Closed
Description
> cat test/parser-2.js
#!/usr/bin/env node
var jsrsasign = require('jsrsasign');
var pem = '-----BEGIN CERTIFICATE-----\n' +
'MIIC2TCCAcGgAwIBAAIBADANBgkqhkiG9w0BAQQFADAsMQswCQYDVQQGEwJhdTEdMBsGA1UE\n' +
'ChMUU2VjdXJlTmV0IENBIENsYXNzIEIwJhcROTkwNjMwMDAwMDAwKzEwMDAXETA5MTAxNTIz\n' +
'NTkwMCsxMDAwMCwxCzAJBgNVBAYTAmF1MR0wGwYDVQQKExRTZWN1cmVOZXQgQ0EgQ2xhc3Mg\n' +
'QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZj2cYVWnbnRmXHNJH5e91Wu/iW\n' +
'NS4pyqd9Ch73MVLoWsjTzzkBTlvwH7G4StKzR0NmPwFATjBJ4Q/96xJjeMz2FmIY9W9p/X5u\n' +
'M3Yho8CID+rmJfypl8wYcscxtgubzcLFeGFjRaw0pid4aMS9UmjOhE3SJKUobIDmyubP5pqe\n' +
'UHjO8zbSo0NaHAavyyDu0CzERBiQbLGRZGW5t4WDS6iRmcXgnPe4UNfTsE+a7WP7TfTUKCQ6\n' +
'gFt7k4zFBYSvO4b+gTHHtp1fGuqQe7BGXrIIUgBXDVVSg3iVSv1oj57ZULZLU/ryhQKVTjj1\n' +
'g6eW1DE/P6fKN1PcxS9tGnSmzL8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEAS0amIlrp0aXk\n' +
'EI9MU2DjTVSG3rocqipaNggdSgtJoe+qvbwmMqT/c0AwJA/sqxHVy6/ES5vnHhzDUIW6Twgr\n' +
'Lz8UI6r2g5mGvkZ4ERUrmuSjv33pjX75Z98+f+atRudgZWdf5YDzLLtTZ3Nv4K6XEm1JGBxo\n' +
'TLMs81rBNTH27Ok+p8vNVFCHWEXAFNVItvMojjoYKeiamfHg9aPLCLR9eCUT4TTOaJvatyIh\n' +
'GzRSy+9T4vPXDGLasUVBRbiXWCwIYkUjDlmVNRoORMdRcE4/BK0mwh3tD0gtVRMdcaKnDrMv\n' +
'h2+w7uXHNosscVFAhxrOVhQ5Ke8lCoAKGZ31Vp/dig==\n' +
'-----END CERTIFICATE-----\n'
console.log(pem);
var cert = new jsrsasign.X509();
cert.readCertPEM(pem);
console.log(cert.getIssuer());
console.log(`Signature Algorithm: ${cert.getSignatureAlgorithmName()}`);
var pubKey = cert.getPublicKey();
cert.verifySignature(pubKey);
The above script cannot parse the embedded certificate. The following error is thrown:
/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:4950
var k = parseInt(a.substr(0, 2), 16);
^
TypeError: Cannot read property 'substr' of null
at Object.KJUR.asn1.ASN1Util.oidHexToInt (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:4950:24)
at X509.getAttrTypeAndValue (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:15953:36)
at X509.getRDN (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:15940:25)
at X509.getX500NameArray (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:15932:25)
at X509.getX500Name (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:15921:22)
at X509.getIssuer (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:15178:21)
at Object.<anonymous> (/usr/home/node/test/parser-2.js:25:18)
at Module._compile (node:internal/modules/cjs/loader:1108:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1137:10)
at Module.load (node:internal/modules/cjs/loader:973:32)
Activity
kjur commentedon Feb 17, 2021
Hi. I've investigate the certificate and found some issue:
So this certificate is malformed format as RFC 5280 X.509 certificate. Version number check may be relaxed in the future but it can be handled in the current version. Thank you for understanding.
augjoh commentedon Feb 18, 2021
@kjur Thank you for looking into this issue. You're right, the certificate isn't X509v3. On the other hand it is compliant to ITU-T X.509 (formerly CCITT X.509) or ISO/IEC 9594-8, which was first published in 1988 as part of the X.500 directory recommendations, defines a standard certificate format. ISO/IEC 9594-8 places no further restrictions on
GeneralizedTime
when it is used fornotBefore
ornotAfter
. TheGeneralizedTimestamp
s in the certificate comply with https://tools.ietf.org/html/rfc4517#section-3.3.13.Please reconsider to relax parsing here, as RFC5280 states: Implementations SHOULD be prepared to accept any version certificate.