search

kjur / jsrsasign

The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES and JSON Web Signature/Token in pure JavaScript.
https://kjur.github.io/jsrsasign
Other
3.25k stars 646 forks source link

X509 method getExtKeyUsage() not returning the critical flag value #611

Closed robcordes closed 7 months ago

robcordes commented 7 months ago
image

cert file is in PEM format attached. Extension renamed to txt due to Git not wanting to upload pem files through the gui.

PKIO-issued-client.t05i0014ru075.idd.mindef.nl.txt

kjur commented 7 months ago

getExtKeyUsage() seems to return proper value for the certificate.

> x.getExtKeyUsage()
{
  extname: 'keyUsage',
  critical: true,
  names: [ 'digitalSignature', 'keyEncipherment' ]
}
robcordes commented 7 months ago

Hi, Thanks for getting back to me. However it is the getExtExtKeyUsage() method for the extend keyusages extension that I am referring.

Beste regards,

Rob Cordes

On Feb 9, 2024, at 01:28, Kenji Urushima @.***> wrote:

getExtKeyUsage(

kjur commented 7 months ago

getExtExtKeyUsage() returns proper value as following:

> x.getExtExtKeyUsage()
{ extname: 'extKeyUsage', array: [ 'clientAuth', 'serverAuth' ] }

I've confirmed that the certificate has no critical flag for extKeyUsage.

robcordes commented 7 months ago

Then wouldn’t you agree that one would have false returned and true when set ?Sent from my mobileOn 9 Feb 2024, at 08:48, Kenji Urushima @.***> wrote: getExtExtKeyUsage() returns proper value as following:

x.getExtExtKeyUsage() { extname: 'extKeyUsage', array: [ 'clientAuth', 'serverAuth' ] }

That certificate has no critical flag for extKeyUsage.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>

kjur commented 7 months ago

Yes, that means no critical flag for extKeyUsage.

robcordes commented 7 months ago

Allright then this is according to spec then. A bit weird though as when an attribute takes false of true as a boolean, one would expect the attribute to be always present. Anyway if this the expected behavior then that is okay of course. Thanks.

Best regards,

Rob Cordes

On Feb 9, 2024, at 10:56, Kenji Urushima @.***> wrote:

Yes, that means no critical flag for extKeyUsage.

— Reply to this email directly, view it on GitHub https://github.com/kjur/jsrsasign/issues/611#issuecomment-1935630113, or unsubscribe https://github.com/notifications/unsubscribe-auth/AENQQRGCKOXMJQFSS3S4PS3YSXXEXAVCNFSM6AAAAABDABHU7KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZVGYZTAMJRGM. You are receiving this because you authored the thread.