Parse error when extracting issuer

[augjoh]

The following code snippet, tries to parse a root certificate from certificate transparency and fails:

(venv) node@nodejs /u/h/node> cat test/parser-3.js
#!/usr/bin/env node

var jsrsasign = require('jsrsasign');

var pem = '-----BEGIN CERTIFICATE-----\n' +
          'MIIEUzCCAzugAwIBAgIDAOJDMA0GCSqGSIb3DQEBBQUAMIHPMQswCQYDVQQGEwJBVDGBizCBiAY\n' +
          'DVQQKHoGAAEEALQBUAHIAdQBzAHQAIABHAGUAcwAuACAAZgD8AHIAIABTAGkAYwBoAGUAcgBoAG\n' +
          'UAaQB0AHMAcwB5AHMAdABlAG0AZQAgAGkAbQAgAGUAbABlAGsAdAByAC4AIABEAGEAdABlAG4Ad\n' +
          'gBlAHIAawBlAGgAcgAgAEcAbQBiAEgxGDAWBgNVBAsTD0EtVHJ1c3QtUXVhbC0wMTEYMBYGA1UE\n' +
          'AxMPQS1UcnVzdC1RdWFsLTAxMB4XDTA0MTEzMDIzMDAwMFoXDTE0MTEzMDIzMDAwMFowgc8xCzA\n' +
          'JBgNVBAYTAkFUMYGLMIGIBgNVBAoegYAAQQAtAFQAcgB1AHMAdAAgAEcAZQBzAC4AIABmAPwAcg\n' +
          'AgAFMAaQBjAGgAZQByAGgAZQBpAHQAcwBzAHkAcwB0AGUAbQBlACAAaQBtACAAZQBsAGUAawB0A\n' +
          'HIALgAgAEQAYQB0AGUAbgB2AGUAcgBrAGUAaAByACAARwBtAGIASDEYMBYGA1UECxMPQS1UcnVz\n' +
          'dC1RdWFsLTAxMRgwFgYDVQQDEw9BLVRydXN0LVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4I\n' +
          'BDwAwggEKAoIBAQCmhgdxIbxTGEOHfXGiewI3NFldAWKFWfLofO+5I1UbvA5avt7IgsGXz/tI/f\n' +
          '5HGUbascI0i7xG0tqVlA5ctQgLRqxgxHtgTkMcqsAEYdsz3LZsCdXO1QrvEBGLTSABdxiL/gSWJ\n' +
          '6z77CSwx7Xg02HwxPV82cjGkSF3ENGJntuIAAnRDWn/ORHjFatNRymoMbHaOEZXSGhf7Y5FrrHE\n' +
          'qGyi9E6sv784De/T1aTvskn8cWeUmDzv//omiG/a/V9KQex/61XN8OthUQVnX+u/liL2NKx74I2\n' +
          'C/GgHX5B0WkPNqsSOgmlvJ/cKuT0PveUgVFDAA0oYBgcE1KDMlBbN0kmPAgMBAAGjNjA0MA8GA1\n' +
          'UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEs8jB2F6W+tMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9\n' +
          'w0BAQUFAAOCAQEAIUusmJzMJRiQ8TAHrJAOelfuWoTGcqdIv7Tys/fNl2yF2fjvHT8J01aKialF\n' +
          'VpbVeQ2XKb1O2bHOQYAKgsdZ2jZ/sdL2UVFRTHmidLu6PdgWCBRhJYQELQophO9QVvfhAA0TwbE\n' +
          'SYqTz+nlI5Gr7CZe8f6HEmhJmCtUQsdQCufGglRh4T+tIGiNGcnyVEHZ93mSVepFr1VA29CTRPt\n' +
          'euGjA81jeAz9peYiFE1CXvxK9cJiv0BcALFLWmADCoRLzIRZhA+sAwYUmwM1rqVCPA3kBQvIC95\n' +
          'tyQvNy2dG0Vs+O6PwLaNX/suSlElQ06X2l1VwMaYb4vZKFqN0bOhBXEVg==\n' + 
          '-----END CERTIFICATE-----';
console.log(pem);

var cert = new jsrsasign.X509();
cert.readCertPEM(pem);
console.log(`issuer: ${cert.getIssuer()}`);

(venv) node@nodejs /u/h/node> node test/parser-3.js | openssl x509 -noout -text -nameopt multiline,show_type -certopt no_sigdump
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 57923 (0xe243)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer:
            countryName               = PRINTABLESTRING:AT
            organizationName          = BMPSTRING:A-Trust Ges. f\FCr Sicherheitssysteme im elektr. Datenverkehr GmbH
            organizationalUnitName    = PRINTABLESTRING:A-Trust-Qual-01
            commonName                = PRINTABLESTRING:A-Trust-Qual-01
        Validity
            Not Before: Nov 30 23:00:00 2004 GMT
            Not After : Nov 30 23:00:00 2014 GMT
        Subject:
            countryName               = PRINTABLESTRING:AT
            organizationName          = BMPSTRING:A-Trust Ges. f\FCr Sicherheitssysteme im elektr. Datenverkehr GmbH
            organizationalUnitName    = PRINTABLESTRING:A-Trust-Qual-01
            commonName                = PRINTABLESTRING:A-Trust-Qual-01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:86:07:71:21:bc:53:18:43:87:7d:71:a2:7b:
                    02:37:34:59:5d:01:62:85:59:f2:e8:7c:ef:b9:23:
                    55:1b:bc:0e:5a:be:de:c8:82:c1:97:cf:fb:48:fd:
                    fe:47:19:46:da:b1:c2:34:8b:bc:46:d2:da:95:94:
                    0e:5c:b5:08:0b:46:ac:60:c4:7b:60:4e:43:1c:aa:
                    c0:04:61:db:33:dc:b6:6c:09:d5:ce:d5:0a:ef:10:
                    11:8b:4d:20:01:77:18:8b:fe:04:96:27:ac:fb:ec:
                    24:b0:c7:b5:e0:d3:61:f0:c4:f5:7c:d9:c8:c6:91:
                    21:77:10:d1:89:9e:db:88:00:09:d1:0d:69:ff:39:
                    11:e3:15:ab:4d:47:29:a8:31:b1:da:38:46:57:48:
                    68:5f:ed:8e:45:ae:b1:c4:a8:6c:a2:f4:4e:ac:bf:
                    bf:38:0d:ef:d3:d5:a4:ef:b2:49:fc:71:67:94:98:
                    3c:ef:ff:fa:26:88:6f:da:fd:5f:4a:41:ec:7f:eb:
                    55:cd:f0:eb:61:51:05:67:5f:eb:bf:96:22:f6:34:
                    ac:7b:e0:8d:82:fc:68:07:5f:90:74:5a:43:cd:aa:
                    c4:8e:82:69:6f:27:f7:0a:b9:3d:0f:bd:e5:20:54:
                    50:c0:03:4a:18:06:07:04:d4:a0:cc:94:16:cd:d2:
                    49:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                4B:3C:8C:1D:85:E9:6F:AD
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:11936
    return decodeURIComponent(hextouricmp(a))
           ^

URIError: URI malformed
    at decodeURIComponent (<anonymous>)
    at hextoutf8 (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:11936:12)
    at X509.getAttrTypeAndValue (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:16056:19)
    at X509.getRDN (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:16041:25)
    at X509.getX500NameArray (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:16033:25)
    at X509.getX500Name (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:16022:22)
    at X509.getIssuer (/usr/home/node/node_modules/jsrsasign/lib/jsrsasign.js:15277:21)
    at Object.<anonymous> (/usr/home/node/test/parser-3.js:31:29)
    at Module._compile (node:internal/modules/cjs/loader:1108:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1137:10)

[kjur]

This issue was fixed in the 10.1.3 release today. Thanks.