Skip to content
This repository was archived by the owner on Dec 5, 2025. It is now read-only.

Commit f392c69

Browse files
pdamounepdamoune
committed
[client] Implement the X509V3ExtensionsType fields on X509Certificate
1 parent e1adae4 commit f392c69

File tree

3 files changed

+191
-0
lines changed

3 files changed

+191
-0
lines changed

pycti/entities/opencti_stix_cyber_observable.py

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -712,6 +712,86 @@ def create(self, **kwargs):
712712
if "subject_public_key_exponent" in observable_data
713713
else None
714714
),
715+
"basic_constraints": (
716+
observable_data["basic_constraints"]
717+
if "basic_constraints" in observable_data
718+
else None
719+
),
720+
"name_constraints": (
721+
observable_data["name_constraints"]
722+
if "name_constraints" in observable_data
723+
else None
724+
),
725+
"policy_constraints": (
726+
observable_data["policy_constraints"]
727+
if "policy_constraints" in observable_data
728+
else None
729+
),
730+
"key_usage": (
731+
observable_data["key_usage"]
732+
if "key_usage" in observable_data
733+
else None
734+
),
735+
"extended_key_usage": (
736+
observable_data["extended_key_usage"]
737+
if "extended_key_usage" in observable_data
738+
else None
739+
),
740+
"subject_key_identifier": (
741+
observable_data["subject_key_identifier"]
742+
if "subject_key_identifier" in observable_data
743+
else None
744+
),
745+
"authority_key_identifier": (
746+
observable_data["authority_key_identifier"]
747+
if "authority_key_identifier" in observable_data
748+
else None
749+
),
750+
"subject_alternative_name": (
751+
observable_data["subject_alternative_name"]
752+
if "subject_alternative_name" in observable_data
753+
else None
754+
),
755+
"issuer_alternative_name": (
756+
observable_data["issuer_alternative_name"]
757+
if "issuer_alternative_name" in observable_data
758+
else None
759+
),
760+
"subject_directory_attributes": (
761+
observable_data["subject_directory_attributes"]
762+
if "subject_directory_attributes" in observable_data
763+
else None
764+
),
765+
"crl_distribution_points": (
766+
observable_data["crl_distribution_points"]
767+
if "crl_distribution_points" in observable_data
768+
else None
769+
),
770+
"inhibit_any_policy": (
771+
observable_data["inhibit_any_policy"]
772+
if "inhibit_any_policy" in observable_data
773+
else None
774+
),
775+
"private_key_usage_period_not_before": (
776+
observable_data["private_key_usage_period_not_before"]
777+
if "private_key_usage_period_not_before" in observable_data
778+
else None
779+
),
780+
"private_key_usage_period_not_after": (
781+
observable_data["private_key_usage_period_not_after"]
782+
if "private_key_usage_period_not_after" in observable_data
783+
else None
784+
),
785+
"certificate_policies": (
786+
observable_data["certificate_policies"]
787+
if "certificate_policies" in observable_data
788+
else None
789+
),
790+
"policy_mappings": (
791+
observable_data["policy_mappings"]
792+
if "policy_mappings" in observable_data
793+
else None
794+
),
715795
}
716796
elif type == "IPv4-Addr":
717797
input_variables["IPv4Addr"] = {

tests/02-integration/entities/test_observables.py

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
# coding: utf-8
2+
import json
3+
from unittest.mock import Mock
24

35

46
def test_promote_observable_to_indicator_deprecated(api_client):
@@ -11,3 +13,13 @@ def test_promote_observable_to_indicator_deprecated(api_client):
1113
)
1214
assert observable is not None, "Returned observable is NoneType"
1315
assert observable.get("id") == obs1.get("id")
16+
17+
18+
def test_certificate_creation_mapping(api_client):
19+
with open("./tests/data/certificate.json") as file:
20+
_input, _output = json.loads(file.read()).values()
21+
22+
api_client.query = Mock(return_value={"data": {"stixCyberObservableAdd": {}}})
23+
24+
api_client.stix_cyber_observable.create(**_input)
25+
assert api_client.query.call_args.args[1] == _output

