diff options
31 files changed, 866 insertions, 208 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 8141fa3..1777127 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -30,6 +30,10 @@ Revision 0.2.6, released XX-07-2019 in the RFC5652 module - Added openType support to RFC 2986 by importing definitions from the RFC 5280 module so that the same maps are used. +- Added maps for use with openType to RFC 2634, RFC 3274, RFC 3709, + RFC 3779, RFC 4073, RFC 4108, RFC 4108, RFC 5035, RFC 5083, RFC 5940, + RFC 5958, RFC 6010, RFC 6019, RFC 6402, RFC 7191, RFC 8226, and + RFC 8520 Revision 0.2.5, released 24-04-2019 ----------------------------------- diff --git a/pyasn1_modules/rfc2634.py b/pyasn1_modules/rfc2634.py index c9e387d..336ae64 100644 --- a/pyasn1_modules/rfc2634.py +++ b/pyasn1_modules/rfc2634.py @@ -2,6 +2,7 @@ # This file is part of pyasn1-modules software. # # Created by Russ Housley with assistance from asn1ate v.0.6.0. +# Modified by Russ Housley to add a map for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -320,3 +321,11 @@ ESSAttributeMap = { id_aa_contentHint: ContentHints(), id_aa_receiptRequest: ReceiptRequest(), } + + +# Map of Content Type OIDs to Content Types +# To be added to the ones that are in rfc5652.py + +cmsContentTypesMapUpdate = { + id_ct_receipt: Receipt(), +}
\ No newline at end of file diff --git a/pyasn1_modules/rfc3274.py b/pyasn1_modules/rfc3274.py index bf8a7a6..8d8541c 100644 --- a/pyasn1_modules/rfc3274.py +++ b/pyasn1_modules/rfc3274.py @@ -2,6 +2,7 @@ # This file is part of pyasn1-modules software. # # Created by Russ Housley with assistance from asn1ate v.0.6.0. +# Modified by Russ Housley to add a map for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -45,4 +46,12 @@ id_alg_zlibCompress = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.8') cpa_zlibCompress = rfc5280.AlgorithmIdentifier() cpa_zlibCompress['algorithm'] = id_alg_zlibCompress -# cpa_zlibCompress['parameters'] are absent
\ No newline at end of file +# cpa_zlibCompress['parameters'] are absent + + +# Map of Content Type OIDs to Content Types +# To be added to the ones that are in rfc5652.py + +cmsContentTypesMapUpdate = { + id_ct_compressedData: CompressedData(), +}
\ No newline at end of file diff --git a/pyasn1_modules/rfc3709.py b/pyasn1_modules/rfc3709.py index 52085fb..ed1e667 100644 --- a/pyasn1_modules/rfc3709.py +++ b/pyasn1_modules/rfc3709.py @@ -2,6 +2,7 @@ # This file is part of pyasn1-modules software. # # Created by Russ Housley with assistance from asn1ate v.0.6.0. +# Modified by Russ Housley to add maps for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -9,10 +10,16 @@ # Logotypes in X.509 Certificates # # ASN.1 source from: -# https://www.rfc-editor.org/rfc/rfc3779.txt +# https://www.rfc-editor.org/rfc/rfc3709.txt # -from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful +from pyasn1.type import char +from pyasn1.type import constraint +from pyasn1.type import namedtype +from pyasn1.type import namedval +from pyasn1.type import tag +from pyasn1.type import univ + from pyasn1_modules import rfc5280 MAX = float('inf') @@ -21,7 +28,6 @@ MAX = float('inf') class HashAlgAndValue(univ.Sequence): pass - HashAlgAndValue.componentType = namedtype.NamedTypes( namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('hashValue', univ.OctetString()) @@ -31,20 +37,20 @@ HashAlgAndValue.componentType = namedtype.NamedTypes( class LogotypeDetails(univ.Sequence): pass - LogotypeDetails.componentType = namedtype.NamedTypes( namedtype.NamedType('mediaType', char.IA5String()), namedtype.NamedType('logotypeHash', univ.SequenceOf( - componentType=HashAlgAndValue()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), + componentType=HashAlgAndValue()).subtype( + subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.NamedType('logotypeURI', univ.SequenceOf( - componentType=char.IA5String()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) + componentType=char.IA5String()).subtype( + subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) ) class LogotypeAudioInfo(univ.Sequence): pass - LogotypeAudioInfo.componentType = namedtype.NamedTypes( namedtype.NamedType('fileSize', univ.Integer()), namedtype.NamedType('playTime', univ.Integer()), @@ -59,7 +65,6 @@ LogotypeAudioInfo.componentType = namedtype.NamedTypes( class LogotypeAudio(univ.Sequence): pass - LogotypeAudio.componentType = namedtype.NamedTypes( namedtype.NamedType('audioDetails', LogotypeDetails()), namedtype.OptionalNamedType('audioInfo', LogotypeAudioInfo()) @@ -69,7 +74,6 @@ LogotypeAudio.componentType = namedtype.NamedTypes( class LogotypeImageType(univ.Integer): pass - LogotypeImageType.namedValues = namedval.NamedValues( ('grayScale', 0), ('color', 1) @@ -79,22 +83,23 @@ LogotypeImageType.namedValues = namedval.NamedValues( class LogotypeImageResolution(univ.Choice): pass - LogotypeImageResolution.componentType = namedtype.NamedTypes( namedtype.NamedType('numBits', - univ.Integer().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + univ.Integer().subtype(implicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('tableSize', - univ.Integer().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) + univ.Integer().subtype(implicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 2))) ) class LogotypeImageInfo(univ.Sequence): pass - LogotypeImageInfo.componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('type', LogotypeImageType().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(value='color')), + implicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatSimple, 0)).subtype(value='color')), namedtype.NamedType('fileSize', univ.Integer()), namedtype.NamedType('xSize', univ.Integer()), namedtype.NamedType('ySize', univ.Integer()), @@ -107,7 +112,6 @@ LogotypeImageInfo.componentType = namedtype.NamedTypes( class LogotypeImage(univ.Sequence): pass - LogotypeImage.componentType = namedtype.NamedTypes( namedtype.NamedType('imageDetails', LogotypeDetails()), namedtype.OptionalNamedType('imageInfo', LogotypeImageInfo()) @@ -117,36 +121,39 @@ LogotypeImage.componentType = namedtype.NamedTypes( class LogotypeData(univ.Sequence): pass - LogotypeData.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('image', univ.SequenceOf( componentType=LogotypeImage())), namedtype.OptionalNamedType('audio', univ.SequenceOf( - componentType=LogotypeAudio()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) + componentType=LogotypeAudio()).subtype( + implicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatSimple, 1))) ) class LogotypeReference(univ.Sequence): pass - LogotypeReference.componentType = namedtype.NamedTypes( namedtype.NamedType('refStructHash', univ.SequenceOf( - componentType=HashAlgAndValue()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), + componentType=HashAlgAndValue()).subtype( + subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.NamedType('refStructURI', univ.SequenceOf( - componentType=char.IA5String()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) + componentType=char.IA5String()).subtype( + subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) ) class LogotypeInfo(univ.Choice): pass - LogotypeInfo.componentType = namedtype.NamedTypes( namedtype.NamedType('direct', - LogotypeData().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + LogotypeData().subtype(implicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatConstructed, 0))), namedtype.NamedType('indirect', LogotypeReference().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) + implicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatConstructed, 1))) ) # Other logotype type and associated object identifiers @@ -159,12 +166,12 @@ id_logo_loyalty = univ.ObjectIdentifier('1.3.6.1.5.5.7.20.1') class OtherLogotypeInfo(univ.Sequence): pass - OtherLogotypeInfo.componentType = namedtype.NamedTypes( namedtype.NamedType('logotypeType', univ.ObjectIdentifier()), namedtype.NamedType('info', LogotypeInfo()) ) + # Logotype Certificate Extension id_pe_logotype = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.12') @@ -173,14 +180,23 @@ id_pe_logotype = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.12') class LogotypeExtn(univ.Sequence): pass - LogotypeExtn.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('communityLogos', univ.SequenceOf( - componentType=LogotypeInfo()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + componentType=LogotypeInfo()).subtype( + explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('issuerLogo', LogotypeInfo().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.OptionalNamedType('subjectLogo', LogotypeInfo().