Closed xomilders closed 3 years ago
BTW, this is the structure I am attempting to create: goal.txt
I fiddled with it a bit, and this code seems to get close to the mark:
`var altNames = new pkijs.AltName({
altNames: [
new pkijs.GeneralName({
type: 1, // rfc822Name
value: email
}),
new pkijs.GeneralName({
type: 0, // Other Name
value:
new asn1js.ObjectIdentifier({ value: "1.3.6.1.4.1.311.20.2.3" })
}),
new pkijs.GeneralName({
type: 0, // Other Name
value:
new asn1js.Utf8String({ value: upn })
})
]
});
var altNamesExt = new pkijs.Extension({
extnID: "2.5.29.17",
critical: false,
extnValue: altNames.toSchema().toBER(false)
});`
It produces this structure, which while seemingly close, is clearly wrong (right hand side is correct):
Thanks,
Seth Milder
const altName = new pkijs.GeneralNames({
names: [
new pkijs.GeneralName({
type: 0,
value: new asn1js.Sequence({
value: [
new asn1js.ObjectIdentifier({ value: "1.3.6.1.4.1.311.20.2.3" }),
new asn1js.Constructed({
idBlock: {
tagClass: 3,
tagNumber: 0 // [0]
},
value: [new asn1js.Utf8String({ value: "some other name" })],
}),
]
}).valueBlock,
}),
],
});
const altNameExt = new pkijs.Extension({
extnID: "2.5.29.17",
critical: false,
extnValue: altName.toSchema().toBER(),
parsedValue: altName,
});
const altNameRaw = altNameExt.toSchema().toBER();
302a0603551d1104233021a01f060a2b060104018237140203a0110c0f736f6d65206f74686572206e616d65
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.17 subjectAltName (X.509 extension)
OCTET STRING (35 byte) 3021A01F060A2B060104018237140203A0110C0F736F6D65206F74686572206E616D65
SEQUENCE (1 elem)
[0] (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2.3 universalPrincipalName (Microsoft UPN)
[0] (1 elem)
UTF8String some other name
This is fantastic! Thank you so much! It works perfectly now. You guys rock 🙂
Best, Seth
From: Miroshin Stepan @.> Sent: Wednesday, July 21, 2021 6:36 AM To: PeculiarVentures/PKI.js @.> Cc: Seth Milder @.>; Author @.> Subject: Re: [EXTERNAL] [PeculiarVentures/PKI.js] Adding the principal name of the subscriber in the SubjectAltName extension as a UPN (1.3.6.1.4.1.311.20.2.3) (#323)
JS
const altName = new pkijs.GeneralNames({ names: [ new pkijs.GeneralName({ type: 0, value: new asn1js.Sequence({ value: [ new asn1js.ObjectIdentifier({ value: "1.3.6.1.4.1.311.20.2.3" }), new asn1js.Constructed({ idBlock: { tagClass: 3, tagNumber: 0 // [0] }, value: [new asn1js.Utf8String({ value: "some other name" })], }), ] }).valueBlock, }), ], });
const altNameExt = new pkijs.Extension({ extnID: "2.5.29.17", critical: false, extnValue: altName.toSchema().toBER(), parsedValue: altName, });
const altNameRaw = altNameExt.toSchema().toBER();
Enoced raw (HEX)
302a0603551d1104233021a01f060a2b060104018237140203a0110c0f736f6d65206f74686572206e616d65
ASN.1
SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.29.17 subjectAltName (X.509 extension) OCTET STRING (35 byte) 3021A01F060A2B060104018237140203A0110C0F736F6D65206F74686572206E616D65 SEQUENCE (1 elem) [0] (2 elem) OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2.3 universalPrincipalName (Microsoft UPN) [0] (1 elem) UTF8String some other name
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_PeculiarVentures_PKI.js_issues_323-23issuecomment-2D884084836&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=d_hyPVrUocP59JCzVrCDIiiY0-SMdUuq1yGIg1cJCck&m=bAiFLyLvZdZhEy-qC-4_icy3TMH95spKJKaLgNKNSbY&s=Yz79hcEanEN2JkqvXKpfkZExoIAfl7cT0a3PXltGvkA&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_APPHDZ42BDG24M3VAQ6EPZ3TY2PJRANCNFSM5AKAUYEQ&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=d_hyPVrUocP59JCzVrCDIiiY0-SMdUuq1yGIg1cJCck&m=bAiFLyLvZdZhEy-qC-4_icy3TMH95spKJKaLgNKNSbY&s=Sw05VR1T3n0riQen6MflCvOWUtDW7BflIfOeADT4Lic&e=.
Hi,
I am using PKIJS to generate PKCS10 and am having a bit of a hard time determining precisely how to construct this OtherName value for 1.3.6.1.4.1.311.20.2.3 like so:
I have tried to figure out how to properly construct the OtherName, and I drew from this post, but I think maybe using a sequence is wrong (see https://stackoverflow.com/questions/44290311/how-can-the-upnname-user-principal-name-be-set-with-bouncycastle-x509v3certifi). I have tried adding the ObjectIdentifier and the Utf8String as separate GeneralNames instead of using a sequence, but this is also not quite it.
Thank you for shedding any light on my issue and for all your efforts creating and maintaining PKIJS.
Best,
Seth Milder