1# 2# This file is part of pyasn1-modules software. 3# 4# Created by Russ Housley 5# Copyright (c) 2019, Vigil Security, LLC 6# License: http://snmplabs.com/pyasn1/license.html 7# 8 9import sys 10 11from pyasn1.codec.der.decoder import decode as der_decode 12from pyasn1.codec.der.encoder import encode as der_encode 13from pyasn1.compat.octets import str2octs 14 15from pyasn1_modules import pem 16from pyasn1_modules import rfc5280 17from pyasn1_modules import rfc5755 18from pyasn1_modules import rfc3114 19 20try: 21 import unittest2 as unittest 22 23except ImportError: 24 import unittest 25 26 27class AttributeCertificateTestCase(unittest.TestCase): 28 pem_text = """\ 29MIIDBTCCAm4CAQEwgY+gUTBKpEgwRjEjMCEGA1UEAwwaQUNNRSBJbnRlcm1lZGlh 30dGUgRUNEU0EgQ0ExCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlBQ01FIEx0ZC4CAx7N 31WqE6pDgwNjETMBEGA1UEAwwKQUNNRSBFQ0RTQTELMAkGA1UEBhMCRkkxEjAQBgNV 32BAoMCUFDTUUgTHRkLqA9MDukOTA3MRQwEgYDVQQDDAtleGFtcGxlLmNvbTELMAkG 33A1UEBhMCRkkxEjAQBgNVBAoMCUFDTUUgTHRkLjANBgkqhkiG9w0BAQsFAAIEC63K 34/jAiGA8yMDE2MDEwMTEyMDAwMFoYDzIwMTYwMzAxMTIwMDAwWjCB8jA8BggrBgEF 35BQcKATEwMC6GC3VybjpzZXJ2aWNlpBUwEzERMA8GA1UEAwwIdXNlcm5hbWUECHBh 36c3N3b3JkMDIGCCsGAQUFBwoCMSYwJIYLdXJuOnNlcnZpY2WkFTATMREwDwYDVQQD 37DAh1c2VybmFtZTA1BggrBgEFBQcKAzEpMCegGKQWMBQxEjAQBgNVBAMMCUFDTUUg 38THRkLjALDAlBQ01FIEx0ZC4wIAYIKwYBBQUHCgQxFDASMBAMBmdyb3VwMQwGZ3Jv 39dXAyMCUGA1UESDEeMA2hC4YJdXJuOnJvbGUxMA2hC4YJdXJuOnJvbGUyMGowHwYD 40VR0jBBgwFoAUgJCMhskAsEBzvklAX8yJBOXO500wCQYDVR04BAIFADA8BgNVHTcB 41Af8EMjAwMB2gCoYIdXJuOnRlc3SgD4INKi5leGFtcGxlLmNvbTAPoA2GC3Vybjph 42bm90aGVyMA0GCSqGSIb3DQEBCwUAA4GBACygfTs6TkPurZQTLufcE3B1H2707OXK 43sJlwRpuodR2oJbunSHZ94jcJHs5dfbzFs6vNfVLlBiDBRieX4p+4JcQ2P44bkgyi 44UTJu7g1b6C1liB3vO6yH5hOZicOAaKd+c/myuGb9uJ4n6y2oLNxnk/fDzpuZUe2h 45Q4eikPk4LQey 46""" 47 48 def setUp(self): 49 self.asn1Spec = rfc5755.AttributeCertificate() 50 51 def testDerCodec(self): 52 substrate = pem.readBase64fromText(self.pem_text) 53 asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) 54 assert not rest 55 assert asn1Object.prettyPrint() 56 assert der_encode(asn1Object) == substrate 57 assert asn1Object['acinfo']['version'] == 1 58 59 count = 0 60 for attr in asn1Object['acinfo']['attributes']: 61 assert attr['type'] in rfc5280.certificateAttributesMap.keys() 62 av, rest = der_decode(attr['values'][0], 63 asn1Spec=rfc5280.certificateAttributesMap[attr['type']]) 64 assert not rest 65 assert av.prettyPrint() 66 assert der_encode(av) == attr['values'][0] 67 count += 1 68 69 assert count == 5 70 71 def testOpenTypes(self): 72 substrate = pem.readBase64fromText(self.pem_text) 73 asn1Object, rest = der_decode(substrate, 74 asn1Spec=self.asn1Spec, 75 decodeOpenTypes=True) 76 assert not rest 77 assert asn1Object.prettyPrint() 78 assert der_encode(asn1Object) == substrate 79 assert asn1Object['acinfo']['version'] == 1 80 81 count = 0 82 for attr in asn1Object['acinfo']['attributes']: 83 assert attr['type'] in rfc5280.certificateAttributesMap.keys() 84 count += 1 85 if attr['type'] == rfc5755.id_aca_authenticationInfo: 86 assert attr['values'][0]['authInfo'] == str2octs('password') 87 88 assert count == 5 89 90class CertificateWithClearanceTestCase(unittest.TestCase): 91 cert_pem_text = """\ 92MIID1DCCA1qgAwIBAgIUUc1IQGJpeYQ0XwOS2ZmVEb3aeZ0wCgYIKoZIzj0EAwMw 93ZjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlZBMRAwDgYDVQQHEwdIZXJuZG9uMRAw 94DgYDVQQKEwdFeGFtcGxlMQwwCgYDVQQLEwNQQ0ExGDAWBgNVBAMTD3BjYS5leGFt 95cGxlLmNvbTAeFw0xOTExMDUyMjIwNDZaFw0yMDExMDQyMjIwNDZaMIGSMQswCQYD 96VQQGEwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xEDAOBgNVBAoT 97B0V4YW1wbGUxIjAgBgNVBAsTGUh1bWFuIFJlc291cmNlIERlcGFydG1lbnQxDTAL 98BgNVBAMTBEZyZWQxHzAdBgkqhkiG9w0BCQEWEGZyZWRAZXhhbXBsZS5jb20wdjAQ 