Object's schema was not verified against input data for CERT

[3goats]

Hi I've adapted the HTML certificate parser code to use nodejs from here:

https://github.com/GlobalSign/PKI.js/blob/master/examples/certificate-decode-example.html

However, I keep getting Error: Object's schema was not verified against input data for CERT

Obviously, theres a schema verification issue thats seems to be specific to node JS.

Am I missing something here ?

Error: Object's schema was not verified against input data for CERT
    at in_window.org.pkijs.simpl.CERT.fromSchema (/Users/Development/electron/electron-remote/app/node_modules/pkijs/org/pkijs/x509_simpl.js:3912:19)
    at new in_window.org.pkijs.simpl.CERT (/Users/Development/electron/electron-remote/app/node_modules/pkijs/org/pkijs/x509_simpl.js:3854:65)
    at getCertificateData (/Users/Development/electron/electron-remote/app/parse_cert_2.js:107:24)
    at Object.<anonymous> (/Users/Development/electron/electron-remote/app/parse_cert_2.js:214:13)
    at Module._compile (module.js:413:34)
    at Object.Module._extensions..js (module.js:422:10)
    at Module.load (module.js:357:32)
    at Function.Module._load (module.js:314:12)
    at Function.Module.runMain (module.js:447:10)
    at startup (node.js:142:18)

var merge = require("node.extend");

var common = require("asn1js/org/pkijs/common");
var _asn1js = require("asn1js");
var _pkijs = require("pkijs");
var _x509schema = require("pkijs/org/pkijs/x509_schema");

// #region Merging function/object declarations for ASN1js and PKIjs
var asn1js = merge(true, _asn1js, common);

var x509schema = merge(true, _x509schema, asn1js);

var pkijs_1 = merge(true, _pkijs, asn1js);
var pkijs = merge(true, pkijs_1, x509schema);

certb = `-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----`

//console.log(certb)


    function getCertificateData()
    {
        // function to convert certificate serial from buffer array if needed
        function toHexCodes(input_buffer)
        {
            var result = "";
            var int_buffer = new Uint8Array(input_buffer);

            for(var i = 0; i < int_buffer.length; i++)
            {
                var str = int_buffer[i].toString(16).toUpperCase();
                result = result + ((str.length === 1) ? " 0" : " ") + str;
            }
            return result;
        };

        // function to convert string to ArrayBuffer
        function str2ab(str)
        {
            var buf = new ArrayBuffer(str.length);
            var bufView = new Uint8Array(buf);

            for(var i = 0, strLen = str.length; i < strLen; i++)
                bufView[i] = str.charCodeAt(i);

            return buf;
        };

        // strip certificate header/footer from PEM
       //     var CertPEM = document.getElementById("pem-text-block").value.replace(/(-----(BEGIN|END) CERTIFICATE-----|\n)/g, ''),


            var CertPEM = certb.replace(/(-----(BEGIN|END) CERTIFICATE-----|\n)/g, ''),

        CertBuf = str2ab(CertPEM),     // convert stripped PEM to ArrayBuffer
            algomap = {
                "1.2.840.113549.2.1": "MD2",
                "1.2.840.113549.1.1.2": "MD2 with RSA",
                "1.2.840.113549.2.5": "MD5",
                "1.2.840.113549.1.1.4": "MD5 with RSA",
                "1.3.14.3.2.26": "SHA1",
                "1.2.840.10040.4.3": "SHA1 with DSA",
                "1.2.840.10045.4.1": "SHA1 with ECDSA",
                "1.2.840.113549.1.1.5": "SHA1 with RSA",
                "2.16.840.1.101.3.4.2.4": "SHA224",
                "1.2.840.113549.1.1.14": "SHA224 with RSA",
                "2.16.840.1.101.3.4.2.1": "SHA256",
                "1.2.840.113549.1.1.11": "SHA256 with RSA",
                "2.16.840.1.101.3.4.2.2": "SHA384",
                "1.2.840.113549.1.1.12": "SHA384 with RSA",
                "2.16.840.1.101.3.4.2.3": "SHA512",
                "1.2.840.113549.1.1.13": "SHA512 with RSA"
            };       // array mapping of common algorithm OIDs and corresponding types


        // calls to convert b64 PEM cert to an array in the variable 'cert_simpl'
      var asn1 = pkijs.org.pkijs.fromBER(CertBuf);
      var cert_simpl = new pkijs.org.pkijs.simpl.CERT({ schema: asn1.result });



        // checks if serial is hex or not, converts value if it is hex
        if(cert_simpl.serialNumber.value_block.is_hex_only == true)
            //document.getElementById("serial").innerHTML = toHexCodes(cert_simpl.serialNumber.value_block.value_hex);
            console.log(toHexCodes(cert_simpl.serialNumber.value_block.value_hex))
        else
            //document.getElementById("serial").innerHTML = cert_simpl.serialNumber.value_block.value_dec;
        console.log(cert_simpl.serialNumber.value_block.value_dec)

        //document.getElementById("cert-subject").innerHTML = "";

        // loop to get the subject key and values
        for(var i = 0; i < cert_simpl.subject.types_and_values.length; i++)
        {
            // OID map
            var typemap = {
                    "2.5.4.6": "C",
                    "2.5.4.10": "OU",
                    "2.5.4.11": "O",
                    "2.5.4.3": "CN",
                    "2.5.4.7": "L",
                    "2.5.4.8": "S",
                    "2.5.4.12": "T",
                    "2.5.4.42": "GN",
                    "2.5.4.43": "I",
                    "2.5.4.4": "SN"
                },
                typeval = typemap[cert_simpl.subject.types_and_values[i].type],
                subjval = cert_simpl.subject.types_and_values[i].value.value_block.value,
                ulrow = "<li><p><span>"+typeval+"</span> "+subjval+"</p></li>";

