synta 0.1.9

ASN.1 parser, decoder, and encoder library with DER/BER support and C FFI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

# Microsoft PKI (AD CS) Extension Types


`synta.ms_pki` exposes two certificate extension types used by Microsoft Active Directory
Certificate Services (AD CS), along with OID constants for Microsoft-specific extensions.

```python
import synta.ms_pki as ms_pki
```

## MSCSTemplateV2

Parsed from the extension value DER bytes of OID `1.3.6.1.4.1.311.21.7`
(`id-ms-certificate-template`).

```python
class MSCSTemplateV2:
    @staticmethod
    def from_der(data: bytes) -> MSCSTemplateV2: ...
    def to_der(self) -> bytes: ...

    template_id: ObjectIdentifier        # template OID
    template_major_version: int          # major version number
    template_minor_version: int | None   # minor version, or None if absent
```

```python
import synta
import synta.ms_pki as ms_pki

ext_der = cert.get_extension_value_der("1.3.6.1.4.1.311.21.7")
if ext_der:
    tmpl = ms_pki.MSCSTemplateV2.from_der(ext_der)
    print(tmpl.template_id, tmpl.template_major_version)
```

## RequestClientInfo

Parsed from the extension value DER bytes of OID `1.3.6.1.4.1.311.21.20`
(`id-ms-request-Client-Info`). Carried in certificate requests to identify the enrolling
Windows client.

```python
class RequestClientInfo:
    @staticmethod
    def from_der(data: bytes) -> RequestClientInfo: ...

    client_id: int | None       # numeric enrollment type, or None
    machine_name: str | None    # NetBIOS or DNS machine name, or None
    user_name: str | None       # Windows user name (DOMAIN\user), or None
    process_name: str | None    # enrolling process (e.g. "certreq"), or None
```

```python
ext_der = cert.get_extension_value_der("1.3.6.1.4.1.311.21.20")
if ext_der:
    info = ms_pki.RequestClientInfo.from_der(ext_der)
    print(info.machine_name, info.user_name)
```

## OID constants

All are `ObjectIdentifier` instances.

| Constant | OID | Description |
|----------|-----|-------------|
| `ID_MS_CERTSRV_CA_VERSION` | `1.3.6.1.4.1.311.21.1` | CA version |
| `ID_MS_CERTSRV_PREVIOUS_CERT_HASH` | `1.3.6.1.4.1.311.21.2` | previous cert hash |
| `ID_MS_CRL_VIRTUAL_BASE` | `1.3.6.1.4.1.311.21.3` | CRL virtual base |
| `ID_MS_CRL_NEXT_PUBLISH` | `1.3.6.1.4.1.311.21.4` | CRL next publish time |
| `ID_MS_KP_CA_EXCHANGE` | `1.3.6.1.4.1.311.21.5` | CA key exchange |
| `ID_MS_KP_KEY_RECOVERY_AGENT` | `1.3.6.1.4.1.311.21.6` | key recovery agent |
| `ID_MS_ENTERPRISE_OID_ROOT` | `1.3.6.1.4.1.311.21.8` | enterprise OID root |
| `ID_MS_APPLICATION_CERT_POLICIES` | `1.3.6.1.4.1.311.21.10` | application cert policies |
| `ID_MS_REQUEST_CLIENT_INFO` | `1.3.6.1.4.1.311.21.20` | enrollment client info |
| `ID_MS_ENCRYPTED_KEY_HASH` | `1.3.6.1.4.1.311.21.21` | encrypted key hash |
| `ID_MS_CERTSRV_CROSSCA_VERSION` | `1.3.6.1.4.1.311.21.22` | cross-CA version |
| `ID_MS_KP_CTL_USAGE_SIGNING` | `1.3.6.1.4.1.311.10.3.1` | CTL usage signing |
| `ID_MS_KP_TIME_STAMP_SIGNING` | `1.3.6.1.4.1.311.10.3.2` | time stamp signing |
| `ID_MS_KP_EFS_CRYPTO` | `1.3.6.1.4.1.311.10.3.4` | EFS file encryption |
| `ID_MS_KP_EFS_RECOVERY` | `1.3.6.1.4.1.311.10.3.4.1` | EFS recovery |
| `ID_MS_KP_KEY_RECOVERY` | `1.3.6.1.4.1.311.10.3.11` | key recovery |
| `ID_MS_KP_DOCUMENT_SIGNING` | `1.3.6.1.4.1.311.10.3.12` | document signing |
| `ID_MS_KP_LIFETIME_SIGNING` | `1.3.6.1.4.1.311.10.3.13` | lifetime signing |
| `ID_MS_AUTO_ENROLL_CTL_USAGE` | `1.3.6.1.4.1.311.20.1` | auto-enrollment CTL |

See also [Well-known OIDs](../oids/oids.md) for the `synta.oids` Microsoft PKI constants
(`ID_MS_SAN_UPN`, `ID_MS_CERTIFICATE_TEMPLATE_NAME`, `ID_MS_CERTIFICATE_TEMPLATE`,
`ID_MS_KP_SMARTCARD_LOGON`, `ID_MS_NTDS_REPLICATION`).