1#
2# This file is part of pyasn1-modules software.
3#
4# Copyright (c) 2019, Vigil Security, LLC
5# License: http://snmplabs.com/pyasn1/license.html
6#
7import sys
8
9from pyasn1.codec.der.decoder import decode as der_decode
10from pyasn1.codec.der.encoder import encode as der_encode
11
12from pyasn1_modules import pem
13from pyasn1_modules import rfc5280
14from pyasn1_modules import rfc3709
15
16try:
17    import unittest2 as unittest
18except ImportError:
19    import unittest
20
21
22class CertificateExtnWithUrlTestCase(unittest.TestCase):
23    pem_text = """\
24MIIC9zCCAn2gAwIBAgIJAKWzVCgbsG46MAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT
25AlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9n
26dXMgQ0EwHhcNMTkwNTE0MTAwMjAwWhcNMjAwNTEzMTAwMjAwWjBlMQswCQYDVQQG
27EwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xGzAZBgNVBAoTElZp
28Z2lsIFNlY3VyaXR5IExMQzEaMBgGA1UEAxMRbWFpbC52aWdpbHNlYy5jb20wdjAQ
29BgcqhkjOPQIBBgUrgQQAIgNiAATwUXZUseiOaqWdrClDCMbp9YFAM87LTmFirygp
30zKDU9cfqSCg7zBDIphXCwMcS9zVWDoStCbcvN0jw5CljHcffzpHYX91P88SZRJ1w
314hawHjOsWxvM3AkYgZ5nfdlL7EajggEdMIIBGTALBgNVHQ8EBAMCB4AwQgYJYIZI
32AYb4QgENBDUWM1RoaXMgY2VydGlmaWNhdGUgY2Fubm90IGJlIHRydXN0ZWQgZm9y
33IGFueSBwdXJwb3NlLjAdBgNVHQ4EFgQU8jXbNATapVXyvWkDmbBi7OIVCMEwHwYD
34VR0jBBgwFoAU8jXbNATapVXyvWkDmbBi7OIVCMEwgYUGCCsGAQUFBwEMBHkwd6J1
35oHMwcTBvMG0WCWltYWdlL3BuZzAzMDEwDQYJYIZIAWUDBAIBBQAEIJtBNrMSSNo+
366Rwqwctmcy0qf68ilRuKEmlf3GLwGiIkMCsWKWh0dHA6Ly93d3cudmlnaWxzZWMu
37Y29tL3ZpZ2lsc2VjX2xvZ28ucG5nMAoGCCqGSM49BAMDA2gAMGUCMGhfLH4kZaCD
38H43A8m8mHCUpYt9unT0qYu4TCMaRuOTYEuqj3qtuwyLcfAGuXKp/oAIxAIrPY+3y
39Pj22pmfmQi5w21UljqoTj/+lQLkU3wfy5BdVKBwI0GfEA+YL3ctSzPNqAA==
40"""
41
42    def setUp(self):
43        self.asn1Spec = rfc5280.Certificate()
44
45    def testDerCodec(self):
46        substrate = pem.readBase64fromText(self.pem_text)
47        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
48        assert not rest
49        assert asn1Object.prettyPrint()
50        assert der_encode(asn1Object) == substrate
51
52        extn_list = [ ]
53        for extn in asn1Object['tbsCertificate']['extensions']:
54            extn_list.append(extn['extnID'])
55
56            if extn['extnID'] == rfc3709.id_pe_logotype:
57                s = extn['extnValue']
58                logotype, rest = der_decode(s, rfc3709.LogotypeExtn())
59                assert not rest
60                assert logotype.prettyPrint()
61                assert der_encode(logotype) == s
62                ids = logotype['subjectLogo']['direct']['image'][0]['imageDetails']
63                assert ids['mediaType'] == "image/png"
64                assert ids['logotypeURI'][0] == "http://www.vigilsec.com/vigilsec_logo.png"
65
66        assert rfc3709.id_pe_logotype in extn_list
67
68    def testExtensionsMap(self):
69        substrate = pem.readBase64fromText(self.pem_text)
70        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
71        assert not rest
