From e16cb731c54c437582e0b18a6da21287926ebeca Mon Sep 17 00:00:00 2001 From: Nicolas Bouilleaud Date: Tue, 14 May 2019 15:19:25 +0200 Subject: [PATCH] =?UTF-8?q?Add=20poor=20man=E2=80=99s=20ASN1=20parsing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .editorconfig | 2 +- app/lib/asn1/timestamp.rb | 25 ++++++++++++++++++ .../files/bill_signature/signature.der | Bin 0 -> 2186 bytes spec/lib/asn1/timestamp_spec.rb | 19 +++++++++++++ 4 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 app/lib/asn1/timestamp.rb create mode 100644 spec/fixtures/files/bill_signature/signature.der create mode 100644 spec/lib/asn1/timestamp_spec.rb diff --git a/.editorconfig b/.editorconfig index 16ff5720c..111c6ec90 100644 --- a/.editorconfig +++ b/.editorconfig @@ -10,5 +10,5 @@ indent_size = 2 indent_style = space trim_trailing_whitespace = true -[*.{ico,keep,pdf,svg}] +[*.{ico,keep,pdf,svg,der}] insert_final_newline = false diff --git a/app/lib/asn1/timestamp.rb b/app/lib/asn1/timestamp.rb new file mode 100644 index 000000000..6dd65e4db --- /dev/null +++ b/app/lib/asn1/timestamp.rb @@ -0,0 +1,25 @@ +class ASN1::Timestamp + ## Poor man’s rfc3161 timestamp decoding + # This works, as of 2019-05, for timestamps delivered by the universign POST api. + # We should properly access the ASN1 contents using the sequence and tags structure. + # However: + # * It’s hard to do right. + # * We currently don’t require it for proper operation; timestamps are never exposed to users. + # * There’s an ongoing PR https://github.com/ruby/openssl/pull/204 for proper timestamp decoding in the ruby openssl library; let’s use OpenSSL::TS once it exists. + + def self.timestampInfo(asn1timestamp) + asn1 = OpenSSL::ASN1.decode(asn1timestamp) + tstInfo = OpenSSL::ASN1.decode(asn1.value[1].value[0].value[2].value[1].value[0].value) + tstInfo + end + + def self.signature_time(asn1timestamp) + tstInfo = timestampInfo(asn1timestamp) + tstInfo.value[4].value + end + + def self.signed_digest(asn1timestamp) + tstInfo = timestampInfo(asn1timestamp) + tstInfo.value[2].value[1].value.unpack1('H*') + end +end diff --git a/spec/fixtures/files/bill_signature/signature.der b/spec/fixtures/files/bill_signature/signature.der new file mode 100644 index 0000000000000000000000000000000000000000..9adcc9a7e05eee7338a8c5d92edc781a19c02da8 GIT binary patch literal 2186 zcmXqL;%H;z)N1o+`_9YA&a|M3quij0qnL@2*^u9WmyI)_&4V$OnT3gwmBFBiQJsw& zs+3cJk!3*>qZmsQqmV%pBOenZBO8}C8zT$jZ*Nv6CIdq>%`6HVW%K(oHhf&85Mc3I z-8?p|@97~MSHJTPJk{d;e@o_bF^Mv4{kiydv`&PE$J=@fcVX7&o;jPEB!rC&3@r^z zj13G;jSY+p^o)&6q70as7#SDTEU7Z6Fw`_qXJZa!VHQ>h&C4uHEh^4T&r=A=%uOvW zNz5(C%u5G}mnaw*nHkC$NP(1c3kw?<7#Jy-7+V?|SsI#|fOuwx3I=i@SuSC5=c3Aj zlKh7 z#_4g4j0>7r5)7JHVhoy?T^2AiF)}d;M7u=DUhK0t=96=^s>vg9J}7*kVadqN%3x5A zVmc9y!S5Lj12vFSnT6$Xg^IJIf{}rtsezn0uc4)Zp@F55v4MesL6kVJktq^);6m7- ziBSnTlo(kVn41{+LFtf-sfm%1;hZ%?{Qb{?PaLv)?1Uz7dX!{)&fcs(<$%`<5tBgs zBN=UvCuO#m`A%?pZFA$StLo#UcOJd3a#?YP99jNttJ3HdWCSG11mU+(h zSq5PuoVC+}&tH!=mOOP%DWd11{Pp&a=USy25BE+uuC4g}R<7O8@{MX$42|l_jYdnY z=7|0cIiUaN>{^bdnKwgk9D86Brz|x4FxRo_Du&S2E=&?>-r9>U|2bT=jQzY)rmQdvlL3Q) zBO7z5tOARbfrWt?B2O|h8i3LSG{rJ8ib-XZloVL$>!;)=7weV6vyNVBslI_5$Ow5B zdjneo>jjnz%-c+%ij#|S(9|My#+MW)#uw%1m&Ak8m0ogDjsYLY9DYW||12!bOzaH? zVj#XMh|god11F;5?U%qd{t@ql0o@hLa+j2>Ltk7L{H{@i%4NeA( z41%q<4Ma~nO?mil@5#XZ`=9)`NVfah{;hTE+mu7s&Q0AiEsIm2<_BMqs`ZTZnPJX_ zuVx&#%1;nob$b8fCA!@avaS5zC$Tafe=%A0iAB@Cf`Ftvr#E5(Uyr;g5tdx}?XWw~ zMWJ&7Hj8|hSZ!VJuPPWcC6~jgNbO7b%}Ym^4iOS4_2y*tc`;|6t|ItZT(~Y@qTR!$! zbSTL3T6*)%n=Yrr4V#$G7&I}RU}9u6XzU)a@&kLxhE#1VXkrvJkb>7SoXm#2D7A=z zK0=PgP>DssB2DrW*VHZNXS}XR{vR0ZuOm|)O&5Xk^09>d0s z294_s8dn=Mu3!;S6?wIG*Rv%>0yjNp<*mQSmT_(FTZ6`agX$%fgDi}YN`ICnMurrB z?U0kl7-k$`j;%lO^VfxSGM;a~+Z{5Tt6TW@qf|lgqJ&+MB6+KR-&EaV9bzEiZKmIP zZqwJ^$BkWiDGl%3I_@UqFg)7btoHZC`E6Ym2ai8?ld#Y~zOQ6XIhNe#R0H^1( z4oz}3_-zz9@#f~@2mBoUf&$4oOdr+Ec11iYyZ_