peculiarventures / asn1-schema Goto Github PK
View Code? Open in Web Editor NEWasn1-schema is a collection of TypeScript schemas that make working with common ASN.1 objects easy
asn1-schema is a collection of TypeScript schemas that make working with common ASN.1 objects easy
Please add export id 1.3.6.1.4.1.311.21.7
to the certificate template extension
Schema name: ecc
RFC 5915
npm run create ecc
Error:
Solution:
import * as ip from "ipaddr.js";
-> import ip from "ipaddr.js";
Schema name: rsa
RFC 8017
npm run create rsa
Code example:
AsnParser.parse(Convert.FromHex('3034a02fa02d862b687474703a2f2f63726c732e706b692e676f6f672f6774733170352f37554375585a754c5549672e63726c8101ff'), IssuingDistributionPoint);
Error text:
Data does not match to IssuingDistributionPoint ASN1 schema. undefined
Data reference - example
import { AsnConvert } from "@peculiar/asn1-schema";
import { SubjectDirectoryAttributes } from '@peculiar/asn1-x509';
const hex = "30640603551d09045d305b301006082b06010505070904310413024445300f06082b060105050709033103130146301d06082b060105050709013111180f31393731313031343132303030305a301706082b06010505070902310b0c094461726d7374616474";
const sda= AsnConvert.parse(Buffer.from(hex, "hex"), SubjectDirectoryAttributes);
After decode Attribute
values using Convert.ToString
I see space before each value:
Do we need to fix it using mechanism after Convert.ToString
or make changes to the package?
So I have been using this library to serialize and deserialize ASN1 structures and wanted writes tests for the code.
I've been having trouble getting the frameworks running. I would really appreciate if you could give me some pointers.
I'm writing it in TypeScript and wanted to test out Jest, but I run into the following error when running Jest:
From what i understand the type for data in AsnParse.parse is BufferSource that is either ArrayBuffer or ArrayBufferView, Base64.decode returns ArrayBuffer, so everything should be fine, but I can't get past this error.
TypeScript itself compiles and I can use the built library and the same method without any errors.
Any suggestions?
Could we add a class for the attribute?
extensionRequest ATTRIBUTE ::= {
WITH SYNTAX ExtensionRequest
SINGLE VALUE TRUE
ID pkcs-9-at-extensionRequest
}
ExtensionRequest ::= Extensions
Example:
303a06092a864886f70d01090e312d302b30290603551d0e04220420da80914ab1c14b4113d5939781fbdc4632793f7794f5a1c96bacf261040f1654
package.json
of @peculiar/asn1-schema
package is missing @types/asn1js
as a production dependency, resulting in TypeScript build errors for @peculiar/asn1-schema
and @peculiar/webcrypto
packages.
node_modules/@peculiar/asn1-schema/build/types/types.d.ts:4:23 - error TS7016: Could not find a declaration file for module 'asn1js'. 'C:/Users/sunny/Documents/code/wcbug/node_modules/asn1js/build/asn1.js' implicitly has an 'any' type.
Try `npm install @types/asn1js` if it exists or add a new declaration (.d.ts) file containing `declare module 'asn1js';`
4 import * as asn1 from "asn1js";
~~~~~~~~
node_modules/@peculiar/asn1-schema/build/types/types/bit_string.d.ts:1:43 - error TS7016: Could not find a declaration file for module 'asn1js'. 'C:/Users/sunny/Documents/code/wcbug/node_modules/asn1js/build/asn1.js' implicitly has an 'any' type.
Try `npm install @types/asn1js` if it exists or add a new declaration (.d.ts) file containing `declare module 'asn1js';`
1 import { BitString as AsnBitString } from "asn1js";
~~~~~~~~
node_modules/@peculiar/asn1-schema/build/types/types/octet_string.d.ts:1:47 - error TS7016: Could not find a declaration file for module 'asn1js'. 'C:/Users/sunny/Documents/code/wcbug/node_modules/asn1js/build/asn1.js' implicitly has an 'any' type.
Try `npm install @types/asn1js` if it exists or add a new declaration (.d.ts) file containing `declare module 'asn1js';`
1 import { OctetString as AsnOctetString } from "asn1js";
~~~~~~~~
Found 3 errors.
To fix this error, either add @types/asn1js
as a production dependency (not devDependency), or avoid importing "asn1js" in .d.ts files.
Files to reproduce the error:
package.json
{
"private": true,
"scripts": {
"build": "tsc"
},
"dependencies": {
"@peculiar/asn1-schema": "^2.0.1",
"typescript": "^3.8.3"
}
}
tsconfig.json
{
"compilerOptions": {
"module": "ESNext",
"moduleResolution": "node",
"noEmit": true,
"strict": true,
"target": "ESNext"
}
}
x.ts
import "@peculiar/asn1-schema";
Time-stamp X509 extension format:
adbe- OBJECT IDENTIFIER ::= { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
::= SEQUENCE {
version INTEGER { v1(1) }, -- extension version
location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
requiresAuth boolean (default false), OPTIONAL
}
Example:
304c0201018644687474703a2f2f6161746c2d74696d657374616d702e676c6f62616c7369676e2e636f6d2f7473612f616f68666577617432333839353335666e6173676e6c67356d3233010100
Links:
Please add the extension Netscape Certificate Type (2.16.840.1.113730.1.1)
to the package.
