef (diff) | |
download | pyasn1-modules-a9ba285df7e5973a28b23d48bbb597980ca9ad94.tar.gz |
Add support for RFC 7633 (#79)
-rw-r--r-- | CHANGES.txt | 2 | ||||
-rw-r--r-- | pyasn1_modules/rfc7633.py | 38 | ||||
-rw-r--r-- | tests/__main__.py | 1 | ||||
-rw-r--r-- | tests/test_rfc7633.py | 82 |
4 files changed, 122 insertions, 1 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index ad46d7c..1b4c178 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -2,7 +2,7 @@ Revision 0.2.8, released XX-XX-2019 ----------------------------------- -No changes yet +- Added RFC7633 providing TLS Features Certificate Extension Revision 0.2.7, released 09-10-2019 ----------------------------------- diff --git a/pyasn1_modules/rfc7633.py b/pyasn1_modules/rfc7633.py new file mode 100644 index 0000000..f518440 --- /dev/null +++ b/pyasn1_modules/rfc7633.py @@ -0,0 +1,38 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley with some assistance from asn1ate v.0.6.0. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# Transport Layer Security (TLS) Feature Certificate Extension +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc7633.txt +# + +from pyasn1.type import univ + +from pyasn1_modules import rfc5280 + + +# TLS Features Extension + +id_pe = univ.ObjectIdentifier('1.3.6.1.5.5.7.1') + +id_pe_tlsfeature = id_pe + (24, ) + + +class Features(univ.SequenceOf): + componentType = univ.Integer() + + +# Map of Certificate Extension OIDs to Extensions added to the +# ones that are in rfc5280.py + +_certificateExtensionsMapUpdate = { + id_pe_tlsfeature: Features(), +} + +rfc5280.certificateExtensionsMap.update(_certificateExtensionsMapUpdate) diff --git a/tests/__main__.py b/tests/__main__.py index f828272..4e9bee7 100644 --- a/tests/__main__.py +++ b/tests/__main__.py @@ -58,6 +58,7 @@ suite = unittest.TestLoader().loadTestsFromNames( 'tests.test_rfc7191.suite', 'tests.test_rfc7292.suite', 'tests.test_rfc7296.suite', + 'tests.test_rfc7633.suite', 'tests.test_rfc7773.suite', 'tests.test_rfc7894.suite', 'tests.test_rfc7906.suite', diff --git a/tests/test_rfc7633.py b/tests/test_rfc7633.py new file mode 100644 index 0000000..aca90c2 --- /dev/null +++ b/tests/test_rfc7633.py @@ -0,0 +1,82 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# + +import sys + +from pyasn1.codec.der.decoder import decode as der_decode +from pyasn1.codec.der.encoder import encode as der_encode + +from pyasn1_modules import pem +from pyasn1_modules import rfc5280 +from pyasn1_modules import rfc7633 + +try: + import unittest2 as unittest + +except ImportError: + import unittest + + +class TLSFeaturesExtnTestCase(unittest.TestCase): + pem_text = """\ +MIIEbTCCBBOgAwIBAgIRAO5f2N8q74GBATjTMXQCjlgwCgYIKoZIzj0EAwIwgZYx +CzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNV +BAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYDVQQD +EzNDT01PRE8gRUNDIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2 +ZXIgQ0EwHhcNMTYwMTE1MDAwMDAwWhcNMTgwMTE0MjM1OTU5WjCBwjELMAkGA1UE +BhMCUlUxDzANBgNVBBETBjExNzY0NzEUMBIGA1UECBMLTW9zY293IENpdHkxDzAN +BgNVBAcTBk1vc2NvdzE4MDYGA1UECRMvQWthZGVtaWthIEthcGljeSBzdHJlZXQs +IGhvdXNlIDQsIGFwYXJ0bWVudCAxNjYxGDAWBgNVBAoTD0FuZHJleSBDaHVyYW5v +djETMBEGA1UECxMKSW5zdGFudFNTTDESMBAGA1UEAxMJYWRtc2VsLmVjMHYwEAYH +KoZIzj0CAQYFK4EEACIDYgAEwrPPzgBO1vDNmV0UVvYSBnys9B7LVkGLiIBbKYf2 +nNFRuJKo1gzNurI8pv4CbvqjkCX4Je/aSeYFHSCR9y82+zTwYQuJFt5LIL5f+Syp +xZ7aLH56bOiQ+QhCtIvWP4YWo4IB9TCCAfEwHwYDVR0jBBgwFoAUdr4iSO4/PvZG +A9mHGNBlfiKcC+EwHQYDVR0OBBYEFHTFQqV+H5a7+RVL+70Z6zqCbqq9MA4GA1Ud +DwEB/wQEAwIFgDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjBQBgNVHSAESTBHMDsGDCsGAQQBsjEBAgEDBDArMCkGCCsGAQUFBwIB +Fh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgIwWgYDVR0f +BFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPRUNDT3Jn +YW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBiwYIKwYBBQUH +AQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01P +RE9FQ0NPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQG +CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wEQYIKwYBBQUHARgE +BTADAgEFMCMGA1UdEQQcMBqCCWFkbXNlbC5lY4INd3d3LmFkbXNlbC5lYzAKBggq +hkjOPQQDAgNIADBFAiAi6TXl76FTKPP1AhqtEjU5BjAj9Ju7CSKChHZSmzxeXQIh +AOQSxhs011emVxyBIXT0ZGbmBY8LFRh6eGIOCAJbkM5T +""" + + def setUp(self): + self.asn1Spec = rfc5280.Certificate() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.pem_text) + asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + for extn in asn1Object['tbsCertificate']['extensions']: + if extn['extnID'] == rfc7633.id_pe_tlsfeature: + s = extn['extnValue'] + features, rest = der_decode(s, + rfc5280.certificateExtensionsMap[extn['extnID']]) + assert not rest + assert features.prettyPrint() + assert s == der_encode(features) + + assert len(features) == 1 + assert features[0] == 5 + + +suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) + +if __name__ == '__main__': + import sys + + result = unittest.TextTestRunner(verbosity=2).run(suite) + sys.exit(not result.wasSuccessful()) |