• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#
2# This file is part of pyasn1-modules software.
3#
4# Created by Russ Housley
5# Copyright (c) 2019, Vigil Security, LLC
6# License: http://snmplabs.com/pyasn1/license.html
7#
8
9import sys
10
11from pyasn1.codec.der.decoder import decode as der_decode
12from pyasn1.codec.der.encoder import encode as der_encode
13
14from pyasn1_modules import pem
15from pyasn1_modules import rfc5280
16from pyasn1_modules import rfc8520
17
18try:
19    import unittest2 as unittest
20except ImportError:
21    import unittest
22
23
24class MUDCertTestCase(unittest.TestCase):
25    mud_cert_pem_text = """\
26MIIFODCCAyCgAwIBAgICEEAwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCQ0gx
27DzANBgNVBAgMBlp1cmljaDERMA8GA1UEBwwIV2V0emlrb24xEDAOBgNVBAoMB0lt
28UmlnaHQxIDAeBgNVBAMMF0ltUmlnaHQgVGVzdCA4MDIuMUFSIENBMB4XDTE5MDUw
29MTE4MDMyMVoXDTE5MDUzMTE4MDMyMVowZzELMAkGA1UEBhMCQ0gxEzARBgNVBAgM
30ClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEg
31MB4GA1UEAwwXTGlnaHRidWxiMjAwMCwgU04jMjAyMDIwggEiMA0GCSqGSIb3DQEB
32AQUAA4IBDwAwggEKAoIBAQCzntv6tCdkZWPUx+CK9A9PCgKF8zGCJwdU4eIjo0oe
33A81i7iltOPnU416GJMEc2jGhlZPn2Rjjy8tPbyh1RVBfkgdq4UPWPnZPb+Gkq1c8
34X8zLRrMSWKqkSGOPENieDuQpzcrkMfj7dCPcxTcJ5Gluv1jEI7bxoZOZXjNxaFXi
35vsaZWFub7b+5zDLWpvmpKDaeCU+gad7rWpRE/Hjh3FX8paW8KE/hMF/au4xX2Qj/
36rDwHSxgs3n8FtuFUELotSgL3Acy3aISmJILBx6XrSs3nLruZzamulwWupSryHo3L
37U+GsOETiXwxiyrfOZo3aJNnWzlEvrYCQGyqd8Nd/XOENAgMBAAGjge8wgewwCQYD
38VR0TBAIwADBABggrBgEFBQcBGQQ0FjJodHRwczovL3d3dy5vZmNvdXJzZWltcmln
39aHQuY29tL0x1bWluYWlyZV8xNTAuanNvbjBdBggrBgEFBQcBHgRRME8xCzAJBgNV
40BAYTAkNIMSswKQYJKoZIhvcNAQkBFhxhc2NlcnRpYUBvZmNvdXJzZWltcmlnaHQu
41Y29tMRMwEQYDVQQDEwpFbGlvdCBMZWFyMB0GA1UdDgQWBBS00spi6cRFdqz95TQI
429AuPn5/DRjAfBgNVHSMEGDAWgBREKvrASIa7JJ41mQWDkJ06rXTCtTANBgkqhkiG
439w0BAQsFAAOCAgEAiS4OlazkDpgR4qhrq5Wpx6m3Bmkk5RkXnqey1yyhyfZlAGH7
44ewQiybkF3nN6at/TcNWMRfGBLhRrQn1h75KEXKlc18RDorj72/bvkbJLoBmA43Mv
45xMF0w4YX8pQwzb4hSt04p79P2RVVYM3ex/vdok0KkouhLTlxzY7vhv1T8WGTVQHJ
46k2EyswS2nFa/OtIkwruXqJj+lotdV2yPgFav5j9lkw5VbOztlfSKT7qQInVm+VBI
47/qddz/LOYrls1A7KHzWkTvOwmvQBqI4e9xLjc3r8K4pZyMd7EsmepYmLOU+pfINf
48/sEjliCluR65mKcKGiUa5J31pzbVpCr6FM/NGEjqpp6F+slyNC8YM/UlaJK1W9ZI
49W7JAhmfil5z1CtQILFSnUh4VneTVOaYg6+gXr169fXUDlMM4ECnuqWAE2PLhfhI8
50+lY8u18rFiX0bNSiUySgxU3asCC92xNmvJHuL4QwiYaGtTne36NMN7dH/32nMKl+
51G3XA8cX8yZIrIkmWLBSji8UwOXwVhYovmbhHjaUMTQommxYv/Cuqi5nJUJfh5YJr
52APeEK6fTYpPMiZ6U1++qzZDp78MRAq7UQbluJHh8ujPuK6kQmSLXmvK5yGpnJ+Cw
53izaUuU1EEwgOMELjeFL62Ssvq8X+x6hZFCLygI7GNeitlblNhCXhFFurqMs=
54"""
55
56    def setUp(self):
57        self.asn1Spec = rfc5280.Certificate()
58
59    def testDerCodec(self):
60        substrate = pem.readBase64fromText(self.mud_cert_pem_text)
61        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
62        assert not rest
63        assert asn1Object.prettyPrint()
64        assert der_encode(asn1Object) == substrate
65
66        for extn in asn1Object['tbsCertificate']['extensions']:
67            if extn['extnID'] == rfc8520.id_pe_mudsigner:
68                mudsigner, rest = der_decode(extn['extnValue'], rfc8520.MUDsignerSyntax())
69                assert der_encode(mudsigner) == extn['extnValue']
70
71                c = rfc5280.X520countryName(value="CH")
72                assert mudsigner[0][0][0]['value'] == der_encode(c)
73                e = rfc5280.EmailAddress(value="ascertia@ofcourseimright.com")
74                assert mudsigner[0][1][0]['value'] == der_encode(e)
75                cn = rfc5280.X520CommonName()
76                cn['printableString'] = "Eliot Lear"
77                assert mudsigner[0][2][0]['value'] == der_encode(cn)
78
79            if extn['extnID'] == rfc8520.id_pe_mud_url:
80                mudurl, rest = der_decode(extn['extnValue'], rfc8520.MUDURLSyntax())
81                assert der_encode(mudurl) == extn['extnValue']
82
83                assert mudurl[-5:] == ".json"
84
85    def testExtensionsMap(self):
86        substrate = pem.readBase64fromText(self.mud_cert_pem_text)
87        rfc5280.certificateExtensionsMap.update(rfc8520.certificateExtensionsMapUpdate)
88        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
89        assert not rest
90        assert asn1Object.prettyPrint()
91        assert der_encode(asn1Object) == substrate
92
93        for extn in asn1Object['tbsCertificate']['extensions']:
94            if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
95                extnValue, rest = der_decode(extn['extnValue'],
96                    asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
97                assert der_encode(extnValue) == extn['extnValue']
98
99
100suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
101
102if __name__ == '__main__':
103    import sys
104
105    result = unittest.TextTestRunner(verbosity=2).run(suite)
106    sys.exit(not result.wasSuccessful())
107