Skip to content

Commit 68c181f

Browse files
pdamounepdamoune
committed
[client] Implement the X509V3ExtensionsType fields on X509Certificate
1 parent 380d3cf commit 68c181f

File tree

3 files changed

+192
-0
lines changed

3 files changed

+192
-0
lines changed

pycti/entities/opencti_stix_cyber_observable.py

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -716,6 +716,86 @@ def create(self, **kwargs):
716716
if "subject_public_key_exponent" in observable_data
717717
else None
718718
),
719+
"basic_constraints": (
720+
observable_data["basic_constraints"]
721+
if "basic_constraints" in observable_data
722+
else None
723+
),
724+
"name_constraints": (
725+
observable_data["name_constraints"]
726+
if "name_constraints" in observable_data
727+
else None
728+
),
729+
"policy_constraints": (
730+
observable_data["policy_constraints"]
731+
if "policy_constraints" in observable_data
732+
else None
733+
),
734+
"key_usage": (
735+
observable_data["key_usage"]
736+
if "key_usage" in observable_data
737+
else None
738+
),
739+
"extended_key_usage": (
740+
observable_data["extended_key_usage"]
741+
if "extended_key_usage" in observable_data
742+
else None
743+
),
744+
"subject_key_identifier": (
745+
observable_data["subject_key_identifier"]
746+
if "subject_key_identifier" in observable_data
747+
else None
748+
),
749+
"authority_key_identifier": (
750+
observable_data["authority_key_identifier"]
751+
if "authority_key_identifier" in observable_data
752+
else None
753+
),
754+
"subject_alternative_name": (
755+
observable_data["subject_alternative_name"]
756+
if "subject_alternative_name" in observable_data
757+
else None
758+
),
759+
"issuer_alternative_name": (
760+
observable_data["issuer_alternative_name"]
761+
if "issuer_alternative_name" in observable_data
762+
else None
763+
),
764+
"subject_directory_attributes": (
765+
observable_data["subject_directory_attributes"]
766+
if "subject_directory_attributes" in observable_data
767+
else None
768+
),
769+
"crl_distribution_points": (
770+
observable_data["crl_distribution_points"]
771+
if "crl_distribution_points" in observable_data
772+
else None
773+
),
774+
"inhibit_any_policy": (
775+
observable_data["inhibit_any_policy"]
776+
if "inhibit_any_policy" in observable_data
777+
else None
778+
),
779+
"private_key_usage_period_not_before": (
780+
observable_data["private_key_usage_period_not_before"]
781+
if "private_key_usage_period_not_before" in observable_data
782+
else None
783+
),
784+
"private_key_usage_period_not_after": (
785+
observable_data["private_key_usage_period_not_after"]
786+
if "private_key_usage_period_not_after" in observable_data
787+
else None
788+
),
789+
"certificate_policies": (
790+
observable_data["certificate_policies"]
791+
if "certificate_policies" in observable_data
792+
else None
793+
),
794+
"policy_mappings": (
795+
observable_data["policy_mappings"]
796+
if "policy_mappings" in observable_data
797+
else None
798+
),
719799
}
720800
elif type == "SSH-Key" or type.lower() == "ssh-key":
721801
input_variables["SSHKey"] = {

tests/02-integration/entities/test_observables.py

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
# coding: utf-8
2+
import json
3+
from unittest.mock import Mock
24

35

46
def test_promote_observable_to_indicator_deprecated(api_client):
@@ -11,3 +13,14 @@ def test_promote_observable_to_indicator_deprecated(api_client):
1113
)
1214
assert observable is not None, "Returned observable is NoneType"
1315
assert observable.get("id") == obs1.get("id")
16+
17+
18+
def test_certificate_creation_mapping(api_client):
19+
with open("tests/data/certificate.json") as file:
20+
_input, _output = json.loads(file.read()).values()
21+
22+
api_client.query = Mock(return_value={"data": {"stixCyberObservableAdd": {}}})
23+
24+
api_client.stix_cyber_observable.create(**_input)
25+
assert api_client.query.call_args.args[1] == _output
26+
api_client.stix_cyber_observable.delete(id=_input["observableData"]["id"])