Example:
AsnParser.parse(Convert.FromHex('03020007'), NetscapeCertificateType);
Output:
Code for help:
/**
* bit-0 SSL client - this cert is certified for SSL client authentication use
* bit-1 SSL server - this cert is certified for SSL server authentication use
* bit-2 S/MIME - this cert is certified for use by clients (New in PR3)
* bit-3 Object Signing - this cert is certified for signing objects such as Java
* applets and plugins(New in PR3)
* bit-4 Reserved - this bit is reserved for future use
* bit-5 SSL CA - this cert is certified for issuing certs for SSL use
* bit-6 S/MIME CA - this cert is certified for issuing certs for S/MIME use (New in PR3)
* bit-7 Object Signing CA - this cert is certified for issuing
* certs for Object Signing (New in PR3)
*/
if (byte & 0x80) {
usages.push('SSL client');
}
if (byte & 0x40) {
usages.push('SSL server');
}
if (byte & 0x20) {
usages.push('S/MIME');
}
if (byte & 0x10) {
usages.push('Object Signing');
}
if (byte & 0x08) {
usages.push('Reserved');
}
if (byte & 0x04) {
usages.push('SSL CA');
}
if (byte & 0x02) {
usages.push('S/MIME CA');
}
if (byte & 0x01) {
usages.push('Object Signing CA');
}
Documentation:
http://javadoc.iaik.tugraz.at/iaik_jce/old/iaik/x509/extensions/netscape/NetscapeCertType.html
Parsed certificate on serialization returns another raw. Incoming message contains an empty list of extensions, but after serialization, there is no set of Extensions
const hex = "308202963082017e020101300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301e170d3139313233313231303030305a170d3230303130313231303030305a300f310d300b060355040313045465737430820122300d06092a864886f70d01010105000382010f003082010a0282010100c12f5ed353a4ed77c5bae6df726bf68c2cb0659778eeb8bde3edfb62c3ef38169f5f35678d4ccd21bc45e1e0c6442dfc066e8565a5dea29b08502c4002c6e50746dec1f479b8379fbabd380bcb91a7cef524b413dc0f7e2ff77d8dbcdf6c55a5c8a1493333c9662f2a05801a19419fcc2c58dba55506440a2b5239035937b4265afb931a87cffbae0a690385ae9aa7e768660c1dcd6974bff85fe44aebb2fe9e8edb4648a5ec2d9f6797c1481041354413851d26d389b43c91c96f4ca9e481dca5b2f7d3d82858f159bbc6e6f21704aa15fce83a1e789ac1f3d2245455afb9b8d68b147632630e8ad2ce4d4bb39e83e9c0597d6a5a745061f4b08a5e2b8795b30203010001a3023000300d06092a864886f70d01010b05000382010100837a986d86594fc12ef06c748beece637fc81bbecda4d420e8db643d91a449a0c463735e55951cdaba86ebe23c17496b3938e0923335458f8cc0ae89a28dea69b8e9bcaf708e9f8623f42378fad1fe27073c20085817e2253cfb5f1d59f6f62d81a58d7f816b34bd8c4e5d586384a6f1b849f3a5881425013c11f71b764af5bde8469175b37d64ebf4007f279dd3570fff22e3bcda6b6ac6a7c88034e0a8b441466fb0b46eb329258bd4597eea8212929228ac1170d3825845701a6bbe9a844de117684e0eaa630e491e99f33b2e84802e43de0d91f8a678b8a268da882a49b71f96ea0791712ea71426e81b48b0cbda296f0b14249736a90bcbcafcb269a2cc";
const certRaw = Buffer.from(hex, "hex");
const cert = AsnConvert.parse(certRaw, Certificate);
const certRaw2 = AsnConvert.serialize(cert);
assert.strictEqual(hex, Buffer.from(certRaw2).toString("hex"));
/node_modules/@peculiar/asn1-schema/build/cjs/schema.js:1
Error: Cannot get schema for 'ObjectIdentifier' target
at AsnSchemaStorage.get (node_modules/@peculiar/asn1-schema/build/cjs/schema.js:17:19)
at Function.toASN (node_modules/@peculiar/asn1-schema/build/cjs/serializer.js:24:48)
at Function.serialize (node_modules/@peculiar/asn1-schema/build/cjs/serializer.js:14:21)
at Function.serialize (node_modules/@peculiar/asn1-schema/build/cjs/convert.js:10:43)
at Function.register (node_modules/webcrypto-core/build/webcrypto-core.js:1144:43)
at Object.<anonymous> (node_modules/webcrypto-core/build/webcrypto-core.js:1170:10)
at Object.<anonymous> (node_modules/@peculiar/webcrypto/build/webcrypto.js:7:12)
at Object.<anonymous> (/node_modules/isomorphic-webcrypto/src/index.js:1)
at Object.<anonymous> (/node_modules/isomorphic-webcrypto/src/main.js:1)
at Object.<anonymous> (/node_modules/@pathcheck/dcc-sdk/lib/cose-js/sign.js:1)
at Object.<anonymous> (/node_modules/@pathcheck/dcc-sdk/lib/dcc.js:1)
at Object.<anonymous> (/node_modules/@pathcheck/dcc-sdk/lib/main.js:1)
When trying to parse an ASN.1 value into a DigestInfo
object I get the following error:
Error: Cannot get schema for 'DigestInfo' target
at AsnSchemaStorage.get (.\node_modules\@peculiar\asn1-schema\build\cjs\schema.js:18:19)
at Function.fromASN (.\node_modules\@peculiar\asn1-schema\build\cjs\parser.js:39:52)
at Function.parse (.\node_modules\@peculiar\asn1-schema\build\cjs\parser.js:29:26)
at Function.parse (.\node_modules\@peculiar\asn1-schema\build\cjs\convert.js:11:35)
Code to reproduce:
const { AsnConvert } = require('@peculiar/asn1-schema');
const { DigestInfo } = require('@peculiar/asn1-rsa');
AsnConvert.parse(Buffer.from(...), DigestInfo);
Sorry for such a basic question, but is there something I'm missing here?
Schema name: x509-qualified
RFC 3739
npm run create x509-qualified
See more details PeculiarVentures/x509#36
const validity = new src.Validity({
notBefore: new Date("2049-12-31T23:59:59Z"),
notAfter: new Date("2050-01-01T00:00:00Z"),
});
const hex = Buffer.from(AsnConvert.serialize(validity)).toString("hex");
assert.strictEqual(hex, "3020170d3439313233313233353935395a180f32303530303130313030303030305a");
Current implementation uses utcTime
always. It's wrong.
CAs conforming to this profile MUST always encode certificate
validity dates through the year 2049 as UTCTime; certificate validity
dates in 2050 or later MUST be encoded as GeneralizedTime.
Conforming applications MUST be able to process validity dates that
are encoded in either UTCTime or GeneralizedTime.
Schema name: pkcs8
RFC 5280
npm run create pkcs8
Hi.
I found out an issue when 4 bytes Integer always decodes to 0.
Problem because of inconsistency of asn1js and asn1-schama
asn1js: https://github.com/PeculiarVentures/ASN1.js/blob/master/src/internals/LocalIntegerValueBlock.ts#L135
export class LocalIntegerValueBlock extends HexBlock(ValueBlock) implements IDerConvertible {
protected setValueHex(): void {
if (this.valueHexView.length >= 4) {
this.warnings.push("Too big Integer for decoding, hex only");
this.isHexOnly = true;
this._valueDec = 0;
}
but asn1-schama: https://github.com/PeculiarVentures/asn1-schema/blob/master/packages/schema/src/converters.ts#L31
export const AsnIntegerConverter: IAsnConverter<IntegerConverterType> = {
fromASN: (value: any) => value.valueBlock.valueHex.byteLength > 4
? value.valueBlock.toString() // Convert number to string
: value.valueBlock.valueDec, // use number format
toASN: (value: IntegerConverterType) => new asn1.Integer({ value: value as any }),
};
please replace value.valueBlock.valueHex.byteLength > 4
with value.valueBlock.valueHex.byteLength >= 4
, it will solve the problem. @microshine
Schema name: csr
RFC 2986
npm run create csr
Code example:
AsnParser.parse(Convert.FromHex('30090c0739333439343838'), DisplayText);
Error text:
Data does not match to DisplayText ASN1 schema. Wrong values for Choice type
SAN extension reference - https://lapo.it/asn1js/#MCIGA1UdEQQbMBmgFwYIKwYBBQUHCAOgCzAJDAc5MzQ5NDg4
I'm trying to use asn1-pkcs8
to construct a PrivateKeyInfo
for Ed25519 private key.
