From 5008cf14ea046aa2e20dde93b9843fcf8f3e2e3e Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Mon, 18 Jan 2021 18:58:53 +0300
Subject: [PATCH] Make Go's crypto/x509 compatible example certificates

---
 pygost/asn1schemas/cert-selfsigned-example.py | 12 +++++++++
 pygost/asn1schemas/oids.py                    |  1 +
 pygost/asn1schemas/x509.py                    | 25 +++++++++++++++++++
 3 files changed, 38 insertions(+)

diff --git a/pygost/asn1schemas/cert-selfsigned-example.py b/pygost/asn1schemas/cert-selfsigned-example.py
index 9d76af8..3a0a64a 100644
--- a/pygost/asn1schemas/cert-selfsigned-example.py
+++ b/pygost/asn1schemas/cert-selfsigned-example.py
@@ -11,6 +11,7 @@ from textwrap import fill
 from pyderasn import Any
 from pyderasn import BitString
 from pyderasn import Boolean
+from pyderasn import IA5String
 from pyderasn import Integer
 from pyderasn import OctetString
 from pyderasn import PrintableString
@@ -18,6 +19,7 @@ from pyderasn import UTCTime
 
 from pygost.asn1schemas.oids import id_at_commonName
 from pygost.asn1schemas.oids import id_ce_basicConstraints
+from pygost.asn1schemas.oids import id_ce_subjectAltName
 from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetA
@@ -42,10 +44,12 @@ from pygost.asn1schemas.x509 import Certificate
 from pygost.asn1schemas.x509 import CertificateSerialNumber
 from pygost.asn1schemas.x509 import Extension
 from pygost.asn1schemas.x509 import Extensions
+from pygost.asn1schemas.x509 import GeneralName
 from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters
 from pygost.asn1schemas.x509 import Name
 from pygost.asn1schemas.x509 import RDNSequence
 from pygost.asn1schemas.x509 import RelativeDistinguishedName
+from pygost.asn1schemas.x509 import SubjectAltName
 from pygost.asn1schemas.x509 import SubjectKeyIdentifier
 from pygost.asn1schemas.x509 import SubjectPublicKeyInfo
 from pygost.asn1schemas.x509 import TBSCertificate
@@ -180,6 +184,14 @@ exts = [
             SubjectKeyIdentifier(GOST34112012256(pub_raw).digest()[:20]).encode()
         )),
     )),
+    Extension((
+        ("extnID", id_ce_subjectAltName),
+        ("extnValue", OctetString(
+            SubjectAltName((
+                GeneralName(("dNSName", IA5String(args.cn))),
+            )).encode()
+        )),
+    )),
 ]
 if args.ca:
     exts.append(Extension((
diff --git a/pygost/asn1schemas/oids.py b/pygost/asn1schemas/oids.py
index 2ec5936..54d2b0d 100644
--- a/pygost/asn1schemas/oids.py
+++ b/pygost/asn1schemas/oids.py
@@ -51,3 +51,4 @@ id_pbkdf2 = ObjectIdentifier("1.2.840.113549.1.5.12")
 id_at_commonName = ObjectIdentifier("2.5.4.3")
 id_ce_basicConstraints = ObjectIdentifier("2.5.29.19")
 id_ce_subjectKeyIdentifier = ObjectIdentifier("2.5.29.14")
+id_ce_subjectAltName = ObjectIdentifier("2.5.29.17")
diff --git a/pygost/asn1schemas/x509.py b/pygost/asn1schemas/x509.py
index 7977c31..29a0a60 100644
--- a/pygost/asn1schemas/x509.py
+++ b/pygost/asn1schemas/x509.py
@@ -23,6 +23,7 @@ from pyderasn import BitString
 from pyderasn import Boolean
 from pyderasn import Choice
 from pyderasn import GeneralizedTime
+from pyderasn import IA5String
 from pyderasn import Integer
 from pyderasn import ObjectIdentifier
 from pyderasn import OctetString
@@ -210,3 +211,27 @@ class CertificateList(Sequence):
         ("signatureAlgorithm", AlgorithmIdentifier()),
         ("signatureValue", BitString()),
     )
+
+
+class GeneralName(Choice):
+    schema = (
+        # ('otherName', AnotherName(impl=tag_ctxc(0))),
+        # ('rfc822Name', IA5String(impl=tag_ctxp(1))),
+        ('dNSName', IA5String(impl=tag_ctxp(2))),
+        # ('x400Address', ORAddress(impl=tag_ctxp(3))),
+        # ('x400Address', OctetString(impl=tag_ctxp(3))),
+        # ('directoryName', Name(expl=tag_ctxc(4))),
+        # ('ediPartyName', EDIPartyName(impl=tag_ctxc(5))),
+        # ('uniformResourceIdentifier', IA5String(impl=tag_ctxp(6))),
+        # ('iPAddress', OctetString(impl=tag_ctxp(7))),
+        # ('registeredID', ObjectIdentifier(impl=tag_ctxp(8))),
+    )
+
+
+class GeneralNames(SequenceOf):
+    schema = GeneralName()
+    bounds = (1, float('+inf'))
+
+
+class SubjectAltName(GeneralNames):
+    pass
-- 
2.44.0