Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid CSR when initialized from a decoded base64 string #150

Closed
mkarklins opened this issue Nov 3, 2017 · 1 comment
Closed

Invalid CSR when initialized from a decoded base64 string #150

mkarklins opened this issue Nov 3, 2017 · 1 comment

Comments

@mkarklins
Copy link

mkarklins commented Nov 3, 2017
edited
Loading 

require 'openssl'
require 'base64'

# Build the CSR
key = OpenSSL::PKey::RSA.new(1024)
request = OpenSSL::X509::Request.new
request.subject = OpenSSL::X509::Name.new([['CN', "common_name",  OpenSSL::ASN1::UTF8STRING]])
request.public_key = key.public_key
request.sign(key, OpenSSL::Digest::SHA1.new)

# One request is decoded from a `encode64` the other one is from `strict_encode64`
decoded = Base64.decode64(Base64.encode64(request.to_der))
strictly_decoded = Base64.decode64(Base64.strict_encode64(request.to_der))

# Both strings are decoded identically
decoded == strictly_decoded #=> true
# .. even on byte level
decoded.split(//) == strictly_decoded.split(//) #= true

OpenSSL::X509::Request.new(decoded) #=> OpenSSL::X509::RequestError: invalid certificate request data
OpenSSL::X509::Request.new(strictly_decoded) #=> #<OpenSSL::X509::Request:0x4f290f46>

Not sure if this is strictly jruby-openssl issue, but how is it possible that two equal strings produce different results?

Environment:
jruby-9.1.13.0
MacOS Sierra 10.12.6
OpenSSL 0.9.8zh 14 Jan 2016
java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)
@kares
Copy link
Member

kares commented Nov 3, 2017

seems that JOSSL is trying to eat up more data than 'really' passed in (for decoded case) :

java.lang.IllegalArgumentException: failed to construct sequence from byte[]: Extra data detected in stream
	at org.bouncycastle.asn1.ASN1Sequence.getInstance(Unknown Source)
	at org.bouncycastle.asn1.pkcs.CertificationRequest.getInstance(Unknown Source)
	at org.jruby.ext.openssl.impl.PKCS10Request.<init>(PKCS10Request.java:108)
	at org.jruby.ext.openssl.X509Request.initialize(X509Request.java:111)

@kares kares closed this as completed in 5f10844 Nov 3, 2017
kares added a commit that referenced this issue Nov 3, 2017
@kares
[test] copy/adjust code from GH-150 to guard against regression(s)
b04b37f
This was referenced Nov 30, 2018
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kares @mkarklins