Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate PKCS10 with SubjectAlternativeName containing a UPN #395

Open
reznik99 opened this issue Feb 25, 2024 · 0 comments
Open

Generate PKCS10 with SubjectAlternativeName containing a UPN #395

reznik99 opened this issue Feb 25, 2024 · 0 comments

Comments

@reznik99
Copy link

Hello,

I am trying generate a PKCS10 with a SubjectAlternativeName containing a UPN.

package.json

{
  "pkijs": "^3.0.15",
  "asn1js": "^3.0.5",
}

Code

try {
    const altNames = new pkijs.GeneralNames({
        names: [
            new pkijs.GeneralName({
                type: 0, // otherName
                value: new asn1js.Sequence({
                    value: [
                        new asn1js.ObjectIdentifier({ value: '1.3.6.1.4.1.311.20.2.3' }), // UPN oid
                        new asn1js.Constructed({
                            idBlock: {
                                tagClass: 3,
                                tagNumber: 0 // [0]
                            },
                            value: [new asn1js.Utf8String({ value: 'test2' })],
                        }),
                    ]
                }),
            }),
        ]
    })
    const extensions = new pkijs.Extension({
        extnID: pkijs.id_SubjectAltName,
        critical: false,
        extnValue: altNames.toSchema().toBER(),
    })
    console.log(extensions.toString('base64'))
} catch (err) {
    console.error(err)
}

Result

ASN1

SEQUENCE (2 elem)
  OBJECT IDENTIFIER 2.5.29.17 subjectAltName (X.509 extension)
  OCTET STRING (27 byte) 3019A0173015060A2B060104018237140203A0070C057465737432
    SEQUENCE (1 elem)
      [0] (1 elem)
        SEQUENCE (2 elem)
          OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2.3 userPrincipalName (Microsoft UPN)
          [0] (1 elem)
            UTF8String test2

Decoding tool

It appears that the code is generating an extra Sequence. Causing tools like https://redkestrel.co.uk/tools/decoder to fail to decode the value:

image

What I am trying to generate

ASN1

SEQUENCE (2 elem)
  OBJECT IDENTIFIER 2.5.29.17 subjectAltName (X.509 extension)
  OCTET STRING (52 byte) 3032A030060A2B060104018237140203A0220C206672616E636573636F2E676F72696E…
    SEQUENCE (1 elem)
      [0] (2 elem)
        OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2.3 userPrincipalName (Microsoft UPN)
        [0] (1 elem)
          UTF8String test2

Decoding tool

The CSR generated using another tool gives the following:

image

What am I doing wrong in the code snippet above?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@reznik99