appsup-dart / x509 Goto Github PK

Hi, Is it possible, or are there any plans for creating X.509 certificates?

I'm using a PEM key from apple and I get this:

Unknown algoritmh ecPublicKey

print(parsePem('''-----BEGIN PRIVATE KEY-----
[...]
[...]
[...]
[...]
-----END PRIVATE KEY-----'''));

% dart bin/test.dart
Unhandled exception:
UnimplementedError: Unknown algoritmh ecPublicKey
#0      keyPairFromAsn1 (package:x509/src/util.dart:142:3)
#1      new PrivateKeyInfo.fromAsn1 (package:x509/src/x509_base.dart:168:9)
#2      _parseDer (package:x509/src/x509_base.dart:226:29)
#3      parsePem.<anonymous closure> (package:x509/src/x509_base.dart:269:11)
#4      _SyncIterator.moveNext (dart:core-patch/core_patch.dart:165:25)
#5      _iterablePartsToStrings (dart:collection/iterable.dart:318:13)
#6      IterableBase.iterableToShortString (dart:collection/iterable.dart:238:7)
#7      Iterable.toString (dart:core/iterable.dart:672:37)
#8      print (dart:core/print.dart:9:24)
#9      main (file:///Users/enyo/tmp/aa112/dart/bin/test.dart:5:3)
#10     _startIsolate.<anonymous closure> (dart:isolate-patch/isolate_patch.dart:301:19)
#11     _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:168:12)

I'm attempting to verify Firebase JWT tokens in my cloud function (running on cloudrun). I'm following the guidelines here ( https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library ) which say grab the public key here:
https://www.googleapis.com/robot/v1/metadata/x509/[email protected]

The JSON contains PEM certificates and I need to extract the public keys from them. Is there a way to use this package to parse the certificates so I can extract the Public Key to verify the JWT?

Thanks

Example Google PEM 8f43204a17915e8be7ccd7cb264df6ea383c49ab I'm trying to extract the public key from:

-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgIICRh9AZ3kIy0wDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE
AxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMjEw
NzAzMDkyMDIzWhcNMjEwNzE5MjEzNTIzWjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl
bi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKw7TI2FsKTuCo829eqKsOb9mskZ6giHMcSsjrT+yRRT3rA3
k/QcZ/L148EC3tMRtnnSMgDbBBPXol3zRooDMNpphjQY88BEK77LyMXD3ZDSi0Dl
gF4OJJ1YMLtuxg8jUlyYooXQ+hH/XOSjjFAkBTpiC3svTqfn/57Iu8Z61egcnyyC
3Wm+rt4rXPsmni/97sEx/HRWwJ/5RTA0tDNnfyFploMBUInN36TUcj7g7vmY3xsc
e/zfJeKLReEnhWv7mTDV/L5LJOYH2ghQpGZes9YCR9VnxwBn5qLE5wJCSVtH9y3u
5kok1uv3Q24gcailGi6N7ujy0zUiSCscwZPoOh0CAwEAAaM4MDYwDAYDVR0TAQH/
BAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ
KoZIhvcNAQEFBQADggEBAA+OHI08nqK4aBKWI8rg0PtDJb0skcrq29/BtQK8YvFm
EE/zzwSZRy7z1zWW6SOPprepDwVCalrSGuSt31+pGZquijNXdzoSpKr210QBW/Y3
xD4dR25+IYHiR8ivU/M2yBKsd2GtnrK1Mgq/2XRXUjLj2ELP/yL+ir6tkOyBqSRX
xSmww0QdSlJDC0VauU5bxxGLWmXfWXcRR8j56l8UkRfKp71MPJF9F1GEf7loTBe2
8+EeU1CLUrCYCRrquBHHZMgz2ITVrH4fFftYGyDkmIy01SnmAjdq45i8JS3RLTkm
tHglMPn7Qoc8N7od8JXi+6y4nXM6wGoVnAOYTuQx8Wg=
-----END CERTIFICATE-----

2.5.4.3
commanName -> commonName

~/.pub-cache/hosted/pub.dev/x509-0.2.4/lib/src/extension.dart:45:48: Warning: Operand of null-aware operation '!' has type 'Uint8List' which excludes null.
 - 'Uint8List' is from 'dart:typed_data'.
      ASN1Parser(sequence.elements[octetIndex].contentBytes()!).nextObject(),

x509 0.2.4
asn1lib: ^1.5.0

Dart SDK version: 3.1.3 (stable) (Tue Sep 26 14:25:13 2023 +0000) on "macos_x64"

The ASN1ObjectIdentifier(bytes as List<int>) cast will fail as the type of bytes is List<int?>

Calling X509Certificate.fromAsn1(obj as asn1lib.ASN1Sequence) on a certificate containing GeneralizedTime causes the following exception:

Invalid argument(s): Cannot convert GeneralizedTime(2200-12-02 18:04:09.000Z) (ASN1GeneralizedTime) to dart object.

