diff options
author | Russ Housley <housley@vigilsec.com> | 2019-11-18 00:40:42 -0500 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2019-11-18 06:40:42 +0100 |
commit | a7361736347118128c359182fbea22f863f50da2 (patch) | |
tree | 613df55eb8b84fe921f00a99e20360d69cf9ccdc | |
parent | 238ef5e74c1cb3181e0c9345378111cf5354d3a0 (diff) | |
download | pyasn1-modules-a7361736347118128c359182fbea22f863f50da2.tar.gz |
Add support for RFC 3125 and RFC 5126 (#107)
-rw-r--r-- | CHANGES.txt | 2 | ||||
-rw-r--r-- | pyasn1_modules/rfc3125.py | 469 | ||||
-rw-r--r-- | pyasn1_modules/rfc5126.py | 577 | ||||
-rw-r--r-- | tests/__main__.py | 2 | ||||
-rw-r--r-- | tests/test_rfc3125.py | 113 | ||||
-rw-r--r-- | tests/test_rfc5126.py | 98 |
6 files changed, 1261 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index e25af18..f278ad0 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -46,6 +46,8 @@ Revision 0.2.8, released 16-11-2019 - Update RFC3770 to support openType for attributes and reported errata - Add RFC4334 providing Certificate Extensions and Attributes for Authentication in PPP and Wireless LAN Networks +- Add RFC3125 providing Electronic Signature Policies +- Add RFC5126 providing CMS Advanced Electronic Signatures (CAdES) Revision 0.2.7, released 09-10-2019 ----------------------------------- diff --git a/pyasn1_modules/rfc3125.py b/pyasn1_modules/rfc3125.py new file mode 100644 index 0000000..00ff9bf --- /dev/null +++ b/pyasn1_modules/rfc3125.py @@ -0,0 +1,469 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley with assistance from asn1ate v.0.6.0. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# Electronic Signature Policies +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc3125.txt +# https://www.rfc-editor.org/errata/eid5901 +# https://www.rfc-editor.org/errata/eid5902 +# + +from pyasn1.type import constraint +from pyasn1.type import namedtype +from pyasn1.type import namedval +from pyasn1.type import tag +from pyasn1.type import useful +from pyasn1.type import univ + +from pyasn1_modules import rfc5280 + +MAX = float('inf') + + +# Imports from RFC 5280 + +AlgorithmIdentifier = rfc5280.AlgorithmIdentifier + +Attribute = rfc5280.Attribute + +AttributeType = rfc5280.AttributeType + +AttributeTypeAndValue = rfc5280.AttributeTypeAndValue + +AttributeValue = rfc5280.AttributeValue + +Certificate = rfc5280.Certificate + +CertificateList = rfc5280.CertificateList + +DirectoryString = rfc5280.DirectoryString + +GeneralName = rfc5280.GeneralName + +GeneralNames = rfc5280.GeneralNames + +Name = rfc5280.Name + +PolicyInformation = rfc5280.PolicyInformation + + +# Electronic Signature Policies + +class CertPolicyId(univ.ObjectIdentifier): + pass + + +class AcceptablePolicySet(univ.SequenceOf): + componentType = CertPolicyId() + + +class SignPolExtn(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('extnID', univ.ObjectIdentifier()), + namedtype.NamedType('extnValue', univ.OctetString()) + ) + + +class SignPolExtensions(univ.SequenceOf): + componentType = SignPolExtn() + + +class AlgAndLength(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('algID', univ.ObjectIdentifier()), + namedtype.OptionalNamedType('minKeyLength', univ.Integer()), + namedtype.OptionalNamedType('other', SignPolExtensions()) + ) + + +class AlgorithmConstraints(univ.SequenceOf): + componentType = AlgAndLength() + + +class AlgorithmConstraintSet(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('signerAlgorithmConstraints', + AlgorithmConstraints().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('eeCertAlgorithmConstraints', + AlgorithmConstraints().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('caCertAlgorithmConstraints', + AlgorithmConstraints().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.OptionalNamedType('aaCertAlgorithmConstraints', + AlgorithmConstraints().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 3))), + namedtype.OptionalNamedType('tsaCertAlgorithmConstraints', + AlgorithmConstraints().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 4))) + ) + + +class AttributeValueConstraints(univ.SequenceOf): + componentType = AttributeTypeAndValue() + + +class AttributeTypeConstraints(univ.SequenceOf): + componentType = AttributeType() + + +class AttributeConstraints(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('attributeTypeConstarints', + AttributeTypeConstraints().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('attributeValueConstarints', + AttributeValueConstraints().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1))) + ) + + +class HowCertAttribute(univ.Enumerated): + namedValues = namedval.NamedValues( + ('claimedAttribute', 0), + ('certifiedAttribtes', 1), + ('either', 2) + ) + + +class SkipCerts(univ.Integer): + subtypeSpec = constraint.ValueRangeConstraint(0, MAX) + + +class PolicyConstraints(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('requireExplicitPolicy', + SkipCerts().