tests/data/certificate.json

Lines changed: 99 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
{
2+
"input": {
3+
"observableData": {
4+
"type": "x509-certificate",
5+
"spec_version": "2.1",
6+
"id": "x509-certificate--9a4c2364-468d-5e8f-88de-49cd06cc5249",
7+
"is_self_signed": false,
8+
"hashes": {
9+
"SHA-1": "3ba7e9f806eb30d2f4e3f905e53f07e9acf08e1e",
10+
"SHA-256": "73b8ed5becf1ba6493d2e2215a42dfdc7877e91e311ff5e59fb43d094871e699",
11+
"MD5": "956f4b8a30ec423d4bbec9ec60df71df"
12+
},
13+
"serial_number": "3311565258528077731295218946714536456",
14+
"signature_algorithm": "SHA256-RSA",
15+
"issuer": "C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1",
16+
"validity_not_before": "2025-01-02T00:00:00Z",
17+
"validity_not_after": "2026-01-21T23:59:59Z",
18+
"subject": "C=US, ST=California, L=San Francisco, O=Cloudflare\\, Inc., CN=cloudflare-dns.com",
19+
"subject_public_key_algorithm": "ECDSA",
20+
"object_marking_refs": [
21+
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
22+
],
23+
"authority_key_identifier": "748580c066c7df37decfbd2937aa031dbeedcd17",
24+
"basic_constraints": "{\"is_ca\":null,\"max_path_len\":null}",
25+
"certificate_policies": "[CertificatePolicy(cps=['http://www.digicert.com/CPS'], id='2.23.140.1.2.2', user_notice=Unset())]",
26+
"crl_distribution_points": "['http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl', 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl']",
27+
"extended_key_usage": "{\"client_auth\":true,\"server_auth\":true}",
28+
"key_usage": "{\"certificate_sign\":null,\"content_commitment\":null,\"crl_sign\":null,\"data_encipherment\":null,\"decipher_only\":null,\"digital_signature\":true,\"encipher_only\":null,\"key_agreement\":true,\"key_encipherment\":null,\"value\":17}",
29+
"x_opencti_created_by_ref": "identity--6f9f67f6-7eb2-5397-a02f-d8130aadb954",
30+
"nb_deps": 1
31+
},
32+
"createdBy": "identity--6f9f67f6-7eb2-5397-a02f-d8130aadb954",
33+
"objectMarking": [
34+
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
35+
],
36+
"objectLabel": [],
37+
"externalReferences": [],
38+
"objectOrganization": [],
39+
"update": false
40+
},
41+
"output": {
42+
"type": "X509-Certificate",
43+
"stix_id": "x509-certificate--9a4c2364-468d-5e8f-88de-49cd06cc5249",
44+
"x_opencti_score": null,
45+
"x_opencti_description": null,
46+
"createIndicator": false,
47+
"createdBy": "identity--6f9f67f6-7eb2-5397-a02f-d8130aadb954",
48+
"objectMarking": [
49+
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
50+
],
51+
"objectOrganization": [],
52+
"objectLabel": [],
53+
"externalReferences": [],
54+
"update": false,
55+
"X509Certificate": {
56+
"hashes": [
57+
{
58+
"algorithm": "SHA-1",
59+
"hash": "3ba7e9f806eb30d2f4e3f905e53f07e9acf08e1e"
60+
},
61+
{
62+
"algorithm": "SHA-256",
63+
"hash": "73b8ed5becf1ba6493d2e2215a42dfdc7877e91e311ff5e59fb43d094871e699"
64+
},
65+
{
66+
"algorithm": "MD5",
67+
"hash": "956f4b8a30ec423d4bbec9ec60df71df"
68+
}
69+
],
70+
"is_self_signed": false,
71+
"version": null,
72+
"serial_number": "3311565258528077731295218946714536456",
73+
"signature_algorithm": "SHA256-RSA",
74+
"issuer": "C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1",
75+
"validity_not_before": "2025-01-02T00:00:00Z",
76+
"validity_not_after": "2026-01-21T23:59:59Z",
77+
"subject": "C=US, ST=California, L=San Francisco, O=Cloudflare\\, Inc., CN=cloudflare-dns.com",
78+
"subject_public_key_algorithm": "ECDSA",
79+
"subject_public_key_modulus": null,
80+
"subject_public_key_exponent": null,
81+
"basic_constraints": "{\"is_ca\":null,\"max_path_len\":null}",
82+
"name_constraints": null,
83+
"policy_constraints": null,
84+
"key_usage": "{\"certificate_sign\":null,\"content_commitment\":null,\"crl_sign\":null,\"data_encipherment\":null,\"decipher_only\":null,\"digital_signature\":true,\"encipher_only\":null,\"key_agreement\":true,\"key_encipherment\":null,\"value\":17}",
85+
"extended_key_usage": "{\"client_auth\":true,\"server_auth\":true}",
86+
"subject_key_identifier": null,
87+
"authority_key_identifier": "748580c066c7df37decfbd2937aa031dbeedcd17",
88+
"subject_alternative_name": null,
89+
"issuer_alternative_name": null,
90+
"subject_directory_attributes": null,
91+
"crl_distribution_points": "['http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl', 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl']",
92+
"inhibit_any_policy": null,
93+
"private_key_usage_period_not_before": null,
94+
"private_key_usage_period_not_after": null,
95+
"certificate_policies": "[CertificatePolicy(cps=['http://www.digicert.com/CPS'], id='2.23.140.1.2.2', user_notice=Unset())]",
96+
"policy_mappings": null
97+
}
98+
}
99+
}

0 commit comments

Comments
 (0)