| # |
| # This file is part of pyasn1-modules software. |
| # |
| # Created by Russ Housley |
| # Copyright (c) 2019, Vigil Security, LLC |
| # License: http://snmplabs.com/pyasn1/license.html |
| # |
| import sys |
| import unittest |
| |
| from pyasn1.codec.der.decoder import decode as der_decoder |
| from pyasn1.codec.der.encoder import encode as der_encoder |
| from pyasn1.type import univ |
| |
| from pyasn1_modules import pem |
| from pyasn1_modules import rfc5280 |
| from pyasn1_modules import rfc4055 |
| from pyasn1_modules import rfc6960 |
| |
| |
| class OCSPRequestTestCase(unittest.TestCase): |
| ocsp_req_pem_text = """\ |
| MGowaDBBMD8wPTAJBgUrDgMCGgUABBS3ZrMV9C5Dko03aH13cEZeppg3wgQUkqR1LKSevoFE63n8 |
| isWVpesQdXMCBDXe9M+iIzAhMB8GCSsGAQUFBzABAgQSBBBjdJOiIW9EKJGELNNf/rdA |
| """ |
| |
| def setUp(self): |
| self.asn1Spec = rfc6960.OCSPRequest() |
| |
| def testDerCodec(self): |
| substrate = pem.readBase64fromText(self.ocsp_req_pem_text) |
| asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) |
| |
| self.assertFalse(rest) |
| self.assertTrue(asn1Object.prettyPrint()) |
| self.assertEqual(substrate, der_encoder(asn1Object)) |
| self.assertEqual(0, asn1Object['tbsRequest']['version']) |
| |
| count = 0 |
| for extn in asn1Object['tbsRequest']['requestExtensions']: |
| self.assertIn(extn['extnID'], rfc5280.certificateExtensionsMap) |
| |
| ev, rest = der_decoder( |
| extn['extnValue'], |
| asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) |
| |
| self.assertFalse(rest) |
| self.assertTrue(ev.prettyPrint()) |
| self.assertEqual(extn['extnValue'], der_encoder(ev)) |
| |
| count += 1 |
| |
| self.assertEqual(1, count) |
| |
| def testOpenTypes(self): |
| substrate = pem.readBase64fromText(self.ocsp_req_pem_text) |
| asn1Object, rest = der_decoder( |
| substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) |
| |
| self.assertFalse(rest) |
| self.assertTrue(asn1Object.prettyPrint()) |
| self.assertEqual(substrate, der_encoder(asn1Object)) |
| self.assertEqual(0, asn1Object['tbsRequest']['version']) |
| |
| for req in asn1Object['tbsRequest']['requestList']: |
| ha = req['reqCert']['hashAlgorithm'] |
| self.assertEqual(rfc4055.id_sha1, ha['algorithm']) |
| self.assertEqual(univ.Null(""), ha['parameters']) |
| |
| |
| class OCSPResponseTestCase(unittest.TestCase): |
| ocsp_resp_pem_text = """\ |
| MIIEvQoBAKCCBLYwggSyBgkrBgEFBQcwAQEEggSjMIIEnzCCAQ+hgYAwfjELMAkGA1UEBhMCQVUx |
| EzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEV |
| MBMGA1UEAxMMc25tcGxhYnMuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHNubXBsYWJzLmNvbRgP |
| MjAxMjA0MTExNDA5MjJaMFQwUjA9MAkGBSsOAwIaBQAEFLdmsxX0LkOSjTdofXdwRl6mmDfCBBSS |
| pHUspJ6+gUTrefyKxZWl6xB1cwIENd70z4IAGA8yMDEyMDQxMTE0MDkyMlqhIzAhMB8GCSsGAQUF |
| BzABAgQSBBBjdJOiIW9EKJGELNNf/rdAMA0GCSqGSIb3DQEBBQUAA4GBADk7oRiCy4ew1u0N52QL |
| RFpW+tdb0NfkV2Xyu+HChKiTThZPr9ZXalIgkJ1w3BAnzhbB0JX/zq7Pf8yEz/OrQ4GGH7HyD3Vg |
| PkMu+J6I3A2An+bUQo99AmCbZ5/tSHtDYQMQt3iNbv1fk0yvDmh7UdKuXUNSyJdHeg27dMNy4k8A |
| oIIC9TCCAvEwggLtMIICVqADAgECAgEBMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAkFVMRMw |
| EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFTAT |
| BgNVBAMTDHNubXBsYWJzLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0Bzbm1wbGFicy5jb20wHhcN |
| MTIwNDExMTMyNTM1WhcNMTMwNDExMTMyNTM1WjB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t |
| ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRUwEwYDVQQDEwxzbm1w |