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('inhibitPolicyMapping', + SkipCerts().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1))) + ) + + +class BaseDistance(univ.Integer): + subtypeSpec = constraint.ValueRangeConstraint(0, MAX) + + +class GeneralSubtree(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('base', GeneralName()), + namedtype.DefaultedNamedType('minimum', + BaseDistance().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0)).subtype( + value=0)), + namedtype.OptionalNamedType('maximum', + BaseDistance().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1))) + ) + + +class GeneralSubtrees(univ.SequenceOf): + componentType = GeneralSubtree() + subtypeSpec = constraint.ValueSizeConstraint(1, MAX) + + +class NameConstraints(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('permittedSubtrees', + GeneralSubtrees().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('excludedSubtrees', + GeneralSubtrees().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1))) + ) + + +class PathLenConstraint(univ.Integer): + subtypeSpec = constraint.ValueRangeConstraint(0, MAX) + + +class CertificateTrustPoint(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('trustpoint', Certificate()), + namedtype.OptionalNamedType('pathLenConstraint', + PathLenConstraint().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('acceptablePolicySet', + AcceptablePolicySet().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('nameConstraints', + NameConstraints().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 2))), + namedtype.OptionalNamedType('policyConstraints', + PolicyConstraints().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 3))) + ) + + +class CertificateTrustTrees(univ.SequenceOf): + componentType = CertificateTrustPoint() + + +class EnuRevReq(univ.Enumerated): + namedValues = namedval.NamedValues( + ('clrCheck', 0), + ('ocspCheck', 1), + ('bothCheck', 2), + ('eitherCheck', 3), + ('noCheck', 4), + ('other', 5) + ) + + +class RevReq(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('enuRevReq', EnuRevReq()), + namedtype.OptionalNamedType('exRevReq', SignPolExtensions()) + ) + + +class CertRevReq(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('endCertRevReq', RevReq()), + namedtype.NamedType('caCerts', + RevReq().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 0))) + ) + + +class AttributeTrustCondition(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('attributeMandated', univ.Boolean()), + namedtype.NamedType('howCertAttribute', HowCertAttribute()), + namedtype.OptionalNamedType('attrCertificateTrustTrees', + CertificateTrustTrees().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('attrRevReq', + CertRevReq().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.OptionalNamedType('attributeConstraints', + AttributeConstraints().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 2))) + ) + + +class CMSAttrs(univ.SequenceOf): + componentType = univ.ObjectIdentifier() + + +class CertInfoReq(univ.Enumerated): + namedValues = namedval.NamedValues( + ('none', 0), + ('signerOnly', 1), + ('fullPath', 2) + ) + + +class CertRefReq(univ.Enumerated): + namedValues = namedval.NamedValues( + ('signerOnly', 1), + ('fullPath', 2) + ) + + +class DeltaTime(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('deltaSeconds', univ.Integer()), + namedtype.NamedType('deltaMinutes', univ.Integer()), + namedtype.NamedType('deltaHours', univ.Integer()), + namedtype.NamedType('deltaDays', univ.Integer()) + ) + + +class TimestampTrustCondition(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('ttsCertificateTrustTrees', + CertificateTrustTrees().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('ttsRevReq', + CertRevReq().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.OptionalNamedType('ttsNameConstraints', + NameConstraints().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 2))), + namedtype.OptionalNamedType('cautionPeriod', + DeltaTime().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 3))), + namedtype.OptionalNamedType('signatureTimestampDelay', + DeltaTime().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 4))) + ) + + +class SignerRules(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('externalSignedData', univ.Boolean()), + namedtype.NamedType('mandatedSignedAttr', CMSAttrs()), + namedtype.NamedType('mandatedUnsignedAttr', CMSAttrs()), + namedtype.DefaultedNamedType('mandatedCertificateRef', + CertRefReq().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0)).subtype( + value='signerOnly')), + namedtype.DefaultedNamedType('mandatedCertificateInfo', + CertInfoReq().