1#
2# This file is part of pyasn1-modules software.
3#
4# Created by Russ Housley
5# Copyright (c) 2019, Vigil Security, LLC
6# License: http://snmplabs.com/pyasn1/license.html
7#
8
9import sys
10
11from pyasn1.codec.der.decoder import decode as der_decode
12from pyasn1.codec.der.encoder import encode as der_encode
13
14from pyasn1_modules import pem
15from pyasn1_modules import rfc5280
16from pyasn1_modules import rfc7229
17
18try:
19    import unittest2 as unittest
20
21except ImportError:
22    import unittest
23
24
25class CertificatePolicyTestCase(unittest.TestCase):
26    pem_text = """\
27MIIDJDCCAqqgAwIBAgIJAKWzVCgbsG5AMAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT
28AlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9n
29dXMgQ0EwHhcNMTkxMDEzMTkwNTUzWhcNMjAxMDEyMTkwNTUzWjBTMQswCQYDVQQG
30EwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xJTAjBgNVBAoTHFRF
31U1QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
32AATwUXZUseiOaqWdrClDCMbp9YFAM87LTmFirygpzKDU9cfqSCg7zBDIphXCwMcS
339zVWDoStCbcvN0jw5CljHcffzpHYX91P88SZRJ1w4hawHjOsWxvM3AkYgZ5nfdlL
347EajggFcMIIBWDAdBgNVHQ4EFgQU8jXbNATapVXyvWkDmbBi7OIVCMEwbwYDVR0j
35BGgwZoAU8jXbNATapVXyvWkDmbBi7OIVCMGhQ6RBMD8xCzAJBgNVBAYTAlVTMQsw
36CQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9ndXMgQ0GC
37CQDokdYGkU/O8jAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBhjBCBglghkgB
38hvhCAQ0ENRYzVGhpcyBjZXJ0aWZpY2F0ZSBjYW5ub3QgYmUgdHJ1c3RlZCBmb3Ig
39YW55IHB1cnBvc2UuMCEGA1UdIAQaMBgwCgYIKwYBBQUHDQEwCgYIKwYBBQUHDQIw
40CgYDVR02BAMCAQIwNQYDVR0hBC4wLDAUBggrBgEFBQcNAQYIKwYBBQUHDQcwFAYI
41KwYBBQUHDQIGCCsGAQUFBw0IMAoGCCqGSM49BAMDA2gAMGUCMHaWskjS7MKQCMcn
42zEKFOV3LWK8pL57vrECJd8ywKdwBJUNw9HhvSKkfUwL6rjlLpQIxAL2QO3CNoZRP
43PZs8K3IjUA5+U73pA8lpaTOPscLY22WL9pAGmyVUyEJ8lM7E+r4iDg==
44"""
45
46    def setUp(self):
47        self.asn1Spec = rfc5280.Certificate()
48
49    def testDerCodec(self):
50        test_oids = [
51            rfc7229.id_TEST_certPolicyOne,
52            rfc7229.id_TEST_certPolicyTwo,
53            rfc7229.id_TEST_certPolicyThree,
54            rfc7229.id_TEST_certPolicyFour,
55            rfc7229.id_TEST_certPolicyFive,
56            rfc7229.id_TEST_certPolicySix,
57            rfc7229.id_TEST_certPolicySeven,
58            rfc7229.id_TEST_certPolicyEight,
59        ]
60
61        substrate = pem.readBase64fromText(self.pem_text)
62        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
63        assert not rest
64        assert asn1Object.prettyPrint()
65        assert der_encode(asn1Object) == substrate
66
67        count = 0
68        for extn in asn1Object['tbsCertificate']['extensions']:
69            if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
70                s = extn['extnValue']
71                ev, rest = der_decode(s, rfc5280.certificateExtensionsMap[extn['extnID']])
72                assert not rest
73                assert ev.prettyPrint()
74                assert s == der_encode(ev)
75
76                if extn['extnID'] == rfc5280.id_ce_certificatePolicies:
77                    for pol in ev:
78                        if pol['policyIdentifier'] in test_oids:
79                            count += 1
80
81                if extn['extnID'] == rfc5280.id_ce_policyMappings:
82                    for pmap in ev:
83                        if pmap['issuerDomainPolicy'] in test_oids:
84                            count += 1
85                        if pmap['subjectDomainPolicy'] in test_oids:
86                            count += 1
87
88        assert count == 6
89
90
91suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
92
93if __name__ == '__main__':
94    import sys
95
96    result = unittest.TextTestRunner(verbosity=2).run(suite)
97    sys.exit(not result.wasSuccessful())
98