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), namedtype.OptionalNamedType('otherLogos', univ.SequenceOf( - componentType=OtherLogotypeInfo()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) + componentType=OtherLogotypeInfo()).subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 3))) ) + + +# Map of Certificate Extension OIDs to Extensions +# To be added to the ones that are in rfc5280.py + +certificateExtensionsMapUpdate = { + id_pe_logotype: LogotypeExtn(), +} diff --git a/pyasn1_modules/rfc3779.py b/pyasn1_modules/rfc3779.py index b4dd994..125351e 100644 --- a/pyasn1_modules/rfc3779.py +++ b/pyasn1_modules/rfc3779.py @@ -2,6 +2,7 @@ # This file is part of pyasn1-modules software. # # Created by Russ Housley with assistance from asn1ate v.0.6.0. +# Modified by Russ Housley to add maps for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -12,12 +13,12 @@ # https://www.rfc-editor.org/rfc/rfc3779.txt # - from pyasn1.type import constraint from pyasn1.type import namedtype from pyasn1.type import tag from pyasn1.type import univ + # IP Address Delegation Extension id_pe_ipAddrBlocks = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.7') @@ -30,7 +31,6 @@ class IPAddress(univ.BitString): class IPAddressRange(univ.Sequence): pass - IPAddressRange.componentType = namedtype.NamedTypes( namedtype.NamedType('min', IPAddress()), namedtype.NamedType('max', IPAddress()) @@ -40,7 +40,6 @@ IPAddressRange.componentType = namedtype.NamedTypes( class IPAddressOrRange(univ.Choice): pass - IPAddressOrRange.componentType = namedtype.NamedTypes( namedtype.NamedType('addressPrefix', IPAddress()), namedtype.NamedType('addressRange', IPAddressRange()) @@ -50,19 +49,20 @@ IPAddressOrRange.componentType = namedtype.NamedTypes( class IPAddressChoice(univ.Choice): pass - IPAddressChoice.componentType = namedtype.NamedTypes( namedtype.NamedType('inherit', univ.Null()), - namedtype.NamedType('addressesOrRanges', univ.SequenceOf(componentType=IPAddressOrRange())) + namedtype.NamedType('addressesOrRanges', univ.SequenceOf( + componentType=IPAddressOrRange()) + ) ) class IPAddressFamily(univ.Sequence): pass - IPAddressFamily.componentType = namedtype.NamedTypes( - namedtype.NamedType('addressFamily', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(2, 3))), + namedtype.NamedType('addressFamily', univ.OctetString().subtype( + subtypeSpec=constraint.ValueSizeConstraint(2, 3))), namedtype.NamedType('ipAddressChoice', IPAddressChoice()) ) @@ -70,9 +70,9 @@ IPAddressFamily.componentType = namedtype.NamedTypes( class IPAddrBlocks(univ.SequenceOf): pass - IPAddrBlocks.componentType = IPAddressFamily() + # Autonomous System Identifier Delegation Extension id_pe_autonomousSysIds = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.8') @@ -85,7 +85,6 @@ class ASId(univ.Integer): class ASRange(univ.Sequence): pass - ASRange.componentType = namedtype.NamedTypes( namedtype.NamedType('min', ASId()), namedtype.NamedType('max', ASId()) @@ -95,7 +94,6 @@ ASRange.componentType = namedtype.NamedTypes( class ASIdOrRange(univ.Choice): pass - ASIdOrRange.componentType = namedtype.NamedTypes( namedtype.NamedType('id', ASId()), namedtype.NamedType('range', ASRange()) @@ -105,20 +103,31 @@ ASIdOrRange.componentType = namedtype.NamedTypes( class ASIdentifierChoice(univ.Choice): pass - ASIdentifierChoice.componentType = namedtype.NamedTypes( namedtype.NamedType('inherit', univ.Null()), - namedtype.NamedType('asIdsOrRanges', univ.SequenceOf(componentType=ASIdOrRange())) + namedtype.NamedType('asIdsOrRanges', univ.SequenceOf( + componentType=ASIdOrRange()) + ) ) class ASIdentifiers(univ.Sequence): pass - ASIdentifiers.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('asnum', ASIdentifierChoice().subtype( - explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + explicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType('rdi', ASIdentifierChoice().subtype( - explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) + explicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatConstructed, 1))) ) + + +# Map of Certificate Extension OIDs to Extensions +# To be added to the ones that are in rfc5280.py + +certificateExtensionsMapUpdate = { + id_pe_ipAddrBlocks: IPAddrBlocks(), + id_pe_autonomousSysIds: ASIdentifiers(), +} diff --git a/pyasn1_modules/rfc4073.py b/pyasn1_modules/rfc4073.py index 97b6381..9713031 100644 --- a/pyasn1_modules/rfc4073.py +++ b/pyasn1_modules/rfc4073.py @@ -2,6 +2,7 @@ # This file is part of pyasn1-modules software. # # Created by Russ Housley with some assistance from asn1ate v.0.6.0. +# Modified by Russ Housley to add a map for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -45,3 +46,12 @@ ContentWithAttributes.componentType = namedtype.NamedTypes( componentType=rfc5652.Attribute()).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) ) + + +# Map of Content Type OIDs to Content Types +# To be added to the ones that are in rfc5652.py + +cmsContentTypesMapUpdate = { + id_ct_contentCollection: ContentCollection(), + id_ct_contentWithAttrs: ContentWithAttributes(), +}
\ No newline at end of file diff --git a/pyasn1_modules/rfc4108.py b/pyasn1_modules/rfc4108.py index 243f1fb..c5cdfe9 100644 --- a/pyasn1_modules/rfc4108.py +++ b/pyasn1_modules/rfc4108.py @@ -2,6 +2,8 @@ # This file is part of pyasn1-modules software. # # Created by Russ Housley with assistance from asn1ate v.0.6.0. +# Modified by Russ Housley to add items from the verified errata. +# Modified by Russ Housley to add maps for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -10,15 +12,13 @@ # # ASN.1 source from: # https://www.rfc-editor.org/rfc/rfc4108.txt +# https://www.rfc-editor.org/errata_search.php?rfc=4108 # -from pyasn1.type import constraint -from pyasn1.type import namedtype -from pyasn1.type import namedval -from pyasn1.type import tag -from pyasn1.type import univ +from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful +from pyasn1_modules import rfc5280 from pyasn1_modules import rfc5652 MAX = float('inf') @@ -27,7 +27,6 @@ MAX = float('inf') class HardwareSerialEntry(univ.Choice): pass - HardwareSerialEntry.componentType = namedtype.NamedTypes( namedtype.NamedType('all', univ.Null()), namedtype.NamedType('single', univ.OctetString()), @@ -35,14 +34,13 @@ HardwareSerialEntry.componentType = namedtype.NamedTypes( namedtype.NamedType('low', univ.OctetString()), namedtype.NamedType('high', univ.OctetString()) )) - ) + ) ) class HardwareModules(univ.Sequence): pass - HardwareModules.componentType = namedtype.NamedTypes( namedtype.NamedType('hwType', univ.ObjectIdentifier()), namedtype.NamedType('hwSerialEntries', univ.SequenceOf(componentType=HardwareSerialEntry())) @@ -52,17 +50,16 @@ HardwareModules.componentType = namedtype.NamedTypes( class CommunityIdentifier(univ.Choice): pass - CommunityIdentifier.componentType = namedtype.NamedTypes( namedtype.NamedType('communityOID', univ.ObjectIdentifier()), namedtype.NamedType('hwModuleList', HardwareModules()) ) + class PreferredPackageIdentifier(univ.Sequence): pass - PreferredPackageIdentifier.componentType = namedtype.NamedTypes( namedtype.NamedType('fwPkgID', univ.ObjectIdentifier()), namedtype.NamedType('verNum', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))) @@ -72,7 +69,6 @@ PreferredPackageIdentifier.componentType = namedtype.NamedTypes( class PreferredOrLegacyPackageIdentifier(univ.Choice): pass - PreferredOrLegacyPackageIdentifier.componentType = namedtype.NamedTypes( namedtype.NamedType('preferred', PreferredPackageIdentifier()), namedtype.NamedType('legacy', univ.OctetString()) @@ -82,7 +78,6 @@ PreferredOrLegacyPackageIdentifier.componentType = namedtype.NamedTypes( class CurrentFWConfig(univ.Sequence): pass - CurrentFWConfig.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('fwPkgType', univ.Integer()), namedtype.NamedType('fwPkgName', PreferredOrLegacyPackageIdentifier()) @@ -92,10 +87,8 @@ CurrentFWConfig.componentType = namedtype.NamedTypes( class PreferredOrLegacyStalePackageIdentifier(univ.Choice): pass - PreferredOrLegacyStalePackageIdentifier.componentType = namedtype.NamedTypes( - namedtype.NamedType('preferredStaleVerNum', - univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))), + namedtype.NamedType('preferredStaleVerNum', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))), namedtype.NamedType('legacyStaleVersion', univ.OctetString()) ) @@ -103,7 +96,6 @@ PreferredOrLegacyStalePackageIdentifier.componentType = namedtype.NamedTypes( class FirmwarePackageLoadErrorCode(univ.Enumerated): pass - FirmwarePackageLoadErrorCode.namedValues = namedval.NamedValues( ('decodeFailure', 1), ('badContentInfo', 2), @@ -149,11 +141,10 @@ class VendorLoadErrorCode(univ.Integer): pass -# Wrapped Firmware Key Unsigned Attribute and Object Identifiers +# Wrapped Firmware Key Unsigned Attribute and Object Identifier id_aa_wrappedFirmwareKey = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.39') - class WrappedFirmwareKey(rfc5652.EnvelopedData): pass @@ -162,11 +153,9 @@ class WrappedFirmwareKey(rfc5652.EnvelopedData): id_aa_firmwarePackageInfo = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.42') - class FirmwarePackageInfo(univ.Sequence): pass - FirmwarePackageInfo.