I noticed that during construction the serialized buffer looks different from the one that is produced by @peculiar/webcrypto
. It turns out that it's missing 0x04 0x20
prefix on the key.
import * as asn1 from '@peculiar/asn1-schema';
import * as asn1Pkcs8 from '@peculiar/asn1-pkcs8';
import * as asn1X509 from '@peculiar/asn1-x509';
import * as x509 from '@peculiar/x509';
const algorithm = new asn1X509.AlgorithmIdentifier({
algorithm: x509.idEd25519
});
// Notice I had to put `0x04 0x20` here manually
const key = new asn1Pkcs8.PrivateKey(
Buffer.concat([
Buffer.from([0x04, 0x20]),
privateKey
])
);
const pkcs8 = new asn1Pkcs8.PrivateKeyInfo({
privateKeyAlgorithm: algorithm,
privateKey: key,
});
// This should be 48 bytes, if I don't add `0x04 0x20` above, it ends up being 46 bytes
const data = utils.bufferWrap(asn1.AsnSerializer.serialize(pkcs8));
If I don't concatenate 0x04 0x20
, the resulting key size is 46 bytes.
But if I use webcrypto, I get 48 bytes.
The interface for PrivateKeyInfo
requires PrivateKey
which extends OctetString
.
I'm trying to reconcile the difference here, it seems webcrypto is more correct here. So I'm wondering if something was missing about how PrivateKeyInfo
should be constructed.
I noticed that PrivateKeyInfo
in webcrypto-core
is not the same as the one in asn1-pkcs8
.
I'm starting work on defining a schema for Android's Keystore extension as detailed here:
https://source.android.com/security/keystore/attestation#schema
Might there be interest in this extension being added to this library? I'm prepared to PR it in if that's the case.
I have faced this problem for days I could not find any solution.
Any ideas?
Thanks
actual - expected
'1.2.840.113549.1.7.2'
'1.2.840.113549.1.9.16.1.4'
^
+ expected - actual
-1.2.840.113549.1.7.2
+1.2.840.113549.1.9.16.1.4
at C:\projects\tsr\src\test\index.ts:30:12
at Generator.next (<anonymous>)
at fulfilled (src\test\index.ts:28:58)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
If I comment assert.strictEqual(contentInfo.contentType, id_ct_tstInfo);
out.
It is giving me a new error:
`TSP
1) parse TSTInfo
0 passing (870ms)
1 failing
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.`
SubjectInfoAccess extension test reference:
https://lapo.it/asn1js/#MEcwRQYIKwYBBQUHMAWGOWh0dHA6Ly9pcGtpLnVzcHRvLmdvdi9JUEtJL0NlcnRzL0NBY2VydHNJc3N1ZWRCeVVTUFRPLnA3Yw
Schema:
id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
SubjectInfoAccessSyntax ::=
SEQUENCE SIZE (1..MAX) OF AccessDescription
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName }
@microshine What do you think about supporting this extension?
Upgrading @โpeculiar/webcrypto
from 1.3.3 to 1.4.0 causes the following error:
TypeError: Wrong type of 'data' argument
at Function.parse (/home/gus/repos/awala-keystore-gcp-js/node_modules/@peculiar/asn1-schema/build/cjs/parser.js:23:19)
at EcPrivateKey.getKey (/home/gus/repos/awala-keystore-gcp-js/node_modules/@peculiar/webcrypto/build/webcrypto.js:1404:37)
at EcPrivateKey.toJSON (/home/gus/repos/awala-keystore-gcp-js/node_modules/@peculiar/webcrypto/build/webcrypto.js:1407:26)
at Function.toJSON (/home/gus/repos/awala-keystore-gcp-js/node_modules/@peculiar/json-schema/build/index.js:254:24)
at Function.exportKey (/home/gus/repos/awala-keystore-gcp-js/node_modules/@peculiar/webcrypto/build/webcrypto.js:1616:50)
at EcdhProvider.onExportKey (/home/gus/repos/awala-keystore-gcp-js/node_modules/@peculiar/webcrypto/build/webcrypto.js:1777:25)
at EcdhProvider.exportKey (/home/gus/repos/awala-keystore-gcp-js/node_modules/webcrypto-core/build/webcrypto-core.js:223:33)
at SubtleCrypto.exportKey (/home/gus/repos/awala-keystore-gcp-js/node_modules/webcrypto-core/build/webcrypto-core.js:1465:39)
at CryptoEngine.exportKey (/home/gus/repos/awala-keystore-gcp-js/node_modules/pkijs/build/CryptoEngine.js:650:32)
at derSerializePrivateKey (/home/gus/repos/awala-keystore-gcp-js/node_modules/@relaycorp/relaynet-core/src/lib/crypto_wrappers/keys.ts:97:38)
The following check fails sometimes even though data
is indeed an ArrayBuffer
:
asn1-schema/packages/schema/src/parser.ts
Line 23 in 988241d
Here's what the WebStorm debugger shows (which I've double-checked with console.log()
):
This behaviour is valid according to:
is-array-buffer
: https://github.com/fengyuanchen/is-array-buffer/blob/9ea7fb638e79f8938161b3b7370cb965d8e93a8b/index.ts#L15So the culprit seems to be JS realms, which I'm guessing in the case of Node.js can only happen when asn1-schema
is used by multiple libraries in the same process, along with some of the recent changes to @peculiar/webcrypto
.
Unfortunately, it's quite hard to reproduce this as you need a relatively complex dependency tree to reproduce it. But if you want to reliably reproduce this locally, you can run npm test
in relaycorp/awala-keystore-cloud-js#13 and check the broken tests.
This is the relevant dependency sub-tree for the repo above:
@relaycorp/relaynet-core
.
@โpeculiar/webcrypto
asn1-schema
webcrypto-core
Check .toString()
if instanceof
returns false
: https://github.com/fengyuanchen/is-array-buffer/blob/9ea7fb638e79f8938161b3b7370cb965d8e93a8b/index.ts#L15
The @peculiar/asn1-x509-logotype
module currently implements the specifications outlined in RFC3709. However, RFC9399 has been published, which obsoletes RFC3709 and introduces changes to the standard. It is essential to review the changes and update the @peculiar/asn1-x509-logotype module accordingly to ensure compliance with the latest standards.
Schema name: x509-trustanchor
RFC 5914
npm run create x509-trustanchor
I'm trying to migrate more of my code over to asn1-schema but I'm stumped about how to take an extension out of an x.509 Certificate
instance and then parse it through an extension schema.
After running my leaf cert through AsnParser.parse(leafCertBuffer, Certificate)
, I'm able to view the expected extensions:
Extensions(2) [
Extension {
extnID: '1.3.6.1.4.1.45724.2.1.1',
critical: false,
extnValue: OctetString {
buffer: ArrayBuffer { [Uint8Contents]: <03 02 05 20>, byteLength: 4 }
}
},
Extension {
extnID: '2.5.29.19',
critical: true,
extnValue: OctetString {
buffer: ArrayBuffer { [Uint8Contents]: <30 03 01 01 00>, byteLength: 5 }
}
}
]
What I want to do is then take that '2.5.29.19'
(BasicConstraints) extension and parse it so I can more easily access its cA
attribute. I tried this but of course the types didn't match:
if (ext.extnID === id_ce_basicConstraints) {
console.log(AsnParser.fromASN(ext, BasicConstraints)); // No good, ext isn't a Buffer
}
Is there a clean way to further parse something that's within a parsed asn.1 schema? Thank you in advance for shining a light on this more advanced use case ๐
For example if I want to serialize a BasicOCSPResponse
which in turn has a ResponseData
that has the attribute producedAt: Date
This snippet fails with Error: Cannot get schema for 'Object' target
AsnConvert.serialize(
new OCSPResponse({
responseStatus: OCSPResponseStatus.successful,
responseBytes: new ResponseBytes({
response: new OctetString(
AsnConvert.serialize(
new BasicOCSPResponse({
tbsResponseData: {
producedAt: new Date(),
responses: [],
responderID: new ResponderID(),
version: Version.v1,
responseExtensions: [
{
critical: false,
extnID: id_pkix_ocsp_nonce,
extnValue: new OctetString(Convert.FromHex("FFF")),
},
],
},
})
)
),
}),
})
);
Is there a workaround for this?
