Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

access to custom extensions #1

Open
steffkes opened this issue Aug 16, 2018 · 3 comments
Open

access to custom extensions #1

steffkes opened this issue Aug 16, 2018 · 3 comments

Comments

@steffkes
Copy link
Contributor

i can imagine you never needed custom extensions, because for the certstream-server it's unusual to see them - but they do exist :) right now, i just know "it's there", but the library does not offer a way to access it:

iex> EasySSL.parse_der(cert)
%{
  extensions: %{
    extra: ["1.3.6.1.5.5.7.1.323.2", "1.3.6.1.5.5.7.1.323.1"],
  },
  subject: %{
    aggregated: "/CN=my_cn"
  },
  serial_number: "A"
}

using erlang's public_key library i can get it:

{:OTPCertificate, {:OTPTBSCertificate, _, _, _, _, _, _, _, _, _, extensions}, _, _} = 
  :public_key.pkix_decode_cert(cert, :otp)

Enum.filter(extensions, fn
  {:Extension, {1, 3, 6, 1, 5, 5, 7, 1, 323, 1}, _, _} -> true
  _ -> false
end) |> List.first()

Question is, do you see fit for the library or is it too special @Fitblip ? it'd probably include a bit code towards ASN1 handling - to get a least some meaningful values returned ..
@Fitblip
Copy link
Member

Fitblip commented Dec 30, 2018

Hey @steffkes - sorry for the long delay in getting back to you!

I'm not clear on exactly what you're proposing, can you clarify? Maybe an example certificate would help.

Thanks!

@steffkes
Copy link
Contributor Author

well now i'm the one with the late reply, sorry for that. i was playing around with client certificates back then and the situation would require some additional information to be stored within the certificate while all default/standard fields/properties were already in use and couldn't be misused (just to keep things simple).

so my question was actually about the fact that EasySSL would parse the certificate and obviously tell me, that the certificate does use some custom extensions but it didn't offer a way to access those values at all. i'd have to resort to erlang's public_key module, parse the certificate again to be able to get the values i'm interested in (like in the code example above).

maybe we could just parse those values and return them as part of the result? instead of a list of OIDs it could be a map:

%{
  extensions: %{
-    extra: ["1.3.6.1.5.5.7.1.323.2", "1.3.6.1.5.5.7.1.323.1"]
+    extra: %{
+      "1.3.6.1.5.5.7.1.323.2" => "some random value",
+      "1.3.6.1.5.5.7.1.323.1" => <<2, 0, 0, 0, 0, 0, 0, 29, 70, ..., 56, 10>>, 
+    }
  }
}

however the value of such a custom extension would be handled could/would be up to the user and not the libraries concern. thoughts?

@steffkes
Copy link
Contributor Author

i'm not really familiar with those github features, but @jgautsch reacted with a thumbs up to my initial post .. maybe he'd like to contribute his thoughts about this here as well?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@steffkes @Fitblip