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('fwPkgType', univ.Integer()), namedtype.OptionalNamedType('dependencies', univ.SequenceOf(componentType=PreferredOrLegacyPackageIdentifier())) @@ -174,44 +163,41 @@ FirmwarePackageInfo.componentType = namedtype.NamedTypes( FirmwarePackageInfo.sizeSpec = univ.Sequence.sizeSpec + constraint.ValueSizeConstraint(1, 2) + # Community Identifiers Signed Attribute and Object Identifier id_aa_communityIdentifiers = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.40') - class CommunityIdentifiers(univ.SequenceOf): pass - CommunityIdentifiers.componentType = CommunityIdentifier() + # Implemented Compression Algorithms Signed Attribute and Object Identifier id_aa_implCompressAlgs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.43') - class ImplementedCompressAlgorithms(univ.SequenceOf): pass - ImplementedCompressAlgorithms.componentType = univ.ObjectIdentifier() + # Implemented Cryptographic Algorithms Signed Attribute and Object Identifier id_aa_implCryptoAlgs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.38') - class ImplementedCryptoAlgorithms(univ.SequenceOf): pass - ImplementedCryptoAlgorithms.componentType = univ.ObjectIdentifier() + # Decrypt Key Identifier Signed Attribute and Object Identifier id_aa_decryptKeyID = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.37') - class DecryptKeyIdentifier(univ.OctetString): pass @@ -220,45 +206,53 @@ class DecryptKeyIdentifier(univ.OctetString): id_aa_targetHardwareIDs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.36') - class TargetHardwareIdentifiers(univ.SequenceOf): pass - TargetHardwareIdentifiers.componentType = univ.ObjectIdentifier() + # Firmware Package Identifier Signed Attribute and Object Identifier id_aa_firmwarePackageID = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.35') - class FirmwarePackageIdentifier(univ.Sequence): pass - FirmwarePackageIdentifier.componentType = namedtype.NamedTypes( namedtype.NamedType('name', PreferredOrLegacyPackageIdentifier()), namedtype.OptionalNamedType('stale', PreferredOrLegacyStalePackageIdentifier()) ) +# Firmware Package Message Digest Signed Attribute and Object Identifier + +id_aa_fwPkgMessageDigest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.41') + +class FirmwarePackageMessageDigest(univ.Sequence): + pass + +FirmwarePackageMessageDigest.componentType = namedtype.NamedTypes( + namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()), + namedtype.NamedType('msgDigest', univ.OctetString()) +) + + # Firmware Package Load Error Report Content Type and Object Identifier class FWErrorVersion(univ.Integer): pass - FWErrorVersion.namedValues = namedval.NamedValues( ('v1', 1) ) -id_ct_firmwareLoadError = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.18') +id_ct_firmwareLoadError = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.18') class FirmwarePackageLoadError(univ.Sequence): pass - FirmwarePackageLoadError.componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('version', FWErrorVersion().subtype(value='v1')), namedtype.NamedType('hwType', univ.ObjectIdentifier()), @@ -266,8 +260,7 @@ FirmwarePackageLoadError.componentType = namedtype.NamedTypes( namedtype.NamedType('errorCode', FirmwarePackageLoadErrorCode()), namedtype.OptionalNamedType('vendorErrorCode', VendorLoadErrorCode()), namedtype.OptionalNamedType('fwPkgName', PreferredOrLegacyPackageIdentifier()), - namedtype.OptionalNamedType('config', univ.SequenceOf(componentType=CurrentFWConfig()).subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) + namedtype.OptionalNamedType('config', univ.SequenceOf(componentType=CurrentFWConfig()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) ) @@ -276,33 +269,30 @@ FirmwarePackageLoadError.componentType = namedtype.NamedTypes( class FWReceiptVersion(univ.Integer): pass - FWReceiptVersion.namedValues = namedval.NamedValues( ('v1', 1) ) -id_ct_firmwareLoadReceipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.17') +id_ct_firmwareLoadReceipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.17') class FirmwarePackageLoadReceipt(univ.Sequence): pass - FirmwarePackageLoadReceipt.componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('version', FWReceiptVersion().subtype(value='v1')), namedtype.NamedType('hwType', univ.ObjectIdentifier()), namedtype.NamedType('hwSerialNum', univ.OctetString()), namedtype.NamedType('fwPkgName', PreferredOrLegacyPackageIdentifier()), namedtype.OptionalNamedType('trustAnchorKeyID', univ.OctetString()), - namedtype.OptionalNamedType('decryptKeyID', univ.OctetString().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) + namedtype.OptionalNamedType('decryptKeyID', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) ) + # Firmware Package Content Type and Object Identifier id_ct_firmwarePackage = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.16') - class FirmwarePkgData(univ.OctetString): pass @@ -311,12 +301,45 @@ class FirmwarePkgData(univ.OctetString): id_on_hardwareModuleName = univ.ObjectIdentifier('1.3.6.1.5.5.7.8.4') - class HardwareModuleName(univ.Sequence): pass - HardwareModuleName.componentType = namedtype.NamedTypes( namedtype.NamedType('hwType', univ.ObjectIdentifier()), namedtype.NamedType('hwSerialNum', univ.OctetString()) ) + + +# Map of Attribute Type OIDs to Attributes +# To be added to the ones that are in rfc5652.py + +cmsAttributesMapUpdate = { + id_aa_wrappedFirmwareKey: WrappedFirmwareKey(), + id_aa_firmwarePackageInfo: FirmwarePackageInfo(), + id_aa_communityIdentifiers: CommunityIdentifiers(), + id_aa_implCompressAlgs: ImplementedCompressAlgorithms(), + id_aa_implCryptoAlgs: ImplementedCryptoAlgorithms(), + id_aa_decryptKeyID: DecryptKeyIdentifier(), + id_aa_targetHardwareIDs: TargetHardwareIdentifiers(), + id_aa_firmwarePackageID: FirmwarePackageIdentifier(), + id_aa_fwPkgMessageDigest: FirmwarePackageMessageDigest(), +} + + +# Map of Content Type OIDs to Content Types +# To be added to the ones that are in rfc5652.py + +cmsContentTypesMapUpdate = { + id_ct_firmwareLoadError: FirmwarePackageLoadError(), + id_ct_firmwareLoadReceipt: FirmwarePackageLoadReceipt(), + id_ct_firmwarePackage: FirmwarePkgData(), +} + + +# Map of Other Name OIDs to Other Name +# To be added to the ones that are in rfc5280.py + +anotherNameMapUpdate = { + id_on_hardwareModuleName: HardwareModuleName(), +} + diff --git a/pyasn1_modules/rfc5035.py b/pyasn1_modules/rfc5035.py index 5cf0d0d..4a70bb0 100644 --- a/pyasn1_modules/rfc5035.py +++ b/pyasn1_modules/rfc5035.py @@ -2,6 +2,7 @@ # This file is part of pyasn1-modules software. # # Created by Russ Housley with assistance from asn1ate v.0.6.0. +# Modified by Russ Housley to add a map for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -187,3 +188,11 @@ _ESSAttributeMapAddition = { } ESSAttributeMap.update(_ESSAttributeMapAddition) + + +# Map of Content Type OIDs to Content Types +# To be added to the ones that are in rfc5652.py + +cmsContentTypesMapUpdate = { + id_ct_receipt: Receipt(), +}
\ No newline at end of file diff --git a/pyasn1_modules/rfc5083.py b/pyasn1_modules/rfc5083.py index d3a7f62..e3df086 100644 --- a/pyasn1_modules/rfc5083.py +++ b/pyasn1_modules/rfc5083.py @@ -1,7 +1,10 @@ # This file is being contributed to of pyasn1-modules software. # # Created by Russ Housley without assistance from the asn1ate tool. -# Copyright (c) 2018, Vigil Security, LLC +# Modified by Russ Housley to add a map for use with opentypes and +# simplify the code for the object identifier assignment. +# +# Copyright (c) 2018, 2019 Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html # # Authenticated-Enveloped-Data for the Cryptographic Message Syntax (CMS) @@ -18,18 +21,9 @@ from pyasn1_modules import rfc5652 MAX = float('inf') -def _buildOid(*components): - output = [] - for x in tuple(components): - if isinstance(x, univ.ObjectIdentifier): - output.extend(list(x)) - else: - output.append(int(x)) - return univ.ObjectIdentifier(output) - - -id_ct_authEnvelopedData = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 23) +# CMS Authenticated-Enveloped-Data Content Type +id_ct_authEnvelopedData = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.23') class AuthEnvelopedData(univ.Sequence): pass @@ -46,3 +40,11 @@ AuthEnvelopedData.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('unauthAttrs', rfc5652.UnauthAttributes().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) ) + + +# Map of Content Type OIDs to Content Types +# To be added to the ones that are in rfc5652.py + +cmsContentTypesMapUpdate = { + id_ct_authEnvelopedData: AuthEnvelopedData(), +}