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1)).subtype( + value='none')), + namedtype.OptionalNamedType('signPolExtensions', + SignPolExtensions().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 2))) + ) + + +class MandatedUnsignedAttr(CMSAttrs): + pass + + +class VerifierRules(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('mandatedUnsignedAttr', MandatedUnsignedAttr()), + namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions()) + ) + + +class SignerAndVerifierRules(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('signerRules', SignerRules()), + namedtype.NamedType('verifierRules', VerifierRules()) + ) + + +class SigningCertTrustCondition(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('signerTrustTrees', CertificateTrustTrees()), + namedtype.NamedType('signerRevReq', CertRevReq()) + ) + + +class CommitmentTypeIdentifier(univ.ObjectIdentifier): + pass + + +class FieldOfApplication(DirectoryString): + pass + + +class CommitmentType(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('identifier', CommitmentTypeIdentifier()), + namedtype.OptionalNamedType('fieldOfApplication', + FieldOfApplication().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('semantics', + DirectoryString().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1))) + ) + + +class SelectedCommitmentTypes(univ.SequenceOf): + componentType = univ.Choice(componentType=namedtype.NamedTypes( + namedtype.NamedType('empty', univ.Null()), + namedtype.NamedType('recognizedCommitmentType', CommitmentType()) + )) + + +class CommitmentRule(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('selCommitmentTypes', SelectedCommitmentTypes()), + namedtype.OptionalNamedType('signerAndVeriferRules', + SignerAndVerifierRules().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('signingCertTrustCondition', + SigningCertTrustCondition().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.OptionalNamedType('timeStampTrustCondition', + TimestampTrustCondition().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 2))), + namedtype.OptionalNamedType('attributeTrustCondition', + AttributeTrustCondition().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 3))), + namedtype.OptionalNamedType('algorithmConstraintSet', + AlgorithmConstraintSet().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 4))), + namedtype.OptionalNamedType('signPolExtensions', + SignPolExtensions().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 5))) + ) + + +class CommitmentRules(univ.SequenceOf): + componentType = CommitmentRule() + + +class CommonRules(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('signerAndVeriferRules', + SignerAndVerifierRules().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('signingCertTrustCondition', + SigningCertTrustCondition().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.OptionalNamedType('timeStampTrustCondition', + TimestampTrustCondition().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 2))), + namedtype.OptionalNamedType('attributeTrustCondition', + AttributeTrustCondition().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 3))), + namedtype.OptionalNamedType('algorithmConstraintSet', + AlgorithmConstraintSet().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 4))), + namedtype.OptionalNamedType('signPolExtensions', + SignPolExtensions().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 5))) + ) + + +class PolicyIssuerName(GeneralNames): + pass + + +class SignPolicyHash(univ.OctetString): + pass + + +class SignPolicyId(univ.ObjectIdentifier): + pass + + +class SigningPeriod(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('notBefore', useful.GeneralizedTime()), + namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime()) + ) + + +class SignatureValidationPolicy(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('signingPeriod', SigningPeriod()), + namedtype.NamedType('commonRules', CommonRules()), + namedtype.NamedType('commitmentRules', CommitmentRules()), + namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions()) + ) + + +class SignPolicyInfo(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('signPolicyIdentifier', SignPolicyId()), + namedtype.NamedType('dateOfIssue', useful.GeneralizedTime()), + namedtype.NamedType('policyIssuerName', PolicyIssuerName()), + namedtype.NamedType('fieldOfApplication', FieldOfApplication()), + namedtype.NamedType('signatureValidationPolicy', SignatureValidationPolicy()), + namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions()) + ) + + +class SignaturePolicy(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('signPolicyHashAlg', AlgorithmIdentifier()), + namedtype.NamedType('signPolicyInfo', SignPolicyInfo()), + namedtype.OptionalNamedType('signPolicyHash', SignPolicyHash()) + ) + + diff --git a/pyasn1_modules/rfc5126.py b/pyasn1_modules/rfc5126.py new file mode 100644 index 0000000..8e016c2 --- /dev/null +++ b/pyasn1_modules/rfc5126.py @@ -0,0 +1,577 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley with assistance from asn1ate v.0.6.0. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# CMS Advanced Electronic Signatures (CAdES) +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc5126.txt +# + +from pyasn1.type import char +from pyasn1.type import constraint +from pyasn1.type import namedtype +from pyasn1.type import opentype +from pyasn1.type import tag +from pyasn1.type import useful +from pyasn1.type import univ + +from pyasn1_modules import rfc5280 +from pyasn1_modules import rfc5652 +from pyasn1_modules import rfc5035 +from pyasn1_modules import rfc5755 +from pyasn1_modules import rfc6960 +from pyasn1_modules import rfc3161 + +MAX = float('inf') + + +# Maps for OpenTypes + +commitmentQualifierMap = { } + +sigQualifiersMap = { } + +otherRevRefMap = { } + +otherRevValMap = { } + + +# Imports from RFC 5652 + +ContentInfo = rfc5652.ContentInfo + +ContentType = rfc5652.ContentType + +SignedData = rfc5652.SignedData + +EncapsulatedContentInfo = rfc5652.EncapsulatedContentInfo + +SignerInfo = rfc5652.SignerInfo + +MessageDigest = rfc5652.MessageDigest + +SigningTime = rfc5652.SigningTime + +Countersignature = rfc5652.Countersignature + +id_data = rfc5652.id_data + +id_signedData = rfc5652.id_signedData + +id_contentType= rfc5652.id_contentType + +id_messageDigest = rfc5652.id_messageDigest + +id_signingTime = rfc5652.id_signingTime + +id_countersignature = rfc5652.id_countersignature + + +# Imports from RFC 5035 + +SigningCertificate = rfc5035.SigningCertificate + +IssuerSerial = rfc5035.IssuerSerial + +ContentReference = rfc5035.ContentReference + +ContentIdentifier = rfc5035.ContentIdentifier + +id_aa_contentReference = rfc5035.id_aa_contentReference + +id_aa_contentIdentifier = rfc5035.id_aa_contentIdentifier + +id_aa_signingCertificate = rfc5035.id_aa_signingCertificate + +id_aa_signingCertificateV2 = rfc5035.id_aa_signingCertificateV2 + + +# Imports from RFC 5280 + +Certificate = rfc5280.Certificate + +AlgorithmIdentifier = rfc5280.AlgorithmIdentifier + +CertificateList = rfc5280.CertificateList + +Name = rfc5280.Name + +Attribute = rfc5280.Attribute + +GeneralNames = rfc5280.GeneralNames + +GeneralName = rfc5280.GeneralName + +PolicyInformation = rfc5280.PolicyInformation + +DirectoryString = rfc5280.DirectoryString + + +# Imports from RFC 5755 + +AttributeCertificate = rfc5755.AttributeCertificate + + +# Imports from RFC 6960 + +BasicOCSPResponse = rfc6960.BasicOCSPResponse + +ResponderID = rfc6960.ResponderID + + +# Imports from RFC 3161 + +TimeStampToken = rfc3161.TimeStampToken + + +# OID used referencing electronic signature mechanisms + +id_etsi_es_IDUP_Mechanism_v1 = univ.ObjectIdentifier('0.4.0.1733.1.4.1') + + +# OtherSigningCertificate - deprecated + +id_aa_ets_otherSigCert = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.19') + + +class OtherHashValue(univ.OctetString): + pass + + +class OtherHashAlgAndValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()), + namedtype.NamedType('hashValue', OtherHashValue()) + ) + + +class OtherHash(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType('sha1Hash', OtherHashValue()), + namedtype.NamedType('otherHash', OtherHashAlgAndValue()) + ) + + +class OtherCertID(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('otherCertHash', OtherHash()), + namedtype.OptionalNamedType('issuerSerial', IssuerSerial()) + ) + + +class OtherSigningCertificate(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('certs', + univ.SequenceOf(componentType=OtherCertID())), + namedtype.OptionalNamedType('policies', + univ.SequenceOf(componentType=PolicyInformation())) + ) + + +# Signature Policy Identifier + +id_aa_ets_sigPolicyId = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.15') + + +class SigPolicyId(univ.ObjectIdentifier): + pass + + +class SigPolicyHash(OtherHashAlgAndValue): + pass + + +class SigPolicyQualifierId(univ.ObjectIdentifier): + pass + + +class SigPolicyQualifierInfo(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('sigPolicyQualifierId', SigPolicyQualifierId()), + namedtype.NamedType('sigQualifier', univ.Any(), + openType=opentype.OpenType('sigPolicyQualifierId', sigQualifiersMap)) + ) + + +class SignaturePolicyId(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('sigPolicyId', SigPolicyId()), + namedtype.NamedType('sigPolicyHash', SigPolicyHash()), + namedtype.OptionalNamedType('sigPolicyQualifiers', + univ.SequenceOf(componentType=SigPolicyQualifierInfo()).subtype( + subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) + ) + + +class