fix(package): fix fetchCertificate to list all infos

Add also the unknown oids and names

fixes #196

Signed-off-by: Josef Fröhle <[email protected]>

Author: Josef Fröhle

lib/pem.js

@@ -286,6 +286,7 @@ function createCSR (options, callback) {
  * can be used as with createCSR.
  * @static
  * @param {Object} [options] Optional options object
+ * @param {String} [options.serviceCertificate] PEM encoded certificate
  * @param {String} [options.serviceKey] Private key for signing the certificate, if not defined a new one is generated
  * @param {String} [options.serviceKeyPassword] Password of the service key
  * @param {Boolean} [options.selfSigned] If set to true and serviceKey is not defined, use clientKey for signing
@@ -499,9 +500,11 @@ function readCertificateInfo (certificate, callback) {
     '-in',
     '--TMPFILE--'
   ]
-  openssl.spawnWrapper(params, certificate, function (err, code, stdout) {
+  openssl.spawnWrapper(params, certificate, function (err, code, stdout, stderr) {
     if (err) {
       return callback(err)
+    } else if (stderr) {
+      return callback(stderr)
     }
     return fetchCertificateData(stdout, callback)
   })
@@ -555,7 +558,7 @@ function getModulus (certificate, password, hash, callback) {
     helper.createPasswordFile({'cipher': '', 'password': password, 'passType': 'in'}, params, delTempPWFiles[delTempPWFiles.length])
   }
 
-  openssl.spawnWrapper(params, certificate, function (sslErr, code, stdout) {
+  openssl.spawnWrapper(params, certificate, function (sslErr, code, stdout, stderr) {
     function done (err) {
       if (err) {
         return callback(err)
@@ -570,7 +573,7 @@ function getModulus (certificate, password, hash, callback) {
       }
     }
     helper.deleteTempFiles(delTempPWFiles, function (fsErr) {
-      done(sslErr || fsErr)
+      done(sslErr || fsErr || stderr)
     })
   })
 }
@@ -591,9 +594,11 @@ function getDhparamInfo (dh, callback) {
     '--TMPFILE--'
   ]
 
-  openssl.spawnWrapper(params, dh, function (err, code, stdout) {
+  openssl.spawnWrapper(params, dh, function (err, code, stdout, stderr) {
     if (err) {
       return callback(err)
+    } else if (stderr) {
+      return callback(stderr)
     }
 
     var result = {}
@@ -656,9 +661,11 @@ function getFingerprint (certificate, hash, callback) {
     '-' + hash
   ]
 
-  openssl.spawnWrapper(params, certificate, function (err, code, stdout) {
+  openssl.spawnWrapper(params, certificate, function (err, code, stdout, stderr) {
     if (err) {
       return callback(err)
+    } else if (stderr) {
+      return callback(stderr)
     }
     var match = stdout.match(/Fingerprint=([0-9a-fA-F:]+)$/m)
     if (match) {
@@ -825,9 +832,9 @@ function checkCertificate (certificate, passphrase, callback) {
     helper.createPasswordFile({'cipher': '', 'password': passphrase, 'passType': 'in'}, params, delTempPWFiles[delTempPWFiles.length])
   }
 
-  openssl.spawnWrapper(params, certificate, function (sslErr, code, stdout) {
+  openssl.spawnWrapper(params, certificate, function (sslErr, code, stdout, stderr) {
     function done (err) {
-      if (err) {
+      if (err && err.trim() !== 'verify OK') {
         return callback(err)
       }
       var result
@@ -843,7 +850,7 @@ function checkCertificate (certificate, passphrase, callback) {
       callback(null, result)
     }
     helper.deleteTempFiles(delTempPWFiles, function (fsErr) {
-      done(sslErr || fsErr)
+      done(sslErr || fsErr || stderr)
     })
   })
 }
@@ -925,7 +932,7 @@ function verifySigningChain (certificate, ca, callback) {
   // certificate incl. intermediate certificates
   params.push('--TMPFILE--')
 
-  openssl.spawnWrapper(params, files, function (err, code, stdout) {
+  openssl.spawnWrapper(params, files, function (err, code, stdout, stderr) {
     if (err) {
       return callback(err)
     }
@@ -945,13 +952,23 @@ function fetchCertificateData (certData, callback) {
   var validity = {}
   var san
 
+  var ky, i
+
   // serial
   if ((serial = certData.match(/\s*Serial Number:\r?\n?\s*([^\r\n]*)\r?\n\s*\b/)) && serial.length > 1) {
     certValues.serial = serial[1]
   }
 