Would it be possible to have things like AsnParser.parse(...)
support ReadableStream
as the data BufferSource?
e.g.
import { AsnParser } from "@peculiar/asn1-schema";
import { Certificate } from "@peculiar/asn1-x509";
fetch("https://raw.githubusercontent.com/google/clusterfuzz/master/docs/setting-up-fuzzing/heartbleed/server.pem").then(async current_response => {
const cert = AsnParser.parse(current_response.body, Certificate);
console.log(cert);
})
instead of:
import { AsnParser } from "@peculiar/asn1-schema";
import { Certificate } from "@peculiar/asn1-x509";
fetch("https://raw.githubusercontent.com/google/clusterfuzz/master/docs/setting-up-fuzzing/heartbleed/server.pem").then(async current_response => {
const cert = AsnParser.parse(await current_response.arrayBuffer(), Certificate);
console.log(cert);
})
While this simplified example only has a tiny certificate, I think ReadableStream
would help reduce memory and decoding times for very large BER buffers.
Hi, what is the proper way to set PreferredSignatureAlgorithms to an OCSP request?
I tried the following snippet but it fails with Cannot get schema for 'Object' target
requestExtensions: [
new Extension({ extnID: id_pkix_ocsp_nonce, extnValue: new Nonce(nonce) }),
new Extension({
extnID: id_pkix_ocsp_pref_sig_algs,
extnValue: new OctetString(AsnConvert.serialize(new PreferredSignatureAlgorithms([{ algorithm: "1.2.840.10045.4.3.2" }]))),
}),
],
Code example:
AsnParser.parse(Convert.FromHex('304e3018060a60864801650302010302060a608648016503020102073018060a60864801650302010303060a608648016503020102083018060a6086480165030201030c060a60864801650302010209'), PolicyMappings);
Error text:
Data does not match to PolicyMappings ASN1 schema.
PolicyMappings extension reference - https://lapo.it/asn1js/#ME4wGAYKYIZIAWUDAgEDAgYKYIZIAWUDAgECBzAYBgpghkgBZQMCAQMDBgpghkgBZQMCAQIIMBgGCmCGSAFlAwIBAwwGCmCGSAFlAwIBAgk
Schema name: x509-microsoft
MS-WCCE
npm run create x509-microsoft
AsnParser.parse(Convert.FromHex('308228d6a08228d2300e820c6162656e73626572672e64653010820e616266616c6c2d726f74682e6465301282106167656e646132312d726f74682e6465300d820b61686f6c66696e672e6465300d820b61686f6c66696e672e6575300e820c6169676c73626163682e6465301a82186169736368677275656e6465722d6b61727066656e2e6465300f820d6169746572686f66656e2e6465300f820d616c6c657273626572672e6465300f820d616c6c657273626572672e6575300f820d616c74656e7468616e6e2e64653011820f616c746f6d75656e737465722e6465300c820a616e73626163682e646530168214616e73626163682d6c616e646b726569732e646530168214616e73626163682d6c616e646b726569732e65753012821061736368616666656e627572672e6465301f821d61736368616666656e6275726765722d6b756c747572746167652e6465301f821d61736368616666656e6275726765722d706f6d70656a616e65722e64653020821e61736368616666656e627572672d73746f6c706572737465696e652e6465300f820d617474656e686f66656e2e6465300b8209617474696e672e6465300b8209617474696e672e6575300e820c61756668617573656e2e6575300d820b61756773627572672e6465300f820d626163682d646f6e61752e6465300f820d6261642d6162626163682e6465301482126261642d67726f656e656e626163682e64653011820f6261642d6e657573746164742e6465300c820a62617262696e672e646530128210626175616b74656f6e6c696e652e6465300b820962617965726e2e64653011820f62657261747a68617573656e2e64653010820e626572676b69726368656e2e6465300e820c6265726773746f72662e6575301282106265726e686172647377616c642e6465300d820b6265726e726965642e64653018821662657a69726b2d6e696564657262617965726e2e6465301c821a62696c64756e676c616e646b72656973616e73626163682e6465301e821c62696c64756e672d6c616e646b726569732d616e73626163682e64653022822062696c64756e6773627565726f2d61736368616666656e627572672e696e666f301c821a62696c64756e6773627565726f2d756e7465726d61696e2e64653018821662696c64756e6773726567696f6e2d726f74682e64653017821562697363686f66736865696d2d72686f656e2e64653011820f626f636b686f726e2d6f62622e6465300e820c626f65686d77696e642e6465300e820c6272656e6e626572672e6465300e820c627275636b626572672e6465300c820a62732d726f74682e6465300d820b62737a2d726f74682e6465301682146275656368657265692d6865696465636b2e6465301782156275656368657265692d737465696e6163682e6465301e821c62756572676572696e666f2d73636877616e7374657474656e2e646530178215627565726765722d6f7374616c6c676165752e64653017821562756572676572706f7274616c2d726f74682e646530128210627572672d6162656e626572672e6575300982076279626e2e6465300982076368616d2e64653014821263687269737469616e2d73636861642e6465301b821963687269737469616e2d73636861642d6d757365756d2e6465301d821b63687269737469616e2d73636861642d7374696674756e672e6465300c820a6461636861752e636f6d300b82096461636861752e6465300f820d64656767656e646f72662e6465300f820d64656e6b656e646f72662e6575300e820c64696c6c696e67656e2e6465300e820c64696c6c696e67656e2e6575300f820d64696e676f6c66696e672e6465301a8218646972656b747665726d61726b7465722d726f74682e646530168214646973636f6275732d62617972657574682e6465300f820d646f6e61752d726965732e6465300f820d646f6e617573746175662e6465300b8209646f7266656e2e6465300e820c647565726e686172742e65753010820e647565727277616e67656e2e6465300f820d64756767656e646f72662e646530128210656265726d616e6e73746164742e6465300f820d656368696e672d6e64622e6465301f821d652d676f7665726e6d656e742d61736368616666656e627572672e646530178215656872656e616d74736b617274652d6761702e6465300d820b65696368656e61752e6465300f820d656963687374616574742e6465301b821965696e7361747a6e6163686265617262656974756e672e6465301e821c656973656e68616d6d65722d65636b6572736d7565686c656e2e6465300e820c656c73656e646f72662e6465300e820c657262656e646f72662e6465300b8209657264696e672e6465300b82096572647765672e64653018821665726c616e67656e2d686f65636873746164742e64653016821465726c6562656e7377656c742d726f74682e64653016821466616d696c69656e6c616e646b726569732e6465301b821966657269656e726567696f6e2d73746966746c616e642e6465300a820866666761702e6465300c820a66696e73696e672e6465300e820c666c6164756e67656e2e646530138211666c75766975732d6d757365756d2e6465300d820b666f72737465726e2e646530198217667261656e6b6973636865737365656e6c616e642e6465300e820c667261756e626572672e646530198217667265697a6569746275732d62617972657574682e646530128210667265697a6569742d706173732e646530128210667265697a6569742d726f74682e6465300c820a66726579756e672e64653013821166726f6e74656e68617573656e2e636f6d3012821066726f6e74656e68617573656e2e646530258223667