| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 |
- #
- # This file is part of pyasn1-modules software.
- #
- # Created by Russ Housley
- # Copyright (c) 2019, Vigil Security, LLC
- # License: http://snmplabs.com/pyasn1/license.html
- #
- import sys
- import unittest
- from pyasn1.codec.der.decoder import decode as der_decoder
- from pyasn1.codec.der.encoder import encode as der_encoder
- from pyasn1.type import univ
- from pyasn1_modules import pem
- from pyasn1_modules import rfc5280
- from pyasn1_modules import rfc5755
- from pyasn1_modules import rfc4476
- class AttributeCertificatePolicyTestCase(unittest.TestCase):
- pem_text = """\
- MIID7zCCA1gCAQEwgY+gUTBKpEgwRjEjMCEGA1UEAwwaQUNNRSBJbnRlcm1lZGlh
- dGUgRUNEU0EgQ0ExCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlBQ01FIEx0ZC4CAx7N
- WqE6pDgwNjETMBEGA1UEAwwKQUNNRSBFQ0RTQTELMAkGA1UEBhMCRkkxEjAQBgNV
- BAoMCUFDTUUgTHRkLqBWMFSkUjBQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCVkEx
- EDAOBgNVBAcMB0hlcm5kb24xIjAgBgNVBAoMGUJvZ3VzIEF0dHJpYnV0ZSBBdXRo
- b3RpdHkwDQYJKoZIhvcNAQELBQACBAu1MO4wIhgPMjAxOTEyMTUxMjAwMDBaGA8y
- MDE5MTIzMTEyMDAwMFowgfIwPAYIKwYBBQUHCgExMDAuhgt1cm46c2VydmljZaQV
- MBMxETAPBgNVBAMMCHVzZXJuYW1lBAhwYXNzd29yZDAyBggrBgEFBQcKAjEmMCSG
- C3VybjpzZXJ2aWNlpBUwEzERMA8GA1UEAwwIdXNlcm5hbWUwNQYIKwYBBQUHCgMx
- KTAnoBikFjAUMRIwEAYDVQQDDAlBQ01FIEx0ZC4wCwwJQUNNRSBMdGQuMCAGCCsG
- AQUFBwoEMRQwEjAQDAZncm91cDEMBmdyb3VwMjAlBgNVBEgxHjANoQuGCXVybjpy
- b2xlMTANoQuGCXVybjpyb2xlMjCCATkwHwYDVR0jBBgwFoAUgJCMhskAsEBzvklA
- X8yJBOXO500wCQYDVR04BAIFADA8BgNVHTcENTAzoAqGCHVybjp0ZXN0oBaCFEFD
- TUUtTHRkLmV4YW1wbGUuY29toA2GC3Vybjphbm90aGVyMIHMBggrBgEFBQcBDwSB
- vzCBvDCBuQYKKwYBBAGBrGAwCjCBqjBFBggrBgEFBQcCBBY5aHR0cHM6Ly93d3cu
- ZXhhbXBsZS5jb20vYXR0cmlidXRlLWNlcnRpZmljYXRlLXBvbGljeS5odG1sMGEG
- CCsGAQUFBwIFMFUwIwwZQm9ndXMgQXR0cmlidXRlIEF1dGhvcml0eTAGAgEKAgEU
- Gi5URVNUIGF0dHJpYnV0ZSBjZXJ0aWZpY2F0ZSBwb2xpY3kgZGlzcGxheSB0ZXh0
- MA0GCSqGSIb3DQEBCwUAA4GBACygfTs6TkPurZQTLufcE3B1H2707OXKsJlwRpuo
- dR2oJbunSHZ94jcJHs5dfbzFs6vNfVLlBiDBRieX4p+4JcQ2P44bkgyiUTJu7g1b
- 6C1liB3vO6yH5hOZicOAaKd+c/myuGb9uFRoaXNfc2lnbmF0dXJlX2lzX2ludmFs
- aWQh
- """
- def setUp(self):
- self.asn1Spec = rfc5755.AttributeCertificate()
- def testDerCodec(self):
- substrate = pem.readBase64fromText(self.pem_text)
- asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
- self.assertFalse(rest)
- self.assertTrue(asn1Object.prettyPrint())
- self.assertEqual(substrate, der_encoder(asn1Object))
- self.assertEqual(1, asn1Object['acinfo']['version'])
- found_ac_policy_qualifier1 = False
- found_ac_policy_qualifier2 = False
- for extn in asn1Object['acinfo']['extensions']:
