1#
2# This file is part of pyasn1-modules software.
3#
4# Created by Russ Housley
5# Copyright (c) 2019, Vigil Security, LLC
6# License: http://snmplabs.com/pyasn1/license.html
7#
8
9import sys
10
11from pyasn1.codec.der.decoder import decode as der_decode
12from pyasn1.codec.der.encoder import encode as der_encode
13
14from pyasn1.type import univ
15
16from pyasn1_modules import pem
17from pyasn1_modules import rfc5280
18from pyasn1_modules import rfc4055
19from pyasn1_modules import rfc6960
20
21try:
22    import unittest2 as unittest
23
24except ImportError:
25    import unittest
26
27
28class OCSPRequestTestCase(unittest.TestCase):
29    ocsp_req_pem_text = """\
30MGowaDBBMD8wPTAJBgUrDgMCGgUABBS3ZrMV9C5Dko03aH13cEZeppg3wgQUkqR1LKSevoFE63n8
31isWVpesQdXMCBDXe9M+iIzAhMB8GCSsGAQUFBzABAgQSBBBjdJOiIW9EKJGELNNf/rdA
32"""
33
34    def setUp(self):
35        self.asn1Spec = rfc6960.OCSPRequest()
36
37    def testDerCodec(self):
38        substrate = pem.readBase64fromText(self.ocsp_req_pem_text)
39        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
40        assert not rest
41        assert asn1Object.prettyPrint()
42        assert der_encode(asn1Object) == substrate
43
44        assert asn1Object['tbsRequest']['version'] == 0
45
46        count = 0
47        for extn in asn1Object['tbsRequest']['requestExtensions']:
48            assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys()
49            ev, rest = der_decode(extn['extnValue'],
50                asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
51            assert not rest
52            assert ev.prettyPrint()
53            assert der_encode(ev) == extn['extnValue']
54            count += 1
55
56        assert count == 1
57
58    def testOpenTypes(self):
59        substrate = pem.readBase64fromText(self.ocsp_req_pem_text)
60        asn1Object, rest = der_decode(substrate,
61           asn1Spec=self.asn1Spec,
62           decodeOpenTypes=True)
63        assert not rest
64        assert asn1Object.prettyPrint()
65        assert der_encode(asn1Object) == substrate
66
67        assert asn1Object['tbsRequest']['version'] == 0
68        for req in  asn1Object['tbsRequest']['requestList']:
69            ha = req['reqCert']['hashAlgorithm']
70            assert ha['algorithm'] == rfc4055.id_sha1
71            assert ha['parameters'] == univ.Null("")
72
73
74class OCSPResponseTestCase(unittest.TestCase):
75    ocsp_resp_pem_text = """\
76MIIEvQoBAKCCBLYwggSyBgkrBgEFBQcwAQEEggSjMIIEnzCCAQ+hgYAwfjELMAkGA1UEBhMCQVUx
77EzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEV
78MBMGA1UEAxMMc25tcGxhYnMuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHNubXBsYWJzLmNvbRgP
79MjAxMjA0MTExNDA5MjJaMFQwUjA9MAkGBSsOAwIaBQAEFLdmsxX0LkOSjTdofXdwRl6mmDfCBBSS
80pHUspJ6+gUTrefyKxZWl6xB1cwIENd70z4IAGA8yMDEyMDQxMTE0MDkyMlqhIzAhMB8GCSsGAQUF
81BzABAgQSBBBjdJOiIW9EKJGELNNf/rdAMA0GCSqGSIb3DQEBBQUAA4GBADk7oRiCy4ew1u0N52QL
82RFpW+tdb0NfkV2Xyu+HChKiTThZPr9ZXalIgkJ1w3BAnzhbB0JX/zq7Pf8yEz/OrQ4GGH7HyD3Vg
83PkMu+J6I3A2An+bUQo99AmCbZ5/tSHtDYQMQt3iNbv1fk0yvDmh7UdKuXUNSyJdHeg27dMNy4k8A
84oIIC9TCCAvEwggLtMIICVqADAgECAgEBMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAkFVMRMw
85EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFTAT
86BgNVBAMTDHNubXBsYWJzLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0Bzbm1wbGFicy5jb20wHhcN
87MTIwNDExMTMyNTM1WhcNMTMwNDExMTMyNTM1WjB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
88ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRUwEwYDVQQDEwxzbm1w
