Crash with UTF8String in Subject (akash provider certificates)

[xloem]

Hosting providers with the akash network use certificates that crash asn1crypto:

import oscrypto.keys, ssl
cert_bytes = ssl.get_server_certificate(('dcnorse.ddns.net', 8443)).encode()
cert_oscrypto = oscrypto.keys.parse_certificate(cert_bytes)
print(cert_oscrypto.subject.human_friendly)

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/user/.local/lib/python3.10/site-packages/asn1crypto/x509.py", line 1106, in human_friendly
    data[field_name] = type_val['value']
  File "/home/user/.local/lib/python3.10/site-packages/asn1crypto/core.py", line 3536, in __getitem__
    raise e
  File "/home/user/.local/lib/python3.10/site-packages/asn1crypto/core.py", line 3531, in __getitem__
    return self._lazy_child(key)
  File "/home/user/.local/lib/python3.10/site-packages/asn1crypto/core.py", line 3478, in _lazy_child
    child = self.children[index] = _build(*child)
  File "/home/user/.local/lib/python3.10/site-packages/asn1crypto/core.py", line 5572, in _build
    raise ValueError(unwrap(
ValueError: Error parsing asn1crypto.core.UTF8String - tag should have been 12, but 19 was found
    while parsing asn1crypto.x509.NameTypeAndValue

also this:

import asn1crypto, ssl
cert_bytes = ssl.get_server_certificate(('dcnorse.ddns.net', 8443)).encode()
cert_asn1crypto = asn1crypto.x509.Certificate.load(cert_bytes)

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/user/.local/lib/python3.10/site-packages/asn1crypto/core.py", line 230, in load
    value, _ = _parse_build(encoded_data, spec=spec, spec_params=kwargs, strict=strict)
  File "/home/user/.local/lib/python3.10/site-packages/asn1crypto/core.py", line 5676, in _parse_build
    return (_build(*info, spec=spec, spec_params=spec_params), new_pointer)
  File "/home/user/.local/lib/python3.10/site-packages/asn1crypto/core.py", line 5572, in _build
    raise ValueError(unwrap(
ValueError: Error parsing asn1crypto.x509.Certificate - tag should have been 16, but 13 was found

[joernheissler]

Hello,

cert_bytes = ssl.get_server_certificate(('dcnorse.ddns.net', 8443)).encode()
cert_asn1crypto = asn1crypto.x509.Certificate.load(cert_bytes)

This won't work because load expects a BER/DER encoded value, but you're supplying PEM.

This will suffice to reproduce your issue:

from asn1crypto.x509 import NameTypeAndValue
ntav = NameTypeAndValue.load(bytes.fromhex("300f06056781050206130676302e302e31"))
ntav.native

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3/dist-packages/asn1crypto/core.py", line 4044, in native
    self._parse_children(recurse=True)
  File "/usr/lib/python3/dist-packages/asn1crypto/core.py", line 3988, in _parse_children
    raise e
  File "/usr/lib/python3/dist-packages/asn1crypto/core.py", line 3960, in _parse_children
    child = _build(*child)
            ^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/asn1crypto/core.py", line 5572, in _build
    raise ValueError(unwrap(
ValueError: Error parsing asn1crypto.core.UTF8String - tag should have been 12, but 19 was found
    while parsing asn1crypto.x509.NameTypeAndValue

What you've got is a platform_version name type with a PrintableString value.

https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf has:

PlatformVersion ATTRIBUTE ::= {
    WITH SYNTAX UTF8String (SIZE (1..STRMAX))
    ID tcg-at-platformVersion }

Your certificate is incorrect.

But this looks like something that might happen more often, perhaps asn1crypto should ignore this kind of error.

#260 is related to this.

[wbond]

It seems encoders like to just drop random string types into Name objects. :-\