It looks like the toDart() method in util.dart (starting on line 234) is missing a branch for GeneralizedTime e.g.

if (obj is ASN1GeneralizedTime) return obj.dateTimeValue;

Relevant lines in the certificate:

SEQUENCE (2 elem)
      UTCTime 2022-01-01 12:00:00 UTC
      GeneralizedTime 2200-01-01 12:00:00 UTC

I get the following warnings on startup, after upgrading to the latest version of x509:

../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/x509_base.dart:176:59: Warning: Operand of null-aware operation '!' has type 'Uint8List' which excludes null.
 - 'Uint8List' is from 'dart:typed_data'.
                (sequence.elements[2] as ASN1OctetString).contentBytes()!),
                                                          ^
../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/x509_base.dart:195:62: Warning: Operand of null-aware operation '!' has type 'Uint8List' which excludes null.
 - 'Uint8List' is from 'dart:typed_data'.
        algorithm, (sequence.elements[1] as ASN1OctetString).contentBytes()!);
                                                             ^
../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/certificate.dart:137:19: Warning: Operand of null-aware operation '!' has type 'BigInt' which excludes null.
 - 'BigInt' is from 'dart:core'.
      version = e.valueAsBigInteger!.toInt() + 1;
                  ^
../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/certificate.dart:154:32: Warning: Operand of null-aware operation '!' has type 'Uint8List' which excludes null.
 - 'Uint8List' is from 'dart:typed_data'.
            ex = (ASN1Parser(o.contentBytes()!).nextObject() as ASN1Sequence)
                               ^
../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/certificate.dart:164:52: Warning: Operand of null-aware operation '!' has type 'BigInt' which excludes null.
 - 'BigInt' is from 'dart:core'.
        serialNumber: (elements[0] as ASN1Integer).valueAsBigInteger!.toInt(),
                                                   ^
../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/extension.dart:47:54: Warning: Operand of null-aware operation '!' has type 'Uint8List' which excludes null.
 - 'Uint8List' is from 'dart:typed_data'.
            ASN1Parser(sequence.elements[octetIndex].contentBytes()!)
                                                     ^
../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/extension.dart:355:16: Warning: Operand of null-aware operation '!' has type 'bool' which excludes null.
        cA = o.booleanValue!;
               ^
../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/util.dart:39:50: Warning: Operand of null-aware operation '!' has type 'Uint8List' which excludes null.
 - 'Uint8List' is from 'dart:typed_data'.
  var privateKey = toBigInt(sequence.elements[1].contentBytes()!);
                                                 ^
../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/util.dart:41:32: Warning: Operand of null-aware operation '!' has type 'Uint8List' which excludes null.
 - 'Uint8List' is from 'dart:typed_data'.
  var l = sequence.elements[1].contentBytes()!.length;
                               ^
../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/util.dart:55:45: Warning: Operand of null-aware operation '!' has type 'Uint8List' which excludes null.
 - 'Uint8List' is from 'dart:typed_data'.
    var e = ASN1Parser(sequence.elements[i].contentBytes()!).nextObject()
                                            ^
../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/util.dart:101:55: Warning: Operand of null-aware operation '!' has type 'BigInt' which excludes null.
 - 'BigInt' is from 'dart:core'.
  var modulus = (sequence.elements[0] as ASN1Integer).valueAsBigInteger!;
                                                      ^
../../../.pub-cache/hosted/pub.dev/x509-0.2.3/lib/src/util.dart:102:56: Warning: Operand of null-aware operation '!' has type 'BigInt' which excludes null.
 - 'BigInt' is from 'dart:core'.
  var exponent = (sequence.elements[1] as ASN1Integer).valueAsBigInteger!;
                                                       ^

This package will need migrated to nullsafety.

