search

kjur / jsrsasign

The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES and JSON Web Signature/Token in pure JavaScript.
https://kjur.github.io/jsrsasign
Other
3.25k stars 645 forks source link

Certificate creation fails with IPv4 mapped IPv6 address #537

Closed augjoh closed 2 years ago

augjoh commented 2 years ago

When generating a certificate with an IPv4 mapped IPv6 address, an error is emitted:

> node test/jsrsasign-112.js
ipStr is IPv6: true
malformed IP address
(Use `node --trace-uncaught ...` to show where the exception was thrown)

Sample code:

> cat test/jsrsasign-112.js 
#!/usr/bin/env node

const net = require('node:net');
const jsrsasign = require('jsrsasign');

let ipStr = '::ffff:10.11.12.13';
console.log(`ipStr is IPv6: ${net.isIPv6(ipStr)}`);

let keypair = jsrsasign.KEYUTIL.generateKeypair('EC', 'secp256r1');
let params = {
    serial: 1,
    sigalg: {name: 'SHA256withECDSA'},
    issuer: {str: `/CN=${ipStr}`},
    notbefore: jsrsasign.datetozulu(new Date(Date.now())),
    notafter: jsrsasign.datetozulu(new Date(Date.now() + 1000 * 60 * 15)),
    subject: {str: `/CN=${ipStr}`},
    sbjpubkey: keypair.pubKeyObj,
    ext: [
        { extname: '1.3.6.1.5.5.7.1.31', critical: true, extn: '0500' },
        { extname: 'subjectAltName', array: [{'ip': `${ipStr}`}] }
    ],
    cakey: keypair.prvKeyObj
};
let cert = new jsrsasign.asn1.x509.Certificate(params);
console.log(`cert: ${cert.getPEM()}`);
kjur commented 2 years ago

There is no plan to support IPv4 mapped IPv6 address. Please use IPv4 address instead. Thank you.