1#
2# This file is part of pyasn1-modules software.
3#
4# Copyright (c) 2019, Vigil Security, LLC
5# License: http://snmplabs.com/pyasn1/license.html
6#
7import sys
8
9from pyasn1.codec.der.decoder import decode as der_decode
10from pyasn1.codec.der.encoder import encode as der_encode
11
12from pyasn1_modules import pem
13from pyasn1_modules import rfc5280
14from pyasn1_modules import rfc6187
15
16try:
17    import unittest2 as unittest
18except ImportError:
19    import unittest
20
21
22class SSHClientCertificateTestCase(unittest.TestCase):
23    cert_pem_text = """\
24MIICkDCCAhegAwIBAgIJAKWzVCgbsG5BMAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT
25AlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9n
26dXMgQ0EwHhcNMTkxMDI0MTgyNjA3WhcNMjAxMDIzMTgyNjA3WjB0MQswCQYDVQQG
27EwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xEDAOBgNVBAoTB0V4
28YW1wbGUxEDAOBgNVBAMTB0NoYXJsaWUxIjAgBgkqhkiG9w0BCQEWE2NoYXJsaWVA
29ZXhhbXBsZS5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARfr1XPl5S0A/BwTOm4
30/rO7mGVt2Tmfr3yvYnfN/ggMvyS3RiIXSsdzcAwzeqc907Jp7Dggab0PpaOKDOxD
31WoK0g6B8+kC/VMsU23mfShlb9et8qcR3A8gdU6g8uvSMahWjgakwgaYwCwYDVR0P
32BAQDAgeAMB0GA1UdDgQWBBQfwm5u0GoxiDcjhDt33UJYlvMPFTAfBgNVHSMEGDAW
33gBTyNds0BNqlVfK9aQOZsGLs4hUIwTATBgNVHSUEDDAKBggrBgEFBQcDFTBCBglg
34hkgBhvhCAQ0ENRYzVGhpcyBjZXJ0aWZpY2F0ZSBjYW5ub3QgYmUgdHJ1c3RlZCBm
35b3IgYW55IHB1cnBvc2UuMAoGCCqGSM49BAMDA2cAMGQCMGEme38A3k8q4RGSEs2D
36ThQQOQz3TBJrIW8zr92S8e8BNPkRcQDR+C72TEhL/qoPCQIwGpGaC4ERiUypETkC
37voNP0ODFhhlpFo6lwVHd8Gu+6hShC2PKdAfs4QFDS9ZKgQeZ
38"""
39
40    def setUp(self):
41        self.asn1Spec = rfc5280.Certificate()
42
43    def testDerCodec(self):
44        ssh_eku_oids = [
45            rfc6187.id_kp_secureShellClient,
46            rfc6187.id_kp_secureShellServer,
47        ]
48
49        substrate = pem.readBase64fromText(self.cert_pem_text)
50        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
51        assert not rest
52        assert asn1Object.prettyPrint()
53        assert der_encode(asn1Object) == substrate
54
55        count = 0
56        for extn in asn1Object['tbsCertificate']['extensions']:
57            if extn['extnID'] == rfc5280.id_ce_extKeyUsage:
58                extnValue, rest = der_decode(extn['extnValue'],
59                    asn1Spec=rfc5280.ExtKeyUsageSyntax())
60                for oid in extnValue:
61                    if oid in ssh_eku_oids:
62                        count += 1
63
64        assert count == 1
65
66
67suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
68
69if __name__ == '__main__':
70    import sys
71
72    result = unittest.TextTestRunner(verbosity=2).run(suite)
73    sys.exit(not result.wasSuccessful())
74