from pyderasn import UTCTime
from pygost.asn1schemas.oids import id_at_commonName
+from pygost.asn1schemas.oids import id_ce_authorityKeyIdentifier
from pygost.asn1schemas.oids import id_ce_basicConstraints
from pygost.asn1schemas.oids import id_ce_subjectAltName
from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
from pygost.asn1schemas.x509 import AttributeType
from pygost.asn1schemas.x509 import AttributeTypeAndValue
from pygost.asn1schemas.x509 import AttributeValue
+from pygost.asn1schemas.x509 import AuthorityKeyIdentifier
from pygost.asn1schemas.x509 import BasicConstraints
from pygost.asn1schemas.x509 import Certificate
from pygost.asn1schemas.x509 import CertificateSerialNumber
from pygost.asn1schemas.x509 import Extensions
from pygost.asn1schemas.x509 import GeneralName
from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters
+from pygost.asn1schemas.x509 import KeyIdentifier
from pygost.asn1schemas.x509 import Name
from pygost.asn1schemas.x509 import RDNSequence
from pygost.asn1schemas.x509 import RelativeDistinguishedName
ai = AIs[args.ai]
ca_prv = None
+ca_cert = None
ca_subj = None
ca_ai = None
if args.issue_with is not None:
cert_raw = standard_b64decode(lines[idx + 1])
pki = PrivateKeyInfo().decod(prv_raw)
ca_prv = prv_unmarshal(bytes(OctetString().decod(bytes(pki["privateKey"]))))
- tbs = Certificate().decod(cert_raw)["tbsCertificate"]
+ ca_cert = Certificate().decod(cert_raw)
+ tbs = ca_cert["tbsCertificate"]
ca_subj = tbs["subject"]
curve_oid = GostR34102012PublicKeyParameters().decod(bytes(
tbs["subjectPublicKeyInfo"]["algorithm"]["parameters"]
("extnID", id_ce_basicConstraints),
("extnValue", OctetString(BasicConstraints((("cA", Boolean(True)),)).encode())),
)))
+if ca_ai is not None:
+ caKeyId = [
+ bytes(SubjectKeyIdentifier().decod(bytes(ext["extnValue"])))
+ for ext in ca_cert["tbsCertificate"]["extensions"]
+ if ext["extnID"] == id_ce_subjectKeyIdentifier
+ ][0]
+ exts.append(Extension((
+ ("extnID", id_ce_authorityKeyIdentifier),
+ ("extnValue", OctetString(AuthorityKeyIdentifier((
+ ("keyIdentifier", KeyIdentifier(caKeyId)),
+ )).encode())),
+ )))
+
tbs = TBSCertificate((
("version", Version("v3")),
("serialNumber", CertificateSerialNumber(12345)),
class GeneralName(Choice):
schema = (
- # ('otherName', AnotherName(impl=tag_ctxc(0))),
- # ('rfc822Name', IA5String(impl=tag_ctxp(1))),
- ('dNSName', IA5String(impl=tag_ctxp(2))),
- # ('x400Address', ORAddress(impl=tag_ctxp(3))),
- # ('x400Address', OctetString(impl=tag_ctxp(3))),
- # ('directoryName', Name(expl=tag_ctxc(4))),
- # ('ediPartyName', EDIPartyName(impl=tag_ctxc(5))),
- # ('uniformResourceIdentifier', IA5String(impl=tag_ctxp(6))),
- # ('iPAddress', OctetString(impl=tag_ctxp(7))),
- # ('registeredID', ObjectIdentifier(impl=tag_ctxp(8))),
+ # ("otherName", AnotherName(impl=tag_ctxc(0))),
+ # ("rfc822Name", IA5String(impl=tag_ctxp(1))),
+ ("dNSName", IA5String(impl=tag_ctxp(2))),
+ # ("x400Address", ORAddress(impl=tag_ctxp(3))),
+ # ("x400Address", OctetString(impl=tag_ctxp(3))),
+ # ("directoryName", Name(expl=tag_ctxc(4))),
+ # ("ediPartyName", EDIPartyName(impl=tag_ctxc(5))),
+ # ("uniformResourceIdentifier", IA5String(impl=tag_ctxp(6))),
+ # ("iPAddress", OctetString(impl=tag_ctxp(7))),
+ # ("registeredID", ObjectIdentifier(impl=tag_ctxp(8))),
)
class GeneralNames(SequenceOf):
schema = GeneralName()
- bounds = (1, float('+inf'))
+ bounds = (1, float("+inf"))
class SubjectAltName(GeneralNames):
pass
+
+
+class AuthorityKeyIdentifier(Sequence):
+ schema = (
+ ("keyIdentifier", KeyIdentifier(impl=tag_ctxp(0), optional=True)),
+ # ("authorityCertIssuer", GeneralNames(impl=tag_ctxc(1), optional=True)),
+ # (
+ # "authorityCertSerialNumber",
+ # CertificateSerialNumber(impl=tag_ctxp(2), optional=True),
+ # ),
+ )