Closed filipap closed 3 years ago
@YuryStrozhevsky Root CA (self-signed certificate):
-----BEGIN CERTIFICATE-----
MIICmDCCAh+gAwIBAgIUeEALKbTjI01jFQyx562XlfncCqIwCgYIKoZIzj0EAwMw
RjELMAkGA1UEBhMCUFQxFzAVBgNVBAoMDk1vYmlsZUlEX0lBX1BUMR4wHAYDVQQD
DBV2aGFzbGFiMDMuaW5lc2N0ZWMucHQwHhcNMjAwODI3MTUxMjEwWhcNMzUwODI0
MTUxMjEwWjBGMQswCQYDVQQGEwJQVDEXMBUGA1UECgwOTW9iaWxlSURfSUFfUFQx
HjAcBgNVBAMMFXZoYXNsYWIwMy5pbmVzY3RlYy5wdDB2MBAGByqGSM49AgEGBSuB
BAAiA2IABECZ/1vZmOV0Lhj9F20uotPrshdU3eVTxPh6//GwxmuN0TT/hAyAs405
6O4HrezS2UzZxJEXpmmho4gj6tyMGAkZKQ2xIvLp6WoT6BwrwsFThMqJxrCNIfn5
6iNwF4lC7aOBzTCByjAdBgNVHQ4EFgQUFrmTNbAk6pHHzO4a+BBgV1qJmPAwCwYD
VR0PBAQDAgEGMD0GA1UdEgQ2MDSBE2NvbnRhY3RAbW9iaWxlaWQucHSGHWh0dHBz
Oi8vdmhhc2xhYjAzLmluZXNjdGVjLnB0MBIGA1UdEwEB/wQIMAYBAf8CAQAwSQYD
VR0fBEIwQDA+oDygOoY4aHR0cHM6Ly92aGFzbGFiMDUuaW5lc2N0ZWMucHQvdjIv
Y3Jscy9Nb2JpbGVJRF9JQV9QVC5kZXIwCgYIKoZIzj0EAwMDZwAwZAIwKZunNfR4
W2ydP3RmXG0as1cJqDx/wl5TRrS1lOnbrjwK4jhp5aJdp33j4bEKMZGKAjBPheaY
NaA5ekK3KIJIlRa9gNY7QPjWvMKSLT/m0XRzESNUW79NHuIs/rYHiMWAzgA=
-----END CERTIFICATE-----
Digital Signature certificate:
-----BEGIN CERTIFICATE-----
MIICyjCCAlGgAwIBAgIUfbcIFNPXrw0k0DSC8P9Ft+b7E/MwCgYIKoZIzj0EAwMw
RjELMAkGA1UEBhMCUFQxFzAVBgNVBAoMDk1vYmlsZUlEX0lBX1BUMR4wHAYDVQQD
DBV2aGFzbGFiMDMuaW5lc2N0ZWMucHQwHhcNMjAwODMxMTcxMDI2WhcNMjEwODMx
MTcxMDI2WjBGMQswCQYDVQQGEwJQVDEXMBUGA1UECgwOTW9iaWxlSURfSUFfUFQx
HjAcBgNVBAMMFXZoYXNsYWIwMy5pbmVzY3RlYy5wdDB2MBAGByqGSM49AgEGBSuB
BAAiA2IABDgVl7XS24j/mhLuefw+DoKcDh0Af0IS8cS5KAz4tk2RyCH5QuUPuX0c
J5AUjCTYCMxaXmJb973vigTzv/6gVLvDD1Hp+z0qR+vrwYEUb4Idr9eLMrVEdI9J
PL3rZQjNHaOB/zCB/DAfBgNVHSMEGDAWgBQWuZM1sCTqkcfM7hr4EGBXWomY8DAd
BgNVHQ4EFgQUnX3YlszQUX1202l8EPGZrvcHfvIwDgYDVR0PAQH/BAQDAgeAMD0G
A1UdEgQ2MDSBE2NvbnRhY3RAbW9iaWxlaWQucHSGHWh0dHBzOi8vdmhhc2xhYjAz
LmluZXNjdGVjLnB0MBIGA1UdJQQLMAkGByiBjF0FAQIwDAYDVR0TAQH/BAIwADBJ
BgNVHR8EQjBAMD6gPKA6hjhodHRwczovL3ZoYXNsYWIwNS5pbmVzY3RlYy5wdC92
Mi9jcmxzL01vYmlsZUlEX0lBX1BULmRlcjAKBggqhkjOPQQDAwNnADBkAjBNz4Pk
j8f772IgCxoUfIBNxeYtirbO2FdR/PDZTrF4IW8SIQqKNBJHXP2QvLu5QEgCMCLQ
9OKs233/2dbH3Gbx1jBVbY1IaqpmWucdgvUGZ/79aVlgKQ64QXZcWPRwQyRnPA==
-----END CERTIFICATE-----
the code I use to verify:
let root_cert_der = decodeCert(root_cert_pem);
let ds_cert_der = decodeCert(ds_cert_pem);
let trustedCertificates = [];
let certificates_to_verify = [];
let crls = [];
trustedCertificates.push(root_cert_der);
certificates_to_verify.push(ds_cert_der);
const certChainVerificationEngine = new pkijs.CertificateChainValidationEngine({
trustedCertificates,
certs: certificates_to_verify,
crls
});
let result = await certChainVerificationEngine.verify();
function decodeCert:
function decodeCert(pem) {
if(typeof pem !== 'string') {
throw new Error('Expected PEM as string');
}
// Load certificate in PEM encoding (base64 encoded DER)
const b64 = pem.replace(/(-----(BEGIN|END) CERTIFICATE-----|[\n\r])/g, '');
// Now that we have decoded the cert it's now in DER-encoding
const der = Buffer.from(b64, 'base64');
// And massage the cert into a BER encoded one
const ber = new Uint8Array(der).buffer;
// And now Asn1js can decode things
const asn1 = asn1js.fromBER(ber);
return new pkijs.Certificate({ schema: asn1.result });
}
I have tested it using this live example - all works fine with decoded (binary) data. So, I do suspect you have troubles decoding BASE-64. There were a number of similar issues, check this one for example. You could also search for "BASE-64" in closed issues.
I have tested it using this live example - all works fine with decoded (binary) data. So, I do suspect you have troubles decoding BASE-64. There were a number of similar issues, check this one for example. You could also search for "BASE-64" in closed issues.
After some researching inside https://github.com/PeculiarVentures/PKI.js/issues/208, I followed your suggestion and I changed the base64 decode function from this:
const der = Buffer.from(b64, 'base64');
const ber = new Uint8Array(der).buffer;
to this (used by the lib as well):
const ber = pvutils.stringToArrayBuffer(pvutils.fromBase64(b64))
And it worked absolutely fine! 😄 Thank you so much for your patience!
Good morning, i'm using pkijs on my ionic cli v5 app. When I use the CertificateChainValidationEngine to verify the certificate chain, it always gives me that error:
After some researching i found that issue, https://github.com/PeculiarVentures/PKI.js/issues/259, and I imported the lib @peculiar/webcrypto. However it still fails. Any suggestion? (PS. Ionic apps runs over nodejs)