diff options
-rw-r--r-- | CHANGES.txt | 1 | ||||
-rw-r--r-- | pyasn1_modules/rfc8209.py | 20 | ||||
-rw-r--r-- | tests/__main__.py | 1 | ||||
-rw-r--r-- | tests/test_rfc8209.py | 59 |
4 files changed, 81 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 352175e..da4c06f 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -42,6 +42,7 @@ Revision 0.2.7, released XX-09-2019 - Added RFC8360 providing Resource Public Key Infrastructure (RPKI) Validation Reconsidered - Added RFC8358 providing Digital Signatures on Internet-Draft Documents +- Added RFC8209 providing BGPsec Router PKI Profile Revision 0.2.6, released 31-07-2019 ----------------------------------- diff --git a/pyasn1_modules/rfc8209.py b/pyasn1_modules/rfc8209.py new file mode 100644 index 0000000..7d70f51 --- /dev/null +++ b/pyasn1_modules/rfc8209.py @@ -0,0 +1,20 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# BGPsec Router PKI Profile +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc8209.txt +# + +from pyasn1.type import univ + + +id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3') + +id_kp_bgpsec_router = id_kp + (30, ) diff --git a/tests/__main__.py b/tests/__main__.py index 979b1ba..9b4cb18 100644 --- a/tests/__main__.py +++ b/tests/__main__.py @@ -61,6 +61,7 @@ suite = unittest.TestLoader().loadTestsFromNames( 'tests.test_rfc7906.suite', 'tests.test_rfc8018.suite', 'tests.test_rfc8103.suite', + 'tests.test_rfc8209.suite', 'tests.test_rfc8226.suite', 'tests.test_rfc8358.suite', 'tests.test_rfc8360.suite', diff --git a/tests/test_rfc8209.py b/tests/test_rfc8209.py new file mode 100644 index 0000000..1eb2efd --- /dev/null +++ b/tests/test_rfc8209.py @@ -0,0 +1,59 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# + +import sys + +from pyasn1.codec.der.decoder import decode as der_decode +from pyasn1.codec.der.encoder import encode as der_encode + +from pyasn1_modules import pem +from pyasn1_modules import rfc5280 +from pyasn1_modules import rfc8209 + +try: + import unittest2 as unittest +except ImportError: + import unittest + +class CertificateTestCase(unittest.TestCase): + cert_pem_text = """\ +MIIBiDCCAS+gAwIBAgIEAk3WfDAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA9ST1VU +RVItMDAwMEZCRjAwHhcNMTcwMTAxMDUwMDAwWhcNMTgwNzAxMDUwMDAwWjAaMRgw +FgYDVQQDDA9ST1VURVItMDAwMEZCRjAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC +AARzkbq7kqDLO+EOWbGev/shTgSpHgy6GxOafTjZD3flWqBbjmlWeOD6FpBLVdnU +9cDfxYiV7lC8T3XSBaJb02/1o2MwYTALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFKtN +kQ9VyucaIV7zyv46zEW17sFUMBMGA1UdJQQMMAoGCCsGAQUFBwMeMB4GCCsGAQUF +BwEIAQH/BA8wDaAHMAUCAwD78KECBQAwCgYIKoZIzj0EAwIDRwAwRAIgB7e0al+k +8cxoNjkDpIPsfIAC0vYInUay7Cp75pKzb7ECIACRBUqh9bAYnSck6LQi/dEc8D2x +OCRdZCk1KI3uDDgp +""" + + def setUp(self): + self.asn1Spec = rfc5280.Certificate() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.cert_pem_text) + asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + for extn in asn1Object['tbsCertificate']['extensions']: + if extn['extnID'] in rfc5280.certificateExtensionsMap.keys(): + extnValue, rest = der_decode(extn['extnValue'], + asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) + assert der_encode(extnValue) == extn['extnValue'] + + if extn['extnID'] == rfc5280.id_ce_extKeyUsage: + assert rfc8209.id_kp_bgpsec_router in extnValue + + +suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) + +if __name__ == '__main__': + unittest.TextTestRunner(verbosity=2).run(suite) |