Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add switch for SMIME Extensions support #229

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

rtpt-tobiasferring
Copy link

Adds a switch to include SMIME Capabilitie Extensions into the CSR.
In some scenarios these extensions are mandatory to request a certificate. If there is no SMIME Extension in the CSR certipy is not able to request a certificate:

$ certipy req -dc-ip 192.0.2.1 -u user1@lab.domain -p 'Pass123!' -template User -ca 'Test-CA'
Certipy v4.8.2 - by Oliver Lyak (ly4k)

[*] Requesting certificate via RPC
[-] Got error while trying to request certificate: code: 0x80094805 - CERTSRV_E_SMIME_REQUIRED - The request is missing a required SMIME capabilities extension.
[*] Request ID is 23
Would you like to save the private key? (y/N) 

Including the extensions results in a usable certificate:

$ certipy req -dc-ip 192.0.2.1 -u user1@lab.domain -p 'Pass123!' -template User -ca 'Test-CA' -smime des
Certipy v4.8.2 - by Oliver Lyak (ly4k)

[*] Requesting certificate via RPC
[*] Successfully requested certificate
[*] Request ID is 24
[*] Got certificate with UPN 'user1@lab.domain'
[*] Certificate object SID is 'S-1-5-21-4020831100-2203696187-1704472354-1106'
[*] Saved certificate and private key to 'user1.pfx'

In our testing it did not matter which SMIME capabilities got used as long as they were not empty.

@zimedev
Copy link

zimedev commented Nov 13, 2024

somehow I am getting problems with your PR. it does not happen on other PR or the main certipy...
do you know what the problem is?

proxychains -q certipy auth -pfx 'administrator.pfx' -dc-ip $dcip -username 'Administrator' -domain $domain -debug
Certipy v4.8.2 - by Oliver Lyak (ly4k)

[*] Using principal: administrator@mtf.local
[*] Trying to get TGT...
[*] Got TGT
[-] Got error: Error parsing asn1crypto.core.ObjectIdentifier - method should have been primitive, but constructed was found
    while parsing asn1crypto.core.ParsableOctetString
    while parsing asn1crypto.x509.Extension
    while parsing asn1crypto.x509.Extensions
    while parsing asn1crypto.x509.TbsCertificate
    while parsing asn1crypto.x509.Certificate
    while parsing asn1crypto.cms.CertificateSet
    while parsing asn1crypto.cms.SignedData
    while parsing asn1crypto.cms.ContentInfo
Traceback (most recent call last):
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/certipy/entry.py", line 60, in main
    actions[options.action](options)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/certipy/commands/parsers/auth.py", line 12, in entry
    auth.entry(options)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/certipy/commands/auth.py", line 658, in entry
    authenticate.authenticate()
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/certipy/commands/auth.py", line 256, in authenticate
    return self.kerberos_authentication(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/certipy/commands/auth.py", line 411, in kerberos_authentication
    ci = cms.ContentInfo.load(pk_as_rep["dhSignedData"]).native
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4060, in native
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4055, in native
    self._native[name] = child.native
                         ^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4060, in native
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4055, in native
    self._native[name] = child.native
                         ^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4535, in native
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4531, in native
    self._native = [child.native for child in self]
                    ^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 1234, in native
    return self.chosen.native
           ^^^^^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4044, in native
    self._parse_children(recurse=True)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3988, in _parse_children
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3962, in _parse_children
    child._parse_children(recurse=True)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3988, in _parse_children
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3962, in _parse_children
    child._parse_children(recurse=True)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4501, in _parse_children
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4495, in _parse_children
    child._parse_children(recurse=True)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3988, in _parse_children
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3960, in _parse_children
    child = _build(*child)
            ^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 5636, in _build
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 5632, in _build
    value.parse(nested_spec)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 2792, in parse
    parsed_value, _ = _parse_build(self.__bytes__(), spec=spec, spec_params=spec_params)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 5676, in _parse_build
    return (_build(*info, spec=spec, spec_params=spec_params), new_pointer)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 5555, in _build
    raise ValueError(unwrap(
ValueError: Error parsing asn1crypto.core.ObjectIdentifier - method should have been primitive, but constructed was found
    while parsing asn1crypto.core.ParsableOctetString
    while parsing asn1crypto.x509.Extension
    while parsing asn1crypto.x509.Extensions
    while parsing asn1crypto.x509.TbsCertificate
    while parsing asn1crypto.x509.Certificate
    while parsing asn1crypto.cms.CertificateSet
    while parsing asn1crypto.cms.SignedData
    while parsing asn1crypto.cms.ContentInfo

@zimedev
Copy link

zimedev commented Nov 13, 2024

seems like the problem is in line 56 or 63 of certipy/lib/certificate.py:

"1.2.840.113549.1.9.15": "smime_capability",
[...]
"smime_capability": asn1core.ObjectIdentifier,

if i remove one of those linee, the auth works again

@rtpt-tobiasferring
Copy link
Author

I am not sure why this change breaks the authentication, but moving the update of the OID mappings into the smime switch fixes the issue for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants