search

PeculiarVentures / PKI.js

PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
http://pkijs.org
Other
1.3k stars 204 forks source link

AdobeTimestamp extension #266

Closed donskov closed 4 years ago

donskov commented 4 years ago

Related with https://github.com/PeculiarVentures/pv-certificates-viewer/issues/46 Class from https://www.adobe.com/devnet-docs/etk_deprecated/tools/DigSig/oids.html

Schema

AdobeTimestamp ::= SEQUENCE {
    version               INTEGER,
    location              GeneralName,
    requiresAuth          BOOLEAN (default false), OPTIONAL
}

Certificate with extension:

-----BEGIN CERTIFICATE-----
MIIGAzCCBOugAwIBAgIMGzvluEzRrEs+In+0MA0GCSqGSIb3DQEBCwUAMEsxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSEwHwYDVQQDExhH
bG9iYWxTaWduIENBIDIgZm9yIEFBVEwwHhcNMTkwMzEyMTU0ODEzWhcNMjIwMzEy
MTU0ODEzWjCBjjELMAkGA1UEBhMCR0IxDTALBgNVBAgTBEtlbnQxEjAQBgNVBAcT
CU1haWRzdG9uZTEfMB0GA1UEChMWR01PIEdsb2JhbFNpZ24gTGltaXRlZDESMBAG
A1UEAxMJTWFya2V0aW5nMScwJQYJKoZIhvcNAQkBFhhtYXJrZXRpbmdAZ2xvYmFs
c2lnbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqir7oUH1i
h/fzhGZMlWmnx3T6fdmC4vnFPb8eSkttoWWseQk1rK+1RQvMIxfZO69b/mLUSsmX
V5Gpe5vXlE9qRxX5svBJAn46JjFbdvQ+33Mst8s/IRnQO8YXZXUvGyYIR0+PHVP8
Y4THTPsR+LuVhzhiqqi7ErW5QrBV7trEbkJV+Wfyubmb1gtXAUYx88w+A35encBW
P50d3E7HUJZ56dq3WLNPtKpee4GVFWVCZfP9ST5zKgpknkaQloUAg3+kfEfW7Hnw
a+4IyzKoY1CWbMr3Yr6U15RKpvog0Vk5JzAouV7xhl34m491uoItb3e2TL77Yu0t
JU/dSWI7mN1NAgMBAAGjggKhMIICnTAOBgNVHQ8BAf8EBAMCBsAwgYgGCCsGAQUF
BwEBBHwwejBBBggrBgEFBQcwAoY1aHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNv
bS9jYWNlcnQvZ3NhYXRsMnNoYTJnMi5jcnQwNQYIKwYBBQUHMAGGKWh0dHA6Ly9v
Y3NwMi5nbG9iYWxzaWduLmNvbS9nc2FhdGwyc2hhMmcyMIHbBgNVHSAEgdMwgdAw
gc0GCysGAQQBoDIBKB4CMIG9MIGGBggrBgEFBQcCAjB6DHhUaGlzIGNlcnRpZmlj
YXRlIGhhcyBiZWVuIGlzc3VlZCBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIEdsb2Jh
bFNpZ24gQ1BTIGxvY2F0ZWQgYXQgaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20v
cmVwb3NpdG9yeS8wMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24u
Y29tL3JlcG9zaXRvcnkvMAkGA1UdEwQCMAAwPwYDVR0fBDgwNjA0oDKgMIYuaHR0
cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2FhdGwyc2hhMmcyLmNybDAjBgNV
HREEHDAagRhtYXJrZXRpbmdAZ2xvYmFsc2lnbi5jb20wXAYKKoZIhvcvAQEJAQRO
MEwCAQGGRGh0dHA6Ly9hYXRsLXRpbWVzdGFtcC5nbG9iYWxzaWduLmNvbS90c2Ev
YW9oZmV3YXQyMzg5NTM1Zm5hc2dubGc1bTIzAQEAMBMGA1UdJQQMMAoGCCsGAQUF
BwMEMB0GA1UdDgQWBBSo9UylHp5UFdCQk8HTUzilpwClJjAfBgNVHSMEGDAWgBTF
E07Oh8aJGyPoQON1MpsDcDrv7zANBgkqhkiG9w0BAQsFAAOCAQEASAUDaM8KjiUh
PMd0hFwJq11FdkUXnLmMRGGX/VEPIwwf27dmmjqk3/0Zh2OtR5EZBYSrsoYr7Rc9
mKRYIr+70zOoRnoQ8GPJDh4guC6D+SNVcOl2hcbNPd3sWFf4eeM+um3hXDPvwFRF
ULvPI/nWqyarEJxFIyGFjNOcXcFfUUIDTUUWxwFFKWFUzkyBMUtiaYttRqfHzvfo
NXZX92NZatsifzaVLME06I1OoTObNzpY8VOy5IF7lwxMguS12Yfd0pPGDX4dwmWt
X0Q7qMqrgl9bB3zUMnVycQ6n/CAWcuwdo+TD08zP2ztDv7G8Q250t2IAEWQXcbva
EWxwqIgKNQ==
-----END CERTIFICATE-----
coveralls commented 4 years ago

Coverage Status

Coverage increased (+0.03%) to 63.25% when pulling 40cf644182a75ea1c5abb9ddc0dcefc5414806ca on adobe-timestamp-extension into d33825de0186207d5d6f8913d28384b0f457dc68 on master.

YuryStrozhevsky commented 4 years ago

@donskov Hope today we discussed all via Skype. So I assume you will close the PR.

rmhrisk commented 4 years ago

Out of curiosity why not handle the extension explicitly as in this PR?

donskov commented 4 years ago

@YuryStrozhevsky sad that:

  1. this extension is deprecated
  2. this extension not common
  3. this extension not hard and doesn't need to use schema. Use the output from asn1js and parse it

I think we can keep this extension on pkijs, but I am not this package maintainer

rmhrisk commented 4 years ago
  1. It is only used by Acrobat, but is still in use and supported
  2. It is not common, mainly because of the limited use of AATL signing
  3. It is not hard.

Personally I would include it in PKIjs, we have many other extensions, some that are not standards, but I dont feel super strongly as long as pv-certificate-viewer supports it.

donskov commented 4 years ago

@rmhrisk Agree with you @YuryStrozhevsky What do you think?

YuryStrozhevsky commented 4 years ago

I would like to prevent pkijs from including a garbage. The extension is only needed to show a values on certificate viewer, nothing else. There would be no application that would change or make the application. The other garbage-like extensions were included by a request from Mozilla. Now it is only an internal request and we do can prevent pkijs from including unnecessary code.

rmhrisk commented 4 years ago

The reason this extension is used is to enable applications that do signing to pick a timestamp service that should be used for that signature. The display of the extension is really just a diagnostic.

I can accept it not being in PKIjs but when we do that we just need to be sure we apply the rules holistically on what is in vs out.

Many of the MSFT extensions, such as templates are "garbage" to a degree as well, they are used more than this one given Microsoft's ubiquity though.

In any event im fine with this outcome but want to make sure we apply rules uniformly.