tests/data/certificate.json

Lines changed: 99 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
{
2+
"input": {
3+
"observableData": {
4+
"type": "x509-certificate",
5+
"spec_version": "2.1",
6+
"id": "x509-certificate--9a4c2364-468d-5e8f-88de-49cd06cc5249",
7+
"is_self_signed": false,
8+
"hashes": {
9+
"SHA-1": "3ba7e9f806eb30d2f4e3f905e53f07e9acf08e1e",
10+
"SHA-256": "73b8ed5becf1ba6493d2e2215a42dfdc7877e91e311ff5e59fb43d094871e699",
11+
"MD5": "956f4b8a30ec423d4bbec9ec60df71df"
12+
},
13+
"serial_number": "3311565258528077731295218946714536456",
14+
"signature_algorithm": "SHA256-RSA",
15+
"issuer": "C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1",
16+
"validity_not_before": "2025-01-02T00:00:00Z",
17+
"validity_not_after": "2026-01-21T23:59:59Z",
18+
"subject": "C=US, ST=California, L=San Francisco, O=Cloudflare\\, Inc., CN=cloudflare-dns.com",
19+
"subject_public_key_algorithm": "ECDSA",
20+
"object_marking_refs": [
21+
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
22+
],
23+
"authority_key_identifier": "748580c066c7df37decfbd2937aa031dbeedcd17",
24+
"basic_constraints": "{\"is_ca\":null,\"max_path_len\":null}",
25+
"certificate_policies": "[CertificatePolicy(cps=['http://www.digicert.com/CPS'], id='2.23.140.1.2.2', user_notice=Unset())]",
26+
"crl_distribution_points": "['http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl', 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl']",
27+
"extended_key_usage": "{\"client_auth\":true,\"server_auth\":true}",
28+
"key_usage": "{\"certificate_sign\":null,\"content_commitment\":null,\"crl_sign\":null,\"data_encipherment\":null,\"decipher_only\":null,\"digital_signature\":true,\"encipher_only\":null,\"key_agreement\":true,\"key_encipherment\":null,\"value\":17}",
29+
"x_opencti_created_by_ref": "identity--6f9f67f6-7eb2-5397-a02f-d8130aadb954",
30+
"nb_deps": 1
31+
},
32+
"createdBy": "identity--6f9f67f6-7eb2-5397-a02f-d8130aadb954",
33+
"objectMarking": [
34+
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
35+
],
36+
"objectLabel": [],
37+
"externalReferences": [],
38+
"objectOrganization": [],
39+
"update": false
40+
},
41+
"output": {
42+
"type": "X509-Certificate",
43+
"stix_id": "x509-certificate--9a4c2364-468d-5e8f-88de-49cd06cc5249",
44+
"x_opencti_score": null,
45+
"x_opencti_description": null,
46+
"createIndicator": false,
47+
"createdBy": "identity--6f9f67f6-7eb2-5397-a02f-d8130aadb954",
48+
"objectMarking": [
49+
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
50+
],
51+
"objectOrganization": [],
52+
"objectLabel": [],
53+
"externalReferences": [],
54+
"update": false,
55+
"X509Certificate": {
56+
"hashes": [
57+
{
58+
"algorithm": "SHA-1",
59+
"hash": "3ba7e9f806eb30d2f4e3f905e53f07e9acf08e1e"
60+
},
61+
{
62+
"algorithm": "SHA-256",
63+
"hash": "73b8ed5becf1ba6493d2e2215a42dfdc7877e91e311ff5e59fb43d094871e699"
64+
},
65+
{
66+
"algorithm": "MD5",
67+
"hash": "956f4b8a30ec423d4bbec9ec60df71df"
68+
}
69+
],
70+
"is_self_signed": false,
71+
"version": null,
72+
"serial_number": "3311565258528077731295218946714536456",
73+
"signature_algorithm": "SHA256-RSA",
74+
"issuer": "C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1",
75+
"validity_not_before": "2025-01-02T00:00:00Z",
76+
"validity_not_after": "2026-01-21T23:59:59Z",
77+
"subject": "C=US, ST=California, L=San Francisco, O=Cloudflare\\, Inc., CN=cloudflare-dns.com",
78+
"subject_public_key_algorithm": "ECDSA",
79+
"subject_public_key_modulus": null,
80+
"subject_public_key_exponent": null,
81+
"basic_constraints": "{\"is_ca\":null,\"max_path_len\":null}",
82+
"name_constraints": null,
83+
"policy_constraints": null,
84+
"key_usage": "{\"certificate_sign\":null,\"content_commitment\":null,\"crl_sign\":null,\"data_encipherment\":null,\"decipher_only\":null,\"digital_signature\":true,\"encipher_only\":null,\"key_agreement\":true,\"key_encipherment\":null,\"value\":17}",
85+
"extended_key_usage": "{\"client_auth\":true,\"server_auth\":true}",
86+
"subject_key_identifier": null,
87+
"authority_key_identifier": "748580c066c7df37decfbd2937aa031dbeedcd17",
88+
"subject_alternative_name": null,
89+
"issuer_alternative_name": null,
90+
"subject_directory_attributes": null,
91+
"crl_distribution_points": "['http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl', 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl']",
92+
"inhibit_any_policy": null,
93+
"private_key_usage_period_not_before": null,
94+
"private_key_usage_period_not_after": null,
95+
"certificate_policies": "[CertificatePolicy(cps=['http://www.digicert.com/CPS'], id='2.23.140.1.2.2', user_notice=Unset())]",
96+
"policy_mappings": null
97+
}
98+
}
99+
}

0 commit comments

Comments
 (0)