\ No newline at end of file diff --git a/pyasn1_modules/rfc5940.py b/pyasn1_modules/rfc5940.py index 1998e26..c5ae0c8 100644 --- a/pyasn1_modules/rfc5940.py +++ b/pyasn1_modules/rfc5940.py @@ -2,6 +2,7 @@ # This file is part of pyasn1-modules software. # # Created by Russ Housley with assistance from asn1ate v.0.6.0. +# Modified by Russ Housley to add map for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -44,3 +45,12 @@ SCVPReqRes.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('request', ContentInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('response', ContentInfo()) ) + + +# Map of Revocation Info Format OIDs to Revocation Info Format +# To be added to the ones that are in rfc5652.py + +otherRevInfoFormatMapUpdate = { + id_ri_ocsp_response: OCSPResponse(), + id_ri_scvp: SCVPReqRes(), +} diff --git a/pyasn1_modules/rfc5958.py b/pyasn1_modules/rfc5958.py index 20ace16..32d5857 100644 --- a/pyasn1_modules/rfc5958.py +++ b/pyasn1_modules/rfc5958.py @@ -2,6 +2,7 @@ # This file is being contributed to pyasn1-modules software. # # Created by Russ Housley. +# Modified by Russ Housley to add a map for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -10,16 +11,13 @@ # the PrivateKeyInfo structure in PKCS#8 in RFC 5208 # # ASN.1 source from: -# https://www.rfc-editor.org/rfc/rfc8418.txt +# https://www.rfc-editor.org/rfc/rfc5958.txt -from pyasn1.type import constraint -from pyasn1.type import namedtype -from pyasn1.type import namedval -from pyasn1.type import tag -from pyasn1.type import univ +from pyasn1.type import univ, constraint, namedtype, namedval, tag from pyasn1_modules import rfc5280 + MAX = float('inf') @@ -55,7 +53,7 @@ class Attributes(univ.SetOf): class PublicKey(univ.BitString): - pass + pass # OneAsymmetricKey is essentially version 2 of PrivateKeyInfo. @@ -82,10 +80,16 @@ class PrivateKeyInfo(OneAsymmetricKey): id_ct_KP_aKeyPackage = univ.ObjectIdentifier('2.16.840.1.101.2.1.2.78.5') - class AsymmetricKeyPackage(univ.SequenceOf): pass - AsymmetricKeyPackage.componentType = OneAsymmetricKey() -AsymmetricKeyPackage.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) +AsymmetricKeyPackage.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) + + +# Map of Content Type OIDs to Content Types +# To be added to the ones that are in rfc5652.py + +cmsContentTypesMapUpdate = { + id_ct_KP_aKeyPackage: AsymmetricKeyPackage(), +} diff --git a/pyasn1_modules/rfc6019.py b/pyasn1_modules/rfc6019.py index 9cdf2ab..7816593 100644 --- a/pyasn1_modules/rfc6019.py +++ b/pyasn1_modules/rfc6019.py @@ -1,6 +1,7 @@ # This file is being contributed to pyasn1-modules software. # # Created by Russ Housley. +# Modified by Russ Housley to add a map for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -21,13 +22,20 @@ MAX = float('inf') class BinaryTime(univ.Integer): pass - BinaryTime.subtypeSpec = constraint.ValueRangeConstraint(0, MAX) + # CMS Attribute for representing signing time in BinaryTime id_aa_binarySigningTime = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.46') - class BinarySigningTime(BinaryTime): pass + + +# Map of Attribute Type OIDs to Attributes +# To be added to the ones that are in rfc5652.py + +cmsAttributesMapUpdate = { + id_aa_binarySigningTime: BinarySigningTime(), +} diff --git a/pyasn1_modules/rfc6402.py b/pyasn1_modules/rfc6402.py index 7c9f862..2c847a0 100644 --- a/pyasn1_modules/rfc6402.py +++ b/pyasn1_modules/rfc6402.py @@ -3,18 +3,22 @@ # This file is part of pyasn1-modules software. # # Created by Stanisław Pitucha with asn1ate tool. +# Modified by Russ Housley to add a maps for CMC Control Attributes +# and CMC Content Types for use with opentypes. +# # Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com> # License: http://snmplabs.com/pyasn1/license.html # # Certificate Management over CMS (CMC) Updates # # ASN.1 source from: -# http://www.ietf.org/rfc/rfc6402.txt +# https://www.rfc-editor.org/rfc/rfc6402.txt # from pyasn1.type import char from pyasn1.type import constraint from pyasn1.type import namedtype from pyasn1.type import namedval +from pyasn1.type import opentype from pyasn1.type import tag from pyasn1.type import univ from pyasn1.type import useful @@ -37,6 +41,9 @@ def _buildOid(*components): return univ.ObjectIdentifier(output) +cmcControlAttributesMap = { } + + class ChangeSubjectName(univ.Sequence): pass @@ -384,7 +391,9 @@ class TaggedAttribute(univ.Sequence): TaggedAttribute.componentType = namedtype.NamedTypes( namedtype.NamedType('bodyPartID', BodyPartID()), namedtype.NamedType('attrType', univ.ObjectIdentifier()), - namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue())) + namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()), + openType=opentype.OpenType('attrType', cmcControlAttributesMap) + ) ) @@ -565,3 +574,51 @@ class NoSignatureValue(univ.OctetString): id_ad_cmc = _buildOid(rfc5280.id_ad, 12) id_alg_noSignature = _buildOid(id_pkix, 6, 2) + + +# Map of CMC Control OIDs to CMC Control Attributes + +_cmcControlAttributesMapUpdate = { + id_cmc_statusInfo: CMCStatusInfo(), + id_cmc_statusInfoV2: CMCStatusInfoV2(), + id_cmc_identification: char.UTF8String(), + id_cmc_identityProof: univ.OctetString(), + id_cmc_identityProofV2: IdentifyProofV2(), + id_cmc_dataReturn: univ.OctetString(), + id_cmc_transactionId: univ.Integer(), + id_cmc_senderNonce: univ.OctetString(), + id_cmc_recipientNonce: univ.OctetString(), + id_cmc_addExtensions: AddExtensions(), + id_cmc_encryptedPOP: EncryptedPOP(), + id_cmc_decryptedPOP: DecryptedPOP(), + id_cmc_lraPOPWitness: LraPopWitness(), + id_cmc_getCert: GetCert(), + id_cmc_getCRL: GetCRL(), + id_cmc_revokeRequest: RevokeRequest(), + id_cmc_regInfo: univ.OctetString(), + id_cmc_responseInfo: univ.OctetString(), + id_cmc_queryPending: univ.OctetString(), + id_cmc_popLinkRandom: univ.OctetString(), + id_cmc_popLinkWitness: univ.OctetString(), + id_cmc_popLinkWitnessV2: PopLinkWitnessV2(), + id_cmc_confirmCertAcceptance: CMCCertId(), + id_cmc_trustedAnchors: PublishTrustAnchors(), + id_cmc_authData: AuthPublish(), + id_cmc_batchRequests: BodyPartList(), + id_cmc_batchResponses: BodyPartList(), + id_cmc_publishCert: CMCPublicationInfo(), + id_cmc_modCertTemplate: ModCertTemplate(), + id_cmc_controlProcessed: ControlsProcessed(), + id_ExtensionReq: ExtensionReq(), +} + +cmcControlAttributesMap.update(_cmcControlAttributesMapUpdate) + + +# Map of CMC Content Type OIDs to CMC Content Types +# To be added to the ones that are in rfc5652.py + +cmsContentTypesMapUpdate = { + id_cct_PKIData: PKIData(), + id_cct_PKIResponse: PKIResponse(), +}
\ No newline at end of file diff --git a/pyasn1_modules/rfc7191.py b/pyasn1_modules/rfc7191.py index d3e2f85..167f17a 100644 --- a/pyasn1_modules/rfc7191.py +++ b/pyasn1_modules/rfc7191.py @@ -1,7 +1,9 @@ # This file is being contributed to of pyasn1-modules software. # # Created by Russ Housley without assistance from the asn1ate tool. -# Copyright (c) 2018, Vigil Security, LLC +# Modified by Russ Housley to add support for opentypes. +# +# Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html # # CMS Key Package Receipt and Error Content Types @@ -12,10 +14,12 @@ from pyasn1.type import constraint from pyasn1.type import namedtype from pyasn1.type import namedval +from pyasn1.type import opentype from pyasn1.type import tag from pyasn1.type import univ from pyasn1_modules import rfc5280 +from pyasn1_modules import rfc5652 MAX = float('inf') @@ -41,7 +45,9 @@ class SingleAttribute(univ.Sequence): SingleAttribute.componentType = namedtype.NamedTypes( namedtype.NamedType('attrType', univ.ObjectIdentifier()), - namedtype.NamedType('attrValues', AttributeValues()) + namedtype.NamedType('attrValues', AttributeValues(), + openType=opentype.OpenType('attrType', rfc5652.cmsAttributesMap) + ) ) @@ -232,3 +238,20 @@ KeyPkgIdentifierAndReceiptReq.componentType = namedtype.NamedTypes( namedtype.NamedType('pkgID', KeyPkgID()), namedtype.OptionalNamedType('receiptReq', KeyPkgReceiptReq()) ) + + +# Map of Attribute Type OIDs to Attributes +# To be added to the ones that are in rfc5652.py + +cmsAttributesMapUpdate = { + id_aa_KP_keyPkgIdAndReceiptReq: KeyPkgIdentifierAndReceiptReq(), +} + + +# Map of Content Type OIDs to Content Types +# To be added to the ones that are in rfc5652.py + +cmsContentTypesMapUpdate = { + id_ct_KP_keyPackageError: KeyPackageError(), + id_ct_KP_keyPackageReceipt: KeyPackageReceipt(), +}
\ No newline at end of file diff --git a/pyasn1_modules/rfc8226.py b/pyasn1_modules/rfc8226.py index 1f18389..b7df0b5 100644 --- a/pyasn1_modules/rfc8226.py +++ b/pyasn1_modules/rfc8226.py @@ -1,7 +1,8 @@ # This file is being contributed to pyasn1-modules software. # # Created by Russ Housley with assistance from the asn1ate tool, with manual -# changes to implement appropriate constraints and added comments +# changes to implement appropriate constraints and added comments. +# Modified by Russ Housley to add maps for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -17,6 +18,7 @@ from pyasn1.type import namedtype from pyasn1.type import tag from pyasn1.type import univ + MAX = float('inf') @@ -38,43 +40,44 @@ class JWTClaimName(char.IA5String): class JWTClaimNames(univ.SequenceOf): pass - JWTClaimNames.componentType = JWTClaimName() -JWTClaimNames.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) +JWTClaimNames.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) class JWTClaimPermittedValues(univ.Sequence): pass - JWTClaimPermittedValues.componentType = namedtype.NamedTypes( namedtype.NamedType('claim', JWTClaimName()), - namedtype.NamedType('permitted', univ.SequenceOf(componentType=char.UTF8String()).subtype( - subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) + namedtype.NamedType('permitted', univ.SequenceOf( + componentType=char.UTF8String()).subtype( + subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) ) class JWTClaimPermittedValuesList(univ.SequenceOf): pass - JWTClaimPermittedValuesList.componentType = JWTClaimPermittedValues() -JWTClaimPermittedValuesList.