565727374656e66656c64627275636b65722d70666c656765626f657273652e6465300e820c66756e6472656963682e6465301b821966756e6472656963682d7468616c6d61657373696e672e646530098207676170612e636330098207676170612e6465301482126764652d66656c646b69726368656e2e64653012821067656973656c686f6572696e672e64653014821267656d65696e64652d617474696e672e64653013821167656d65696e64652d6272756e6e2e64653017821567656d65696e64652d64657565726c696e672e64653014821267656d65696e64652d68617573656e2e64653014821267656d65696e64652d6d65656465722e64653013821167656d65696e64652d706165686c2e64653019821767656d65696e64652d7061726b7374657474656e2e64653012821067656d65696e64652d7261696e2e64653012821067656d65696e64652d726f68722e64653016821467656d65696e64652d737465696e6163682e64653016821467656d65696e64652d737465696e6163682e65753016821467656d65696e64652d776573736c696e672e6465302c822a676573636861656674737374656c6c656e7a7765636b76657262616e642d737472617562696e672e646530188216676573756e646865697473616d742d726f74682e64653019821767657765726265666c61656368656e2d726f74682e646530158213676577657262656765626965742d61362e6465301f821d676577657262656765626965742d6c69636874656e61752d61362e64653011820f677265646c2d7261647765672e6465301982176772756e64736368756c652d737465696e6163682e64653012821067732d77616c6473617373656e2e6465300d820b6777692d696e666f2e6465301b821967796d6e617369756d2d68696c706f6c74737465696e2e6465301a821867796d6e617369756d2d77656e64656c737465696e2e6465300f820d686167656c73746164742e6465301282106865626572747368617573656e2e6465300c820a6865696465636b2e6465300c820a6865696465636b2e6575301e821c6865696d706c61747a73756368652d726567656e73627572672e6465300a820868656d61752e646530138211686572726e6769657273646f72662e6465300d820b68657573747265752e646530198217686973746f726973636865732d6865696465636b2e6465300f820d686f65726c6b6f66656e2e646530088206686f662e6465300f820d68756e646572646f72662e64653010820e6968726c6572737465696e2e6465300f820d696e64657273646f72662e6465300c820a69726c626163682e6465300982076973656e2e6465300d820b69736d616e696e672e6465300a82086a617265672e6465301b82196a656465722d627565726765722d65696e2d6575726f2e6465301382116a7567656e64616d742d726f74682e6465300e820c6b616c6c6d75656e7a2e64653010820e6b616d6d6572737465696e2e6465300e820c6b61726c7366656c642e6465301b82196b61727066656e7363686d65636b6572776f6368656e2e6465300c820a6b62692d7061662e6465300c820a6b656c6865696d2e6465300c820a6b656d7074656e2e6465301282106b6967612d7265697373696e672e6465300e820c6b69726368726f74682e6465301582136b6974612d6b616d6d6572737465696e2e6465301882166b6974612d6f6265727363686e656964696e672e6465300d820b6b6a722d726f74682e6465301c821a6b6c6f657070656c736368756c652d6162656e626572672e6465300e820c6b6f65666572696e672e6465300e820c6b6f65736368696e672e6465301f821d6b6f6d626e2d6c616e646b726569732d726567656e73627572672e6465300e820c6b6f6d626e2d7374612e6465300c820a6b6f6e7a656c6c2e6465300d820b6b726569732d616e2e6465300d820b6b726569732d616e2e6575301c821a6b726569736269626c696f7468656b2d6b726f6e6163682e6465301982176b7265697362696c647374656c6c652d726f74682e6465300d820b6b726569732d62742e6465300e820c6b726569732d646c672e6465300d820b6b726569732d65692e6465300e820c6b726569732d6666622e6465300e820c6b726569732d6666622e6575301982176b726569736a7567656e6472696e672d726f74682e6465300c820a6b726569732d6d2e6465300e820c6b726569732d6e65612e6465300e820c6b726569732d7061662e6465300d820b6b726569732d72682e65753011820f6b726569737461672d6666622e64653011820f6b726569737461672d6d696c2e6465300e820c6b726569732d7469722e64653010820e6b72756d6d656e6e6161622e6465300c820a6b756c6d61696e2e6465301982176b756c7475722d61736368616666656e627572672e6465301e821c6b756c74757273746164742d61736368616666656e627572672e6465301582136b756e7374756e64636172696c6c6f6e2e6465300c820a6c616c6c696e672e6465301a82186c616e646b726569732d616e73626163682e62617965726e301582136c616e646b72656973616e73626163682e6465301682146c616e646b726569732d616e73626163682e6465301582136c616e646b72656973616e73626163682e6575301682146c616e646b726569732d616e73626163682e6575301782156c616e646b726569732d61756773627572672e6465301782156c616e646b726569732d62617972657574682e6465301382116c616e646b726569732d6368616d2e6465301582136c616e646b726569732d636f627572672e6465301582136c616e646b726569732d6461636861752e6465301982176c616e646b726569732d64656767656e646f72662e6465301882166c616e646b726569732d64696c6c696e67656e2e6465301882166c616e646b726569732d64696c6c696e67656e2e65753020821e6c616e646b726569732d64696e676f6c66696e672d6c616e6461752e6465301982176c616e646b726569732d656963687374616574742e6465301282106c616e646b726569732d6672672e6465301582136c616e646b726569732d6675657274682e6465301282106c616e646b726569732d6761702e6465301282106c616e646b726569732d686f662e6465301682146c616e646b726569732d6b656c6865696d2e6465301682146c616e646b726569732d6b726f6e6163682e6465301782156c616e646b726569732d6b756c6d626163682e6465301782156c616e646b726569732d6d75656e6368656e2e6465301982176c616e646b726569732d6f7374616c6c676165752e6465301b82196c616e646b726569732d7066616666656e686f66656e2e6465301482126c616e646b726569732d726567656e2e6465301982176c616e646b726569732d726567656e73627572672e6465301882166c616e646b726569732d726f73656e6865696d2e6465301282106c616e646b72656973726f74682e6465301382116c616e646b726569732d726f74682e6465301282106c616e646b72656973726f74682e6575301382116c616e646b726569732d726f74682e6575301e821c6c616e646b726569732d737472617562696e672d626f67656e2e6465301882166c616e646b726569732d777565727a627572672e6465301882166c616e646b726569732d77756e73696564656c2e6465301c821a6c616e6472617473616d742d616e73626163682e62617965726e301882166c616e6472617473616d742d616e73626163682e6465301982176c616e6472617473616d742d62617972657574682e6465301782156c616e6472617473616d742d6461636861752e6465301782156c616e6472617473616d742d657264696e672e6465301482126c616e6472617473616d742d6761702e6465301482126c616e6472617473616d742d7061662e6465301b82196c616e6472617473616d742d726567656e73627572672e6465301682146c616e6472617473616d742d726f74682e636f6d301482126c616e6472617473616d74726f74682e6465301582136c616e6472617473616d742d726f74682e6465301482126c616e6472617473616d74726f74682e6575301582136c616e6472617473616d742d726f74682e6575300d820b6c616e64736875742e6465301282106c616e6766757274682e62617965726e300e820c6c616e6766757274682e6575300e820c6c616e6771756169642e64653010820e6c617070