Does not tolerate unrecognized object IDs in certificate extensions. Notably, it will fail when used with Apple intermediate certificates, which have a custom "marker" object ID in the extensions.

import 'package:jose/jose.dart';

void main() {
	// Source: https://www.apple.com/certificateauthority/AppleWWDRCAG6.cer
	JsonWebKey.fromPem('''
-----BEGIN CERTIFICATE-----
MIIDFjCCApygAwIBAgIUIsGhRwp0c2nvU4YSycafPTjzbNcwCgYIKoZIzj0EAwMw
ZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkG
A1UEBhMCVVMwHhcNMjEwMzE3MjAzNzEwWhcNMzYwMzE5MDAwMDAwWjB1MUQwQgYD
VQQDDDtBcHBsZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9ucyBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTELMAkGA1UECwwCRzYxEzARBgNVBAoMCkFwcGxlIElu
Yy4xCzAJBgNVBAYTAlVTMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEbsQKC94PrlWm
ZXnXgtxzdVJL8T0SGYngDRGpngn3N6PT8JMEb7FDi4bBmPhCnZ3/sq6PF/cGcKXW
sL5vOteRhyJ45x3ASP7cOB+aao90fcpxSv/EZFbniAbNgZGhIhpIo4H6MIH3MBIG
A1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUu7DeoVgziJqkipnevr3rr9rL
JKswRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vb2NzcC5hcHBs
ZS5jb20vb2NzcDAzLWFwcGxlcm9vdGNhZzMwNwYDVR0fBDAwLjAsoCqgKIYmaHR0
cDovL2NybC5hcHBsZS5jb20vYXBwbGVyb290Y2FnMy5jcmwwHQYDVR0OBBYEFD8v
lCNR01DJmig97bB85c+lkGKZMA4GA1UdDwEB/wQEAwIBBjAQBgoqhkiG92NkBgIB
BAIFADAKBggqhkjOPQQDAwNoADBlAjBAXhSq5IyKogMCPtw490BaB677CaEGJXuf
QB/EqZGd6CSjiCtOnuMTbXVXmxxcxfkCMQDTSPxarZXvNrkxU3TkUMI33yzvFVVR
T4wxWJC994OsdcZ4+RGNsYDyR5gmdr0nDGg=
-----END CERTIFICATE-----
''');
}

Unhandled exception:
Bad state: Unable to get name of ObjectIdentifier with nodes [1, 2, 840, 113635, 100, 6, 2, 1]
#0      ObjectIdentifier.name (package:x509/src/objectidentifier.dart:68:7)
#1      ObjectIdentifier.toString (package:x509/src/objectidentifier.dart:74:26)
#2      _StringBase._interpolate (dart:core-patch/string_patch.dart:853:19)
#3      new ExtensionValue.fromAsn1 (package:x509/src/extension.dart:105:60)
#4      new Extension.fromAsn1 (package:x509/src/extension.dart:46:35)
#5      new TbsCertificate.fromAsn1.<anonymous closure> (package:x509/src/certificate.dart:156:39)
#6      MappedListIterable.elementAt (dart:_internal/iterable.dart:413:31)
#7      ListIterator.moveNext (dart:_internal/iterable.dart:342:26)
#8      new _GrowableList._ofEfficientLengthIterable (dart:core-patch/growable_array.dart:189:27)
#9      new _GrowableList.of (dart:core-patch/growable_array.dart:150:28)
#10     new List.of (dart:core-patch/array_patch.dart:51:28)
#11     ListIterable.toList (dart:_internal/iterable.dart:213:44)
#12     new TbsCertificate.fromAsn1 (package:x509/src/certificate.dart:157:18)
#13     new X509Certificate.fromAsn1 (package:x509/src/certificate.dart:37:24)
#14     _parseDer (package:x509/src/x509_base.dart:238:30)
#15     parsePem (package:x509/src/x509_base.dart:273:11)
#16     _SyncStarIterator.moveNext (dart:async-patch/async_patch.dart:710:21)
#17     Iterable.first (dart:core/iterable.dart:623:13)
#18     new JsonWebKey.fromPem (package:jose/src/jwk.dart:176:32)
#19     main (file:///Users/chuck/projects/flutter/bug5/bin/bug5.dart:4:13)
#20     _delayEntrypointInvocation.<anonymous closure> (dart:isolate-patch/isolate_patch.dart:297:19)
#21     _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:192:12)

However, the x509b package is tolerant of Apple's certs due to this.