99BgcqhkjOPQIBBgUrgQQAIgNiAAQObFslQ2EBP0xlDJ3sRnsNaqm/woQgKpBispSx 100XxK5bWUVpfnWsZnjLWhtDuPcu1BcBlM2g7gwL/aw8nUSIK3D8Ja9rTUQQXc3zxnk 101cl8+8znNXHMGByRjPUH87C+TOrqjggGaMIIBljAdBgNVHQ4EFgQU5m711OqFDNGR 102SWMOSzTXjpTLIFUwbwYDVR0jBGgwZoAUJuolDwsyICik11oKjf8t3L1/VGWhQ6RB 103MD8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjER 104MA8GA1UECgwIQm9ndXMgQ0GCCQCls1QoG7BuRjAPBgNVHRMBAf8EBTADAQH/MAsG 105A1UdDwQEAwIBhjBCBglghkgBhvhCAQ0ENRYzVGhpcyBjZXJ0aWZpY2F0ZSBjYW5u 106b3QgYmUgdHJ1c3RlZCBmb3IgYW55IHB1cnBvc2UuMBUGA1UdIAQOMAwwCgYIKwYB 107BQUHDQIwCgYDVR02BAMCAQIwfwYDVR0JBHgwdjBJBgNVBDcxQjBABgsqhkiG9w0B 108CRAHAwMCBeAxLTArgAsqhkiG9w0BCRAHBIEcMBoMGEhVTUFOIFJFU09VUkNFUyBV 109U0UgT05MWTApBglghkgBZQIBBUQxHAwaSHVtYW4gUmVzb3VyY2VzIERlcGFydG1l 110bnQwCgYIKoZIzj0EAwMDaAAwZQIwVh/RypULFgPpAN0I7OvuMomRWnm/Hea3Hk8P 111tTRz2Zai8iYat7oeAmGVgMhSXy2jAjEAuJW4l/CFatBy4W/lZ7gS3weBdBa5WEDI 112FFMC7GjGtCeLtXYqWfBnRdK26dOaHLB2 113""" 114 115 def setUp(self): 116 self.asn1Spec = rfc5280.Certificate() 117 118 def testDerCodec(self): 119 substrate = pem.readBase64fromText(self.cert_pem_text) 120 asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) 121 assert not rest 122 assert asn1Object.prettyPrint() 123 assert der_encode(asn1Object) == substrate 124 125 clearance_found = False 126 for extn in asn1Object['tbsCertificate']['extensions']: 127 if extn['extnID'] == rfc5280.id_ce_subjectDirectoryAttributes: 128 assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys() 129 ev, rest = der_decode(extn['extnValue'], 130 asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) 131 assert not rest 132 assert ev.prettyPrint() 133 assert der_encode(ev) == extn['extnValue'] 134 135 for attr in ev: 136 if attr['type'] == rfc5755.id_at_clearance: 137 assert attr['type'] in rfc5280.certificateAttributesMap.keys() 138 av, rest = der_decode(attr['values'][0], 139 asn1Spec=rfc5280.certificateAttributesMap[attr['type']]) 140 assert av['policyId'] == rfc3114.id_tsp_TEST_Whirlpool 141 for cat in av['securityCategories']: 142 assert cat['type'] == rfc3114.id_tsp_TEST_Whirlpool_Categories 143 assert cat['type'] in rfc5755.securityCategoryMap.keys() 144 catv, rest = der_decode(cat['value'], 145 asn1Spec=rfc5755.securityCategoryMap[cat['type']]) 146 assert u'USE ONLY' in catv[0] 147 clearance_found = True 148 149 assert clearance_found 150 151 def testOpenTypes(self): 152 substrate = pem.readBase64fromText(self.cert_pem_text) 153 asn1Object, rest = der_decode(substrate, 154 asn1Spec=self.asn1Spec, 155 decodeOpenTypes=True) 156 assert not rest 157 assert asn1Object.prettyPrint() 158 assert der_encode(asn1Object) == substrate 159 160 clearance_found = False 161 for extn in asn1Object['tbsCertificate']['extensions']: 162 if extn['extnID'] == rfc5280.id_ce_subjectDirectoryAttributes: 163 assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys() 164 ev, rest = der_decode(extn['extnValue'], 165 asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']], 166 decodeOpenTypes=True) 167 assert not rest 168 assert ev.prettyPrint() 169 assert der_encode(ev) == extn['extnValue'] 170 171 for attr in ev: 172 if attr['type'] == rfc5755.id_at_clearance: 173 spid = rfc3114.id_tsp_TEST_Whirlpool 174 catid = rfc3114.id_tsp_TEST_Whirlpool_Categories 175 assert attr['values'][0]['policyId'] == spid 176 for cat in attr['values'][0]['securityCategories']: 177 assert cat['type'] == catid 178 assert u'USE ONLY' in cat['value'][0] 179 clearance_found = True 180 181 assert clearance_found 182 183 184suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) 185 186if __name__ == '__main__': 187 import sys 188 189 result = unittest.TextTestRunner(verbosity=2).run(suite) 190 sys.exit(not result.wasSuccessful()) 191