657273646f72662e6465300e820c6c6569626c66696e672e6465300d820b6c656e67646f72662e6465300c820a6c656e74696e672e6465301282106c69636874656e61752e62617965726e300c820a6c6b722d62676c2e6465300c820a6c6b722d6e65742e6465300c820a6c6b722d7469722e64653011820f6c6b2d737461726e626572672e6465300b82096c72612d61622e64653010820e6c72612d6169632d6664622e6465301482126c72612d616e73626163682e62617965726e3010820e6c72612d616e73626163682e6465300c820a6c72612d616f652e6465300c820a6c72612d62676c2e6465301382116c72612d646f6e61752d726965732e6465300b82096c72612d65642e6465300c820a6c72612d6572682e6465300c820a6c72612d6666622e6465300c820a6c72612d6666622e6575300c820a6c72612d6761702e6465300c820a6c72612d6d75652e6465300b82096c72612d6f612e6465301482126c72612d6f7374616c6c676165752e6f7267300c820a6c72612d7061662e6465300c820a6c7261726f74682e6465300d820b6c72612d726f74682e6465301282106c72612d737461726e626572672e6465300a82086c726173772e6465300e820c6c72612d746f656c7a2e6465300b82096c72612d776d2e6465300d820b6d61656872696e672e6465300d820b6d61696e627572672e64653010820e6d616c6c657273646f72662e6465300c820a6d616d6d696e672e6465301882166d61726b742d66726f6e74656e68617573656e2e6465300d820b6d61726b746761702e6465300e820c6d61726b746761702e6e6574301582136d61726b742d696e64657273646f72662e64653011820f6d61726b742d6c61616265722e6465301782156d61726b746c69636874656e61752e62617965726e301482126d61726b742d6c69636874656e61752e64653011820f6d61726b742d6d657474656e2e6465300f820d6d61726b742d726f68722e6465301582136d61726b742d7363686f70666c6f63682e64653010820e6d61726b7477696e7a65722e6465301482126d61782d72656765722d68616c6c652e64653011820f6d61787265676572746167652e6465302482226d656469656e7a656e7472756d2d726567656e736275726765722d6c616e642e6465300e820c6d656d6d696e67656e2e64653010820e6d696e7472616368696e672e6465301c821a6d697474656c736368756c652d77616c6473617373656e2e6465300f820d6d697474657266656c732e64653010820e6d697474657274656963682e6465301682146d6f62696c2d7061726b7374657474656e2e6465300f820d6d6f65726e736865696d2e6465300f820d6d6f6f73696e6e696e672e64653011820f6d6f6f737468656e6e696e672e6465301482126d757365656e2d6162656e626572672e6465301982176d757365656e2d61736368616666656e627572672e64653010820e6d757365656e2d726f74682e6465301b82196d757365756d736c616e647363686166742d726f74682e6465302282206d757365756d7371756172746965722d746972736368656e72657574682e6465300a82086d7a2d6c612e6465300c820a6d7a726567656e2e6465301c821a6e617475726261642d6f6265727363686e656964696e672e6465301282106e6575616c62656e72657574682e6465300e820c6e65756269626572672e6465301b82196e6575627572672d736368726f62656e68617573656e2e6465300d820b6e657573746164742e6465301382116e657573746164742d646f6e61752e64653011820f6e657574726175626c696e672e6465301282106e6965646572616c74656963682e6465301282106e69656465726d6f747a696e672e6575300f820d6e697474656e646f72662e6465300e820c6e7565726e626572672e6465301582136e7565726e6265726765722d6c616e642e6465300d820b6f62657264696e672e64653010820e6f626572656c73626163682e64653010820e6f6265726d6f747a696e672e6575301382116f6265727363686e656964696e672e6465301282106f62657274726175626c696e672e6465300f820d6f7374616c6c676165752e6465300f820d6f73746572686f66656e2e6465300c820a6f73746865696d2e6465301582136f77612d67726f73736d656872696e672e6465300c820a7061696e74656e2e6465301682147061726b656e2d726f7468656e627572672e64653010820e7061726b7374657474656e2e6465300e820c70617374657474656e2e6465300c820a70656974696e672e6465300d820b70656e7a626572672e6465300b82097065726b616d2e6465300b82097065726b616d2e6575301282107065746572736175726163682e636f6d3011820f7065746572736175726163682e64653011820f7065746572736175726163682e6575301382117065746572736175726163682e696e666f301282107065746572736175726163682e6f72673011820f70657465727368617573656e2e6465300f820d70657474656e646f72662e6465300d820b7066616b6f66656e2e6465300c820a706661747465722e64653015821370666c656765626f657273652d6666622e6465301b821970666c65676573747565747a70756e6b742d726f74682e64653010820e7069656c656e686f66656e2e6465300c820a70696c6c696e672e6575300e820c706c6174746c696e672e6465300f820d706c6f657373626572672e6465300d820b707563686865696d2e6465300d820b7261646c646f72662e6575300982077261696e2e6575300d820b7261697374696e672e6465301b821972617473696e666f2d73636877616e7374657474656e2e6465300c820a7265616c7267622e6465301c821a7265616c736368756c652d68696c706f6c74737465696e2e6465301e821c7265616c736368756c652d6e657573746164742d61697363682e6465300f820d726567656e73627572672e6465300f820d726567656e73746175662e646530148212726567696f6e2d62617972657574682e6465301382117265696368656e73636877616e642e64653012821072656963687373746164742e696e666f3016821472656963687373746164746d757365756d2e64653018821672656963687373746164746d757365756d2e696e666f301582137265696368737374616474746167652e636f6d300d820b7265697373696e672e6465301482127265697465726c65736d61726b742e636f6d301582137265697465726c65736d61726b742e696e666f3010820e72657574682d622d6572622e64653013821172686f656e2d6772616266656c642e6465300f820d72696564656e627572672e6465300b820972696e6b616d2e6575300e820c726f6568726d6f6f732e64653010820e726f657474656e626163682e646530098207726f68722e6575300d820b726f68722d6d66722e6465300e820c726f73656e6865696d2e646530138211726f7468656e627572672e62617965726e300f820d726f7468656e627572672e6465300f820d726f7468656e627572672e65753021821f726f7468656e6275726765722d6d6165726368656e7a61756265722e636f6d300c820a726f74687365652e6465300c820a726f74687365652e6575300f820d726f7474616c2d696e6e2e6465300d820b727565676c616e642e6465300b8209727a6c72612e6e6574300f820d7361616c2d646f6e61752e6465300c820a7361696c6175662e64653013821173616e64626572672d72686f656e2e64653010820e7363686e656c6c646f72662e6465301d821b7363686f70666c6f63682d6d697474656c6672616e6b656e2e6465301a821873636875656c6572776f686e6865696d2d726f74682e6465300f820d736368756c652d686f662e6465301a8218736368756c652d6f6265727363686e656964696e672e6465301a8218736368756c6b696e6f776f6368652d62617965726e2e64653021821f73636877616e6765722d696d2d6c616e646b726569732d726567656e2e64653019821773636877616e6765722d696e2d616e73626163682e64653015821373636877616e6765722d696e2d6666622e64653023822173636877616e6765722d696e2d667565727374656e66656c64627275636b2e64653016821473636877616e6765722d696e2d726f74682e6465301b821973636877616e6765722d696e2d7363687761626163682e64653012821073636877616e7374657474656e2e64653010820e7