search

pyca / cryptography

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
https://cryptography.io
Other
6.65k stars 1.53k forks source link

Add support for the `Admissions` extension #11875

Open hoefling opened 2 hours ago

hoefling commented 2 hours ago

Originally asked about whether it is possible to add support for this extension in the mailing list: [Cryptography-dev] Adding support for Admissions extension. The extension is part of the Common PKI v2.0 specification; document attached here for reference as well: Common_PKI_v2.0_02.pdf. The relevant part of the ASN.1 syntax:

AdmissionSyntax ::= SEQUENCE {
  admissionAuthority GeneralName OPTIONAL,
  contentsOfAdmissions SEQUENCE OF Admissions
}

Admissions ::= SEQUENCE {
  admissionAuthority [0] EXPLICIT GeneralName OPTIONAL,
  namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL,
  professionInfos SEQUENCE OF ProfessionInfo
}

NamingAuthority ::= SEQUENCE {
  namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
  namingAuthorityUrl IA5String OPTIONAL,
  namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
}

ProfessionInfo ::= SEQUENCE {
  namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
  professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
  professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
  registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
  addProfessionInfo OCTET STRING OPTIONAL
}
hoefling commented 2 hours ago

As the single PR is too large to submit, I will split it into a series of small PRs that will all reference this issue, so it is easier to track all of them down. I'm also in the process of getting real world X509 certificates with the extension for the testing purposes.