From 4121bbb69d3b3c32c6216bfb3b45aa604c1c3c6a Mon Sep 17 00:00:00 2001
From: Matthias Valvekens <matthias@mvalvekens.be>
Date: Fri, 15 Jul 2022 15:34:50 +0200
Subject: [PATCH] Reinstate asn1crypto registration of AA types

Some extension registrations were inadvertently removed in the process
of upgrading asn1crypto and the removal of associated monkey patches
(see 87aaf7f). This issue went undetected in the tests because our test
suite imports pyhanko_certvalidator, which performs the same
registrations on import.

This commit restores the registration hook and makes sure it gets called
when the CLI is loaded.

Fixes #4.
---
 certomancer/_asn1_types.py | 22 ++++++++++++++++++++++
 certomancer/cli.py         |  5 +++++
 2 files changed, 27 insertions(+)

diff --git a/certomancer/_asn1_types.py b/certomancer/_asn1_types.py
index cac970a..084c16b 100644
--- a/certomancer/_asn1_types.py
+++ b/certomancer/_asn1_types.py
@@ -35,3 +35,25 @@ class AAControls(core.Sequence):
         ('excluded_attrs', AttrSpec, {'optional': True, 'implicit': 1}),
         ('permit_unspecified', core.Boolean, {'default': True})
     ]
+
+
+def register_extensions():
+    # patch in attribute certificate extensions
+    # Note: we only make these patches so that we can reliably produce the
+    # relevant values, and don't insist on supplying Certomancer's internal
+    # definitions at the Python level if some other library already supplied
+    # them
+    ext_map = x509.ExtensionId._map
+    ext_specs = x509.Extension._oid_specs
+    if '2.5.29.55' not in ext_map:
+        ext_map['2.5.29.55'] = 'target_information'
+        ext_specs['target_information'] = SequenceOfTargets
+    if '2.5.29.56' not in ext_map:
+        ext_map['2.5.29.56'] = 'no_rev_avail'
+        ext_specs['no_rev_avail'] = core.Null
+    if '1.3.6.1.5.5.7.1.6' not in ext_map:
+        ext_map['1.3.6.1.5.5.7.1.6'] = 'aa_controls'
+        ext_specs['aa_controls'] = AAControls
+
+
+register_extensions()
diff --git a/certomancer/cli.py b/certomancer/cli.py
index 2b51835..9e8847b 100644
--- a/certomancer/cli.py
+++ b/certomancer/cli.py
@@ -14,10 +14,15 @@
 from .registry import CertomancerConfig, CertLabel, ServiceLabel
 from .services import CertomancerServiceError
 from .version import __version__
+from ._asn1_types import register_extensions
 
 DEFAULT_CONFIG_FILE = 'certomancer.yml'
 logger = logging.getLogger(__name__)
 
+# This is a no-op since the registration happens automatically,
+# but explicit is better than implicit
+register_extensions()
+
 
 def _log_config():
     _logger = logging.getLogger('certomancer')