1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
#
# This file is part of pyasn1-modules software.
#
# Created by Russ Housley
# Copyright (c) 2019, Vigil Security, LLC
# License: http://snmplabs.com/pyasn1/license.html
#
import sys
import unittest
from pyasn1.codec.der.decoder import decode as der_decoder
from pyasn1.codec.der.encoder import encode as der_encoder
from pyasn1.type import univ
from pyasn1_modules import pem
from pyasn1_modules import rfc5280
from pyasn1_modules import rfc5755
from pyasn1_modules import rfc4476
class AttributeCertificatePolicyTestCase(unittest.TestCase):
pem_text = """\
MIID7zCCA1gCAQEwgY+gUTBKpEgwRjEjMCEGA1UEAwwaQUNNRSBJbnRlcm1lZGlh
dGUgRUNEU0EgQ0ExCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlBQ01FIEx0ZC4CAx7N
WqE6pDgwNjETMBEGA1UEAwwKQUNNRSBFQ0RTQTELMAkGA1UEBhMCRkkxEjAQBgNV
BAoMCUFDTUUgTHRkLqBWMFSkUjBQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCVkEx
EDAOBgNVBAcMB0hlcm5kb24xIjAgBgNVBAoMGUJvZ3VzIEF0dHJpYnV0ZSBBdXRo
b3RpdHkwDQYJKoZIhvcNAQELBQACBAu1MO4wIhgPMjAxOTEyMTUxMjAwMDBaGA8y
MDE5MTIzMTEyMDAwMFowgfIwPAYIKwYBBQUHCgExMDAuhgt1cm46c2VydmljZaQV
MBMxETAPBgNVBAMMCHVzZXJuYW1lBAhwYXNzd29yZDAyBggrBgEFBQcKAjEmMCSG
C3VybjpzZXJ2aWNlpBUwEzERMA8GA1UEAwwIdXNlcm5hbWUwNQYIKwYBBQUHCgMx
KTAnoBikFjAUMRIwEAYDVQQDDAlBQ01FIEx0ZC4wCwwJQUNNRSBMdGQuMCAGCCsG
AQUFBwoEMRQwEjAQDAZncm91cDEMBmdyb3VwMjAlBgNVBEgxHjANoQuGCXVybjpy
b2xlMTANoQuGCXVybjpyb2xlMjCCATkwHwYDVR0jBBgwFoAUgJCMhskAsEBzvklA
X8yJBOXO500wCQYDVR04BAIFADA8BgNVHTcENTAzoAqGCHVybjp0ZXN0oBaCFEFD
TUUtTHRkLmV4YW1wbGUuY29toA2GC3Vybjphbm90aGVyMIHMBggrBgEFBQcBDwSB
vzCBvDCBuQYKKwYBBAGBrGAwCjCBqjBFBggrBgEFBQcCBBY5aHR0cHM6Ly93d3cu
ZXhhbXBsZS5jb20vYXR0cmlidXRlLWNlcnRpZmljYXRlLXBvbGljeS5odG1sMGEG
CCsGAQUFBwIFMFUwIwwZQm9ndXMgQXR0cmlidXRlIEF1dGhvcml0eTAGAgEKAgEU
Gi5URVNUIGF0dHJpYnV0ZSBjZXJ0aWZpY2F0ZSBwb2xpY3kgZGlzcGxheSB0ZXh0
MA0GCSqGSIb3DQEBCwUAA4GBACygfTs6TkPurZQTLufcE3B1H2707OXKsJlwRpuo
dR2oJbunSHZ94jcJHs5dfbzFs6vNfVLlBiDBRieX4p+4JcQ2P44bkgyiUTJu7g1b
6C1liB3vO6yH5hOZicOAaKd+c/myuGb9uFRoaXNfc2lnbmF0dXJlX2lzX2ludmFs
aWQh
"""
def setUp(self):
self.asn1Spec = rfc5755.AttributeCertificate()
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(1, asn1Object['acinfo']['version'])
found_ac_policy_qualifier1 = False
found_ac_policy_qualifier2 = False
for extn in asn1Object['acinfo']['extensions']:
self.assertIn(extn['extnID'], rfc5280.certificateExtensionsMap)
if extn['extnID'] == rfc4476.id_pe_acPolicies:
ev, rest = der_decoder(
extn['extnValue'],
asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
self.assertFalse(rest)
self.assertTrue(ev.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(ev))
oid = univ.ObjectIdentifier((1, 3, 6, 1, 4, 1, 22112, 48, 10,))
self.assertEqual(oid, ev[0]['policyIdentifier'])
for pq in ev[0]['policyQualifiers']:
self.assertIn(
pq['policyQualifierId'], rfc5280.policyQualifierInfoMap)
pqv, rest = der_decoder(
pq['qualifier'],
asn1Spec=rfc5280.policyQualifierInfoMap[
pq['policyQualifierId']])
self.assertFalse(rest)
self.assertTrue(pqv.prettyPrint())
self.assertEqual(pq['qualifier'], der_encoder(pqv))
if pq['policyQualifierId'] == rfc4476.id_qt_acps:
self.assertIn('example.com', pqv)
found_ac_policy_qualifier1 = True
if pq['policyQualifierId'] == rfc4476.id_qt_acunotice:
self.assertIn(20, pqv[0]['noticeNumbers'])
found_ac_policy_qualifier2 = True
assert found_ac_policy_qualifier1
assert found_ac_policy_qualifier2
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(
substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
self.assertEqual(1, asn1Object['acinfo']['version'])
found_ac_policy_qualifier1 = False
found_ac_policy_qualifier2 = False
for extn in asn1Object['acinfo']['extensions']:
if extn['extnID'] == rfc4476.id_pe_acPolicies:
ev, rest = der_decoder(
extn['extnValue'],
asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']],
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(ev.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(ev))
oid = univ.ObjectIdentifier((1, 3, 6, 1, 4, 1, 22112, 48, 10,))
self.assertEqual(oid, ev[0]['policyIdentifier'])
for pq in ev[0]['policyQualifiers']:
if pq['policyQualifierId'] == rfc4476.id_qt_acps:
self.assertIn('example.com', pq['qualifier'])
found_ac_policy_qualifier1 = True
if pq['policyQualifierId'] == rfc4476.id_qt_acunotice:
self.assertIn(20, pq['qualifier'][0]['noticeNumbers'])
found_ac_policy_qualifier2 = True
assert found_ac_policy_qualifier1
assert found_ac_policy_qualifier2
suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
if __name__ == '__main__':
result = unittest.TextTestRunner(verbosity=2).run(suite)
sys.exit(not result.wasSuccessful())
|