         //   document.getElementById("cert-subject").innerHTML = document.getElementById("cert-subject").innerHTML + ulrow;
            console.log(ulrow)
            if(typeval == "CN")
         //       document.getElementById("cert-subject-cn").innerHTML = subjval;
            console.log(subjval)
        };

 //       document.getElementById("cert-exten").innerHTML = "";

        // loop to get extensions
        for(var i = 0; i < cert_simpl.extensions.length; i++)
        {
            // OID map
            var extenmap = {
                    "2.5.29.1": "old Authority Key Identifier",
                    "2.5.29.2": "old Primary Key Attributes",
                    "2.5.29.3": "Certificate Policies",
                    "2.5.29.4": "Primary Key Usage Restriction",
                    "2.5.29.9": "Subject Directory Attributes",
                    "2.5.29.14": "Subject Key Identifier",
                    "2.5.29.15": "Key Usage",
                    "2.5.29.16": "Private Key Usage Period",
                    "2.5.29.17": "Subject Alternative Name",
                    "2.5.29.18": "Issuer Alternative Name",
                    "2.5.29.19": "Basic Constraints",
                    "2.5.29.28": "Issuing Distribution Point",
                    "2.5.29.29": "Certificate Issuer",
                    "2.5.29.30": "Name Constraints",
                    "2.5.29.31": "CRL Distribution Points",
                    "2.5.29.32": "Certificate Policies",
                    "2.5.29.33": "Policy Mappings",
                    "2.5.29.35": "Authority Key Identifier",
                    "2.5.29.36": "Policy Constraints",
                    "2.5.29.37": "Extended key usage",
                    "2.5.29.54": "X.509 version 3 certificate extension Inhibit Any-policy"
                },
                extenval = extenmap[cert_simpl.extensions[i].extnID],
                extenrow = "<li><p>"+extenval+"</p></li>";

       //     document.getElementById("cert-exten").innerHTML = document.getElementById("cert-exten").innerHTML + extenrow;
            console.log(extenrow)
        };

        var asn1_publicKey = org.pkijs.fromBER(cert_simpl.subjectPublicKeyInfo.subjectPublicKey.value_block.value_hex),
            rsa_publicKey_simple = new org.pkijs.simpl.x509.RSAPublicKey({ schema: asn1_publicKey.result }),
            modulus_view = new Uint8Array(rsa_publicKey_simple.modulus.value_block.value_hex),
            modulus_bit_length = 0;

        if(modulus_view[0] === 0x00)
            modulus_bit_length = (rsa_publicKey_simple.modulus.value_block.value_hex.byteLength - 1) * 8;
        else
            modulus_bit_length = rsa_publicKey_simple.modulus.value_block.value_hex.byteLength * 8;

        var publicExponent_bit_length = rsa_publicKey_simple.publicExponent.value_block.value_hex.byteLength * 8;

        console.log(publicExponent_bit_length)

     //   document.getElementById("keysize").innerHTML = modulus_bit_length;
        console.log(modulus_bit_length)

        // get issuance date
     //   document.getElementById("issued").innerHTML = cert_simpl.notBefore.value.toUTCString();
        console.log(cert_simpl.notBefore.value.toUTCString())

        // get expiration date
      //  document.getElementById("expire").innerHTML = cert_simpl.notAfter.value.toUTCString();
        console.log(cert_simpl.notAfter.value.toUTCString())

        // get signature algorithm
     //   document.getElementById("sig-algo").innerHTML = algomap[cert_simpl.signatureAlgorithm.algorithm_id];
     //   document.getElementById("cert-data-block").style.display = "block";
        console.log(algomap[cert_simpl.signatureAlgorithm.algorithm_id])
    }
console.log(getCertificateData())

[YuryStrozhevsky]

You missed "BASE64 to raw data" conversion. So, before this line:

CertBuf = str2ab(CertPEM),     // convert stripped PEM to ArrayBuffer

you need to put convestion to raw data.

[3goats]

So I tried this:

binary = new Buffer(CertPEM,'base64’) but now it throws:

/Users/cbourne/Development/electron/electron-remote/app/parse_cert_2.js:74
                bufView[i] = str.pkijs.charCodeAt(i);
                                      ^

TypeError: Cannot read property 'charCodeAt' of undefined
    at str2ab (/Users/cbourne/Development/electron/electron-remote/app/parse_cert_2.js:74:39)
    at getCertificateData (/Users/cbourne/Development/electron/electron-remote/app/parse_cert_2.js:85:19)
    at Object.<anonymous> (/Users/cbourne/Development/electron/electron-remote/app/parse_cert_2.js:214:1)
    at Module._compile (module.js:413:34)
    at Object.Module._extensions..js (module.js:422:10)
    at Module.load (module.js:357:32)
    at Function.Module._load (module.js:314:12)
    at Function.Module.runMain (module.js:447:10)
    at startup (node.js:142:18)
    at node.js:939:3

On 13 Apr 2016, at 19:00, Yury Strozhevsky notifications@github.com wrote:

You missed "BASE64 to raw data" conversion. So, before this line:

CertBuf = str2ab(CertPEM), // convert stripped PEM to ArrayBuffer
you need to put convestion to raw data.

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub #16 (comment)

[3goats]

OK, this did it for me. Thanks.

var raw = new Buffer(CertPEM, 'base64').toString('binary');