Add support for RFC 5924 (#97)

author: Russ Housley <housley@vigilsec.com> 2019-11-02 04:37:20 -0400
committer: Ilya Etingof <etingof@gmail.com> 2019-11-02 09:37:20 +0100
commit: 2e6acd120f89a18945b5ae49c9710f9cc90c1bda (patch)
tree: 1cd2a9ec8f89207a1e99f8dbbc7c3588a5249949
parent: ca9a0541d1fda5581a07f36b4fd46a0161f67f7a (diff)
download: pyasn1-modules-2e6acd120f89a18945b5ae49c9710f9cc90c1bda.tar.gz
4 files changed, 95 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 487c0b8..c898fa5 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -21,6 +21,8 @@ Revision 0.2.8, released XX-XX-2019
   names in certificates
 - Added RFC4985 providing Subject Alternative Name for expression of
   service names in certificates
+- Added RFC5924 providing Extended Key Usage for Session Initiation
+  Protocol (SIP) in X.509 certificates
 
 Revision 0.2.7, released 09-10-2019
 -----------------------------------
diff --git a/pyasn1_modules/rfc5924.py b/pyasn1_modules/rfc5924.py
new file mode 100644
index 0000000..4358e4f
--- /dev/null
+++ b/pyasn1_modules/rfc5924.py
@@ -0,0 +1,19 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Extended Key Usage (EKU) for Session Initiation Protocol (SIP)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5924.txt
+#
+
+from pyasn1.type import univ
+
+id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3')
+
+id_kp_sipDomain = id_kp + (20, )
diff --git a/tests/__main__.py b/tests/__main__.py
index 27e279d..2d0337c 100644
--- a/tests/__main__.py
+++ b/tests/__main__.py
@@ -50,6 +50,7 @@ suite = unittest.TestLoader().loadTestsFromNames(
      'tests.test_rfc5751.suite',
      'tests.test_rfc5914.suite',
      'tests.test_rfc5915.suite',
+     'tests.test_rfc5924.suite',
      'tests.test_rfc5934.suite',
      'tests.test_rfc5940.suite',
      'tests.test_rfc5958.suite',
diff --git a/tests/test_rfc5924.py b/tests/test_rfc5924.py
new file mode 100644
index 0000000..ca623fa
--- /dev/null
+++ b/tests/test_rfc5924.py
@@ -0,0 +1,73 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+
+import sys
+
+from pyasn1.codec.der.decoder import decode as der_decode
+from pyasn1.codec.der.encoder import encode as der_encode
+
+from pyasn1_modules import pem
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5924
+
+try:
+    import unittest2 as unittest
+except ImportError:
+    import unittest
+
+
+class SIPDomainCertTestCase(unittest.TestCase):
+    cert_pem_text = """\
+MIICiTCCAg+gAwIBAgIJAKWzVCgbsG5EMAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT
+AlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9n
+dXMgQ0EwHhcNMTkxMDMwMjEwMDM0WhcNMjAxMDI5MjEwMDM0WjBsMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xEDAOBgNVBAoTB0V4
+YW1wbGUxEjAQBgNVBAsTCVNJUCBQcm94eTEYMBYGA1UEAxMPc2lwLmV4YW1wbGUu
+Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEcY3ckttSa6z3CfOFwZvPmZY8C9Ml
+D1XOydz00+Vqifh1lydhDuulHrJaQ+QgVjG1TzlTAssD9GeABit/M98DPS/IC3wi
+TsTMSyQ9/Oz4hKAw7x7lYEvufvycsZ7pJGRso4GpMIGmMEIGCWCGSAGG+EIBDQQ1
+FjNUaGlzIGNlcnRpZmljYXRlIGNhbm5vdCBiZSB0cnVzdGVkIGZvciBhbnkgcHVy
+cG9zZS4wHQYDVR0OBBYEFEcJ8iFWmJOl3Hg/44UFgFWNbe7FMB8GA1UdIwQYMBaA
+FPI12zQE2qVV8r1pA5mwYuziFQjBMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggr
+BgEFBQcDFDAKBggqhkjOPQQDAwNoADBlAjAXEPPNyXBUj40dzy+ZOqafuM3/6Fy6
+bkgiIObcQImra96X10fe6qacanrbu4uU6d8CMQCQ+BCjCnOP4dBbNC3vB0WypxLo
+UwZ6TjS0Rfr+dRvlyilVjP+hPVwbyb7ZOSZR6zk=
+"""
+
+    def setUp(self):
+        self.asn1Spec = rfc5280.Certificate()
+
+    def testDerCodec(self):
+        substrate = pem.readBase64fromText(self.cert_pem_text)
+        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
+        assert not rest
+        assert asn1Object.prettyPrint()
+        assert der_encode(asn1Object) == substrate
+
+        found_kp_sipDomain = False
+        for extn in asn1Object['tbsCertificate']['extensions']:
+            if extn['extnID'] == rfc5280.id_ce_extKeyUsage:
+                assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys()
+                ev, rest = der_decode(extn['extnValue'],
+                    asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
+                assert not rest
+                assert ev.prettyPrint()
+                assert der_encode(ev) == extn['extnValue']
+                assert rfc5924.id_kp_sipDomain in ev
+                found_kp_sipDomain = True
+
+        assert found_kp_sipDomain
+
+
+suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
+
+if __name__ == '__main__':
+    import sys
+
+    result = unittest.TextTestRunner(verbosity=2).run(suite)
+    sys.exit(not result.wasSuccessful())
author	Russ Housley <housley@vigilsec.com>	2019-11-02 04:37:20 -0400
committer	Ilya Etingof <etingof@gmail.com>	2019-11-02 09:37:20 +0100
commit	2e6acd120f89a18945b5ae49c9710f9cc90c1bda (patch)
tree	1cd2a9ec8f89207a1e99f8dbbc7c3588a5249949
parent	ca9a0541d1fda5581a07f36b4fd46a0161f67f7a (diff)
download	pyasn1-modules-2e6acd120f89a18945b5ae49c9710f9cc90c1bda.tar.gz