| bGFicy5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ac25tcGxhYnMuY29tMIGfMA0GCSqGSIb3DQEB |
| AQUAA4GNADCBiQKBgQDDDU5HOnNV8I2CojxB8ilIWRHYQuaAjnjrETMOprouDHFXnwWqQo/I3m0b |
| XYmocrh9kDefb+cgc7+eJKvAvBqrqXRnU38DmQU/zhypCftGGfP8xjuBZ1n23lR3hplN1yYA0J2X |
| SgBaAg6e8OsKf1vcX8Es09rDo8mQpt4G2zR56wIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG |
| +EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU8Ys2dpJFLMHl |
| yY57D4BNmlqnEcYwHwYDVR0jBBgwFoAU8Ys2dpJFLMHlyY57D4BNmlqnEcYwDQYJKoZIhvcNAQEF |
| BQADgYEAWR0uFJVlQId6hVpUbgXFTpywtNitNXFiYYkRRv77McSJqLCa/c1wnuLmqcFcuRUK0oN6 |
| 8ZJDP2HDDKe8MCZ8+sx+CF54eM8VCgN9uQ9XyE7x9XrXDd3Uw9RJVaWSIezkNKNeBE0lDM2jUjC4 |
| HAESdf7nebz1wtqAOXE1jWF/y8g= |
| """ |
| |
| def setUp(self): |
| self.asn1Spec = rfc6960.OCSPResponse() |
| |
| def testDerCodec(self): |
| substrate = pem.readBase64fromText(self.ocsp_resp_pem_text) |
| asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) |
| |
| self.assertFalse(rest) |
| self.assertTrue(asn1Object.prettyPrint()) |
| self.assertEqual(substrate, der_encoder(asn1Object)) |
| self.assertEqual(0, asn1Object['responseStatus']) |
| |
| rb = asn1Object['responseBytes'] |
| |
| self.assertIn(rb['responseType'], rfc6960.ocspResponseMap) |
| |
| resp, rest = der_decoder( |
| rb['response'], asn1Spec=rfc6960.ocspResponseMap[rb['responseType']]) |
| |
| self.assertFalse(rest) |
| self.assertTrue(resp.prettyPrint()) |
| self.assertEqual(rb['response'], der_encoder(resp)) |
| self.assertEqual(0, resp['tbsResponseData']['version']) |
| |
| count = 0 |
| for extn in resp['tbsResponseData']['responseExtensions']: |
| self.assertIn(extn['extnID'], rfc5280.certificateExtensionsMap) |
| |
| ev, rest = der_decoder( |
| extn['extnValue'], |
| asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) |
| |
| self.assertFalse(rest) |
| self.assertTrue(ev.prettyPrint()) |
| self.assertEqual(extn['extnValue'], der_encoder(ev)) |
| |
| count += 1 |
| |
| self.assertEqual(1, count) |
| |
| def testOpenTypes(self): |
| substrate = pem.readBase64fromText(self.ocsp_resp_pem_text) |
| asn1Object, rest = der_decoder( |
| substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) |
| |
| self.assertFalse(rest) |
| self.assertTrue(asn1Object.prettyPrint()) |
| self.assertEqual(substrate, der_encoder(asn1Object)) |
| self.assertEqual(0, asn1Object['responseStatus']) |
| |
| rb = asn1Object['responseBytes'] |
| |
| self.assertIn(rb['responseType'], rfc6960.ocspResponseMap) |
| |
| resp, rest = der_decoder( |
| rb['response'], |
| asn1Spec=rfc6960.ocspResponseMap[rb['responseType']], |
| decodeOpenTypes=True) |
| |
| self.assertFalse(rest) |
| self.assertTrue(resp.prettyPrint()) |
| self.assertEqual(rb['response'], der_encoder(resp)) |
| self.assertEqual(0, resp['tbsResponseData']['version']) |
| |
| for rdn in resp['tbsResponseData']['responderID']['byName']['rdnSequence']: |
| for attr in rdn: |
| if attr['type'] == rfc5280.id_emailAddress: |
| self.assertEqual('info@snmplabs.com', attr['value']) |
| |
| for r in resp['tbsResponseData']['responses']: |
| ha = r['certID']['hashAlgorithm'] |
| self.assertEqual(rfc4055.id_sha1, ha['algorithm']) |
| self.assertEqual(univ.Null(""), ha['parameters']) |
| |
| |
| suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) |
| |
| if __name__ == '__main__': |
| result = unittest.TextTestRunner(verbosity=2).run(suite) |
| sys.exit(not result.wasSuccessful()) |