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) +JWTClaimPermittedValuesList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) class JWTClaimConstraints(univ.Sequence): pass - JWTClaimConstraints.componentType = namedtype.NamedTypes( - namedtype.OptionalNamedType('mustInclude', JWTClaimNames().subtype( - explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.OptionalNamedType('permittedValues', JWTClaimPermittedValuesList().subtype( - explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) + namedtype.OptionalNamedType('mustInclude', + JWTClaimNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('permittedValues', + JWTClaimPermittedValuesList().subtype(explicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatSimple, 1))) ) + JWTClaimConstraints.sizeSpec = univ.Sequence.sizeSpec + constraint.ValueSizeConstraint(1, 2) + id_pe_JWTClaimConstraints = _OID(1, 3, 6, 1, 5, 5, 7, 1, 27) @@ -85,44 +88,57 @@ class ServiceProviderCode(char.IA5String): class TelephoneNumber(char.IA5String): pass - TelephoneNumber.subtypeSpec = constraint.ConstraintsIntersection( constraint.ValueSizeConstraint(1, 15), - constraint.PermittedAlphabetConstraint('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '#', '*') + constraint.PermittedAlphabetConstraint( + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '#', '*') ) class TelephoneNumberRange(univ.Sequence): pass - TelephoneNumberRange.componentType = namedtype.NamedTypes( namedtype.NamedType('start', TelephoneNumber()), - namedtype.NamedType('count', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(2, MAX))) + namedtype.NamedType('count', + univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(2, MAX))) ) class TNEntry(univ.Choice): pass - TNEntry.componentType = namedtype.NamedTypes( - namedtype.NamedType('spc', ServiceProviderCode().subtype( - explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.NamedType('range', TelephoneNumberRange().subtype( - explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.NamedType('spc', + ServiceProviderCode().subtype(explicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatSimple, 0))), + namedtype.NamedType('range', + TelephoneNumberRange().subtype(explicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatConstructed, 1))), namedtype.NamedType('one', - TelephoneNumber().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) + TelephoneNumber().subtype(explicitTag=tag.Tag(tag.tagClassContext, + tag.tagFormatSimple, 2))) ) class TNAuthorizationList(univ.SequenceOf): pass - TNAuthorizationList.componentType = TNEntry() -TNAuthorizationList.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) +TNAuthorizationList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) + id_pe_TNAuthList = _OID(1, 3, 6, 1, 5, 5, 7, 1, 26) + id_ad_stirTNList = _OID(1, 3, 6, 1, 5, 5, 7, 48, 14) + + +# Map of Certificate Extension OIDs to Extensions +# To be added to the ones that are in rfc5280.py + +certificateExtensionsMapUpdate = { + id_pe_TNAuthList: TNAuthorizationList(), + id_pe_JWTClaimConstraints: JWTClaimConstraints(), +} + diff --git a/pyasn1_modules/rfc8520.py b/pyasn1_modules/rfc8520.py index 7bac2f1..8e4adf3 100644 --- a/pyasn1_modules/rfc8520.py +++ b/pyasn1_modules/rfc8520.py @@ -2,6 +2,7 @@ # This file is part of pyasn1-modules software. # # Created by Russ Housley with assistance from asn1ate v.0.6.0. +# Modified by Russ Housley to add maps for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html @@ -36,3 +37,20 @@ class MUDsignerSyntax(rfc5280.Name): # Object Identifier for CMS Content Type for a MUD file id_ct_mudtype = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.41') + + +# Map of Certificate Extension OIDs to Extensions +# To be added to the ones that are in rfc5280.py + +certificateExtensionsMapUpdate = { + id_pe_mud_url: MUDURLSyntax(), + id_pe_mudsigner: MUDsignerSyntax(), +} + + +# Map of Content Type OIDs to Content Types +# To be added to the ones that are in rfc5652.py + +cmsContentTypesMapUpdate = { + id_ct_mudtype: univ.OctetString(), +}
\ No newline at end of file diff --git a/requirements.txt b/requirements.txt index 2c51a6a..17f9fb5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,3 @@ -pyasn1>=0.4.1,<0.5.0 +#pyasn1>=0.4.1,<0.5.0 +# pull unreleased pyasn1 +-e git://github.com/etingof/pyasn1.git#egg=pyasn1 diff --git a/tests/test_rfc2634.py b/tests/test_rfc2634.py index 9b52f99..c024173 100755 --- a/tests/test_rfc2634.py +++ b/tests/test_rfc2634.py @@ -82,33 +82,33 @@ mNTr0mjYeUWRe/15IsWNx+kuFcLDr71DFHvMFY5M3sdfMA== class SignedReceiptTestCase(unittest.TestCase): signed_receipt_pem_text = """\ -MIIE3gYJKoZIhvcNAQcCoIIEzzCCBMsCAQMxDTALBglghkgBZQMEAgEwga4GCyqG -SIb3DQEJ EAEBoIGeBIGbMIGYAgEBBgkqhkiG9w0BBwEEIMdPIQ9kJ1cI9Q6HkRC -zbXWdD331uAUCL3MM FXP4KFOjBGYwZAIwOLV5WCbYjy5HLHE69IqXQQHVDJQzmo -18WwkFrEYH3EMsvpXEIGqsFTFN 6NV4VBe9AjA5fGOCP5IhI32YqmGfs+zDlqZyb -2xSX6Gr/IfCIm0angfOI39g7lAZDyivjh5H /oSgggJ3MIICczCCAfqgAwIBAgIJ -AKWzVCgbsG48MAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT AlVTMQswCQYDVQQIDAJ -WQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9ndXMgQ0Ew HhcNMTkwNT -I5MTkyMDEzWhcNMjAwNTI4MTkyMDEzWjBsMQswCQYDVQQGEwJVUzELMAkGA1UE C -BMCVkExEDAOBgNVBAcTB0hlcm5kb24xEDAOBgNVBAoTB0V4YW1wbGUxDDAKBgNVB -AMTA0Jv YjEeMBwGCSqGSIb3DQEJARYPYm9iQGV4YW1wbGUuY29tMHYwEAYHKoZI -zj0CAQYFK4EEACID YgAEMaRiVS8WvN8Ycmpfq75jBbOMUukNfXAg6AL0JJBXtIF -AuIJcZVlkLn/xbywkcMLHK/O+ w9RWUQa2Cjw+h8b/1Cl+gIpqLtE558bD5PfM2a -YpJ/YE6yZ9nBfTQs7z1TH5o4GUMIGRMAsG A1UdDwQEAwIHgDBCBglghkgBhvhCA -Q0ENRYzVGhpcyBjZXJ0aWZpY2F0ZSBjYW5ub3QgYmUg dHJ1c3RlZCBmb3IgYW55 -IHB1cnBvc2UuMB0GA1UdDgQWBBTKa2Zy3iybV3+YjuLDKtNmjsIa pTAfBgNVHSM -EGDAWgBTyNds0BNqlVfK9aQOZsGLs4hUIwTAKBggqhkjOPQQDAwNnADBkAjAV bo -S6OfEYQomLDi2RUkd71hzwwiQZztbxNbosahIzjR8ZQaHhjdjJlrP/T6aXBwsCMD -fRweYz 3Ce4E4wPfoqQnvqpM7ZlfhstjQQGOsWAtIIfqW/l+TgCO8ux3XLV6fj36 -zGCAYkwggGFAgEB MEwwPzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMRAwDgYD -VQQHDAdIZXJuZG9uMREwDwYD VQQKDAhCb2d1cyBDQQIJAKWzVCgbsG48MAsGCWC -GSAFlAwQCAaCBrjAaBgkqhkiG9w0BCQMx DQYLKoZIhvcNAQkQAQEwHAYJKoZIhv -cNAQkFMQ8XDTE5MDUyOTE5MzU1NVowLwYJKoZIhvcN AQkEMSIEIGb9Hm2kCnM0C -YNpZU4Uj7dN0AzOieIn9sDqZMcIcZrEMEEGCyqGSIb3DQEJEAIF MTIEMBZzeHVj -a7fQ62ywyh8rtKzBP1WJooMdZ+8c6pRqfIESYIU5bQnH99OPA51QCwdOdjAK Bgg -qhkjOPQQDAgRoMGYCMQDZiT22xgab6RFMAPvN4fhWwzx017EzttD4VaYrpbolrop -BdPJ6 jIXiZQgCwxbGTCwCMQClaQ9K+L5LTeuW50ZKSIbmBZQ5dxjtnK3OlS7hYR -i6U0JKZmWbbuS8 vFIgX7eIkd8= +MIIE3gYJKoZIhvcNAQcCoIIEzzCCBMsCAQMxDTALBglghkgBZQMEAgEwga4GCyq +GSIb3DQEJEAEBoIGeBIGbMIGYAgEBBgkqhkiG9w0BBwEEIMdPIQ9kJ1cI9Q6HkR +CzbXWdD331uAUCL3MMFXP4KFOjBGYwZAIwOLV5WCbYjy5HLHE69IqXQQHVDJQzm +o18WwkFrEYH3EMsvpXEIGqsFTFN6NV4VBe9AjA5fGOCP5IhI32YqmGfs+zDlqZy +b2xSX6Gr/IfCIm0angfOI39g7lAZDyivjh5H/oSgggJ3MIICczCCAfqgAwIBAgI +JAKWzVCgbsG48MAoGCCqGSM49BAMDMD8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDA +JWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9ndXMgQ0EwHhcNMTkwN +TI5MTkyMDEzWhcNMjAwNTI4MTkyMDEzWjBsMQswCQYDVQQGEwJVUzELMAkGA1UE +CBMCVkExEDAOBgNVBAcTB0hlcm5kb24xEDAOBgNVBAoTB0V4YW1wbGUxDDAKBgN +VBAMTA0JvYjEeMBwGCSqGSIb3DQEJARYPYm9iQGV4YW1wbGUuY29tMHYwEAYHKo +ZIzj0CAQYFK4EEACIDYgAEMaRiVS8WvN8Ycmpfq75jBbOMUukNfXAg6AL0JJBXt +IFAuIJcZVlkLn/xbywkcMLHK/O+w9RWUQa2Cjw+h8b/1Cl+gIpqLtE558bD5PfM +2aYpJ/YE6yZ9nBfTQs7z1TH5o4GUMIGRMAsGA1UdDwQEAwIHgDBCBglghkgBhvh +CAQ0ENRYzVGhpcyBjZXJ0aWZpY2F0ZSBjYW5ub3QgYmUgdHJ1c3RlZCBmb3IgYW +55IHB1cnBvc2UuMB0GA1UdDgQWBBTKa2Zy3iybV3+YjuLDKtNmjsIapTAfBgNVH +SMEGDAWgBTyNds0BNqlVfK9aQOZsGLs4hUIwTAKBggqhkjOPQQDAwNnADBkAjAV +boS6OfEYQomLDi2RUkd71hzwwiQZztbxNbosahIzjR8ZQaHhjdjJlrP/T6aXBws +CMDfRweYz3Ce4E4wPfoqQnvqpM7ZlfhstjQQGOsWAtIIfqW/l+TgCO8ux3XLV6f +j36zGCAYkwggGFAgEBMEwwPzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMRAwD +gYDVQQHDAdIZXJuZG9uMREwDwYDVQQKDAhCb2d1cyBDQQIJAKWzVCgbsG48MAsG +CWCGSAFlAwQCAaCBrjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQEwHAYJKoZ +IhvcNAQkFMQ8XDTE5MDUyOTE5MzU1NVowLwYJKoZIhvcNAQkEMSIEIGb9Hm2kCn +M0CYNpZU4Uj7dN0AzOieIn9sDqZMcIcZrEMEEGCyqGSIb3DQEJEAIFMTIEMBZze +HVja7fQ62ywyh8rtKzBP1WJooMdZ+8c6pRqfIESYIU5bQnH99OPA51QCwdOdjAK +BggqhkjOPQQDAgRoMGYCMQDZiT22xgab6RFMAPvN4fhWwzx017EzttD4VaYrpbo +lropBdPJ6jIXiZQgCwxbGTCwCMQClaQ9K+L5LTeuW50ZKSIbmBZQ5dxjtnK3OlS +7hYRi6U0JKZmWbbuS8vFIgX7eIkd8= """ def setUp(self): @@ -133,6 +133,7 @@ i6U0JKZmWbbuS8 vFIgX7eIkd8= assert not rest assert receipt.prettyPrint() assert der_encode(receipt) == sd['encapContentInfo']['eContent'] + assert receipt['version'] == rfc2634.ESSVersion().subtype(value='v1') for sa in sd['signerInfos'][0]['signedAttrs']: sat = sa['attrType'] @@ -144,6 +145,35 @@ i6U0JKZmWbbuS8 vFIgX7eIkd8= assert sav.prettyPrint() assert der_encode(sav) == sav0 + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.signed_receipt_pem_text) + rfc5652.cmsContentTypesMap.update(rfc2634.cmsContentTypesMapUpdate) + rfc5652.cmsAttributesMap.update(rfc2634.ESSAttributeMap) + asn1Object, rest = der_decode(substrate, + asn1Spec=self.asn1Spec, decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap.keys() + assert asn1Object['contentType'] == rfc5652.id_signedData + + sd = asn1Object['content'] + assert sd['version'] == rfc5652.CMSVersion().subtype(value='v3') + assert sd['encapContentInfo']['eContentType'] in rfc5652.cmsContentTypesMap.keys() + assert sd['encapContentInfo']['eContentType'] == rfc2634.id_ct_receipt + + for sa in sd['signerInfos'][0]['signedAttrs']: + assert sa['attrType'] in rfc5652.cmsAttributesMap.keys() + if sa['attrType'] == rfc2634.id_aa_msgSigDigest: + sa['attrValues'][0].prettyPrint()[:10] == '0x167378' + + # Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot + # automatically decode it + receipt, rest = der_decode(sd['encapContentInfo']['eContent'], + asn1Spec=rfc5652.cmsContentTypesMap[sd['encapContentInfo']['eContentType']]) + assert receipt['version'] == rfc2634.ESSVersion().subtype(value='v1') + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) diff --git a/tests/test_rfc3274.py b/tests/test_rfc3274.py index fbf44a2..516884a 100644 --- a/tests/test_rfc3274.py +++ b/tests/test_rfc3274.py @@ -55,6 +55,22 @@ XQ7u2qbaKFtZ7V96NH8ApkUFkg== assert cd['compressionAlgorithm']['algorithm'] == rfc3274.id_alg_zlibCompress assert cd['encapContentInfo']['eContentType'] == rfc5652.id_data + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.compressed_data_pem_text) + + rfc5652.cmsContentTypesMap.update(rfc3274.cmsContentTypesMapUpdate) + asn1Object, rest = der_decode(substrate, + asn1Spec=self.asn1Spec, + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + assert asn1Object['contentType'] == rfc3274.id_ct_compressedData + cd = asn1Object['content'] + assert cd['compressionAlgorithm']['algorithm'] == rfc3274.id_alg_zlibCompress + assert cd['encapContentInfo']['eContentType'] == rfc5652.id_data + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) if __name__ == '__main__': diff --git a/tests/test_rfc3709.py b/tests/test_rfc3709.py index dbe1edf..7d9b54f 100644..100755 --- a/tests/test_rfc3709.py +++ b/tests/test_rfc3709.py @@ -60,9 +60,23 @@ Pj22pmfmQi5w21UljqoTj/+lQLkU3wfy5BdVKBwI0GfEA+YL3ctSzPNqAA== assert not rest assert logotype.prettyPrint() assert der_encoder.encode(logotype) == s - assert logotype['subjectLogo']['direct']['image'][0]['imageDetails']['mediaType'] == "image/png" - assert logotype['subjectLogo']['direct']['image'][0]['imageDetails']['logotypeURI'][ - 0] == "http://www.vigilsec.com/vigilsec_logo.png" + ids = logotype['subjectLogo']['direct']['image'][0]['imageDetails'] + assert ids['mediaType'] == "image/png" + assert ids['logotypeURI'][0] == "http://www.vigilsec.com/vigilsec_logo.png" + + def testExtensionsMap(self): + substrate = pem.readBase64fromText(self.pem_text) + rfc5280.certificateExtensionsMap.update(rfc3709.certificateExtensionsMapUpdate) + asn1Object, rest = der_decoder.decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert der_encoder.encode(asn1Object) == substrate + + for extn in asn1Object['tbsCertificate']['extensions']: + if extn['extnID'] in rfc5280.certificateExtensionsMap.keys(): + extnValue, rest = der_decoder.decode(extn['extnValue'], + asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) + assert der_encoder.encode(extnValue) == extn['extnValue'] suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) diff --git a/tests/test_rfc3779.py b/tests/test_rfc3779.py index bebe06c..eb2a2df 100644 --- a/tests/test_rfc3779.py +++ b/tests/test_rfc3779.py @@ -74,6 +74,22 @@ V+vo2L72yerdbsP9xjqvhZrLKfsLZjYK4SdYYthi assert as_ids.prettyPrint() assert der_encoder.encode(as_ids) == s + def testExtensionsMap(self): + substrate = pem.readBase64fromText(self.pem_text) + rfc5280.certificateExtensionsMap.update(rfc3779.certificateExtensionsMapUpdate) + asn1Object, rest = der_decoder.decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert der_encoder.encode(asn1Object) == substrate + + for extn in asn1Object['tbsCertificate']['extensions']: + if extn['extnID'] == rfc3779.id_pe_ipAddrBlocks or \ + extn['extnID'] == rfc3779.id_pe_autonomousSysIds: + + extnValue, rest = der_decoder.decode(extn['extnValue'], + asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) + assert der_encoder.encode(extnValue) == extn['extnValue'] + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) diff --git a/tests/test_rfc4073.py b/tests/test_rfc4073.py index fc55bf5..bdc04c4 100644 --- a/tests/test_rfc4073.py +++ b/tests/test_rfc4073.py @@ -14,6 +14,7 @@ from pyasn1.codec.der.encoder import encode as der_encode from pyasn1.type import univ from pyasn1_modules import pem +from pyasn1_modules import rfc2634 from pyasn1_modules import rfc4073 from pyasn1_modules import rfc5652 @@ -78,20 +79,13 @@ buWO3egPDL8Kf7tBhzjIKLw= if content_type == rfc4073.id_ct_contentWithAttrs: for attr in asn1Object['attrs']: - assert attr['attrType'] in attribute_list + assert attr['attrType'] in rfc5652.cmsAttributesMap.keys() return asn1Object - attribute_list = ( - univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.4'), - univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.7'), - ) - - layers = { - rfc5652.id_ct_contentInfo: rfc5652.ContentInfo(), - rfc4073.id_ct_contentCollection: rfc4073.ContentCollection(), - rfc4073.id_ct_contentWithAttrs: rfc4073.ContentWithAttributes(), - } + rfc5652.cmsAttributesMap.update(rfc2634.ESSAttributeMap) + rfc5652.cmsContentTypesMap.update(rfc4073.cmsContentTypesMapUpdate) + layers = rfc5652.cmsContentTypesMap getNextLayer = { rfc5652.id_ct_contentInfo: lambda x: x['contentType'], @@ -125,6 +119,33 @@ buWO3egPDL8Kf7tBhzjIKLw= substrate = getNextSubstrate[this_layer](asn1Object) this_layer = getNextLayer[this_layer](asn1Object) + def testOpenTypes(self): + + substrate = pem.readBase64fromText(self.pem_text) + + rfc5652.cmsAttributesMap.update(rfc2634.ESSAttributeMap) + rfc5652.cmsContentTypesMap.update(rfc4073.cmsContentTypesMapUpdate) + asn1Object, rest = der_decode(substrate, + asn1Spec=rfc5652.ContentInfo(), + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + assert asn1Object['contentType'] == rfc4073.id_ct_contentCollection + for ci in asn1Object['content']: + assert ci['contentType'] in rfc5652.cmsContentTypesMap.keys() + assert ci['contentType'] == rfc4073.id_ct_contentWithAttrs + next_ci = ci['content']['content'] + assert next_ci['contentType'] in rfc5652.cmsContentTypesMap.keys() + assert next_ci['contentType'] == rfc5652.id_data + assert 'Content-Type: text' in next_ci['content'] + + for attr in ci['content']['attrs']: + assert attr['attrType'] in rfc5652.cmsAttributesMap.keys() + if attr['attrType'] == rfc2634.id_aa_contentHint: + assert 'RFC 4073' in attr['attrValues'][0]['contentDescription'] + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) diff --git a/tests/test_rfc4108.py b/tests/test_rfc4108.py index 49514b1..c611b0e 100644 --- a/tests/test_rfc4108.py +++ b/tests/test_rfc4108.py @@ -23,7 +23,7 @@ except ImportError: class CMSFirmwareWrapperTestCase(unittest.TestCase): pem_text = """\ -MIIEdwYJKoZIhvcNAQcCoIIEaDCCBGQCAQExDTALBglghkgBZQMEAgEwggIVBgsq +MIIEvAYJKoZIhvcNAQcCoIIErTCCBKkCAQExDTALBglghkgBZQMEAgEwggIVBgsq hkiG9w0BCRABEKCCAgQEggIA3ntqPr5kDpx+//pgWGfHCH/Ht4pbenGwXv80txyE Y0I2mT9BUGz8ILkbhD7Xz89pBS5KhEJpthxH8WREJtvS+wL4BqYLt23wjWoZy5Gt 5dPzWgaNlV/aQ5AdfAY9ljmnNYnK8D8r8ur7bQM4cKUdxry+QA0nqXHMAOSpx4Um @@ -35,18 +35,20 @@ RJNFP9vpDM8CxJIqcobC5Kuv8b0GqGfGl6ouuQKEVMfBcrupgjk3oc3KL1iVdSr1 /D9dmiFiErDB3Fzr4+8Qz0aKedNE/1uvM+dhu9qjuRdkDzZ4S7txTfk6y9pG9iyk aEeTV2kElKXblgi+Cf0Ut4f5he8rt6jveHdMo9X36YiUQVvevj2cgN7lFivEnFYV QY0xugpP7lvEFDfsi2+0ozgP8EKOLYaCUKpuvttlYJ+vdtUFEijizEZ4cx02RsXm -EesxggI1MIICMQIBA4AUnutnybladNRNLxY5ZoDoAbXLpJwwCwYJYIZIAWUDBAIB -oHgwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEQMCkGCyqGSIb3DQEJEAIkMRoG -CysGAQQBjb9BAQEqBgsrBgEEAY2/QQEBMDAvBgkqhkiG9w0BCQQxIgQgAJfvuasB -4P6WDLOkOyvj33YPgZW4olHbidzyh1EKP9YwCwYJKoZIhvcNAQELBIIBgDn0y+4B -cCX7ICovWcyWf0IxNXx7+1VlYneAZ8pMBaKu+6q7jRFZ+QsQFFbQ1yPO/3Pr2wVb -UJSJAL4QCJDurJ42LdPQIOGIV2aWq70vl6B9yt6svEdjxJ3XkopwcCBXLcB1Hp9b -6wYZzSFCujOlsABJiz2gMD6wUT4lq7RJO31LEPxx/Va4Ftp1F4okmgL8VpMemihU -atRXpIhedfli+TWEtMmoxcX3paLcU7MmJFUAwkHmb8rSRF5VBy5QWcNgzzskof0W -mCR/8bZjqR/g3VlFPyz7zOCxG/wIdZVAb4O/QP8fC0GhyHNE+NX6d+GI8RPpRyMf -5RfCCsHwbApCv8+tpFslYzwvUTIFx0y9zVrnkz/UrDjZtrKxLC0oRJlnlnKR1unm -lbolB9c2p60/mZHwQhLM5CjeYcMX3mMVJo4jqag+8o48CibW50h8y21usKaeA9b0 -9EMxfG3KaaP5mMEOZMpeGdUKQSJYweDstxlrY5ajPbeOycdMv7tRNoLpyw== +EesxggJ6MIICdgIBA4AUnutnybladNRNLxY5ZoDoAbXLpJwwCwYJYIZIAWUDBAIB +oIG8MBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABEDArBgsqhkiG9w0BCRACJDEc +MBoGCysGAQQBjb9BAQEqBgsrBgEEAY2/QQEBMDAvBgkqhkiG9w0BCQQxIgQgAJfv +uasB4P6WDLOkOyvj33YPgZW4olHbidzyh1EKP9YwQAYLKoZIhvcNAQkQAikxMTAv +MAsGCWCGSAFlAwQCAQQgAJfvuasB4P6WDLOkOyvj33YPgZW4olHbidzyh1EKP9Yw +CwYJKoZIhvcNAQELBIIBgDivAlSLbMPPu+zV+pPcYpNp+A1mwVOytjMBzSo31kR/ +qEu+hVrDknAOk9IdCaDvcz612CcfNT85/KzrYvWWxOP2woU/vZj253SnndALpfNN +n3/crJjF6hKgkjUwoXebI7kuj5WCh2q5lkd6xUa+jkCw+CINcN43thtS66UsVI4d +mv02EvsS2cxPY/508uaQZ6AYAacm667bgX8xEjbzACMOeMCuvKQXWAuh3DkNk+gV +xizHDw7xZxXgMGMAnJglAeBtd3Si5ztILw9U2gKUqFn/nOgy+eW63JuU/q31/Hgg +ZATjyBznSzneTZrw8/ePoSCj7E9vBeCTUkeFbVB2tJK1iYDMblp6HUuwgYuGKXy/ +ZwKL3GvB11qg7ntdEyjdLq0xcVrht/K0d2dPo4iO4Ac7c1xbFMDAlWOt4FMPWh6O +iTh55YvT7hAJjTbB5ebgMA9QJnAczQPFnaIePnlFrkETd3YyLK4yHwnoIGo1GiW/ +dsnhVtIdkPtfJIvcYteYJg== """ def setUp(self): @@ -67,11 +69,43 @@ lbolB9c2p60/mZHwQhLM5CjeYcMX3mMVJo4jqag+8o48CibW50h8y21usKaeA9b0 assert inner['encapContentInfo']['eContentType'] == rfc4108.id_ct_firmwarePackage assert inner['encapContentInfo']['eContent'] - found_target_hardware_identifier_attribute = False + attribute_list = [ ] for attr in inner['signerInfos'][0]['signedAttrs']: + attribute_list.append(attr['attrType']) if attr['attrType'] == rfc4108.id_aa_targetHardwareIDs: - found_target_hardware_identifier_attribute = True - assert found_target_hardware_identifier_attribute + av, rest = der_decode(attr['attrValues'][0], + asn1Spec=rfc4108.TargetHardwareIdentifiers()) + assert len(av) == 2 + for oid in av: + assert '1.3.6.1.4.1.221121.1.1.' in oid.prettyPrint() + + assert rfc5652.id_contentType in attribute_list + assert rfc5652.id_messageDigest in attribute_list + assert rfc4108.id_aa_targetHardwareIDs in attribute_list + assert rfc4108.id_aa_fwPkgMessageDigest in attribute_list + + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.pem_text) + + rfc5652.cmsContentTypesMap.update(rfc4108.cmsContentTypesMapUpdate) + rfc5652.cmsAttributesMap.update(rfc4108.cmsAttributesMapUpdate) + asn1Object, rest = der_decode(substrate, + asn1Spec=self.asn1Spec, + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + assert asn1Object['contentType'] == rfc5652.id_signedData + sd_eci = asn1Object['content']['encapContentInfo'] + assert sd_eci['eContentType'] == rfc4108.id_ct_firmwarePackage + assert sd_eci['eContent'].hasValue() + + for attr in asn1Object['content']['signerInfos'][0]['signedAttrs']: + assert attr['attrType'] in rfc5652.cmsAttributesMap.keys() + if attr['attrType'] == rfc4108.id_aa_targetHardwareIDs: + for oid in attr['attrValues'][0]: + assert '1.3.6.1.4.1.221121.1.1.' in oid.prettyPrint() suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) diff --git a/tests/test_rfc5035.py b/tests/test_rfc5035.py index 022d149..1c605bc 100755 --- a/tests/test_rfc5035.py +++ b/tests/test_rfc5035.py @@ -144,6 +144,35 @@ vFIgX7eIkd8= assert sav.prettyPrint() assert der_encode(sav) == sav0 + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.signed_receipt_pem_text) + rfc5652.cmsContentTypesMap.update(rfc5035.cmsContentTypesMapUpdate) + rfc5652.cmsAttributesMap.update(rfc5035.ESSAttributeMap) + asn1Object, rest = der_decode(substrate, + asn1Spec=self.asn1Spec, decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap.keys() + assert asn1Object['contentType'] == rfc5652.id_signedData + + sd = asn1Object['content'] + assert sd['version'] == rfc5652.CMSVersion().subtype(value='v3') + assert sd['encapContentInfo']['eContentType'] in rfc5652.cmsContentTypesMap.keys() + assert sd['encapContentInfo']['eContentType'] == rfc5035.id_ct_receipt + + for sa in sd['signerInfos'][0]['signedAttrs']: + assert sa['attrType'] in rfc5652.cmsAttributesMap.keys() + if sa['attrType'] == rfc5035.id_aa_msgSigDigest: + sa['attrValues'][0].prettyPrint()[:10] == '0x167378' + + # Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot + # automatically decode it + receipt, rest = der_decode(sd['encapContentInfo']['eContent'], + asn1Spec=rfc5652.cmsContentTypesMap[sd['encapContentInfo']['eContentType']]) + assert receipt['version'] == rfc5035.ESSVersion().subtype(value='v1') + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) diff --git a/tests/test_rfc5083.py b/tests/test_rfc5083.py index 08eabfb..5e3b47f 100644..100755 --- a/tests/test_rfc5083.py +++ b/tests/test_rfc5083.py @@ -2,7 +2,7 @@ # This file is part of pyasn1-modules software. # # Created by Russ Housley -# Copyright (c) 2018, Vigil Security, LLC +# Copyright (c) 2018, 2019 Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html # @@ -12,7 +12,9 @@ from pyasn1.codec.der import decoder as der_decoder from pyasn1.codec.der import encoder as der_encoder from pyasn1_modules import pem +from pyasn1_modules import rfc5652 from pyasn1_modules import rfc5083 +from pyasn1_modules import rfc5035 try: import unittest2 as unittest @@ -47,6 +49,50 @@ ur76ztut3sr4iIANmvLRbyFUf87+2bPvLQQMoOWSXMGE4BckY8RM assert der_encoder.encode(asn1Object) == substrate +class AuthEnvelopedDataOpenTypesTestCase(unittest.TestCase): + pem_text = """\ +MIICvQYLKoZIhvcNAQkQARegggKsMIICqAIBADGCAiekggIjBgsqhkiG9w0BCRAN +ATCCAhICAQAEE3B0Zi1rbWM6MTM2MTQxMjIxMTIwDQYLKoZIhvcNAQkQAzAwCwYJ +YIZIAWUDBAEtMIIBsDCCAawCAQKAFJ7rZ8m5WnTUTS8WOWaA6AG1y6ScMA0GCSqG +SIb3DQEBAQUABIIBgHfnHNqDbyyql2NqX6UQggelWMTjwzJJ1L2erbsj1bIAGmpI +sUijw+fX8VOS7v1C9ui2Md9NFgCfkmKLo8T/jELqrk7MpMu09G5zDgeXzJfQDFc1 +15wbrWAUU3XP7XIb6TNOc3xtq4UxA5V6jNUK2XyWKpjzOtM7gm0VWIJGVVlYu+u3 +2LQcCjRFb87kvOY/WEnjxQpCW8g+4V747Ud97dYpMub7TLJiRNZkdHnq8xEGKlXj +VHSgc10lhphe1kFGeCpfJEsqjtN7YsVzf65ri9Z+3FJ1IO4cnMDbzGhyRXkS7a0k +58/miJbSj88PvzKNSURwpu4YHMQQX/mjT2ey1SY4ihPMuxxgTdCa04L0UxaRr7xA +ucz3n2UWShelm3IIjnWRlYdXypnXvKvwCLoeh5mJwUl1JNFPCQkQ487cKRyobUyN +gXQKT4ZDHCgXciwsX5nTsom87Ixp5vqSDJ+DhXA0r/Caiu1vnY5X9GLHSkqgXkgq +gUuu0LfcsQERD8psfQQogbiuZDqJmYt1Iau/pkuGfmeeqeiM3aeQ4NZf9AFZUVWB +GArPNHrvVDA3BgkqhkiG9w0BBwEwGwYJYIZIAWUDBAEuMA4EDMr+ur76ztut3sr4 +iIANmvLRbyFUf87+2bPvLQQMoOWSXMGE4BckY8RMojEwLwYLKoZIhvcNAQkQAgQx +IDAeDBFXYXRzb24sIGNvbWUgaGVyZQYJKoZIhvcNAQcB +""" + + def setUp(self): + self.asn1Spec = rfc5652.ContentInfo() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.pem_text) + rfc5652.cmsAttributesMap.update(rfc5035.ESSAttributeMap) + rfc5652.cmsContentTypesMap.update(rfc5083.cmsContentTypesMapUpdate) + asn1Object, rest = der_decoder.decode(substrate, + asn1Spec=self.asn1Spec, + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encoder.encode(asn1Object) == substrate + + assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap + assert asn1Object['contentType'] == rfc5083.id_ct_authEnvelopedData + authenv = asn1Object['content'] + assert authenv['version'] == rfc5652.CMSVersion().subtype(value='v0') + + for attr in authenv['unauthAttrs']: + assert attr['attrType'] in rfc5652.cmsAttributesMap + if attr['attrType'] == rfc5035.id_aa_contentHint: + assert 'Watson' in attr['attrValues'][0]['contentDescription'] + + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) if __name__ == '__main__': diff --git a/tests/test_rfc5940.py b/tests/test_rfc5940.py index f95be05..9feeedf 100644 --- a/tests/test_rfc5940.py +++ b/tests/test_rfc5940.py @@ -80,17 +80,51 @@ ttTMEpl2prH8bbwo1g== assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_signedData - inner, rest = der_decode(asn1Object['content'], asn1Spec=rfc5652.SignedData()) - assert inner.prettyPrint() + sd, rest = der_decode(asn1Object['content'], + asn1Spec=rfc5652.SignedData()) + assert sd.prettyPrint() - assert inner['encapContentInfo']['eContentType'] == rfc5652.id_data - assert inner['encapContentInfo']['eContent'] - assert inner['crls'][0]['crl']['tbsCertList']['version'] == rfc5280.Version(value='v2') - assert inner['crls'][1]['other']['otherRevInfoFormat'] == rfc5940.id_ri_ocsp_response + assert sd['encapContentInfo']['eContentType'] == rfc5652.id_data + assert sd['encapContentInfo']['eContent'] + v2 = rfc5280.Version(value='v2') + assert sd['crls'][0]['crl']['tbsCertList']['version'] == v2 + ocspr_oid = rfc5940.id_ri_ocsp_response + assert sd['crls'][1]['other']['otherRevInfoFormat'] == ocspr_oid - ocspr, rest = der_decode(inner['crls'][1]['other']['otherRevInfo'], asn1Spec=rfc5940.OCSPResponse()) + ocspr, rest = der_decode(sd['crls'][1]['other']['otherRevInfo'], + asn1Spec=rfc5940.OCSPResponse()) assert ocspr.prettyPrint() - assert ocspr['responseStatus'] == rfc2560.OCSPResponseStatus(value='successful') + success = rfc2560.OCSPResponseStatus(value='successful') + assert ocspr['responseStatus'] == success + + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.pem_text) + + rfc5652.otherRevInfoFormatMap.update(rfc5940.otherRevInfoFormatMapUpdate) + asn1Object, rest = der_decode(substrate, + asn1Spec=self.asn1Spec, + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + assert asn1Object['contentType'] == rfc5652.id_signedData + sd_eci = asn1Object['content']['encapContentInfo'] + assert sd_eci['eContentType'] == rfc5652.id_data + assert sd_eci['eContent'].hasValue() + + for ri in asn1Object['content']['crls']: + if ri.getName() == 'crl': + v2 = rfc5280.Version(value='v2') + assert ri['crl']['tbsCertList']['version'] == v2 + if ri.getName() == 'other': + ori = ri['other'] + ocspr_oid = rfc5940.id_ri_ocsp_response + assert ori['otherRevInfoFormat'] == ocspr_oid + ocspr_status = ori['otherRevInfo']['responseStatus'] + success = rfc2560.OCSPResponseStatus(value='successful') + assert ocspr_status == success + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) diff --git a/tests/test_rfc5958.py b/tests/test_rfc5958.py index 1abc40e..88fb4f1 100644 --- a/tests/test_rfc5958.py +++ b/tests/test_rfc5958.py @@ -11,7 +11,10 @@ import sys from pyasn1.codec.der import decoder as der_decoder from pyasn1.codec.der import encoder as der_encoder +from pyasn1.type import univ + from pyasn1_modules import pem +from pyasn1_modules import rfc5652 from pyasn1_modules import rfc5958 from pyasn1_modules import rfc8410 @@ -44,6 +47,33 @@ Z9w7lshQhqowtrbLDFw4rXAxZuE= assert der_encoder.encode(asn1Object) == substrate +class PrivateKeyOpenTypesTestCase(unittest.TestCase): + asymmetric_key_pkg_pem_text = """\ +MIGEBgpghkgBZQIBAk4FoHYwdDByAgEBMAUGAytlcAQiBCDU7nLb+RNYStW22PH3 +afitOv58KMvx1Pvgl6iPRHVYQqAfMB0GCiqGSIb3DQEJCRQxDwwNQ3VyZGxlIENo +YWlyc4EhABm/RAlphM3+hUG6wWfcO5bIUIaqMLa2ywxcOK1wMWbh +""" + + def setUp(self): + self.asn1Spec = rfc5652.ContentInfo() + + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.asymmetric_key_pkg_pem_text) + rfc5652.cmsContentTypesMap.update(rfc5958.cmsContentTypesMapUpdate) + asn1Object, rest = der_decoder.decode(substrate, + asn1Spec=self.asn1Spec, + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encoder.encode(asn1Object) == substrate + + assert rfc5958.id_ct_KP_aKeyPackage