tests/test_rfc5913.py - external/github.com/etingof/pyasn1-modules - Git at Google

 #
 # This file is part of pyasn1-modules software.
 #
 # Created by Russ Housley
 # Copyright (c) 2019, Vigil Security, LLC
 # License: http://snmplabs.com/pyasn1/license.html
 #
 import sys
 import unittest

 from pyasn1.codec.der.decoder import decode as der_decoder
 from pyasn1.codec.der.encoder import encode as der_encoder

 from pyasn1_modules import pem
 from pyasn1_modules import rfc5280
 from pyasn1_modules import rfc5913
 from pyasn1_modules import rfc5755
 from pyasn1_modules import rfc3114


 class ClearanceTestCase(unittest.TestCase):
     cert_pem_text = """\
 MIIDhzCCAw6gAwIBAgIJAKWzVCgbsG5GMAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT
 AlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9n
 dXMgQ0EwHhcNMTkxMTAyMTg0MjE4WhcNMjAxMTAxMTg0MjE4WjBmMQswCQYDVQQG
 EwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xEDAOBgNVBAoTB0V4
 YW1wbGUxDDAKBgNVBAsTA1BDQTEYMBYGA1UEAxMPcGNhLmV4YW1wbGUuY29tMHYw
 EAYHKoZIzj0CAQYFK4EEACIDYgAEPf5vbgAqbE5dn6wbiCx4sCCcn1BKSrHmCfiW
 C9QLSGVNGHifQwPt9odGXjRiQ7QwpZ2wRD6Z91v+fk85XXLE3kJQCQdPIHFUY5EM
 pvS7T6u6xrmwnlVpUURPTOxfc55Oo4IBrTCCAakwHQYDVR0OBBYEFCbqJQ8LMiAo
 pNdaCo3/Ldy9f1RlMG8GA1UdIwRoMGaAFPI12zQE2qVV8r1pA5mwYuziFQjBoUOk
 QTA/MQswCQYDVQQGEwJVUzELMAkGA1UECAwCVkExEDAOBgNVBAcMB0hlcm5kb24x
 ETAPBgNVBAoMCEJvZ3VzIENBggkA6JHWBpFPzvIwDwYDVR0TAQH/BAUwAwEB/zAL
 BgNVHQ8EBAMCAYYwQgYJYIZIAYb4QgENBDUWM1RoaXMgY2VydGlmaWNhdGUgY2Fu
 bm90IGJlIHRydXN0ZWQgZm9yIGFueSBwdXJwb3NlLjAVBgNVHSAEDjAMMAoGCCsG
 AQUFBw0CMAoGA1UdNgQDAgECMIGRBggrBgEFBQcBFQSBhDCBgTBZBgsqhkiG9w0B
 CRAHAwMCBeAxRjBEgAsqhkiG9w0BCRAHBIE1MDMMF0xBVyBERVBBUlRNRU5UIFVT
 RSBPTkxZDBhIVU1BTiBSRVNPVVJDRVMgVVNFIE9OTFkwEQYLKoZIhvcNAQkQBwID
 AgTwMBEGCyqGSIb3DQEJEAcBAwIF4DAKBggqhkjOPQQDAwNnADBkAjAZSD+BVqzc
 1l0fDoH3LwixjxvtddBHbJsM5yBek4U9b2yWL2KEmwV02fTgof3AjDECMCTsksmx
 5f3i5DSYfe9Q1heJlEJLd1hgZmfvUYNnCU3WrdmYzyoNdNTbg7ZFMoxsXw==
 """

     def setUp(self):
         self.asn1Spec = rfc5280.Certificate()

     def testDerCodec(self):
         substrate = pem.readBase64fromText(self.cert_pem_text)
         asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)

         self.assertFalse(rest)
         self.assertTrue(asn1Object.prettyPrint())
         self.assertEqual(substrate, der_encoder(asn1Object))

         cat_value_found = False

         for extn in asn1Object['tbsCertificate']['extensions']:
             if extn['extnID'] == rfc5913.id_pe_clearanceConstraints:
                 self.assertIn(extn['extnID'], rfc5280.certificateExtensionsMap)

                 ev, rest = der_decoder(
                     extn['extnValue'],
                     asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])

                 self.assertFalse(rest)
                 self.assertTrue(ev.prettyPrint())
                 self.assertEqual(extn['extnValue'], der_encoder(ev))

                 for c in ev:
                     if c['policyId'] == rfc3114.id_tsp_TEST_Whirlpool:
                         for sc in c['securityCategories']:
                             self.assertIn(sc['type'], rfc5755.securityCategoryMap)