363687765696e667572742e64653009820773656c622e64653015821373656c62737468696c66652d726f74682e64653012821073656e696f72656e2d726f74682e6465300c820a73696e7a696e672e6465300e820c736f6e74686f66656e2e64653014821273706572726d75656c6c2d726f74682e64653014821273746164742d6162656e73626572672e64653022822073746164746269626c696f7468656b2d61736368616666656e627572672e6465300e820c73746164742d686f662e6465300e820c7374616474686f662e6f7267300f820d73746164742d686f662e6f7267301f821d7374616474746865617465722d61736368616666656e627572672e64653018821673746164742d746972736368656e72657574682e6465301b821973746164742d7761737365727472756564696e67656e2e6465300d820b737465696e6163682e6575301a8218737465696e6163682d6e696564657262617965726e2e6465301a8218737465696e6163682d6e696564657262617965726e2e6575301282107374726173736b69726368656e2e646530148212737472617562696e672d626f67656e2e64653013821173742d776f6c6667616e672d6f622e6465300e820c7375656e6368696e672e6465300d820b73756c7a626572672e64653015821373796e632d747261756e737465696e2e636f6d300b82097461696e65742e64653010820e746175666b69726368656e2e6465300f820d74656765726e6865696d2e6465300a8208746575676e2e64653010820e7468616c6d617373696e672e64653010820e747261756e737465696e2e636f6d3010820e75726c6175622d726f74682e64653021821f76657277616c74756e677367656d65696e7363686166742d7261696e2e64653021821f76657277616c74756e677367656d65696e7363686166742d7261696e2e6575300e820c7667656d2d7261696e2e6465300e820c7667656d2d7261696e2e6575301582137667656d2d7363686f656c6c6e6163682e6465301482127667656d2d7363687761727a6163682e64653015821376672d6d656c6c7269636873746164742e64653013821176672d6d657370656c6272756e6e2e64653014821276672d6f6265726e65756368696e672e6465300c820a76672d7261696e2e65753014821276672d737465696e6b69726368656e2e64653015821376672d7374726173736b69726368656e2e64653012821076672d77656968656e7a656c6c2e6465300e820c7668672d626f67656e2e6465301482127668732d6c6b722d616e73626163682e646530128210766f6c6b656e73636877616e642e6465300f820d76732d6865696465636b2e64653010820e7761686c656e2d726f74682e64653011820f77616c646b726169627572672e6465300f820d77616c6473617373656e2e64653011820f77616c6473617373656e2e696e666f300f820d77617274656e626572672e6465301982177761737365727175616c69746165742d726f74682e6465301982177761737365727472756564696e67656e2e62617965726e301582137761737365727472756564696e67656e2e6465301782157761737365727472756564696e67656e2e696e666f301682147761737365727472756564696e67656e2e6e6574302882267761737365727a7765636b76657262616e642d6169747261636874616c6772757070652e6465302682247761737365727a7765636b76657262616e642d62756368626572676772757070652e6465302282207761737365727a7765636b76657262616e642d68756e646572646f72662e6465302582237761737365727a7765636b76657262616e642d69726c626163686772757070652e6465302782257761737365727a7765636b76657262616e642d737069747a626572676772757070652e64653011820f776569626572736272756e6e2e6465300b82097765696368732e6465300b820977656964656e2e64653017821577656964656e2d746f757269736d75732e696e666f300f820d77656968656e7a656c6c2e6465300d820b7765696c6865696d2e6465301682147765696c6865696d2d7363686f6e6761752e64653011820f7765697373656e73746164742e6465300f820d77656e7a656e626163682e6465300f820d7769656c656e626163682e6465300f820d77696573656e646f72662e65753011820f77696573656e66656c64656e2e6465300c820a77696573656e742e6465301f821d7769727473636861667473666f6572646572756e672d726f74682e6465301e821c7769727473636861667473736368756c652d67726564696e672e64653011820f776f657274682d646f6e61752e646530238221776f686c667565686c726567696f6e2d6669636874656c676562697267652e6465300d820b776f6c66736567672e6465300e820c777565727a627572672e6465300d820b7a6569746c61726e2e6465300a87083e996cd8fffffff8300a8708c11cf000ffffff00300a8708c11cf100ffffff00300a8708c11cf200ffffff00300a8708c11cf300ffffff00300a8708c11cf400ffffff00300a8708c11cf500ffffff00300a8708c11cf600ffffff00300a8708c11cf700ffffff00300a8708c11cf800ffffff00300a8708c11cf900ffffff00300a87083e9abdc0fffffff8300a87085095a4d0fffffff8300a8708c3f3c3f8fffffff8300a8708c3f3e008fffffff8300a8708d4b96480fffffff8300a8708509c0b50fffffff8300a8708d9f3eec0fffffff8300a870850968be0ffffffe0300a8708511ba933ffffffff300a87083e9cb873ffffffff300a87083e9dd633ffffffff300a87083e9f801effffffff300a87085096d4ebffffffff300a87085096f558fffffff8300a8708d5b39bfbffffffff303da43b3039310b3009060355040613024445310f300d0603550408130642617965726e31193017060355040a13104672656973746161742042617965726e'), NameConstraints);
I need to convert an array of Attribute
s to an encoded Set, however passing a raw array to AsnConvert
results in Error: Cannot get schema for 'Array' target
(unsurprisingly).
example code:
const { AsnConvert } = require('@peculiar/asn1-schema');
const { Attribtue } = require('@peculiar/asn1-cms');
const { id_pkcs9_at_messageDigest } = require('@peculiar/asn1-pkcs9');
const attributes = [new Attribute({
attrType: id_pkcs9_at_messageDigest,
attrValues: [Buffer.from(...)],
});
const encoded = AsnConvert.serialize(attributes); // errors
Package: @peculiar/asn1-x509-attr
Check and create a report about use new rfc5755 instead of rfc3281.
Schema name: pfx
RFC 7292
npm run create pfx
Schema name: x509-logotype
RFC 3709
npm run create x509-logotype
There seems to be an issue with adding members to the system group within the current implementation. Presently, only the administrator and owner are being added to the system group. The system group is automatically associated with all keys and grants members the ability to view all organization keys. However, the newly added Security Officer role is not being included in the system group. Additionally, comprehensive testing should be implemented to ensure proper functionality.
See
asn1-schema/packages/schema/src/schema.ts
Line 197 in 28d0b6e
This throw when running node with --disable-proto=throw
This is probably related to/a follow-up from PeculiarVentures/PKI.js#324
When parsing an RPKI manifest, the sid in the signerInfo does not match the SubjectKeyIdentifier in the signedData's certificate its SubjectKeyIdentifier extension.
value from the sid: cd7291544e735cc5006f097b8ab41fd18752757e
value from the certificates extension: 0414cd7291544e735cc5006f097b8ab41fd18752757e
When debugging it appears that SubjectKeyIdentifier values always have a 0414
prefix.