in rfc5652.cmsContentTypesMap.keys() + oneKey = asn1Object['content'][0] + assert oneKey['privateKeyAlgorithm']['algorithm'] == rfc8410.id_Ed25519 + pkcs_9_at_friendlyName = univ.ObjectIdentifier('1.2.840.113549.1.9.9.20') + assert oneKey['attributes'][0]['type'] == pkcs_9_at_friendlyName + + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) if __name__ == '__main__': diff --git a/tests/test_rfc6019.py b/tests/test_rfc6019.py index 664da0e..f66c12c 100644 --- a/tests/test_rfc6019.py +++ b/tests/test_rfc6019.py @@ -37,9 +37,24 @@ class BinarySigningTimeTestCase(unittest.TestCase): assert der_encode(asn1Object) == substrate assert asn1Object['attrType'] == rfc6019.id_aa_binarySigningTime - bintime, rest = der_decode(asn1Object['attrValues'][0], asn1Spec=rfc6019.BinaryTime()) + bintime, rest = der_decode(asn1Object['attrValues'][0], + asn1Spec=rfc6019.BinaryTime()) assert bintime == 0x5cbf8654 + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.pem_text) + + rfc5652.cmsAttributesMap.update(rfc6019.cmsAttributesMapUpdate) + asn1Object, rest = der_decode(substrate, + asn1Spec=self.asn1Spec, + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + assert asn1Object['attrType'] in rfc5652.cmsAttributesMap.keys() + assert asn1Object['attrValues'][0] == 0x5cbf8654 + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) diff --git a/tests/test_rfc7191.py b/tests/test_rfc7191.py index 664ead7..36103bb 100755 --- a/tests/test_rfc7191.py +++ b/tests/test_rfc7191.py @@ -11,6 +11,8 @@ import sys from pyasn1.codec.der.decoder import decode as der_decode from pyasn1.codec.der.encoder import encode as der_encode +from pyasn1.type import univ + from pyasn1_modules import pem from pyasn1_modules import rfc5652 from pyasn1_modules import rfc7191 @@ -80,6 +82,30 @@ goRV+bq4fdgOOj25JFqa80xnXGtQqjm/7NSII5SbdJk+DT7KCkSbkElkbgQ= assert not rest assert sav.prettyPrint() assert der_encode(sav) == sav0 + + package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0=" + package_id = pem.readBase64fromText(package_id_pem_text) + assert sav['pkgID'] == package_id + + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.message1_pem_text) + rfc5652.cmsAttributesMap.update(rfc7191.cmsAttributesMapUpdate) + asn1Object, rest = der_decode (substrate, + asn1Spec=self.asn1Spec, + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + assert asn1Object['contentType'] == rfc5652.id_signedData + v3 = rfc5652.CMSVersion().subtype(value='v3') + assert asn1Object['content']['version'] == v3 + + for sa in asn1Object['content']['signerInfos'][0]['signedAttrs']: + if sa['attrType'] == rfc7191.id_aa_KP_keyPkgIdAndReceiptReq: + package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0=" + package_id = pem.readBase64fromText(package_id_pem_text) + assert sa['attrValues'][0]['pkgID'] == package_id class ReceiptTestCase(unittest.TestCase): @@ -137,6 +163,38 @@ bUcOYuCdivgxVuhlAgIxAPR9JavxziwCbVyBUWOAiKKYfglTgG3AwNmrKDj0NtXUQ9qDmGAc package_id = pem.readBase64fromText(package_id_pem_text) assert receipt['receiptOf']['pkgID'] == package_id + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.message2_pem_text) + rfc5652.cmsContentTypesMap.update(rfc7191.cmsContentTypesMapUpdate) + rfc5652.cmsAttributesMap.update(rfc7191.cmsAttributesMapUpdate) + asn1Object, rest = der_decode (substrate, + asn1Spec=self.asn1Spec, + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + assert asn1Object['contentType'] == rfc5652.id_signedData + v3 = rfc5652.CMSVersion().subtype(value='v3') + assert asn1Object['content']['version'] == v3 + + for sa in asn1Object['content']['signerInfos'][0]['signedAttrs']: + assert sa['attrType'] in rfc5652.cmsAttributesMap.keys() + if sa['attrType'] == rfc5652.id_messageDigest: + assert '0x412598a6ae2' in sa['attrValues'][0].prettyPrint() + + ct_oid = asn1Object['content']['encapContentInfo']['eContentType'] + assert ct_oid in rfc5652.cmsContentTypesMap + assert ct_oid == rfc7191.id_ct_KP_keyPackageReceipt + + # Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot + # automatically decode it + sd_eci = asn1Object['content']['encapContentInfo'] + receipt, rest = der_decode(sd_eci['eContent'], + asn1Spec=rfc5652.cmsContentTypesMap[sd_eci['eContentType']]) + package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0=" + package_id = pem.readBase64fromText(package_id_pem_text) + assert receipt['receiptOf']['pkgID'] == package_id class ErrorTestCase(unittest.TestCase): message3_pem_text = """\ @@ -194,6 +252,40 @@ iNF8uKtW/lk0AjA7z2q40N0lamXkSU7ECasiWOYV1X4cWGiQwMZDKknBPDqXqB6Es6p4J+qe assert kpe['errorOf']['pkgID'] == package_id assert kpe['errorCode'] == rfc7191.EnumeratedErrorCode(value=10) + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.message3_pem_text) + rfc5652.cmsContentTypesMap.update(rfc7191.cmsContentTypesMapUpdate) + rfc5652.cmsAttributesMap.update(rfc7191.cmsAttributesMapUpdate) + asn1Object, rest = der_decode (substrate, + asn1Spec=self.asn1Spec, + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + assert asn1Object['contentType'] == rfc5652.id_signedData + v3 = rfc5652.CMSVersion().subtype(value='v3') + assert asn1Object['content']['version'] == v3 + + for sa in asn1Object['content']['signerInfos'][0]['signedAttrs']: + assert sa['attrType'] in rfc5652.cmsAttributesMap.keys() + if sa['attrType'] == rfc5652.id_messageDigest: + assert '0xa05c54d4737' in sa['attrValues'][0].prettyPrint() + + ct_oid = asn1Object['content']['encapContentInfo']['eContentType'] + assert ct_oid in rfc5652.cmsContentTypesMap.keys() + assert ct_oid == rfc7191.id_ct_KP_keyPackageError + + # Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot + # automatically decode it + sd_eci = asn1Object['content']['encapContentInfo'] + kpe, rest = der_decode(sd_eci['eContent'], + asn1Spec=rfc5652.cmsContentTypesMap[sd_eci['eContentType']]) + package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0=" + package_id = pem.readBase64fromText(package_id_pem_text) + assert kpe['errorOf']['pkgID'] == package_id + assert kpe['errorCode'] == rfc7191.EnumeratedErrorCode(value=10) + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) diff --git a/tests/test_rfc8226.py b/tests/test_rfc8226.py index a7dc036..19e7fc7 100644..100755 --- a/tests/test_rfc8226.py +++ b/tests/test_rfc8226.py @@ -12,6 +12,7 @@ from pyasn1.codec.der import decoder as der_decoder from pyasn1.codec.der import encoder as der_encoder from pyasn1_modules import pem +from pyasn1_modules import rfc5280 from pyasn1_modules import rfc8226 try: @@ -48,6 +49,43 @@ class TNAuthorizationListTestCase(unittest.TestCase): assert der_encoder.encode(asn1Object) == substrate +class CertificateOpenTypesTestCase(unittest.TestCase): + cert_pem_text = """\ +MIICkTCCAhegAwIBAgIJAKWzVCgbsG4+MAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT +AlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9n +dXMgQ0EwHhcNMTkwNzE4MTUwNzQ5WhcNMjAwNzE3MTUwNzQ5WjBxMQswCQYDVQQG +EwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xKDAmBgNVBAoTH0Zh +a2UgVGVsZXBob25lIFNlcnZpY2UgUHJvdmlkZXIxGTAXBgNVBAMTEGZha2UuZXhh +bXBsZS5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARLyLhnsvrS9WBY29tmN2LI +CF/wuX4ohhUy3sxO0ynCplHHojpDg+tghGzusf0aLtMDu1II915O8YK5XVL+KZJD +C82jybxWIKjjzX2qc5/O06joUttdEDzkTaD0kgbcXl6jgawwgakwCwYDVR0PBAQD +AgeAMEIGCWCGSAGG+EIBDQQ1FjNUaGlzIGNlcnRpZmljYXRlIGNhbm5vdCBiZSB0 +cnVzdGVkIGZvciBhbnkgcHVycG9zZS4wHQYDVR0OBBYEFHOI3GpDt9dWsTAZxhcj +96uyL2aIMB8GA1UdIwQYMBaAFPI12zQE2qVV8r1pA5mwYuziFQjBMBYGCCsGAQUF +BwEaBAowCKAGFgRmYWtlMAoGCCqGSM49BAMDA2gAMGUCMQCy+qFhT7X1i18jcyIa +Jkgz/tumrPsaBA2RihkooTEr4GbqC650Z4Cwt7+x2xZq37sCMFSM6fRueLyV5StG +yEFWA6G95b/HbtPMTjLpPKtrOjhofc4LyVCDYhFhKzpvHh1qeA== +""" + + def setUp(self): + self.asn1Spec = rfc5280.Certificate() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.cert_pem_text) + asn1Object, rest = der_decoder.decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert der_encoder.encode(asn1Object) == substrate + + for extn in asn1Object['tbsCertificate']['extensions']: + if extn['extnID'] in rfc5280.certificateExtensionsMap.keys(): + extnValue, rest = der_decoder.decode(extn['extnValue'], + asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) + assert der_encoder.encode(extnValue) == extn['extnValue'] + + if extn['extnID'] == rfc8226.id_pe_TNAuthList: + assert extnValue[0]['spc'] == 'fake' + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) if __name__ == '__main__': diff --git a/tests/test_rfc8520.py b/tests/test_rfc8520.py index fe1e2cf..2a58ba9 100644 --- a/tests/test_rfc8520.py +++ b/tests/test_rfc8520.py @@ -82,6 +82,20 @@ izaUuU1EEwgOMELjeFL62Ssvq8X+x6hZFCLygI7GNeitlblNhCXhFFurqMs= assert mudurl[-5:] == ".json" + def testExtensionsMap(self): + substrate = pem.readBase64fromText(self.mud_cert_pem_text) + rfc5280.certificateExtensionsMap.update(rfc8520.certificateExtensionsMapUpdate) + asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + for extn in asn1Object['tbsCertificate']['extensions']: + if extn['extnID'] in rfc5280.certificateExtensionsMap.keys(): + extnValue, rest = der_decode(extn['extnValue'], + asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) + assert der_encode(extnValue) == extn['extnValue'] + suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) |