                             scv, rest = der_decoder(
                                 sc['value'],
                                 asn1Spec=rfc5755.securityCategoryMap[sc['type']])

                             for cat in scv:
                                 self.assertIn('USE ONLY', cat)
                                 cat_value_found = True

         self.assertTrue(cat_value_found)

     def testOpenTypes(self):
         substrate = pem.readBase64fromText(self.cert_pem_text)
         asn1Object, rest = der_decoder(
             substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True)

         self.assertFalse(rest)
         self.assertTrue(asn1Object.prettyPrint())
         self.assertEqual(substrate, der_encoder(asn1Object))

         cat_value_found = False

         for extn in asn1Object['tbsCertificate']['extensions']:
             if extn['extnID'] == rfc5913.id_pe_clearanceConstraints:
                 self.assertIn(extn['extnID'], rfc5280.certificateExtensionsMap)

                 ev, rest = der_decoder(
                     extn['extnValue'],
                     asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']],
                     decodeOpenTypes=True)

                 self.assertFalse(rest)
                 self.assertTrue(ev.prettyPrint())
                 self.assertEqual(extn['extnValue'], der_encoder(ev))

                 for c in ev:
                     if c['policyId'] == rfc3114.id_tsp_TEST_Whirlpool:
                         for sc in c['securityCategories']:
                             self.assertIn(sc['type'], rfc5755.securityCategoryMap)
                             for cat in sc['value']:
                                 self.assertIn('USE ONLY', cat)
                                 cat_value_found = True

         self.assertTrue(cat_value_found)


 suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])

 if __name__ == '__main__':
     unittest.TextTestRunner(verbosity=2).run(suite)
	#
	# This file is part of pyasn1-modules software.
	#
	# Created by Russ Housley
	# Copyright (c) 2019, Vigil Security, LLC
	# License: http://snmplabs.com/pyasn1/license.html
	#
	import sys
	import unittest

	from pyasn1.codec.der.decoder import decode as der_decoder
	from pyasn1.codec.der.encoder import encode as der_encoder

	from pyasn1_modules import pem
	from pyasn1_modules import rfc5280
	from pyasn1_modules import rfc5913
	from pyasn1_modules import rfc5755
	from pyasn1_modules import rfc3114


