From 24956becf77e899686fecdfe9b0d587ef6723033 Mon Sep 17 00:00:00 2001 From: zime Date: Wed, 13 Nov 2024 09:09:31 +0100 Subject: [PATCH] remove smime Signed-off-by: zime --- certipy/commands/parsers/req.py | 5 ----- certipy/commands/req.py | 3 --- certipy/lib/certificate.py | 26 -------------------------- 3 files changed, 34 deletions(-) diff --git a/certipy/commands/parsers/req.py b/certipy/commands/parsers/req.py index 0842a1b..c029c3d 100755 --- a/certipy/commands/parsers/req.py +++ b/certipy/commands/parsers/req.py @@ -76,11 +76,6 @@ def add_subparser(subparsers: argparse._SubParsersAction) -> Tuple[str, Callable metavar="Application Policy", help="Specify application policies for the certificate request using OIDs (e.g., '1.3.6.1.4.1.311.10.3.4' or 'Client Authentication')" ) - group.add_argument( - "-smime", - action="store", - help="Specify SMIME Extension that gets added to CSR eg: des, rc4, 3des, aes128, aes192, aes256", - ) group = subparser.add_argument_group("output options") group.add_argument("-out", action="store", metavar="output file name") diff --git a/certipy/commands/req.py b/certipy/commands/req.py index e9d7dff..d115b6b 100644 --- a/certipy/commands/req.py +++ b/certipy/commands/req.py @@ -734,7 +734,6 @@ def __init__( dynamic_endpoint: bool = False, debug=False, application_policies: List[str] = None, - smime: str = None, **kwargs ): self.target = target @@ -752,7 +751,6 @@ def __init__( self.renew = renew self.out = out self.key = key - self.smime = smime self.application_policies = [ OID_TO_STR_MAP.get(policy, policy) for policy in (application_policies or []) ] @@ -888,7 +886,6 @@ def request(self) -> bool: key_size=self.key_size, subject=self.subject, renewal_cert=renewal_cert, - smime=self.smime, application_policies=self.application_policies ) self.key = key diff --git a/certipy/lib/certificate.py b/certipy/lib/certificate.py index b13d8c9..ea76735 100755 --- a/certipy/lib/certificate.py +++ b/certipy/lib/certificate.py @@ -53,14 +53,12 @@ asn1x509.ExtensionId._map.update( { "1.3.6.1.4.1.311.25.2": "security_ext", - "1.2.840.113549.1.9.15": "smime_capability", } ) asn1x509.Extension._oid_specs.update( { "security_ext": asn1x509.GeneralNames, - "smime_capability": asn1core.ObjectIdentifier, } ) @@ -76,15 +74,6 @@ szOID_NTDS_CA_SECURITY_EXT = asn1cms.ObjectIdentifier("1.3.6.1.4.1.311.25.2") szOID_NTDS_OBJECTSID = asn1cms.ObjectIdentifier("1.3.6.1.4.1.311.25.2.1") -# https://learn.microsoft.com/en-us/windows/win32/api/certenroll/nn-certenroll-ix509extensionsmimecapabilities -smimedict = { - "des":"1.3.14.3.2.7", - "rc4":"1.2.840.113549.3.4", - "3des":"1.2.840.113549.1.9.16.3.6", - "aes128":"2.16.840.1.101.3.4.1.5", - "aes192":"2.16.840.1.101.3.4.1.25", - "aes256":"2.16.840.1.101.3.4.1.45", -} class TaggedCertificationRequest(asn1core.Sequence): _fields = [ @@ -346,7 +335,6 @@ def create_csr( key_size: int = 2048, subject: str = None, renewal_cert: x509.Certificate = None, - smime: str = None, application_policies: List[str] = None, # Application policies parameter ) -> Tuple[x509.CertificateSigningRequest, rsa.RSAPrivateKey]: if key is None: @@ -418,20 +406,6 @@ def create_csr( cri_attributes.append(cri_attribute) - if smime: - # https://learn.microsoft.com/en-us/windows/win32/api/certenroll/nn-certenroll-ix509extensionsmimecapabilities - smime_extension = asn1x509.Extension( - {"extn_id": "1.2.840.113549.1.9.15", "extn_value": smimedict[smime]} - ) - - set_of_extensions = asn1csr.SetOfExtensions([[smime_extension]]) - - cri_attribute = asn1csr.CRIAttribute( - {"type": "extension_request", "values": set_of_extensions} - ) - - cri_attributes.append(cri_attribute) - if alt_sid: if type(alt_sid) == str: alt_sid = alt_sid.encode()