Add support for Qualified Certificate Statements (qcStatements) (1.3.6.1.5.5.7.1.3)

[april]

You can see a cert with this here:
https://www.zijnjullieeraluit.nl/

Here is the object:

{
  "extnID": "1.3.6.1.5.5.7.1.3",
  "extnValue": {
    "blockName": "OctetString",
    "blockLength": 96,
    "error": "",
    "warnings": [],
    "valueBeforeDecode": "045E305C3008060604008E4601013013060604008E4601063009060704008E46010603303B060604008E4601053031302F162968747470733A2F2F7777772E71756F7661646973676C6F62616C2E636F6D2F7265706F7369746F72791302656E",
    "idBlock": {
      "blockName": "identificationBlock",
      "blockLength": 1,
      "error": "",
      "warnings": [],
      "valueBeforeDecode": "",
      "isHexOnly": false,
      "valueHex": "",
      "tagClass": 1,
      "tagNumber": 4,
      "isConstructed": false
    },
    "lenBlock": {
      "blockName": "lengthBlock",
      "blockLength": 1,
      "error": "",
      "warnings": [],
      "valueBeforeDecode": "",
      "isIndefiniteForm": false,
      "longFormUsed": false,
      "length": 94
    },
    "valueBlock": {
      "blockName": "OctetStringValueBlock",
      "blockLength": 94,
      "error": "",
      "warnings": [],
      "valueBeforeDecode": "",
      "isIndefiniteForm": false,
      "value": [],
      "isHexOnly": true,
      "valueHex": "305C3008060604008E4601013013060604008E4601063009060704008E46010603303B060604008E4601053031302F162968747470733A2F2F7777772E71756F7661646973676C6F62616C2E636F6D2F7265706F7369746F72791302656E",
      "isConstructed": false
    }
  }
}

For more information, see:
https://tools.ietf.org/html/rfc3739.html
https://www.etsi.org/deliver/etsi_ts/101800_101899/101862/01.03.03_60/ts_101862v010303p.pdf

Thanks as always!

[YuryStrozhevsky]

@april April, this is a "rare used" extension with a more or less primitive encoding in there:

SEQUENCE {
   SEQUENCE {
     OBJECT IDENTIFIER etsiQcsCompliance (0 4 0 1862 1 1)
     }
   SEQUENCE {
     OBJECT IDENTIFIER '0 4 0 1862 1 6'
     SEQUENCE {
       OBJECT IDENTIFIER '0 4 0 1862 1 6 3'
       }
     }
   SEQUENCE {
     OBJECT IDENTIFIER '0 4 0 1862 1 5'
     SEQUENCE {
       SEQUENCE {
         IA5String  'https://www.quovadisglobal.com/repository'
         PrintableString 'en'
         }
       }
     }
   }

Do you really need support from PKI.js for such data? From my PoV I think you could use only ASN1js decoding features: it would not provide your a schema verification, but you will have all necessary data in there.

const asn1 = asn1js.fromBER(buffer);

[rmhrisk]

Let’s add it, it’s becoming more common.

[april]

The EU seems to be on a push to use it, and they just released a Firefox extension that depends upon it. I honestly didn’t know it existed until then. :)

[YuryStrozhevsky]

@april I made changes, but want to warn you that it is almost useless - in the extension mandatory part is id only, all remaining is id-dependant and could not be parsed correctly on PKI.js side. Thus in any case you would need to work with ASN1js values in your client.