X-Git-Url: http://www.git.cypherpunks.ru/?p=pygost.git;a=blobdiff_plain;f=pygost%2Fasn1schemas%2Fcert-selfsigned-example.py;h=1f505aae09e9e327fa9a2ea407690715634b6224;hp=94b4b34cf4ba318dc5bf75a0ac427b12d58dab65;hb=08cedcc91f44b8ffd2d8f3a3fbbb15263ccff440;hpb=fd99616bb38b2f6283f81c5733e070535853bc01

diff --git a/pygost/asn1schemas/cert-selfsigned-example.py b/pygost/asn1schemas/cert-selfsigned-example.py
index 94b4b34..1f505aa 100755
--- a/pygost/asn1schemas/cert-selfsigned-example.py
+++ b/pygost/asn1schemas/cert-selfsigned-example.py
@@ -20,6 +20,7 @@ from pyderasn import PrintableString
 from pyderasn import UTCTime
 
 from pygost.asn1schemas.oids import id_at_commonName
+from pygost.asn1schemas.oids import id_ce_authorityKeyIdentifier
 from pygost.asn1schemas.oids import id_ce_basicConstraints
 from pygost.asn1schemas.oids import id_ce_subjectAltName
 from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
@@ -41,6 +42,7 @@ from pygost.asn1schemas.x509 import AlgorithmIdentifier
 from pygost.asn1schemas.x509 import AttributeType
 from pygost.asn1schemas.x509 import AttributeTypeAndValue
 from pygost.asn1schemas.x509 import AttributeValue
+from pygost.asn1schemas.x509 import AuthorityKeyIdentifier
 from pygost.asn1schemas.x509 import BasicConstraints
 from pygost.asn1schemas.x509 import Certificate
 from pygost.asn1schemas.x509 import CertificateSerialNumber
@@ -48,6 +50,7 @@ from pygost.asn1schemas.x509 import Extension
 from pygost.asn1schemas.x509 import Extensions
 from pygost.asn1schemas.x509 import GeneralName
 from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters
+from pygost.asn1schemas.x509 import KeyIdentifier
 from pygost.asn1schemas.x509 import Name
 from pygost.asn1schemas.x509 import RDNSequence
 from pygost.asn1schemas.x509 import RelativeDistinguishedName
@@ -148,6 +151,7 @@ AIs = {
 ai = AIs[args.ai]
 
 ca_prv = None
+ca_cert = None
 ca_subj = None
 ca_ai = None
 if args.issue_with is not None:
@@ -163,7 +167,8 @@ if args.issue_with is not None:
     cert_raw = standard_b64decode(lines[idx + 1])
     pki = PrivateKeyInfo().decod(prv_raw)
     ca_prv = prv_unmarshal(bytes(OctetString().decod(bytes(pki["privateKey"]))))
-    tbs = Certificate().decod(cert_raw)["tbsCertificate"]
+    ca_cert = Certificate().decod(cert_raw)
+    tbs = ca_cert["tbsCertificate"]
     ca_subj = tbs["subject"]
     curve_oid = GostR34102012PublicKeyParameters().decod(bytes(
         tbs["subjectPublicKeyInfo"]["algorithm"]["parameters"]
@@ -232,6 +237,19 @@ if args.ca:
         ("extnID", id_ce_basicConstraints),
         ("extnValue", OctetString(BasicConstraints((("cA", Boolean(True)),)).encode())),
     )))
+if ca_ai is not None:
+    caKeyId = [
+        bytes(SubjectKeyIdentifier().decod(bytes(ext["extnValue"])))
+        for ext in ca_cert["tbsCertificate"]["extensions"]
+        if ext["extnID"] == id_ce_subjectKeyIdentifier
+    ][0]
+    exts.append(Extension((
+        ("extnID", id_ce_authorityKeyIdentifier),
+        ("extnValue", OctetString(AuthorityKeyIdentifier((
+            ("keyIdentifier", KeyIdentifier(caKeyId)),
+        )).encode())),
+    )))
+
 tbs = TBSCertificate((
     ("version", Version("v3")),
     ("serialNumber", CertificateSerialNumber(12345)),