Add switch for SMIME Extensions support

[rtpt-tobiasferring]

Adds a switch to include SMIME Capabilitie Extensions into the CSR.
In some scenarios these extensions are mandatory to request a certificate. If there is no SMIME Extension in the CSR certipy is not able to request a certificate:

$ certipy req -dc-ip 192.0.2.1 -u [email protected] -p 'Pass123!' -template User -ca 'Test-CA'
Certipy v4.8.2 - by Oliver Lyak (ly4k)

[*] Requesting certificate via RPC
[-] Got error while trying to request certificate: code: 0x80094805 - CERTSRV_E_SMIME_REQUIRED - The request is missing a required SMIME capabilities extension.
[*] Request ID is 23
Would you like to save the private key? (y/N) 

Including the extensions results in a usable certificate:

$ certipy req -dc-ip 192.0.2.1 -u [email protected] -p 'Pass123!' -template User -ca 'Test-CA' -smime des
Certipy v4.8.2 - by Oliver Lyak (ly4k)

[*] Requesting certificate via RPC
[*] Successfully requested certificate
[*] Request ID is 24
[*] Got certificate with UPN '[email protected]'
[*] Certificate object SID is 'S-1-5-21-4020831100-2203696187-1704472354-1106'
[*] Saved certificate and private key to 'user1.pfx'

In our testing it did not matter which SMIME capabilities got used as long as they were not empty.

[zimedev]

somehow I am getting problems with your PR. it does not happen on other PR or the main certipy...
do you know what the problem is?

proxychains -q certipy auth -pfx 'administrator.pfx' -dc-ip $dcip -username 'Administrator' -domain $domain -debug
Certipy v4.8.2 - by Oliver Lyak (ly4k)

[*] Using principal: [email protected]
[*] Trying to get TGT...
[*] Got TGT
[-] Got error: Error parsing asn1crypto.core.ObjectIdentifier - method should have been primitive, but constructed was found
    while parsing asn1crypto.core.ParsableOctetString
    while parsing asn1crypto.x509.Extension
    while parsing asn1crypto.x509.Extensions
    while parsing asn1crypto.x509.TbsCertificate
    while parsing asn1crypto.x509.Certificate
    while parsing asn1crypto.cms.CertificateSet
    while parsing asn1crypto.cms.SignedData
    while parsing asn1crypto.cms.ContentInfo
Traceback (most recent call last):
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/certipy/entry.py", line 60, in main
    actions[options.action](options)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/certipy/commands/parsers/auth.py", line 12, in entry
    auth.entry(options)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/certipy/commands/auth.py", line 658, in entry
    authenticate.authenticate()
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/certipy/commands/auth.py", line 256, in authenticate
    return self.kerberos_authentication(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/certipy/commands/auth.py", line 411, in kerberos_authentication
    ci = cms.ContentInfo.load(pk_as_rep["dhSignedData"]).native
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4060, in native
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4055, in native
    self._native[name] = child.native
                         ^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4060, in native
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4055, in native
    self._native[name] = child.native
                         ^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4535, in native
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4531, in native
    self._native = [child.native for child in self]
                    ^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 1234, in native
    return self.chosen.native
           ^^^^^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4044, in native
    self._parse_children(recurse=True)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3988, in _parse_children
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3962, in _parse_children
    child._parse_children(recurse=True)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3988, in _parse_children
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3962, in _parse_children
    child._parse_children(recurse=True)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4501, in _parse_children
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 4495, in _parse_children
    child._parse_children(recurse=True)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3988, in _parse_children
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 3960, in _parse_children
    child = _build(*child)
            ^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 5636, in _build
    raise e
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 5632, in _build
    value.parse(nested_spec)
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 2792, in parse
    parsed_value, _ = _parse_build(self.__bytes__(), spec=spec, spec_params=spec_params)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 5676, in _parse_build
    return (_build(*info, spec=spec, spec_params=spec_params), new_pointer)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/aa/Certipy/.venv/lib/python3.12/site-packages/asn1crypto/core.py", line 5555, in _build
    raise ValueError(unwrap(
ValueError: Error parsing asn1crypto.core.ObjectIdentifier - method should have been primitive, but constructed was found
    while parsing asn1crypto.core.ParsableOctetString
    while parsing asn1crypto.x509.Extension
    while parsing asn1crypto.x509.Extensions
    while parsing asn1crypto.x509.TbsCertificate
    while parsing asn1crypto.x509.Certificate
    while parsing asn1crypto.cms.CertificateSet
    while parsing asn1crypto.cms.SignedData
    while parsing asn1crypto.cms.ContentInfo

[zimedev]

seems like the problem is in line 56 or 63 of certipy/lib/certificate.py:

"1.2.840.113549.1.9.15": "smime_capability",
[...]
"smime_capability": asn1core.ObjectIdentifier,

if i remove one of those linee, the auth works again

[rtpt-tobiasferring]

I am not sure why this change breaks the authentication, but moving the update of the OID mappings into the smime switch fixes the issue for me.