From 95c2a3fab35e6291c04fe0403ae4dc0669fe54df Mon Sep 17 00:00:00 2001
From: Tobias Ferring <tobias.ferring@redteam-penting.de>
Date: Fri, 11 Oct 2024 14:04:04 +0200
Subject: [PATCH 1/2] Add switch for SMIME Extensions support

---
 certipy/commands/parsers/req.py |  6 +++++-
 certipy/commands/req.py         |  3 +++
 certipy/lib/certificate.py      | 27 +++++++++++++++++++++++++++
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/certipy/commands/parsers/req.py b/certipy/commands/parsers/req.py
index 8a7cf3b..2d938c0 100755
--- a/certipy/commands/parsers/req.py
+++ b/certipy/commands/parsers/req.py
@@ -71,7 +71,11 @@ def add_subparser(subparsers: argparse._SubParsersAction) -> Tuple[str, Callable
         action="store_true",
         help="Create renewal request",
     )
-
+    group.add_argument(
+        "-smime",
+        action="store",
+        help="Specify SMIME Extension that gets added to CSR eg: des, rc4, 3des, aes128, aes192, aes256",
+    )
     group = subparser.add_argument_group("output options")
     group.add_argument("-out", action="store", metavar="output file name")
 
diff --git a/certipy/commands/req.py b/certipy/commands/req.py
index 7e06b96..db5f93d 100755
--- a/certipy/commands/req.py
+++ b/certipy/commands/req.py
@@ -539,6 +539,7 @@ def __init__(
         scheme: str = None,
         dynamic_endpoint: bool = False,
         debug=False,
+        smime: str = None,
         **kwargs
     ):
         self.target = target
@@ -556,6 +557,7 @@ def __init__(
         self.renew = renew
         self.out = out
         self.key = key
+        self.smime = smime
 
         self.web = web
         self.port = port
@@ -676,6 +678,7 @@ def request(self) -> bool:
             key_size=self.key_size,
             subject=self.subject,
             renewal_cert=renewal_cert,
+            smime=self.smime,
         )
         self.key = key
 
diff --git a/certipy/lib/certificate.py b/certipy/lib/certificate.py
index dcf3e9e..ab2bd97 100755
--- a/certipy/lib/certificate.py
+++ b/certipy/lib/certificate.py
@@ -53,12 +53,14 @@
 asn1x509.ExtensionId._map.update(
     {
         "1.3.6.1.4.1.311.25.2": "security_ext",
+        "1.2.840.113549.1.9.15": "smime_capability",
     }
 )
 
 asn1x509.Extension._oid_specs.update(
     {
         "security_ext": asn1x509.GeneralNames,
+        "smime_capability": asn1core.ObjectIdentifier,
     }
 )
 
@@ -74,6 +76,16 @@
 szOID_NTDS_CA_SECURITY_EXT = asn1cms.ObjectIdentifier("1.3.6.1.4.1.311.25.2")
 szOID_NTDS_OBJECTSID = asn1cms.ObjectIdentifier("1.3.6.1.4.1.311.25.2.1")
 
+# https://learn.microsoft.com/en-us/windows/win32/api/certenroll/nn-certenroll-ix509extensionsmimecapabilities
+smimedict = {
+    "des":"1.3.14.3.2.7",
+    "rc4":"1.2.840.113549.3.4",
+    "3des":"1.2.840.113549.1.9.16.3.6",
+    "aes128":"2.16.840.1.101.3.4.1.5",
+    "aes192":"2.16.840.1.101.3.4.1.25",
+    "aes256":"2.16.840.1.101.3.4.1.45",
+}
+
 class TaggedCertificationRequest(asn1core.Sequence):
     _fields = [
         ("bodyPartID", asn1core.Integer),
@@ -334,6 +346,7 @@ def create_csr(
     key_size: int = 2048,
     subject: str = None,
     renewal_cert: x509.Certificate = None,
+    smime: str = None,
 ) -> Tuple[x509.CertificateSigningRequest, rsa.RSAPrivateKey]:
     if key is None:
         logging.debug("Generating RSA key")
@@ -404,6 +417,20 @@ def create_csr(
 
         cri_attributes.append(cri_attribute)
 
+    if smime:
+        # https://learn.microsoft.com/en-us/windows/win32/api/certenroll/nn-certenroll-ix509extensionsmimecapabilities
+        smime_extension = asn1x509.Extension(
+                {"extn_id": "1.2.840.113549.1.9.15", "extn_value": smimedict[smime]}
+        )
+
+        set_of_extensions = asn1csr.SetOfExtensions([[smime_extension]])
+
+        cri_attribute = asn1csr.CRIAttribute(
+            {"type": "extension_request", "values": set_of_extensions}
+        )
+
+        cri_attributes.append(cri_attribute)
+
     if alt_sid:
         if type(alt_sid) == str:
             alt_sid = alt_sid.encode()

From c762018a4dbab8d0f9378e0666a971b01b4c7774 Mon Sep 17 00:00:00 2001
From: Tobias Ferring <tobias.ferring@redteam-penting.de>
Date: Wed, 27 Nov 2024 16:14:16 +0100
Subject: [PATCH 2/2] Fixed SMIME Support

---
 certipy/lib/certificate.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/certipy/lib/certificate.py b/certipy/lib/certificate.py
index ab2bd97..707b242 100755
--- a/certipy/lib/certificate.py
+++ b/certipy/lib/certificate.py
@@ -53,14 +53,12 @@
 asn1x509.ExtensionId._map.update(
     {
         "1.3.6.1.4.1.311.25.2": "security_ext",
-        "1.2.840.113549.1.9.15": "smime_capability",
     }
 )
 
 asn1x509.Extension._oid_specs.update(
     {
         "security_ext": asn1x509.GeneralNames,
-        "smime_capability": asn1core.ObjectIdentifier,
     }
 )
 
@@ -418,6 +416,17 @@ def create_csr(
         cri_attributes.append(cri_attribute)
 
     if smime:
+        asn1x509.ExtensionId._map.update(
+            {
+                "1.2.840.113549.1.9.15": "smime_capability",
+            }
+        )
+        
+        asn1x509.Extension._oid_specs.update(
+            {
+                "smime_capability": asn1core.ObjectIdentifier,
+            }
+        ) 
         # https://learn.microsoft.com/en-us/windows/win32/api/certenroll/nn-certenroll-ix509extensionsmimecapabilities
         smime_extension = asn1x509.Extension(
                 {"extn_id": "1.2.840.113549.1.9.15", "extn_value": smimedict[smime]}