SignaturePolicyImplied(univ.Null): + pass + + +class SignaturePolicy(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType('signaturePolicyId', SignaturePolicyId()), + namedtype.NamedType('signaturePolicyImplied', SignaturePolicyImplied()) + ) + + +id_spq_ets_unotice = univ.ObjectIdentifier('1.2.840.113549.1.9.16.5.2') + + +class DisplayText(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType('visibleString', char.VisibleString().subtype( + subtypeSpec=constraint.ValueSizeConstraint(1, 200))), + namedtype.NamedType('bmpString', char.BMPString().subtype( + subtypeSpec=constraint.ValueSizeConstraint(1, 200))), + namedtype.NamedType('utf8String', char.UTF8String().subtype( + subtypeSpec=constraint.ValueSizeConstraint(1, 200))) + ) + + +class NoticeReference(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('organization', DisplayText()), + namedtype.NamedType('noticeNumbers', + univ.SequenceOf(componentType=univ.Integer())) + ) + +class SPUserNotice(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('noticeRef', NoticeReference()), + namedtype.OptionalNamedType('explicitText', DisplayText()) + ) + + +noticeToUser = SigPolicyQualifierInfo() +noticeToUser['sigPolicyQualifierId'] = id_spq_ets_unotice +noticeToUser['sigQualifier'] = SPUserNotice() + + +id_spq_ets_uri = univ.ObjectIdentifier('1.2.840.113549.1.9.16.5.1') + + +class SPuri(char.IA5String): + pass + + +pointerToSigPolSpec = SigPolicyQualifierInfo() +pointerToSigPolSpec['sigPolicyQualifierId'] = id_spq_ets_uri +pointerToSigPolSpec['sigQualifier'] = SPuri() + + +# Commitment Type + +id_aa_ets_commitmentType = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.16') + + +class CommitmentTypeIdentifier(univ.ObjectIdentifier): + pass + + +class CommitmentTypeQualifier(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('commitmentTypeIdentifier', + CommitmentTypeIdentifier()), + namedtype.NamedType('qualifier', univ.Any(), + openType=opentype.OpenType('commitmentTypeIdentifier', + commitmentQualifierMap)) + ) + + +class CommitmentTypeIndication(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('commitmentTypeId', CommitmentTypeIdentifier()), + namedtype.OptionalNamedType('commitmentTypeQualifier', + univ.SequenceOf(componentType=CommitmentTypeQualifier()).subtype( + subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) + ) + + +id_cti_ets_proofOfOrigin = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.1') + +id_cti_ets_proofOfReceipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.2') + +id_cti_ets_proofOfDelivery = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.3') + +id_cti_ets_proofOfSender = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.4') + +id_cti_ets_proofOfApproval = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.5') + +id_cti_ets_proofOfCreation = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.6') + + +# Signer Location + +id_aa_ets_signerLocation = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.17') + + +class PostalAddress(univ.SequenceOf): + componentType = DirectoryString() + subtypeSpec = constraint.ValueSizeConstraint(1, 6) + + +class SignerLocation(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('countryName', + DirectoryString().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('localityName', + DirectoryString().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('postalAdddress', + PostalAddress().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 2))) + ) + + +# Signature Timestamp + +id_aa_signatureTimeStampToken = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.14') + + +class SignatureTimeStampToken(TimeStampToken): + pass + + +# Content Timestamp + +id_aa_ets_contentTimestamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.20') + + +class ContentTimestamp(TimeStampToken): + pass + + +# Signer Attributes + +id_aa_ets_signerAttr = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.18') + + +class ClaimedAttributes(univ.SequenceOf): + componentType = Attribute() + + +class CertifiedAttributes(AttributeCertificate): + pass + + +class SignerAttribute(univ.SequenceOf): + componentType = univ.Choice(componentType=namedtype.NamedTypes( + namedtype.NamedType('claimedAttributes', + ClaimedAttributes().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('certifiedAttributes', + CertifiedAttributes().