72        assert asn1Object.prettyPrint()
73        assert der_encode(asn1Object) == substrate
74
75        for extn in asn1Object['tbsCertificate']['extensions']:
76            if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
77                extnValue, rest = der_decode(extn['extnValue'],
78                    asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
79                assert der_encode(extnValue) == extn['extnValue']
80
81
82class CertificateExtnWithDataTestCase(unittest.TestCase):
83    pem_text = """\
84MIIJJDCCCAygAwIBAgIRAPIGo/5ScWbpAAAAAFwQBqkwDQYJKoZIhvcNAQELBQAw
85gbkxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
86Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
87MjAxOCBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLTAr
88BgNVBAMTJEVudHJ1c3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gVk1DMTAeFw0x
89OTA4MzAxNDMyMzlaFw0yMDAyMjUxNTAyMzZaMIIBjTEOMAwGA1UEERMFMTAwMTcx
90CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlv
91cmsxGDAWBgNVBAkTDzI3MCBQYXJrIEF2ZW51ZTETMBEGCysGAQQBgjc8AgEDEwJV
92UzEZMBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEfMB0GA1UEChMWSlBNb3JnYW4g
93Q2hhc2UgYW5kIENvLjEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xNzA1
94BgNVBAsTLkpQTUMgRmlyc3QgVmVyaWZpZWQgTWFyayBDZXJ0aWZpY2F0ZSBXb3Js
95ZHdpZGUxDzANBgNVBAUTBjY5MTAxMTEXMBUGCisGAQQBg55fAQQTBzIwMTUzODkx
96EjAQBgorBgEEAYOeXwEDEwJVUzEmMCQGCisGAQQBg55fAQITFmh0dHBzOi8vd3d3
97LnVzcHRvLmdvdi8xHzAdBgNVBAMTFkpQTW9yZ2FuIENoYXNlIGFuZCBDby4wggEi
98MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNLY+etlX06q1MxA1VT/P20h1i
99eFGTzX4fqSQNG+ypmjNfLa8YXraO1v1hahenkRUWrVPW0Hq3zKNJcCDmosox6+tB
10059u0b1xgN8y8D05AEC7qoVVdbaWKENMxCN4CDfST6d3YOqApjqEFAGZ71s39tRRG
101kmWGJb4jKXcUX8FWV8w/vjKrpipZ8JsX2tuOp2uxFLkmi+V7gvN8tpbHUipP5K7L
102190VOBytSWPudXefnYG3UWRfwah7Fq1bKYT/cCwStUm8XlfA8nUumeVsAiyC6phs
103adn26MYiSddsBU08TGthmunLAO0+shaBy6jHYZxMa37S67vVlDpxbeF+TPVXAgMB
104AAGjggROMIIESjATBgorBgEEAdZ5AgQDAQH/BAIFADCCArAGCCsGAQUFBwEMBIIC
105ojCCAp6iggKaoIICljCCApIwggKOMIICihYNaW1hZ2Uvc3ZnK3htbDAzMDEwDQYJ
106YIZIAWUDBAIBBQAEIBnwW6ChGgWWIRn3qn/xGAOlhDflA3z5jhZcZTNDlxF5MIIC
107QhaCAj5kYXRhOmltYWdlL3N2Zyt4bWw7YmFzZTY0LEg0c0lBQUFBQUFBQUFJV1Iz
108V3JqTUJCR3I1dW5tR3F2Rml4NUpQODBObkZLRTVhbTRFSmhJYmVMazZpT1dhOXRa
109TWQyOXVrN2NsTG9SV25CMHNENGNPYVR0TGdmLzVYUWE5TVdkWlV3S1pDQnJ2YjFv
110YWp5aEoyNlZ6NW45OHZaNHBaemVOU1ZObGxYbXhnZUR2Vk93MU5abnRwdWFvRlNB
111b1YwNFBmMkVYNk5UVzA2ZUNsUE9YK3FRRXpON1dWR0RLRkFoTldwS0ErQVB3RTRK
112MzNiNXg5REtBYTdyTlV2cG40dFNwMndycWpPRElwRHd0THNyTTBmeVlCaVYyM0Nq
113bDNYeEs0N0RJTVlQRkdiM0ZXSTZKTHZpc1JqV1ZSL1B3TmxGRVh1OUpmTmJtQk1H
114RFlqZy9PMTlvVWVWclh0QWtJWTBEY0o0N2JKOXBTb01iclZwdGVNd3VmTDJjMml5
115Ym9qVU5veVlUOFFnL1VxWWtCNW41VW5QQWZYU2pub0tPbEl1eW5oOVRJVTh1Z3JF
116YVMrVC9lRzZRWDh6OXl2YkdIZ0VLZjJ5S1h3dU9Sa2VsOGJQeFJoUHhtSnN0TDBT
117bi9qOUtXWU8yR3dsM2EremNhbmhOYTV0YzZORkdHcVVFUUVwVmY0R3lVNnhOMnRx
118WGgwWXQrM1BpcEhlK2l0cElRMGg0VHBoWnRrQ3plM0d6M2NjdllHbkp0cjZKVUNB
119QUE9MCIGA1UdEQQbMBmCF2V4Y2hhZGRldi5sYWJtb3JnYW4uY29tMBMGA1UdJQQM