89bGFicy5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ac25tcGxhYnMuY29tMIGfMA0GCSqGSIb3DQEB
90AQUAA4GNADCBiQKBgQDDDU5HOnNV8I2CojxB8ilIWRHYQuaAjnjrETMOprouDHFXnwWqQo/I3m0b
91XYmocrh9kDefb+cgc7+eJKvAvBqrqXRnU38DmQU/zhypCftGGfP8xjuBZ1n23lR3hplN1yYA0J2X
92SgBaAg6e8OsKf1vcX8Es09rDo8mQpt4G2zR56wIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG
93+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU8Ys2dpJFLMHl
94yY57D4BNmlqnEcYwHwYDVR0jBBgwFoAU8Ys2dpJFLMHlyY57D4BNmlqnEcYwDQYJKoZIhvcNAQEF
95BQADgYEAWR0uFJVlQId6hVpUbgXFTpywtNitNXFiYYkRRv77McSJqLCa/c1wnuLmqcFcuRUK0oN6
968ZJDP2HDDKe8MCZ8+sx+CF54eM8VCgN9uQ9XyE7x9XrXDd3Uw9RJVaWSIezkNKNeBE0lDM2jUjC4
97HAESdf7nebz1wtqAOXE1jWF/y8g=
98"""
99
100    def setUp(self):
101        self.asn1Spec = rfc6960.OCSPResponse()
102
103    def testDerCodec(self):
104        substrate = pem.readBase64fromText(self.ocsp_resp_pem_text)
105        asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
106        assert not rest
107        assert asn1Object.prettyPrint()
108        assert der_encode(asn1Object) == substrate
109
110        assert asn1Object['responseStatus'] == 0
111        rb = asn1Object['responseBytes']
112        assert rb['responseType'] in rfc6960.ocspResponseMap.keys()
113        resp, rest = der_decode(rb['response'],
114                asn1Spec=rfc6960.ocspResponseMap[rb['responseType']])
115        assert not rest
116        assert resp.prettyPrint()
117        assert der_encode(resp) == rb['response']
118
119        resp['tbsResponseData']['version'] == 0
120        count = 0
121        for extn in resp['tbsResponseData']['responseExtensions']:
122            assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys()
123            ev, rest = der_decode(extn['extnValue'],
124                asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
125            assert not rest
126            assert ev.prettyPrint()
127            assert der_encode(ev) == extn['extnValue']
128            count += 1
129
130        assert count == 1
131
132    def testOpenTypes(self):
133        substrate = pem.readBase64fromText(self.ocsp_resp_pem_text)
134        asn1Object, rest = der_decode(substrate,
135            asn1Spec=self.asn1Spec,
136            decodeOpenTypes=True)
137        assert not rest
138        assert asn1Object.prettyPrint()
139        assert der_encode(asn1Object) == substrate
140
141        assert asn1Object['responseStatus'] == 0
142        rb = asn1Object['responseBytes']
143        assert rb['responseType'] in rfc6960.ocspResponseMap.keys()
144        resp, rest = der_decode(rb['response'],
145                asn1Spec=rfc6960.ocspResponseMap[rb['responseType']],
146                decodeOpenTypes=True)
147        assert not rest
148        assert resp.prettyPrint()
149        assert der_encode(resp) == rb['response']
150
151        resp['tbsResponseData']['version'] == 0
152        for rdn in resp['tbsResponseData']['responderID']['byName']['rdnSequence']:
153            for attr in rdn:
154                if attr['type'] == rfc5280.id_emailAddress:
155                    assert attr['value'] == '[email protected]'
156
157        for r in resp['tbsResponseData']['responses']:
158            ha = r['certID']['hashAlgorithm']
159            assert ha['algorithm'] == rfc4055.id_sha1
160            assert ha['parameters'] == univ.Null("")
161
162
163suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
164
165if __name__ == '__main__':
166    import sys
167
168    result = unittest.TextTestRunner(verbosity=2).run(suite)
169    sys.exit(not result.wasSuccessful())
170