Merge pull request #5 from MatthiasValvekens/bugfix/reinstate-asn1cry…

…pto-registration Reinstate asn1crypto registration of AA types
MatthiasValvekens · Jul 15, 2022 · bb5a0ae · bb5a0ae
2 parents 247ade7 + 4121bbb
commit bb5a0ae
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/certomancer/_asn1_types.py b/certomancer/_asn1_types.py
@@ -35,3 +35,25 @@ class AAControls(core.Sequence):
         ('excluded_attrs', AttrSpec, {'optional': True, 'implicit': 1}),
         ('permit_unspecified', core.Boolean, {'default': True})
     ]
+
+
+def register_extensions():
+    # patch in attribute certificate extensions
+    # Note: we only make these patches so that we can reliably produce the
+    # relevant values, and don't insist on supplying Certomancer's internal
+    # definitions at the Python level if some other library already supplied
+    # them
+    ext_map = x509.ExtensionId._map
+    ext_specs = x509.Extension._oid_specs
+    if '2.5.29.55' not in ext_map:
+        ext_map['2.5.29.55'] = 'target_information'
+        ext_specs['target_information'] = SequenceOfTargets
+    if '2.5.29.56' not in ext_map:
+        ext_map['2.5.29.56'] = 'no_rev_avail'
+        ext_specs['no_rev_avail'] = core.Null
+    if '1.3.6.1.5.5.7.1.6' not in ext_map:
+        ext_map['1.3.6.1.5.5.7.1.6'] = 'aa_controls'
+        ext_specs['aa_controls'] = AAControls
+
+
+register_extensions()
diff --git a/certomancer/cli.py b/certomancer/cli.py
@@ -14,10 +14,15 @@
 from .registry import CertomancerConfig, CertLabel, ServiceLabel
 from .services import CertomancerServiceError
 from .version import __version__
+from ._asn1_types import register_extensions
 
 DEFAULT_CONFIG_FILE = 'certomancer.yml'
 logger = logging.getLogger(__name__)
 
+# This is a no-op since the registration happens automatically,
+# but explicit is better than implicit
+register_extensions()
+
 
 def _log_config():
     _logger = logging.getLogger('certomancer')