-  if ((subject = certData.match(/\s*Subject:\r?\n(\s*((C|L|O|OU|ST|CN|DC|emailAddress)\s=\s[^\r\n]+\r?\n))*\s*\b/)) && subject.length > 1) {
+  if ((subject = certData.match(/\s*Subject:\r?\n(\s*(([a-zA-Z0-9.]+)\s=\s[^\r\n]+\r?\n))*\s*\b/)) && subject.length > 1) {
     subject = subject[0]
+    tmp = matchAll(subject, /\s([a-zA-Z0-9.]+)\s=\s([^\r\n].*)/g)
+    for (i = 0; i < tmp.length; i++) {
+      ky = tmp[i][1].toString()
+      if (ky.match('(C|ST|L|O|OU|CN|emailAddress|DC)')) {
+        continue
+      }
+      certValues[ky] = tmp[i][2].toString()
+    }
 
     // country
     tmp = subject.match(/\sC\s=\s([^\r\n].*?)[\r\n]/)
@@ -1026,8 +1043,16 @@ function fetchCertificateData (certData, callback) {
     }) : tmp[0][1]) : ''
   }
 
-  if ((issuer = certData.match(/\s*Issuer:\r?\n(\s*(C|L|O|OU|ST|CN|DC|emailAddress)\s=\s[^\r\n].*\r?\n)*\s*\b/)) && issuer.length > 1) {
+  if ((issuer = certData.match(/\s*Issuer:\r?\n(\s*([a-zA-Z0-9.]+)\s=\s[^\r\n].*\r?\n)*\s*\b/)) && issuer.length > 1) {
     issuer = issuer[0]
+    tmp = matchAll(issuer, /\s([a-zA-Z0-9.]+)\s=\s([^\r\n].*)/g)
+    for (i = 0; i < tmp.length; i++) {
+      ky = tmp[i][1].toString()
+      if (ky.match('(C|ST|L|O|OU|CN|emailAddress|DC)')) {
+        continue
+      }
+      certValues.issuer[ky] = tmp[i][2].toString()
+    }
 
     // country
     tmp = issuer.match(/\sC\s=\s([^\r\n].*?)[\r\n]/)

