#
# This file is part of pyasn1-modules software.
#
# Copyright (c) 2019, Vigil Security, LLC
# License: http://snmplabs.com/pyasn1/license.html
#
import sys
import unittest
from pyasn1.codec.der.decoder import decode as der_decoder
from pyasn1.codec.der.encoder import encode as der_encoder
from pyasn1_modules import pem
from pyasn1_modules import rfc5280
from pyasn1_modules import rfc4491
from pyasn1_modules import rfc4357
class GostR341094CertificateTestCase(unittest.TestCase):
gostR3410_94_cert_pem_text = """\
MIICCzCCAboCECMO42BGlSTOxwvklBgufuswCAYGKoUDAgIEMGkxHTAbBgNVBAMM
FEdvc3RSMzQxMC05NCBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8xCzAJBgNV
BAYTAlJVMScwJQYJKoZIhvcNAQkBFhhHb3N0UjM0MTAtOTRAZXhhbXBsZS5jb20w
HhcNMDUwODE2MTIzMjUwWhcNMTUwODE2MTIzMjUwWjBpMR0wGwYDVQQDDBRHb3N0
UjM0MTAtOTQgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYDVQQGEwJS
VTEnMCUGCSqGSIb3DQEJARYYR29zdFIzNDEwLTk0QGV4YW1wbGUuY29tMIGlMBwG
BiqFAwICFDASBgcqhQMCAiACBgcqhQMCAh4BA4GEAASBgLuEZuF5nls02CyAfxOo
GWZxV/6MVCUhR28wCyd3RpjG+0dVvrey85NsObVCNyaE4g0QiiQOHwxCTSs7ESuo
v2Y5MlyUi8Go/htjEvYJJYfMdRv05YmKCYJo01x3pg+2kBATjeM+fJyR1qwNCCw+
eMG1wra3Gqgqi0WBkzIydvp7MAgGBiqFAwICBANBABHHCH4S3ALxAiMpR3aPRyqB
g1DjB8zy5DEjiULIc+HeIveF81W9lOxGkZxnrFjXBSqnjLeFKgF1hffXOAP7zUM=
"""
def setUp(self):
self.asn1Spec = rfc5280.Certificate()
def testDerCodec(self):
substrate = pem.readBase64fromText(self.gostR3410_94_cert_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
sa1 = asn1Object['signatureAlgorithm']['algorithm']
self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa1)
sa2 = asn1Object['tbsCertificate']['signature']['algorithm']
self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa2)
spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm']
self.assertEqual(rfc4491.id_GostR3410_94, spki_a['algorithm'])
pk_p, rest = der_decoder(
spki_a['parameters'],
asn1Spec=rfc4491.GostR3410_94_PublicKeyParameters())
self.assertFalse(rest)
self.assertTrue(pk_p.prettyPrint())
self.assertEqual(spki_a['parameters'], der_encoder(pk_p))
self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, pk_p['digestParamSet'])
def testOpenTypes(self):
openTypesMap = {
rfc4491.id_GostR3410_94: rfc4491.GostR3410_94_PublicKeyParameters(),
}
substrate = pem.readBase64fromText(self.gostR3410_94_cert_pem_text)
asn1Object, rest = der_decoder(
substrate, asn1Spec=self.asn1Spec,
openTypes=openTypesMap, decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
sa1 = asn1Object['signatureAlgorithm']['algorithm']
self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa1)
sa2 = asn1Object['tbsCertificate']['signature']['algorithm']
self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa2)
spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm']
self.assertEqual(rfc4491.id_GostR3410_94, spki_a['algorithm'])
self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, spki_a['parameters']['digestParamSet'])
class GostR34102001CertificateTestCase(unittest.TestCase):
gostR3410_2001_cert_pem_text = """\
MIIB0DCCAX8CECv1xh7CEb0Xx9zUYma0LiEwCAYGKoUDAgIDMG0xHzAdBgNVBAMM
Fkdvc3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkG
A1UEBhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUu
Y29tMB4XDTA1MDgxNjE0MTgyMFoXDTE1MDgxNjE0MTgyMFowbTEfMB0GA1UEAwwW
R29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYD
VQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIwMDFAZXhhbXBsZS5j
b20wYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAhJVodWACGkB1
CM0TjDGJLP3lBQN6Q1z0bSsP508yfleP68wWuZWIA9CafIWuD+SN6qa7flbHy7Df
D2a8yuoaYDAIBgYqhQMCAgMDQQA8L8kJRLcnqeyn1en7U23Sw6pkfEQu3u0xFkVP
vFQ/3cHeF26NG+xxtZPz3TaTVXdoiYkXYiD02rEx1bUcM97i
"""
def setUp(self):
self.asn1Spec = rfc5280.Certificate()
def testDerCodec(self):
substrate = pem.readBase64fromText(self.gostR3410_2001_cert_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
sa1 = asn1Object['signatureAlgorithm']['algorithm']
self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa1)
sa2 = asn1Object['tbsCertificate']['signature']['algorithm']
self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa2)
spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm']
self.assertEqual(rfc4491.id_GostR3410_2001, spki_a['algorithm'])
pk_p, rest = der_decoder(
spki_a['parameters'], asn1Spec=rfc4491.GostR3410_2001_PublicKeyParameters())
self.assertFalse(rest)
self.assertTrue(pk_p.prettyPrint())
self.assertEqual(spki_a['parameters'], der_encoder(pk_p))
self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, pk_p['digestParamSet'])
def testOpenTypes(self):
openTypeMap = {
rfc4491.id_GostR3410_2001: rfc4491.GostR3410_2001_PublicKeyParameters(),
}
substrate = pem.readBase64fromText(self.gostR3410_2001_cert_pem_text)
asn1Object, rest = der_decoder(
substrate, asn1Spec=self.asn1Spec,
openTypes=openTypeMap, decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
sa1 = asn1Object['signatureAlgorithm']['algorithm']
self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa1)
sa2 = asn1Object['tbsCertificate']['signature']['algorithm']
self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa2)
spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm']
self.assertEqual(rfc4491.id_GostR3410_2001, spki_a['algorithm'])
self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, spki_a['parameters']['digestParamSet'])
suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
if __name__ == '__main__':
result = unittest.TextTestRunner(verbosity=2).run(suite)
sys.exit(not result.wasSuccessful())