Closed engaref2000 closed 2 years ago
Hello @engaref2000 It seems that the parsing has a problem with the subject alternativ name extension. I will take a look at it next week. Can you provide some information on how the CSR was generated?
thanks Ephendrom for response.
the csr file generated in java with this information :
csr.common.name=TST-886431145-312345678900003 csr.serial.number=1-TST|2-TST|3-ed22f1d8-e6a2-1118-9b58-d9a8f11e445f csr.organization.identifier=312345678900003 csr.organization.unit.name=3123456789 csr.organization.name=3123456789 csr.country.name=SA csr.invoice.type=1111 csr.location.address=TST csr.industry.business.category=TST
I hope this information is help.
@engaref2000 Which java library was used in this case ? Maybe bouncy castle ?
yes the library bouncycastle and the ans1 as decode is from https://lapo.it/asn1js/ SEQUENCE (3 elem) SEQUENCE (4 elem) INTEGER 0 SEQUENCE (4 elem) SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component) PrintableString SA SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component) UTF8String 3123456789 SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component) UTF8String 3123456789 SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component) UTF8String TST-886431145-312345678900003 SEQUENCE (2 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key type) OBJECT IDENTIFIER 1.3.132.0.10 secp256k1 (SECG (Certicom) named elliptic curve) BIT STRING (520 bit) 0000010000100011100111110101011011010111000000001111011000101010010011… [0] (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.9.14 extensionRequest (PKCS #9 via CRMF) SET (1 elem) SEQUENCE (2 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2 enrollCerttypeExtension (Microsoft CAPICOM certificate template, V1) OCTET STRING (20 byte) 0C125A415443412D436F64652D5369676E696E67 UTF8String ZATCA-Code-Signing SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.29.17 subjectAltName (X.509 extension) OCTET STRING (146 byte) 30818FA4818C308189313B303906035504040C32312D5453547C322D5453547C332D6… SEQUENCE (1 elem) [4] (1 elem) SEQUENCE (5 elem) SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.4 surname (X.520 DN component) UTF8String 1-TST|2-TST|3-ed22f1d8-e6a2-1118-9b58-d9a8f11e445f SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 0.9.2342.19200300.100.1.1 userID (Some oddball X.500 attribute collection) UTF8String 312345678900003 SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.12 title (X.520 DN component) UTF8String 1111 SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.26 registeredAddress (X.520 DN component) UTF8String TST SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.15 businessCategory (X.520 DN component) UTF8String TST SEQUENCE (1 elem) OBJECT IDENTIFIER 1.2.840.10045.4.3.2 ecdsaWithSHA256 (ANSI X9.62 ECDSA algorithm with SHA256) BIT STRING (576 bit) 0011000001000110000000100010000100000000100111011101011001110000110111… SEQUENCE (2 elem) INTEGER (256 bit) 7139200149141166879124929731463666064519387665678156964825331263561528… INTEGER (256 bit) 7409204401331651896178037162532302602528463729441355867917827012298287…
Waiting for https://github.com/bcgit/pc-dart/pull/164
@engaref2000 This can be considered as closed with the new version 4.4.0 is now live on pub.dev.
thanks and best regard . I will check and let you informed.
hi every one. I need help when I try get Certificate from CSR file . the contain of csr file is : var x509Pem ='''-----BEGIN CERTIFICATE REQUEST----- MIIB7TCCAZMCAQAwXzELMAkGA1UEBhMCU0ExEzARBgNVBAsMCjMxMjM0NTY3ODkx EzARBgNVBAoMCjMxMjM0NTY3ODkxJjAkBgNVBAMMHVRTVC04ODY0MzExNDUtMzEy MzQ1Njc4OTAwMDAzMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEkNOiV8GaCBVDnQw2 bM1Wy6PqIRZ6t+/hxJNQxg7FAdWK0PcUiUdv5ry2SVyFSz/qY34IJuPstO01fLWv c41ny6CB1DCB0QYJKoZIhvcNAQkOMYHDMIHAMCEGCSsGAQQBgjcUAgQUDBJaQVRD QS1Db2RlLVNpZ25pbmcwgZoGA1UdEQSBkjCBj6SBjDCBiTE7MDkGA1UEBAwyMS1U U1R8Mi1UU1R8My1lZDIyZjFkOC1lNmEyLTExMTgtOWI1OC1kOWE4ZjExZTQ0NWYx HzAdBgoJkiaJk/IsZAEBDA8zMTIzNDU2Nzg5MDAwMDMxDTALBgNVBAwMBDExMTEx DDAKBgNVBBoMA1RTVDEMMAoGA1UEDwwDVFNUMAoGCCqGSM49BAMCA0gAMEUCIQCJ bnRkFWRGFymr/HW84klYXSoxQLe8yuhewNOD86OdKQIgEeuUUbMzr2C5VGTKAOFo ia4a0ZuZLVXe3JGRUtmvLZk= -----END CERTIFICATE REQUEST-----''';
the error is Tag 164 is not supported yet
thanks and best regards.