120MAoGCCsGAQUFBwMfMA4GA1UdDwEB/wQEAwIHgDBmBggrBgEFBQcBAQRaMFgwIwYI
121KwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDEGCCsGAQUFBzAChiVo
122dHRwOi8vYWlhLmVudHJ1c3QubmV0L3ZtYzEtY2hhaW4uY2VyMDIGA1UdHwQrMCkw
123J6AloCOGIWh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvdm1jMWNhLmNybDBPBgNVHSAE
124SDBGMDYGCmCGSAGG+mwKAQswKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRy
125dXN0Lm5ldC9ycGEwDAYKKwYBBAGDnl8BATAfBgNVHSMEGDAWgBSLtjl20DSQpj9i
1264WTqPrz0fEahczAdBgNVHQ4EFgQUxAJ+yoDhzpPUzAPWKBYxg108dU0wCQYDVR0T
127BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAnqdB/vcwxFcxAlyCK0W5HOthXUdXRg9a
128GwPDupqmLq2rKfyysZXonJJfr8jqO0f3l6TWTTJlXHljAwwXMtg3T3ngLyEzip5p
129g0zH7s5eXjmWRhOeuHt21o611bXDbUNFTF0IpbYBTgOwAz/+k3XLVehf8dW7Y0Lr
130VkzxJ6U82NxmqjaAnkm+H127x5/jPAr4LLD4gZfqFaHzw/ZLoS+fXFGs+dpuYE4s
131n+xe0msYMu8qWABiMGA+MCKl45Dp5di+c2fyXtKyQ3rKI8XXZ0nN4bXK7DZd+3E3
132kbpmR6cDliloU808Bi/erMkrfUHRoZ2d586lkmwkLcoDkJ/yPD+Jhw==
133"""
134
135    def setUp(self):
136        self.asn1Spec = rfc5280.Certificate()
137
138    def testDerCodec(self):
139        substrate = pem.readBase64fromText(self.pem_text)
140        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
141        assert not rest
142        assert asn1Object.prettyPrint()
143        assert der_encode(asn1Object) == substrate
144
145        extn_list = [ ]
146        for extn in asn1Object['tbsCertificate']['extensions']:
147            extn_list.append(extn['extnID'])
148
149            if extn['extnID'] == rfc3709.id_pe_logotype:
150                s = extn['extnValue']
151                logotype, rest = der_decode(s, rfc3709.LogotypeExtn())
152                assert not rest
153                assert logotype.prettyPrint()
154                assert der_encode(logotype) == s
155                ids = logotype['subjectLogo']['direct']['image'][0]['imageDetails']
156                assert ids['mediaType'] == "image/svg+xml"
157                assert ids['logotypeURI'][0][0:25] == "data:image/svg+xml;base64"
158
159        assert rfc3709.id_pe_logotype in extn_list
160
161    def testExtensionsMap(self):
162        substrate = pem.readBase64fromText(self.pem_text)
163        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
164        assert not rest
165        assert asn1Object.prettyPrint()
166        assert der_encode(asn1Object) == substrate
167
168        for extn in asn1Object['tbsCertificate']['extensions']:
169            if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
170                extnValue, rest = der_decode(extn['extnValue'],
171                    asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
172                assert der_encode(extnValue) == extn['extnValue']
173
174
175suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
176
177if __name__ == '__main__':
178    import sys
179
180    result = unittest.TextTestRunner(verbosity=2).run(suite)
181    sys.exit(not result.wasSuccessful())
182