Can't parse PEM certificate

[alecapu80]

Hi I've a issue with a PEM certificate:

My code: const fs = require('fs'); const { Certificate, PrivateKey } = require('@fidm/x509'); const ed25519Cert = Certificate.fromPEM(fs.readFileSync('../data/device_cert.pem'));

Exception: /test/node_modules/@fidm/asn1/build/asn1.js:751 throw err; ^

Error: ASN.1 object validate failure for authorityKeyIdentifier.value: error tag BOOLEAN at ASN1.validate (/test/node_modules/@fidm/asn1/build/asn1.js:934:20) at ASN1.validate (/test/node_modules/@fidm/asn1/build/asn1.js:943:43) at Function.parseDERWithTemplate (/test/node_modules/@fidm/asn1/build/asn1.js:748:25) at decodeExtAuthorityKeyIdentifier (/test/node_modules/@fidm/x509/build/x509.js:652:34) at certificateExtensionFromAsn1 (/test/node_modules/@fidm/x509/build/x509.js:502:13) at certificateExtensionsFromAsn1 (/test/node_modules/@fidm/x509/build/x509.js:456:22) at new Certificate (/test/node_modules/@fidm/x509/build/x509.js:310:31) at Function.fromPEMs (/test/node_modules/@fidm/x509/build/x509.js:252:24) at Function.fromPEM (/test/node_modules/@fidm/x509/build/x509.js:264:28) at Object. (/test/test.js:5:33)

My certificate is a standard certificate generated with openssl and other tools are able to parse and open.

Can you support me?

Alessandro

[matthiasradde]

Hello,

same problem here with a certificate that openssl is able to parse.

Added some debug-output to "validate(..." within "asn1/build/asn1.js":

/********************************************/
console.log('==========================');
console.log(tpl);
console.log('--------------------------');
console.log(tpl.name);
console.log('--------------------------');
console.log(tpl.class);
console.log('--------------------------');
console.log(tpl.tag);
console.log('--------------------------');
console.log(this.class);
console.log('--------------------------');
console.log(this.tag);
console.log('==========================');
/********************************************/

with this output

[...]
==========================
{ name: 'authorityKeyIdentifier.value',
  class: 128,
  tag: 0,
  capture: 'authorityKeyIdentifier' }
--------------------------
authorityKeyIdentifier.value
--------------------------
128
--------------------------
0
--------------------------
128
--------------------------
1
==========================

As "1" is not in in the Array "[0]" the mentioned error is raised.

With another certificate the module is able to decode/analyze the structure successful. So it seems to be an error/problem depending on the certificate. The working certificate was a

• Signature Algorithm: sha256WithRSAEncryption
• Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit)
• Signature Algorithm: sha256WithRSAEncryption

whereas the problematic certificate was a

• Signature Algorithm: ecdsa-with-SHA256
• Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit)
• Signature Algorithm: ecdsa-with-SHA256

If needed I can attach the certificate?

Best regards Matthias