- self.assertIn(extn['extnID'], rfc5280.certificateExtensionsMap)
- if extn['extnID'] == rfc4476.id_pe_acPolicies:
- ev, rest = der_decoder(
- extn['extnValue'],
- asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
- self.assertFalse(rest)
- self.assertTrue(ev.prettyPrint())
- self.assertEqual(extn['extnValue'], der_encoder(ev))
- oid = univ.ObjectIdentifier((1, 3, 6, 1, 4, 1, 22112, 48, 10,))
- self.assertEqual(oid, ev[0]['policyIdentifier'])
-
- for pq in ev[0]['policyQualifiers']:
- self.assertIn(
- pq['policyQualifierId'], rfc5280.policyQualifierInfoMap)
- pqv, rest = der_decoder(
- pq['qualifier'],
- asn1Spec=rfc5280.policyQualifierInfoMap[
- pq['policyQualifierId']])
-
- self.assertFalse(rest)
- self.assertTrue(pqv.prettyPrint())
- self.assertEqual(pq['qualifier'], der_encoder(pqv))
- if pq['policyQualifierId'] == rfc4476.id_qt_acps:
- self.assertIn('example.com', pqv)
- found_ac_policy_qualifier1 = True
- if pq['policyQualifierId'] == rfc4476.id_qt_acunotice:
- self.assertIn(20, pqv[0]['noticeNumbers'])
- found_ac_policy_qualifier2 = True
- assert found_ac_policy_qualifier1
- assert found_ac_policy_qualifier2
- def testOpenTypes(self):
- substrate = pem.readBase64fromText(self.pem_text)
- asn1Object, rest = der_decoder(
- substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True)
- self.assertFalse(rest)
- self.assertTrue(asn1Object.prettyPrint())
- self.assertEqual(substrate, der_encoder(asn1Object))
- self.assertEqual(1, asn1Object['acinfo']['version'])
- found_ac_policy_qualifier1 = False
- found_ac_policy_qualifier2 = False
- for extn in asn1Object['acinfo']['extensions']:
- if extn['extnID'] == rfc4476.id_pe_acPolicies:
- ev, rest = der_decoder(
- extn['extnValue'],
- asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']],
- decodeOpenTypes=True)
- self.assertFalse(rest)
- self.assertTrue(ev.prettyPrint())
- self.assertEqual(extn['extnValue'], der_encoder(ev))
- oid = univ.ObjectIdentifier((1, 3, 6, 1, 4, 1, 22112, 48, 10,))
- self.assertEqual(oid, ev[0]['policyIdentifier'])
-
- for pq in ev[0]['policyQualifiers']:
- if pq['policyQualifierId'] == rfc4476.id_qt_acps:
- self.assertIn('example.com', pq['qualifier'])
- found_ac_policy_qualifier1 = True
- if pq['policyQualifierId'] == rfc4476.id_qt_acunotice:
- self.assertIn(20, pq['qualifier'][0]['noticeNumbers'])
- found_ac_policy_qualifier2 = True
- assert found_ac_policy_qualifier1
- assert found_ac_policy_qualifier2
- suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
- if __name__ == '__main__':
- result = unittest.TextTestRunner(verbosity=2).run(suite)
- sys.exit(not result.wasSuccessful())
|
