from pyderasn import UTCTime
from pygost.asn1schemas.oids import id_at_commonName
+from pygost.asn1schemas.oids import id_ce_authorityKeyIdentifier
from pygost.asn1schemas.oids import id_ce_basicConstraints
from pygost.asn1schemas.oids import id_ce_subjectAltName
from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
from pygost.asn1schemas.x509 import AttributeType
from pygost.asn1schemas.x509 import AttributeTypeAndValue
from pygost.asn1schemas.x509 import AttributeValue
+from pygost.asn1schemas.x509 import AuthorityKeyIdentifier
from pygost.asn1schemas.x509 import BasicConstraints
from pygost.asn1schemas.x509 import Certificate
from pygost.asn1schemas.x509 import CertificateSerialNumber
from pygost.asn1schemas.x509 import Extensions
from pygost.asn1schemas.x509 import GeneralName
from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters
+from pygost.asn1schemas.x509 import KeyIdentifier
from pygost.asn1schemas.x509 import Name
from pygost.asn1schemas.x509 import RDNSequence
from pygost.asn1schemas.x509 import RelativeDistinguishedName
ai = AIs[args.ai]
ca_prv = None
+ca_cert = None
ca_subj = None
ca_ai = None
if args.issue_with is not None:
cert_raw = standard_b64decode(lines[idx + 1])
pki = PrivateKeyInfo().decod(prv_raw)
ca_prv = prv_unmarshal(bytes(OctetString().decod(bytes(pki["privateKey"]))))
- tbs = Certificate().decod(cert_raw)["tbsCertificate"]
+ ca_cert = Certificate().decod(cert_raw)
+ tbs = ca_cert["tbsCertificate"]
ca_subj = tbs["subject"]
curve_oid = GostR34102012PublicKeyParameters().decod(bytes(
tbs["subjectPublicKeyInfo"]["algorithm"]["parameters"]
("extnID", id_ce_basicConstraints),
("extnValue", OctetString(BasicConstraints((("cA", Boolean(True)),)).encode())),
)))
+if ca_ai is not None:
+ caKeyId = [
+ bytes(SubjectKeyIdentifier().decod(bytes(ext["extnValue"])))
+ for ext in ca_cert["tbsCertificate"]["extensions"]
+ if ext["extnID"] == id_ce_subjectKeyIdentifier
+ ][0]
+ exts.append(Extension((
+ ("extnID", id_ce_authorityKeyIdentifier),
+ ("extnValue", OctetString(AuthorityKeyIdentifier((
+ ("keyIdentifier", KeyIdentifier(caKeyId)),
+ )).encode())),
+ )))
+
tbs = TBSCertificate((
("version", Version("v3")),
("serialNumber", CertificateSerialNumber(12345)),