search

PeculiarVentures / PKI.js

PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
http://pkijs.org
Other
1.25k stars 204 forks source link

Invalid I18N names in DN comparison result #309

Closed rviau42 closed 3 years ago

rviau42 commented 3 years ago

The following test causes wrong result for the DN comparison according to RFC5280-section 7 and RFC4518

https://github.com/PeculiarVentures/PKI.js/blob/8fd65c4c787f4c8153428e745edde888e637c582/src/AttributeTypeAndValue.js#L195

The flag isString is set to true only if this attribute type is the same as the compared attribute type. So in case of there is a UTF8String compared to PrintableString, the flag isString stays false and the code below will test the values as ArrayBuffer and because of the different type, it will always return false

https://github.com/PeculiarVentures/PKI.js/blob/8fd65c4c787f4c8153428e745edde888e637c582/src/AttributeTypeAndValue.js#L208-L222

microshine commented 3 years ago

Am I right?

SEQUENCE
  OBJECT_IDENTIFIER: 1.2.3.4.5
  UTF8String: test

it's equal to

SEQUENCE
  OBJECT_IDENTIFIER: 1.2.3.4.5
  PrintableString: test
rviau42 commented 3 years ago

You're right. It can look weird, but this is the behavior expected by RFCs