When parsing the certificate (ripe-ncc-ta.cer
) in ripe-ncc-ta.zip, the SubjectKeyIdentifier is as follows:
$ openssl x509 -in ripe-ncc-ta.cer -inform DER -noout -text | grep "Subject Key" --before=1 --after=3
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:55:2B:1F:D6:D1:A4:F7:E4:04:C6:D8:E5:68:0D:1E:BC:16:3F:C3
X509v3 Basic Constraints: critical
CA:TRUE
The value of the extension read is
SubjectKeyIdentifier: 0414e8552b1fd6d1a4f7e404c6d8e5680d1ebc163fc3
import { AsnConvert, AsnParser } from "@peculiar/asn1-schema";
import { Certificate, id_ce_subjectKeyIdentifier } from "@peculiar/asn1-x509";
const rpkiCertB64 = "MIIECjCCAvKgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAxMLcmlwZS1uY2MtdGEwIBcNMTcxMTI4MTQzOTU1WhgPMjExNzExMjgxNDM5NTVaMBYxFDASBgNVBAMTC3JpcGUtbmNjLXRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2myBsOzeW1jQ6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV2pFBFeQAvoH/WK83HwA26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNcKrmit8BwBC8xImzuCGaV0jkRB0GZ0hoH6Ml03umLprRsn6v0xOP0+l6Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eMkE6DoclHhF/NlSllXubASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs6ZxRD1b6Uk1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2VwIDAQABo4IBXjCCAVowHQYDVR0OBBYEFOhVKx/W0aT35ATG2OVoDR68Fj/DMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMIGxBggrBgEFBQcBCwSBpDCBoTA8BggrBgEFBQcwCoYwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvcmlwZS1uY2MtdGEubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDAtBggrBgEFBQcwBYYhcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwJwYIKwYBBQUHAQcBAf8EGDAWMAkEAgABMAMDAQAwCQQCAAIwAwMBADAhBggrBgEFBQcBCAEB/wQSMBCgDjAMMAoCAQACBQD/////MA0GCSqGSIb3DQEBCwUAA4IBAQAVgJjrZ3wFppC8Yk8D2xgzwSeWVT2vtYq96CQQsjaKb8nbeVz3DwcS3a7RIsevrNVGo43k3AGymg1ki+AWJjvHvJ+tSzCbn5+X6Z7AfYTf2g37xINVDHru0PTQUargSMBAz/MBNpFG8KThtT7WbJrK4+f/lvx0m8QOlYm2a17iXS3AGQJ6RHcq9ADscqGdumxmMMDjwED26bGaYdmru1hNIpwF//jVM/eRjBFoPHKFlx0kLd/yoCQNmx1kW+xANx4uyWxi/DYgSV7Oynq+C60OucW+d8tIhkblh8+YfrmukJdsV+vo2L72yerdbsP9xjqvhZrLKfsLZjYK4SdYYthi";
const rpkiCertBuffer = Buffer.from(rpkiCertB64, "base64");
const rpkiCert = AsnConvert.parse(rpkiCertBuffer, Certificate);
const certSKI = rpkiCert.tbsCertificate.extensions?.find(ext => ext.extnID === id_ce_subjectKeyIdentifier);
console.log(`SKI: ${Buffer.from(certSKI?.extnValue.buffer || "").toString("hex")}`);
Please add extension CertificateTransparency (1.3.6.1.4.1.11129.2.4.2)
to the package
Example:
AsnParser.parse(Convert.FromHex('0481f200f0007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000170ac4b55f8000004030047304502206f7acb0532ea7ebf8ac7bc6db361e9b945d99406ad995c0d50ddd1b0326c5781022100deef6adaa4c33ca25b8a09dbdc028f13faeaa18a5fada7bf065037afa4f8cfb90076005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd00000170ac4b564a0000040300473045022100963c275d34cf37ab3fc249a25b1197b4a3968359a5baea1bbb2ef1c1d9f06bb102204a58c43591b68d3f20bdbd6b87c62ce186421af4a6c4039451d07280b7b25573'), CertificateTransparency);
templateMinorVersion
type must be INTEGER
(using description from https://github.com/PeculiarVentures/asn1-schema/blob/master/packages/x509-microsoft/src/attributes/extensions/certificate_template.ts#L8), but I see string
after parse:
I'm using several of your excellent schemas in a Typescript-authored node library, which to date have seemingly worked fine. Here's how I declare them in my library's package.json list of "dependencies"
:
"@peculiar/asn1-android": "^2.0.38",
"@peculiar/asn1-schema": "^2.0.38",
"@peculiar/asn1-x509": "^2.0.38",
Unfortunately recently my builds are failing in CI with the following type errors:
node_modules/asn1js/build/index.d.ts:117:25 - error TS2304: Cannot find name 'BufferSource'.
117 valueBeforeDecode?: BufferSource;
~~~~~~~~~~~~
node_modules/asn1js/build/index.d.ts:167:15 - error TS2304: Cannot find name 'BufferSource'.
167 valueHex: BufferSource;
~~~~~~~~~~~~
node_modules/asn1js/build/index.d.ts:1323:39 - error TS2304: Cannot find name 'BufferSource'.
1323 declare function fromBER(inputBuffer: BufferSource): FromBerResult;
~~~~~~~~~~~~
node_modules/asn1js/build/index.d.ts:1354:44 - error TS2304: Cannot find name 'BufferSource'.
1354 declare function verifySchema(inputBuffer: BufferSource, inputSchema: AsnSchemaType): CompareSchemaResult;
~~~~~~~~~~~~
Doing some digging, at some point since v2.0.38 of the three schema libs above, asn1js started referencing types which are only defined in TypeScript's "DOM"
lib. And indeed, adding the following to my Node library's tsconfig.json fixed these errors:
"lib": [
"DOM",
],
I no longer reference "DOM"
in my library's tsconfig.json because my library is only intended to work in Node; and in fact referencing "DOM"
like this can lead to typing issues with things like (for sake of example) setTimeout()
because its return types between Node and browser environments are slightly different.
So that brings me to my question: are these libraries only intended to be used in a browser? I ask because asn1js underpins the functionality of these schema libraries, and states the following:
ASN1js is the first library for BER encoding/decoding in Javascript designed for browser use.
Does that mean these schema libraries should never have been used in my Node library in the first place? I've not yet had any issues using them like this, but if asn1js's types are going to assume the code is running in a DOM then it's making me wonder if I should reconsider and find an alternative.
If these schema libraries are also intended for use in Node, then the type definitions in asn1js need further consideration to help ensure Node-based TypeScript projects can reference the proper types without needing to reference the likely irrelevant TypeScript "DOM"
lib.
If these schema libraries are only intended for use in browsers then I think asn1-schema
could benefit from clearer messaging specifying this expected runtime environment restriction.
Extra ; causes build failure.
Unexpected token: punc (;) [./node_modules/@peculiar/asn1-x509/build/cjs/extensions/crl_issuing_distribution_point.js:19,0]
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.