	class ClearanceTestCase(unittest.TestCase):
	cert_pem_text = """\
	MIIDhzCCAw6gAwIBAgIJAKWzVCgbsG5GMAoGCCqGSM49BAMDMD8xCzAJBgNVBAYT
	AlVTMQswCQYDVQQIDAJWQTEQMA4GA1UEBwwHSGVybmRvbjERMA8GA1UECgwIQm9n
	dXMgQ0EwHhcNMTkxMTAyMTg0MjE4WhcNMjAxMTAxMTg0MjE4WjBmMQswCQYDVQQG
	EwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xEDAOBgNVBAoTB0V4
	YW1wbGUxDDAKBgNVBAsTA1BDQTEYMBYGA1UEAxMPcGNhLmV4YW1wbGUuY29tMHYw
	EAYHKoZIzj0CAQYFK4EEACIDYgAEPf5vbgAqbE5dn6wbiCx4sCCcn1BKSrHmCfiW
	C9QLSGVNGHifQwPt9odGXjRiQ7QwpZ2wRD6Z91v+fk85XXLE3kJQCQdPIHFUY5EM
	pvS7T6u6xrmwnlVpUURPTOxfc55Oo4IBrTCCAakwHQYDVR0OBBYEFCbqJQ8LMiAo
	pNdaCo3/Ldy9f1RlMG8GA1UdIwRoMGaAFPI12zQE2qVV8r1pA5mwYuziFQjBoUOk
	QTA/MQswCQYDVQQGEwJVUzELMAkGA1UECAwCVkExEDAOBgNVBAcMB0hlcm5kb24x
	ETAPBgNVBAoMCEJvZ3VzIENBggkA6JHWBpFPzvIwDwYDVR0TAQH/BAUwAwEB/zAL
	BgNVHQ8EBAMCAYYwQgYJYIZIAYb4QgENBDUWM1RoaXMgY2VydGlmaWNhdGUgY2Fu
	bm90IGJlIHRydXN0ZWQgZm9yIGFueSBwdXJwb3NlLjAVBgNVHSAEDjAMMAoGCCsG
	AQUFBw0CMAoGA1UdNgQDAgECMIGRBggrBgEFBQcBFQSBhDCBgTBZBgsqhkiG9w0B
	CRAHAwMCBeAxRjBEgAsqhkiG9w0BCRAHBIE1MDMMF0xBVyBERVBBUlRNRU5UIFVT
	RSBPTkxZDBhIVU1BTiBSRVNPVVJDRVMgVVNFIE9OTFkwEQYLKoZIhvcNAQkQBwID
	AgTwMBEGCyqGSIb3DQEJEAcBAwIF4DAKBggqhkjOPQQDAwNnADBkAjAZSD+BVqzc
	1l0fDoH3LwixjxvtddBHbJsM5yBek4U9b2yWL2KEmwV02fTgof3AjDECMCTsksmx
	5f3i5DSYfe9Q1heJlEJLd1hgZmfvUYNnCU3WrdmYzyoNdNTbg7ZFMoxsXw==
	"""

	def setUp(self):
	self.asn1Spec = rfc5280.Certificate()

	def testDerCodec(self):
	substrate = pem.readBase64fromText(self.cert_pem_text)
	asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)

	self.assertFalse(rest)
	self.assertTrue(asn1Object.prettyPrint())
	self.assertEqual(substrate, der_encoder(asn1Object))

	cat_value_found = False

	for extn in asn1Object['tbsCertificate']['extensions']:
	if extn['extnID'] == rfc5913.id_pe_clearanceConstraints:
	self.assertIn(extn['extnID'], rfc5280.certificateExtensionsMap)

	ev, rest = der_decoder(
	extn['extnValue'],
	asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])

	self.assertFalse(rest)
	self.assertTrue(ev.prettyPrint())
	self.assertEqual(extn['extnValue'], der_encoder(ev))

	for c in ev:
	if c['policyId'] == rfc3114.id_tsp_TEST_Whirlpool:
	for sc in c['securityCategories']:
	self.assertIn(sc['type'], rfc5755.securityCategoryMap)

	scv, rest = der_decoder(
	sc['value'],
	asn1Spec=rfc5755.securityCategoryMap[sc['type']])

	for cat in scv:
	self.assertIn('USE ONLY', cat)
	cat_value_found = True

	self.assertTrue(cat_value_found)

	def testOpenTypes(self):
	substrate = pem.readBase64fromText(self.cert_pem_text)
	asn1Object, rest = der_decoder(
	substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True)

	self.assertFalse(rest)
	self.assertTrue(asn1Object.prettyPrint())
	self.assertEqual(substrate, der_encoder(asn1Object))

	cat_value_found = False

	for extn in asn1Object['tbsCertificate']['extensions']:
	if extn['extnID'] == rfc5913.id_pe_clearanceConstraints:
	self.assertIn(extn['extnID'], rfc5280.certificateExtensionsMap)

	ev, rest = der_decoder(
	extn['extnValue'],
	asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']],
	decodeOpenTypes=True)

	self.assertFalse(rest)
	self.assertTrue(ev.prettyPrint())
	self.assertEqual(extn['extnValue'], der_encoder(ev))

	for c in ev:
	if c['policyId'] == rfc3114.id_tsp_TEST_Whirlpool:
	for sc in c['securityCategories']:
	self.assertIn(sc['type'], rfc5755.securityCategoryMap)
	for cat in sc['value']:
	self.assertIn('USE ONLY', cat)
	cat_value_found = True

	self.assertTrue(cat_value_found)


	suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])

	if __name__ == '__main__':
	unittest.TextTestRunner(verbosity=2).run(suite)