X-Git-Url: http://www.git.cypherpunks.ru/?p=pyderasn.git;a=blobdiff_plain;f=pyderasn.py;h=cc44e24c91293ca4ffe85ba7684279e87718925c;hp=b4a10d9fc04ba14fcf91a86ce21f2490cf5c41fb;hb=761a36dafa03cb67bca1b7777031c40c999528a1;hpb=78833daa9b9637827bfb570135e699b5871aefd3 diff --git a/pyderasn.py b/pyderasn.py index b4a10d9..cc44e24 100755 --- a/pyderasn.py +++ b/pyderasn.py @@ -207,6 +207,7 @@ decoding process. Currently available context options: * :ref:`defines_by_path ` +* :ref:`strict_default_existence ` .. _pprinting: @@ -3660,13 +3661,18 @@ class Sequence(Obj): All defaulted values are always optional. + .. _strict_default_existence_ctx: + .. warning:: When decoded DER contains defaulted value inside, then - technically this is not valid DER encoding. But we allow - and pass it. Of course reencoding of that kind of DER will + technically this is not valid DER encoding. But we allow and pass + it **by default**. Of course reencoding of that kind of DER will result in different binary representation (validly without - defaulted value inside). + defaulted value inside). You can enable strict defaulted values + existence validation by setting ``"strict_default_existence": + True`` :ref:`context ` option -- decoding process will raise + an exception if defaulted value is met. Two sequences are equal if they have equal specification (schema), implicit/explicit tagging and the same values. @@ -3900,9 +3906,15 @@ class Sequence(Obj): sub_offset += (value.expl_tlvlen if value.expled else value.tlvlen) v = v_tail if spec.default is not None and value == spec.default: - # Encoded default values are not valid in DER, - # but we allow that anyway - continue + if ctx.get("strict_default_existence", False): + raise DecodeError( + "DEFAULT value met", + klass=self.__class__, + decode_path=sub_decode_path, + offset=sub_offset, + ) + else: + continue values[name] = value spec_defines = getattr(spec, "defines", ())