Thank you.

(Originally reported as appsup-dart/jose#47.)

@rbellens

../../../.pub-cache/hosted/pub.dev/x509-0.2.4/lib/src/extension.dart:45:48: Warning: Operand of null-aware operation '!' has type 'Uint8List' which excludes null.
 - 'Uint8List' is from 'dart:typed_data'.
      ASN1Parser(sequence.elements[octetIndex].contentBytes()!).nextObject(),

Latest released version, i.e. after #24 was fixed.

Hi can you help resolve this issue

Could not build the precompiled application for the device.
Error (Xcode): ../../.pub-cache/hosted/pub.dev/x509-0.2.4+2/lib/src/x509_base.dart:176:59: Error: The argument type 'Uint8List?' can't be assigned to the parameter type 'List<int>' because 'Uint8List?' is nullable and 'List<int>' isn't.

I am writing to request the addition of support for Ed25519 and X25519 keys in the Flutter X509 project. These key types are supported in OpenSSL and are becoming increasingly important for modern cryptographic applications. However, it appears that the current implementation of the Flutter X509 library does not support these key types, leading to issues when parsing certificates that include them.
I need them to enable Yubikey PIV in flutter for macos and windows.

Problem: When attempting to parse X certificates that contain Ed25519 or X25519 keys, the following error is encountered:

Message: 3 positional arguments expected by 'X509Certificate.new', but 0 found.
Try adding the missing arguments.
Problematic code: )
Context:
Additionally, the following OIDs related to Ed25519 and X25519 keys fail during parsing:

Ed25519 OID: 1.3.101.112
X25519 OID: 1.3.101.110
Example Code: Here is a snippet of the code that encounters the issue:

Dart
Insert code

// Parsed the ASN. data
ASN1Sequence asn1Seq = ASN1Sequence.fromBytes(certRead);
dev.log("asn1seq to String : ${asn1Seq.toString()}");
X509Certificate myx509 = const X509Certificate();
var parser = ASN1Parser(certRead);
dev.log(
"TBSCert extensions list ${myx509.tbsCertificate.extensions.toString()}");
try {
var c = X509Certificate.fromAsn1(parser.nextObject() as ASN1Sequence);
// Further processing...
} catch (e) {
dev.log("Error parsing certificate: $e");
}
Example ASN1 SequenceHere is an example of an ASN1 sequence (values are faked for illustration purposes):

ASN1Sequence(
elements: [
ASN1Integer(value: 123456789),
ASN1Sequence(
elements: [
ASN1ObjectIdentifier(oid: '1.2.840.113549.1.1.11'),
ASN1Null()
]
),
ASN1Sequence(
elements: [
ASN1Set(
elements: [
ASN1Sequence(
elements: [
ASN1ObjectIdentifier(oid: '2.5.4.6'),
ASN1PrintableString(string: 'US')
]
),
ASN1Sequence(
elements: [
ASN1ObjectIdentifier(oid: '2.5.4.10'),
ASN1PrintableString(stringValue: 'Example Corp')
]
)
]
)
]
),
ASN1Sequence(
elements: [
ASN1ObjectIdentifier(oid: '1.3.101.110'), // X25519 OID
ASN1OctetString(octets: Uint8List.fromList([0x01, 0x02, 0x03, 0x04]))
]
),
ASNSequence(
elements: [
ASN1ObjectIdentifier(oid: '1.3.101.112'), // Ed25519 OID
ASN1OctetString(octets: Uint8List.fromList([0x05, 0x06, 0x07, 0x08]))
]
)
]
)
Request: I kindly request that support for Ed25519 and X25519 keys be added to the Flutter X509 library. This would involve recognizing the OIDs for these key types and correctly parsing the associated extensions.

Additional Information:

Ed25519 OID:1.3.101.112
X25519 OID: 1.3.101.110
Thank you for your attention to this matter. Adding support for these key types would greatly enhance the utility of the Flutter X509 library for modern cryptographic applications.

Best regards,

Tried to parse a certificate with CRL distribution points and got this error:
Cannot handle cRLDistributionPoints (ce 31)

Certificate locate on https://developer.apple.com/forums/thread/122662. Test https://github.com/appsup-dart/x509/blob/master/test/x509.dart#L173 not passed with him

Try to parse pem, but get cast error:
type 'ASN1Object' is not a subtype of type 'ASN1BitString' in type cast