Make Go's crypto/x509 compatible example certificates

diff --git a/pygost/asn1schemas/cert-selfsigned-example.py b/pygost/asn1schemas/cert-selfsigned-example.py
index 9d76af87322600283da3fcb99287fdc3cd9a919d..3a0a64a29a916168f9a0e989237d41596105df37 100644 (file)
--- a/pygost/asn1schemas/cert-selfsigned-example.py
+++ b/pygost/asn1schemas/cert-selfsigned-example.py
@@ -11,6 +11,7 @@ from textwrap import fill
 from pyderasn import Any
 from pyderasn import BitString
 from pyderasn import Boolean
 from pyderasn import Any
 from pyderasn import BitString
 from pyderasn import Boolean

+from pyderasn import IA5String

 from pyderasn import Integer
 from pyderasn import OctetString
 from pyderasn import PrintableString
 from pyderasn import Integer
 from pyderasn import OctetString
 from pyderasn import PrintableString


@@ -18,6 +19,7 @@ from pyderasn import UTCTime
 
 from pygost.asn1schemas.oids import id_at_commonName
 from pygost.asn1schemas.oids import id_ce_basicConstraints
 
 from pygost.asn1schemas.oids import id_at_commonName
 from pygost.asn1schemas.oids import id_ce_basicConstraints

+from pygost.asn1schemas.oids import id_ce_subjectAltName

 from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetA
 from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetA


@@ -42,10 +44,12 @@ from pygost.asn1schemas.x509 import Certificate
 from pygost.asn1schemas.x509 import CertificateSerialNumber
 from pygost.asn1schemas.x509 import Extension
 from pygost.asn1schemas.x509 import Extensions
 from pygost.asn1schemas.x509 import CertificateSerialNumber
 from pygost.asn1schemas.x509 import Extension
 from pygost.asn1schemas.x509 import Extensions

+from pygost.asn1schemas.x509 import GeneralName

 from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters
 from pygost.asn1schemas.x509 import Name
 from pygost.asn1schemas.x509 import RDNSequence
 from pygost.asn1schemas.x509 import RelativeDistinguishedName
 from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters
 from pygost.asn1schemas.x509 import Name
 from pygost.asn1schemas.x509 import RDNSequence
 from pygost.asn1schemas.x509 import RelativeDistinguishedName

+from pygost.asn1schemas.x509 import SubjectAltName

 from pygost.asn1schemas.x509 import SubjectKeyIdentifier
 from pygost.asn1schemas.x509 import SubjectPublicKeyInfo
 from pygost.asn1schemas.x509 import TBSCertificate
 from pygost.asn1schemas.x509 import SubjectKeyIdentifier
 from pygost.asn1schemas.x509 import SubjectPublicKeyInfo
 from pygost.asn1schemas.x509 import TBSCertificate


@@ -180,6 +184,14 @@ exts = [
             SubjectKeyIdentifier(GOST34112012256(pub_raw).digest()[:20]).encode()
         )),
     )),
             SubjectKeyIdentifier(GOST34112012256(pub_raw).digest()[:20]).encode()
         )),
     )),

+    Extension((
+        ("extnID", id_ce_subjectAltName),
+        ("extnValue", OctetString(
+            SubjectAltName((
+                GeneralName(("dNSName", IA5String(args.cn))),
+            )).encode()
+        )),
+    )),

 ]
 if args.ca:
     exts.append(Extension((
 ]
 if args.ca:
     exts.append(Extension((

diff --git a/pygost/asn1schemas/oids.py b/pygost/asn1schemas/oids.py
index 2ec5936d1cebd65806668409dd26493b0e444231..54d2b0df04d57b90bf459ac7e07773894c1a20e3 100644 (file)
--- a/pygost/asn1schemas/oids.py
+++ b/pygost/asn1schemas/oids.py
@@ -51,3 +51,4 @@ id_pbkdf2 = ObjectIdentifier("1.2.840.113549.1.5.12")
 id_at_commonName = ObjectIdentifier("2.5.4.3")
 id_ce_basicConstraints = ObjectIdentifier("2.5.29.19")
 id_ce_subjectKeyIdentifier = ObjectIdentifier("2.5.29.14")
 id_at_commonName = ObjectIdentifier("2.5.4.3")
 id_ce_basicConstraints = ObjectIdentifier("2.5.29.19")
 id_ce_subjectKeyIdentifier = ObjectIdentifier("2.5.29.14")

+id_ce_subjectAltName = ObjectIdentifier("2.5.29.17")

diff --git a/pygost/asn1schemas/x509.py b/pygost/asn1schemas/x509.py
index 7977c31345ef4cc37e6fe0abe27c3d65114fc0cd..29a0a601eb285cc25a07dd6f0c1b171d202e372e 100644 (file)
--- a/pygost/asn1schemas/x509.py
+++ b/pygost/asn1schemas/x509.py
@@ -23,6 +23,7 @@ from pyderasn import BitString
 from pyderasn import Boolean
 from pyderasn import Choice
 from pyderasn import GeneralizedTime
 from pyderasn import Boolean
 from pyderasn import Choice
 from pyderasn import GeneralizedTime

+from pyderasn import IA5String

 from pyderasn import Integer
 from pyderasn import ObjectIdentifier
 from pyderasn import OctetString
 from pyderasn import Integer
 from pyderasn import ObjectIdentifier
 from pyderasn import OctetString


@@ -210,3 +211,27 @@ class CertificateList(Sequence):
         ("signatureAlgorithm", AlgorithmIdentifier()),
         ("signatureValue", BitString()),
     )
         ("signatureAlgorithm", AlgorithmIdentifier()),
         ("signatureValue", BitString()),
     )

+
+
+class GeneralName(Choice):
+    schema = (
+        # ('otherName', AnotherName(impl=tag_ctxc(0))),
+        # ('rfc822Name', IA5String(impl=tag_ctxp(1))),
+        ('dNSName', IA5String(impl=tag_ctxp(2))),
+        # ('x400Address', ORAddress(impl=tag_ctxp(3))),
+        # ('x400Address', OctetString(impl=tag_ctxp(3))),
+        # ('directoryName', Name(expl=tag_ctxc(4))),
+        # ('ediPartyName', EDIPartyName(impl=tag_ctxc(5))),
+        # ('uniformResourceIdentifier', IA5String(impl=tag_ctxp(6))),
+        # ('iPAddress', OctetString(impl=tag_ctxp(7))),
+        # ('registeredID', ObjectIdentifier(impl=tag_ctxp(8))),
+    )
+
+
+class GeneralNames(SequenceOf):
+    schema = GeneralName()
+    bounds = (1, float('+inf'))
+
+
+class SubjectAltName(GeneralNames):
+    pass