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1))) + )) + + +# Complete Certificate Refs + +id_aa_ets_certificateRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.21') + + +class CompleteCertificateRefs(univ.SequenceOf): + componentType = OtherCertID() + + +# Complete Revocation Refs + +id_aa_ets_revocationRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.22') + + +class CrlIdentifier(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('crlissuer', Name()), + namedtype.NamedType('crlIssuedTime', useful.UTCTime()), + namedtype.OptionalNamedType('crlNumber', univ.Integer()) + ) + + +class CrlValidatedID(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('crlHash', OtherHash()), + namedtype.OptionalNamedType('crlIdentifier', CrlIdentifier()) + ) + + +class CRLListID(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('crls', + univ.SequenceOf(componentType=CrlValidatedID())) + ) + + +class OcspIdentifier(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('ocspResponderID', ResponderID()), + namedtype.NamedType('producedAt', useful.GeneralizedTime()) + ) + + +class OcspResponsesID(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('ocspIdentifier', OcspIdentifier()), + namedtype.OptionalNamedType('ocspRepHash', OtherHash()) + ) + + +class OcspListID(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('ocspResponses', + univ.SequenceOf(componentType=OcspResponsesID())) + ) + + +class OtherRevRefType(univ.ObjectIdentifier): + pass + + +class OtherRevRefs(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('otherRevRefType', OtherRevRefType()), + namedtype.NamedType('otherRevRefs', univ.Any(), + openType=opentype.OpenType('otherRevRefType', otherRevRefMap)) + ) + + +class CrlOcspRef(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('crlids', + CRLListID().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('ocspids', + OcspListID().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.OptionalNamedType('otherRev', + OtherRevRefs().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 2))) + ) + + +class CompleteRevocationRefs(univ.SequenceOf): + componentType = CrlOcspRef() + + +# Certificate Values + +id_aa_ets_certValues = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.23') + + +class CertificateValues(univ.SequenceOf): + componentType = Certificate() + + +# Certificate Revocation Values + +id_aa_ets_revocationValues = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.24') + + +class OtherRevValType(univ.ObjectIdentifier): + pass + + +class OtherRevVals(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('otherRevValType', OtherRevValType()), + namedtype.NamedType('otherRevVals', univ.Any(), + openType=opentype.OpenType('otherRevValType', otherRevValMap)) + ) + + +class RevocationValues(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('crlVals', + univ.SequenceOf(componentType=CertificateList()).subtype( + explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('ocspVals', + univ.SequenceOf(componentType=BasicOCSPResponse()).subtype( + explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('otherRevVals', + OtherRevVals().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 2))) + ) + + +# CAdES-C Timestamp + +id_aa_ets_escTimeStamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.25') + + +class ESCTimeStampToken(TimeStampToken): + pass + + +# Time-Stamped Certificates and CRLs + +id_aa_ets_certCRLTimestamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.26') + + +class TimestampedCertsCRLs(TimeStampToken): + pass + + +# Archive Timestamp + +id_aa_ets_archiveTimestampV2 = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.48') + + +class ArchiveTimeStampToken(TimeStampToken): + pass + + +# Attribute certificate references + +id_aa_ets_attrCertificateRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.44') + + +class AttributeCertificateRefs(univ.SequenceOf): + componentType = OtherCertID() + + +# Attribute revocation references + +id_aa_ets_attrRevocationRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.45') + + +class AttributeRevocationRefs(univ.SequenceOf): + componentType = CrlOcspRef() + + +# Update the sigQualifiersMap + +_sigQualifiersMapUpdate = { + id_spq_ets_unotice: SPUserNotice(), + id_spq_ets_uri: SPuri(), +} + +sigQualifiersMap.update(_sigQualifiersMapUpdate) + + +# Update the CMS Attribute Map in rfc5652.py + +_cmsAttributesMapUpdate = { + id_aa_ets_otherSigCert: OtherSigningCertificate(), + id_aa_ets_sigPolicyId: SignaturePolicy(), + id_aa_ets_commitmentType: CommitmentTypeIndication(), + id_aa_ets_signerLocation: SignerLocation(), + id_aa_signatureTimeStampToken: SignatureTimeStampToken(), + id_aa_ets_contentTimestamp: ContentTimestamp(), + id_aa_ets_signerAttr: SignerAttribute(), + id_aa_ets_certificateRefs: CompleteCertificateRefs(), + id_aa_ets_revocationRefs: CompleteRevocationRefs(), + id_aa_ets_certValues: CertificateValues(), + id_aa_ets_revocationValues: RevocationValues(), + id_aa_ets_escTimeStamp: ESCTimeStampToken(), + id_aa_ets_certCRLTimestamp: TimestampedCertsCRLs(), + id_aa_ets_archiveTimestampV2: ArchiveTimeStampToken(), + id_aa_ets_attrCertificateRefs: AttributeCertificateRefs(), + id_aa_ets_attrRevocationRefs: AttributeRevocationRefs(), +} + +rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate) diff --git a/tests/__main__.py b/tests/__main__.py index 6f41808..6a28f01 100644 --- a/tests/__main__.py +++ b/tests/__main__.py @@ -19,6 +19,7 @@ suite = unittest.TestLoader().loadTestsFromNames( 'tests.test_rfc2985.suite', 'tests.test_rfc2986.suite', 'tests.test_rfc3114.suite', + 'tests.test_rfc3125.suite', 'tests.test_rfc3161.suite', 'tests.test_rfc3274.suite', 'tests.test_rfc3279.suite', @@ -42,6 +43,7 @@ suite = unittest.TestLoader().loadTestsFromNames( 'tests.test_rfc5035.suite', 'tests.test_rfc5083.suite', 'tests.test_rfc5084.suite', + 'tests.test_rfc5126.suite', 'tests.test_rfc5208.suite', 'tests.test_rfc5280.suite', 'tests.test_rfc5480.suite', diff --git a/tests/test_rfc3125.py b/tests/test_rfc3125.py new file mode 100644 index 0000000..9c132e3 --- /dev/null +++ b/tests/test_rfc3125.py @@ -0,0 +1,113 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# + +import sys + +from pyasn1.codec.der.decoder import decode as der_decode +from pyasn1.codec.der.encoder import encode as der_encode + +from pyasn1_modules import pem +from pyasn1_modules import rfc2985 +from pyasn1_modules import rfc3125 + + +try: + import unittest2 as unittest + +except ImportError: + import unittest + + +class SignaturePolicyTestCase(unittest.TestCase): + pem_text = """\ +MIIMYzALBglghkgBZQMEAgEwggwwBgorgR6RmYQFAQICGA8yMDE2MTAwMjAwMDAwMFowgaSk +XjBcMQswCQYDVQQGEwJTSzETMBEGA1UEBwwKQnJhdGlzbGF2YTEiMCAGA1UECgwZTmFyb2Ru +eSBiZXpwZWNub3N0bnkgdXJhZDEUMBIGA1UECwwLU2VrY2lhIElCRVCGQmh0dHA6Ly9lcC5u +YnVzci5zay90cnVzdGVkX2RhdGEvMjAxNjEwMDIwMDAwMDB6c2lnbmF0dXJlcG9saWN5LmRl +cgyBz0VOOiBFbC4gc2lnbmF0dXJlL3NlYWwsIG9wdGlvbmFsIGVsLiB0aW1lLXN0YW1wIG92 +ZXIgT0NTUCwgYWNjb3JkaW5nIHRvIFJlZ3VsYXRpb24gKEVVKSBObyA5MTAvMjAxNC4gU0s6 +IEVsLiBwb2RwaXMvcGXEjWHFpSwgdm9saXRlxL5uw6EgZWwuIMSNYXNvdsOhIHBlxI1pYXRr +YSBuYWQgT0NTUCwgcG9kxL5hIG5hcmlhZGVuaWEgKEXDmikgxI0uIDkxMC8yMDE0LjCCCpYw +IhgPMjAxNjEwMDIwMDAwMDBaGA8yMDIxMTAwMjAwMDAwMFowggpsoD8wPTA3MC4GCSqGSIb3 +DQEJAwYJKoZIhvcNAQkEBgkqhkiG9w0BCQUGCyqGSIb3DQEJEAIvMAChAwoBAjACMACiEjAQ +ow4wDAIBAAIBAAIBAAIBAaSCChMwggoPoIIB/zCCAfswCwYJYIZIAWUDBAIBMAsGCWCGSAFl +AwQCAjALBglghkgBZQMEAgMwCwYJYIZIAWUDBAIGMAsGCWCGSAFlAwQCCDALBglghkgBZQME +AgkwCwYJYIZIAWUDBAIKMA8GCWCGSAFlAwQDAgICCAAwDwYJYIZIAWUDBAMDAgIIADAPBglg +hkgBZQMEAwQCAggAMA8GCWCGSAFlAwQDBgICCAAwDwYJYIZIAWUDBAMHAgIIADAPBglghkgB +ZQMEAwgCAggAMA4GCCqGSM49BAMCAgIBADAOBggqhkjOPQQDAwICAQAwDgYIKoZIzj0EAwQC +AgEAMA8GCWCGSAFlAwQDCgICAQAwDwYJYIZIAWUDBAMLAgIBADAPBglghkgBZQMEAwwCAgEA +MA8GCSqGSIb3DQEBCwICCAAwDwYJKoZIhvcNAQEMAgIIADAPBgkqhkiG9w0BAQ0CAggAMA8G +CWCGSAFlAwQDDgICCAAwDwYJYIZIAWUDBAMPAgIIADAPBglghkgBZQMEAxACAggAMA8GCSqG +SIb3DQEBCgICCAAwDwYJKoZIhvcNAQEBAgIIADANBgcqhkjOPQIBAgIBADAOBggrJAMDAgUC +AQICAQAwDgYIKyQDAwIFBAQCAgEAMA4GCCskAwMCBQQFAgIBADAOBggrJAMDAgUEBgICAQCh +ggH/MIIB+zALBglghkgBZQMEAgEwCwYJYIZIAWUDBAICMAsGCWCGSAFlAwQCAzALBglghkgB +ZQMEAgYwCwYJYIZIAWUDBAIIMAsGCWCGSAFlAwQCCTALBglghkgBZQMEAgowDwYJYIZIAWUD +BAMCAgIIADAPBglghkgBZQMEAwMCAggAMA8GCWCGSAFlAwQDBAICCAAwDwYJYIZIAWUDBAMG +AgIIADAPBglghkgBZQMEAwcCAggAMA8GCWCGSAFlAwQDCAICCAAwDgYIKoZIzj0EAwICAgEA +MA4GCCqGSM49BAMDAgIBADAOBggqhkjOPQQDBAICAQAwDwYJYIZIAWUDBAMKAgIBADAPBglg +hkgBZQMEAwsCAgEAMA8GCWCGSAFlAwQDDAICAQAwDwYJKoZIhvcNAQELAgIIADAPBgkqhkiG +9w0BAQwCAggAMA8GCSqGSIb3DQEBDQICCAAwDwYJYIZIAWUDBAMOAgIIADAPBglghkgBZQME +Aw8CAggAMA8GCWCGSAFlAwQDEAICCAAwDwYJKoZIhvcNAQEKAgIIADAPBgkqhkiG9w0BAQEC +AggAMA0GByqGSM49AgECAgEAMA4GCCskAwMCBQIBAgIBADAOBggrJAMDAgUEBAICAQAwDgYI +KyQDAwIFBAUCAgEAMA4GCCskAwMCBQQGAgIBAKKCAf8wggH7MAsGCWCGSAFlAwQCATALBglg +hkgBZQMEAgIwCwYJYIZIAWUDBAIDMAsGCWCGSAFlAwQCBjALBglghkgBZQMEAggwCwYJYIZI +AWUDBAIJMAsGCWCGSAFlAwQCCjAPBglghkgBZQMEAwICAggAMA8GCWCGSAFlAwQDAwICCAAw +DwYJYIZIAWUDBAMEAgIIADAPBglghkgBZQMEAwYCAggAMA8GCWCGSAFlAwQDBwICCAAwDwYJ +YIZIAWUDBAMIAgIIADAOBggqhkjOPQQDAgICAQAwDgYIKoZIzj0EAwMCAgEAMA4GCCqGSM49 +BAMEAgIBADAPBglghkgBZQMEAwoCAgEAMA8GCWCGSAFlAwQDCwICAQAwDwYJYIZIAWUDBAMM +AgIBADAPBgkqhkiG9w0BAQsCAggAMA8GCSqGSIb3DQEBDAICCAAwDwYJKoZIhvcNAQENAgII +ADAPBglghkgBZQMEAw4CAggAMA8GCWCGSAFlAwQDDwICCAAwDwYJYIZIAWUDBAMQAgIIADAP +BgkqhkiG9w0BAQoCAggAMA8GCSqGSIb3DQEBAQICCAAwDQYHKoZIzj0CAQICAQAwDgYIKyQD +AwIFAgECAgEAMA4GCCskAwMCBQQEAgIBADAOBggrJAMDAgUEBQICAQAwDgYIKyQDAwIFBAYC +AgEAo4IB/zCCAfswCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAjALBglghkgBZQMEAgMwCwYJ +YIZIAWUDBAIGMAsGCWCGSAFlAwQCCDALBglghkgBZQMEAgkwCwYJYIZIAWUDBAIKMA8GCWCG +SAFlAwQDAgICCAAwDwYJYIZIAWUDBAMDAgIIADAPBglghkgBZQMEAwQCAggAMA8GCWCGSAFl +AwQDBgICCAAwDwYJYIZIAWUDBAMHAgIIADAPBglghkgBZQMEAwgCAggAMA4GCCqGSM49BAMC +AgIBADAOBggqhkjOPQQDAwICAQAwDgYIKoZIzj0EAwQCAgEAMA8GCWCGSAFlAwQDCgICAQAw +DwYJYIZIAWUDBAMLAgIBADAPBglghkgBZQMEAwwCAgEAMA8GCSqGSIb3DQEBCwICCAAwDwYJ +KoZIhvcNAQEMAgIIADAPBgkqhkiG9w0BAQ0CAggAMA8GCWCGSAFlAwQDDgICCAAwDwYJYIZI +AWUDBAMPAgIIADAPBglghkgBZQMEAxACAggAMA8GCSqGSIb3DQEBCgICCAAwDwYJKoZIhvcN +AQEBAgIIADANBgcqhkjOPQIBAgIBADAOBggrJAMDAgUCAQICAQAwDgYIKyQDAwIFBAQCAgEA +MA4GCCskAwMCBQQFAgIBADAOBggrJAMDAgUEBgICAQCkggH/MIIB+zALBglghkgBZQMEAgEw +CwYJYIZIAWUDBAICMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgYwCwYJYIZIAWUDBAIIMAsG +CWCGSAFlAwQCCTALBglghkgBZQMEAgowDwYJYIZIAWUDBAMCAgIIADAPBglghkgBZQMEAwMC +AggAMA8GCWCGSAFlAwQDBAICCAAwDwYJYIZIAWUDBAMGAgIIADAPBglghkgBZQMEAwcCAggA +MA8GCWCGSAFlAwQDCAICCAAwDgYIKoZIzj0EAwICAgEAMA4GCCqGSM49BAMDAgIBADAOBggq +hkjOPQQDBAICAQAwDwYJYIZIAWUDBAMKAgIBADAPBglghkgBZQMEAwsCAgEAMA8GCWCGSAFl +AwQDDAICAQAwDwYJKoZIhvcNAQELAgIIADAPBgkqhkiG9w0BAQwCAggAMA8GCSqGSIb3DQEB +DQICCAAwDwYJYIZIAWUDBAMOAgIIADAPBglghkgBZQMEAw8CAggAMA8GCWCGSAFlAwQDEAIC +CAAwDwYJKoZIhvcNAQEKAgIIADAPBgkqhkiG9w0BAQECAggAMA0GByqGSM49AgECAgEAMA4G +CCskAwMCBQIBAgIBADAOBggrJAMDAgUEBAICAQAwDgYIKyQDAwIFBAUCAgEAMA4GCCskAwMC +BQQGAgIBADAABCAaWobQZ1EuANtF/NjfuaBXR0nR0fKnGJ7Z8t/mregtvQ== +""" + + def setUp(self): + self.asn1Spec = rfc3125.SignaturePolicy() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.pem_text) + asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + svp = asn1Object['signPolicyInfo']['signatureValidationPolicy'] + sr = svp['commonRules']['signerAndVeriferRules']['signerRules'] + msa = sr['mandatedSignedAttr'] + assert rfc2985.pkcs_9_at_contentType in msa + assert rfc2985.pkcs_9_at_messageDigest in msa + assert rfc2985.pkcs_9_at_signingTime in msa + + +suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) + +if __name__ == '__main__': + import sys + + result = unittest.TextTestRunner(verbosity=2).run(suite) + sys.exit(not result.wasSuccessful()) diff --git a/tests/test_rfc5126.py b/tests/test_rfc5126.py new file mode 100644 index 0000000..df42e81 --- /dev/null +++ b/tests/test_rfc5126.py @@ -0,0 +1,98 @@ +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +import sys + +from pyasn1.codec.der.decoder import decode as der_decode +from pyasn1.codec.der.encoder import encode as der_encode + +from pyasn1.type import univ + +from pyasn1_modules import pem +from pyasn1_modules import rfc4055 +from pyasn1_modules import rfc5652 +from pyasn1_modules import rfc5126 + +try: + import unittest2 as unittest +except ImportError: + import unittest + + +class SignedAttributesTestCase(unittest.TestCase): + pem_text = """\ +MYIBUzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMCsGCSqGSIb3DQEJNDEeMBww +DQYJYIZIAWUDBAIBBQChCwYJKoZIhvcNAQELMC8GCSqGSIb3DQEJBDEiBCCyqtCC +Gosj/GT4YPPAqKheze4A1QBU5O3tniTsVPGr7jBBBgsqhkiG9w0BCRACETEyMDCg +BBMCVVOhBBMCVkGiIjAgExExMjMgU29tZXBsYWNlIFdheRMLSGVybmRvbiwgVkEw +RgYLKoZIhvcNAQkQAi8xNzA1MDMwMTANBglghkgBZQMEAgEFAAQgJPmqUmGQnQ4q +RkVtUHecJXIkozOzX8+pZQj/UD5JcnQwTgYLKoZIhvcNAQkQAg8xPzA9BgorBgEE +AYGsYDAUMC8wCwYJYIZIAWUDBAIBBCDWjjVmAeXgZBkE/rG8Pf8pTCs4Ikowc8Vm +l+AOeKdFgg== +""" + + def setUp(self): + self.asn1Spec = rfc5652.SignedAttributes() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.pem_text) + asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + count = 0 + for attr in asn1Object: + if attr['attrType'] in rfc5652.cmsAttributesMap.keys(): + av, rest = der_decode (attr['attrValues'][0], + asn1Spec=rfc5652.cmsAttributesMap[attr['attrType']]) + assert not rest + assert av.prettyPrint() + assert der_encode(av) == attr['attrValues'][0] + count += 1 + + assert count == 6 + + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.pem_text) + asn1Object, rest = der_decode(substrate, + asn1Spec=self.asn1Spec, + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + attr_type_list = [ ] + spid_oid = rfc5126.SigPolicyId('1.3.6.1.4.1.22112.48.20') + + for attr in asn1Object: + if attr['attrType'] == rfc5126.id_aa_ets_sigPolicyId: + spid = attr['attrValues'][0]['signaturePolicyId'] + assert spid['sigPolicyId'] == spid_oid + attr_type_list.append(rfc5126.id_aa_ets_sigPolicyId) + + if attr['attrType'] == rfc5126.id_aa_ets_signerLocation: + cn = attr['attrValues'][0]['countryName'] + assert cn['printableString'] == 'US' + attr_type_list.append(rfc5126.id_aa_ets_signerLocation) + + if attr['attrType'] == rfc5126.id_aa_signingCertificateV2: + ha = attr['attrValues'][0]['certs'][0]['hashAlgorithm'] + assert ha['algorithm'] == rfc4055.id_sha256 + attr_type_list.append(rfc5126.id_aa_signingCertificateV2) + + assert rfc5126.id_aa_ets_sigPolicyId in attr_type_list + assert rfc5126.id_aa_ets_signerLocation in attr_type_list + assert rfc5126.id_aa_signingCertificateV2 in attr_type_list + + +suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) + +if __name__ == '__main__': + import sys + + result = unittest.TextTestRunner(verbosity=2).run(suite) + sys.exit(not result.wasSuccessful()) |