test/fixtures/pem196.pem

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGFjCCA/6gAwIBAgIIJ5ucCoLSHoowDQYJKoZIhvcNAQELBQAwSzEsMCoGA1UE
+AwwjRW50aWRhZCBDZXJ0aWZpY2Fkb3JhIFB1YmxpY2EgQURTSUIxDjAMBgNVBAoM
+BUFEU0lCMQswCQYDVQQGEwJCTzAeFw0xODA0MTkyMjAxMzFaFw0xODA0MjIyMjAx
+MzFaME0xCzAJBgNVBC4TAkNJMRswGQYDVQQDDBJJTFNFIFNJTEVTIEJFQ0VSUkEx
+CzAJBgNVBAYTAkJPMRQwEgYHKwYBAQEBAAwHNDcxMjI4NjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANU/nRjNgV359qnNoeGFDc54ZSu+ewUgerYa3N0Q
+z67vm1RihYo5dWgZRb4SSWMh9fJxSEjr2DpWOpOwhOGj1+0LGdHFVeDRyaF2ftEE
+TXtR3Zif//uYQe4IkIGPBovqhbMMChMoR6yEQp41nZXdy1MUFAUc/jv20uKy2kwW
+EGbMlhZolZTxb+usyFPBXswmd2zyoiQc9rza36aaXwFo5kX5g5h1ZICdWFybuexW
+B3PjU7zc/MgSD2fUeq6DZnQZuhjQEe6IeiOALsDPFIFmxA71CA7elfIPOi/FuyCb
+T9nytF5aIKzoXqX+FgzpRJnJnLMYju8GCPtXHd15eba9MOUCAwEAAaOCAfowggH2
+MIGFBggrBgEFBQcBAQR5MHcwQwYIKwYBBQUHMAKGN2h0dHBzOi8vd2VidGVzdC5m
+aXJtYWRpZ2l0YWwuYm8vdGVzdGZpcm1hZGlnaXRhbF9iby5wZW0wMAYIKwYBBQUH
+MAGGJGh0dHA6Ly93ZWJ0ZXN0LmZpcm1hZGlnaXRhbC5iby9vY3NwLzAdBgNVHQ4E
+FgQUWIM6e2y6hsQpY5q9mwW1Pi12puUwHwYDVR0jBBgwFoAUdaV7ANOxKdxh5iBJ
+pnkWLGdmvUIwVAYDVR0gBE0wSzBJBgxgRAAAAAEOAQIAAQEwOTA3BggrBgEFBQcC
+ARYraHR0cHM6Ly93ZWJ0ZXN0LmZpcm1hZGlnaXRhbC5iby9lY2Fkc2liLnBkZjCB
+nAYDVR0fBIGUMIGRMIGOoDugOYY3aHR0cHM6Ly93ZWJ0ZXN0LmZpcm1hZGlnaXRh
+bC5iby90ZXN0ZmlybWFkaWdpdGFsX2JvLmNybKJPpE0wSzEsMCoGA1UEAwwjRW50
+aWRhZCBDZXJ0aWZpY2Fkb3JhIFB1YmxpY2EgQURTSUIxDjAMBgNVBAoMBUFEU0lC
+MQswCQYDVQQGEwJCTzAOBgNVHQ8BAf8EBAMCBPAwJwYDVR0lBCAwHgYIKwYBBQUH
+AwIGCCsGAQUFBwMDBggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAgEAT9ms6z1g
+ardIFD3l90bv8tug7ktK9Rp4d6DLuAjvgDN6fuXCNSwH4nydMJSUS9KlHAaBtFVD
+7/RLDVIcoq+FQStXuAjZnOP3fAPgnPr8601rXFhrF2cP1Z7yTR88L9SRu4Xhordl
+qPUiSnY1mKiwb7NvjKrFd1Md5zdAraCLtGJw8JGy/QbJIATq+spHTRb7sXnrNh++
+AoZOAx//8lzZkQcO8fZjwFvhXYcaRrafzKUnbU1KuTSx7KKnROzrtO8dHafiJ8/0
+wAWemFkV7fGSDq7IVN1YSTp46vNh4GDt9613x+vE2CLPlWATFDhC6o7b7+0J+g8q
+Ac0uUBzqSIhh5HRFIbSmC6o2I48JDB8bWWApjyh6rDpJhvl6cUHbyOzFSceXmf+S
+UPvMHk/4A1mpXyrbPCX4zkREyoydxwWNhL/QJWiXF7gKR3miXUVFIiv+RIiT97fC
+/GYcLF1RgJENPI7j2JFbqXGXpxoozLziESp51NxTpiusKqUQhBerq/MM97uENwX7
+qr1Qdti0YqKVeth7vgkzhdlSzyyNqripalR/O58uFxRSedU+qLmeT6rJW6FU7KHr
+Nr/lVEdzOCFyBln866lF/qN2oLkxJvJCjjuRKbgTzv7V2a5itR4B+4DMUh+iiygb
+aptRpqCDtfmC6IjiFUCL4RiwwyxsYgsuwsI=
+-----END CERTIFICATE-----

test/pem.spec.js

@@ -353,6 +353,46 @@ describe('General Tests', function () {
         })
       })
     })
+
+    it('Read CertInformation form ./test/fixtures/pem196.pem', function (done) {
+      var certInfo = {
+        issuer: {
+          country: 'BO',
+          state: '',
+          locality: '',
+          organization: 'ADSIB',
+          organizationUnit: '',
+          commonName: 'Entidad Certificadora Publica ADSIB',
+          dc: ''
+        },
+        serial: '2854046357827755658 (0x279b9c0a82d21e8a)',
+        '1.3.6.1.1.1.1.0': '#0C0734373132323836',
+        dnQualifier: 'CI',
+        country: 'BO',
+        state: '',
+        locality: '',
+        organization: '',
+        organizationUnit: '',
+        commonName: 'ILSE SILES BECERRA',
+        emailAddress: '',
+        dc: '',
+        validity: {
+          start: 1524175291000,
+          end: 1524434491000
+        },
+        signatureAlgorithm: 'sha256WithRSAEncryption',
+        publicKeySize: '2048 bit',
+        publicKeyAlgorithm: 'rsaEncryption'
+      }
+
+      var d = fs.readFileSync('./test/fixtures/pem196.pem').toString()
+      pem.readCertificateInfo(d, function (error, data) {
+        hlp.checkError(error)
+        hlp.checkCertificateData(data, certInfo)
+        hlp.checkTmpEmpty()
+        done()
+      })
+    })
   })
 
   describe('#.createCertificate tests', function () {