• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#
2# This file is part of pyasn1-modules software.
3#
4# Created by Russ Housley
5# Copyright (c) 2019, Vigil Security, LLC
6# License: http://snmplabs.com/pyasn1/license.html
7#
8
9import sys
10
11from pyasn1.codec.der.decoder import decode as der_decode
12from pyasn1.codec.der.encoder import encode as der_encode
13
14from pyasn1_modules import pem
15from pyasn1_modules import rfc5280
16from pyasn1_modules import rfc5913
17from pyasn1_modules import rfc5755
18from pyasn1_modules import rfc3114
19
20try:
21    import unittest2 as unittest
22except ImportError:
23    import unittest
24
25
26class ClearanceTestCase(unittest.TestCase):
27    cert_pem_text = """\
28MIIDhzCCAw6gAwIBAgIJAKWzVCgbsG5GMAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT
29AlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9n
30dXMgQ0EwHhcNMTkxMTAyMTg0MjE4WhcNMjAxMTAxMTg0MjE4WjBmMQswCQYDVQQG
31EwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xEDAOBgNVBAoTB0V4
32YW1wbGUxDDAKBgNVBAsTA1BDQTEYMBYGA1UEAxMPcGNhLmV4YW1wbGUuY29tMHYw
33EAYHKoZIzj0CAQYFK4EEACIDYgAEPf5vbgAqbE5dn6wbiCx4sCCcn1BKSrHmCfiW
34C9QLSGVNGHifQwPt9odGXjRiQ7QwpZ2wRD6Z91v+fk85XXLE3kJQCQdPIHFUY5EM
35pvS7T6u6xrmwnlVpUURPTOxfc55Oo4IBrTCCAakwHQYDVR0OBBYEFCbqJQ8LMiAo
36pNdaCo3/Ldy9f1RlMG8GA1UdIwRoMGaAFPI12zQE2qVV8r1pA5mwYuziFQjBoUOk
37QTA/MQswCQYDVQQGEwJVUzELMAkGA1UECAwCVkExEDAOBgNVBAcMB0hlcm5kb24x
38ETAPBgNVBAoMCEJvZ3VzIENBggkA6JHWBpFPzvIwDwYDVR0TAQH/BAUwAwEB/zAL
39BgNVHQ8EBAMCAYYwQgYJYIZIAYb4QgENBDUWM1RoaXMgY2VydGlmaWNhdGUgY2Fu
40bm90IGJlIHRydXN0ZWQgZm9yIGFueSBwdXJwb3NlLjAVBgNVHSAEDjAMMAoGCCsG
41AQUFBw0CMAoGA1UdNgQDAgECMIGRBggrBgEFBQcBFQSBhDCBgTBZBgsqhkiG9w0B
42CRAHAwMCBeAxRjBEgAsqhkiG9w0BCRAHBIE1MDMMF0xBVyBERVBBUlRNRU5UIFVT
43RSBPTkxZDBhIVU1BTiBSRVNPVVJDRVMgVVNFIE9OTFkwEQYLKoZIhvcNAQkQBwID
44AgTwMBEGCyqGSIb3DQEJEAcBAwIF4DAKBggqhkjOPQQDAwNnADBkAjAZSD+BVqzc
451l0fDoH3LwixjxvtddBHbJsM5yBek4U9b2yWL2KEmwV02fTgof3AjDECMCTsksmx
465f3i5DSYfe9Q1heJlEJLd1hgZmfvUYNnCU3WrdmYzyoNdNTbg7ZFMoxsXw==
47"""
48
49    def setUp(self):
50        self.asn1Spec = rfc5280.Certificate()
51
52    def testDerCodec(self):
53        substrate = pem.readBase64fromText(self.cert_pem_text)
54        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
55        assert not rest
56        assert asn1Object.prettyPrint()
57        assert der_encode(asn1Object) == substrate
58
59        cat_value_found = False
60        for extn in asn1Object['tbsCertificate']['extensions']:
61            if extn['extnID'] == rfc5913.id_pe_clearanceConstraints:
62                assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys()
63                ev, rest = der_decode(extn['extnValue'],
64                    asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
65                assert not rest
66                assert ev.prettyPrint()
67                assert der_encode(ev) == extn['extnValue']
68
69                for c in ev:
70                    if c['policyId'] == rfc3114.id_tsp_TEST_Whirlpool:
71                        for sc in c['securityCategories']:
72                            assert sc['type'] in rfc5755.securityCategoryMap.keys()
73                            scv, rest = der_decode(sc['value'],
74                                asn1Spec=rfc5755.securityCategoryMap[sc['type']])
75                            for cat in scv:
76                                assert u'USE ONLY' in cat
77                                cat_value_found = True
78
79        assert cat_value_found
80
81    def testOpenTypes(self):
82        substrate = pem.readBase64fromText(self.cert_pem_text)
83        asn1Object, rest = der_decode(substrate,
84            asn1Spec=self.asn1Spec,
85            decodeOpenTypes=True)
86        assert not rest
87        assert asn1Object.prettyPrint()
88        assert der_encode(asn1Object) == substrate
89
90        cat_value_found = False
91        for extn in asn1Object['tbsCertificate']['extensions']:
92            if extn['extnID'] == rfc5913.id_pe_clearanceConstraints:
93                assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys()
94                ev, rest = der_decode(extn['extnValue'],
95                    asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']],
96                    decodeOpenTypes=True)
97                assert not rest
98                assert ev.prettyPrint()
99                assert der_encode(ev) == extn['extnValue']
100
101                for c in ev:
102                    if c['policyId'] == rfc3114.id_tsp_TEST_Whirlpool:
103                        for sc in c['securityCategories']:
104                            assert sc['type'] in rfc5755.securityCategoryMap.keys()
105                            for cat in sc['value']:
106                                assert u'USE ONLY' in cat
107                                cat_value_found = True
108
109        assert cat_value_found
110
111suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
112
113if __name__ == '__main__':
114    unittest.TextTestRunner(verbosity=2).run(suite)
115