From e16cb731c54c437582e0b18a6da21287926ebeca Mon Sep 17 00:00:00 2001
From: Nicolas Bouilleaud <nico@bou.io>
Date: Tue, 14 May 2019 15:19:25 +0200
Subject: [PATCH] =?UTF-8?q?Add=20poor=20man=E2=80=99s=20ASN1=20parsing?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .editorconfig                                 |   2 +-
 app/lib/asn1/timestamp.rb                     |  25 ++++++++++++++++++
 .../files/bill_signature/signature.der        | Bin 0 -> 2186 bytes
 spec/lib/asn1/timestamp_spec.rb               |  19 +++++++++++++
 4 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 app/lib/asn1/timestamp.rb
 create mode 100644 spec/fixtures/files/bill_signature/signature.der
 create mode 100644 spec/lib/asn1/timestamp_spec.rb

diff --git a/.editorconfig b/.editorconfig
index 16ff5720c..111c6ec90 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -10,5 +10,5 @@ indent_size = 2
 indent_style = space
 trim_trailing_whitespace = true
 
-[*.{ico,keep,pdf,svg}]
+[*.{ico,keep,pdf,svg,der}]
 insert_final_newline = false
diff --git a/app/lib/asn1/timestamp.rb b/app/lib/asn1/timestamp.rb
new file mode 100644
index 000000000..6dd65e4db
--- /dev/null
+++ b/app/lib/asn1/timestamp.rb
@@ -0,0 +1,25 @@
+class ASN1::Timestamp
+  ## Poor man’s rfc3161 timestamp decoding
+  # This works, as of 2019-05, for timestamps delivered by the universign POST api.
+  # We should properly access the ASN1 contents using the sequence and tags structure.
+  # However:
+  # * It’s hard to do right.
+  # * We currently don’t require it for proper operation; timestamps are never exposed to users.
+  # * There’s an ongoing PR https://github.com/ruby/openssl/pull/204 for proper timestamp decoding in the ruby openssl library; let’s use OpenSSL::TS once it exists.
+
+  def self.timestampInfo(asn1timestamp)
+    asn1 = OpenSSL::ASN1.decode(asn1timestamp)
+    tstInfo = OpenSSL::ASN1.decode(asn1.value[1].value[0].value[2].value[1].value[0].value)
+    tstInfo
+  end
+
+  def self.signature_time(asn1timestamp)
+    tstInfo = timestampInfo(asn1timestamp)
+    tstInfo.value[4].value
+  end
+
+  def self.signed_digest(asn1timestamp)
+    tstInfo = timestampInfo(asn1timestamp)
+    tstInfo.value[2].value[1].value.unpack1('H*')
+  end
+end
diff --git a/spec/fixtures/files/bill_signature/signature.der b/spec/fixtures/files/bill_signature/signature.der
new file mode 100644
index 0000000000000000000000000000000000000000..9adcc9a7e05eee7338a8c5d92edc781a19c02da8
GIT binary patch
literal 2186
zcmd5-dpJ~S7@u?I7&91T<hEg!2eo3pGs75{$R$Q9m%@~UklUEim{hberw8dmNm5FZ
zdfKkbYPYSGYc93Tq@K#KMYPMNX_F#J_RMZ=>e=0A|7-tzzxVgO=ly=?_x@ghk#k6t
zFLJm!V^l~LF2~600Y*-RAtI^;s3b~c4i}0gA~2*v02pLNQhy7jXhTRj2I(Ofq=P3k
zVF)6rS(6|Hn($MBVSs*g8KGAh3-jZ@9zIPE;0#$ggoot++~~4kiEO?`hJL}M_^=v0
zlW>0gXm{9L-fXTSljB2E8Sv#-V+J%PKplY{3!wHazy!7|rrioa#J^X*sWKgGK<5A}
z5-}Jd(&)j0gtS;uYC@cVzAPa*HdP#zoRT1jQ=W_IfXPN@0V5?;okjxyFzI$IN0jM^
zvh9=+8>IsiWmb)*?<v}tA{O$6adcmSI94Qx5+?`+QG8S#P?QJ~4fYN?@)<BBk?|L+
zsHj3jgbI{NRfHhfw+e3!Lm~l&tOOX*s~qnYhPA`Ic*Y(1oR&rW+vylL>adcZw_HN%
zIJxUTsQw?C`S-`n29|%aV){?4c)HVZX6=EAJ{9K|1&&M>&I4GXPi5Lq3qKvhxU9^k
zvxG~Kh(TIP9jd_?1QDdpgovJzz=!jbcDU;7sqR}nPwK|bjHzEZsB0JK)*PSHUzm`a
zws@DvkW1(F1s45Re(L)z-Rs2loZ>F))h9*1C+%J=F;P(BGgdsUDsA4^aH%x@L8tkH
z2<gbLw_bZ?5jMFTSvgwitT`$O?hwUVl^n1Ca*3jp*I7-aY9M8vZiyg7m-1!tQrX=w
zmf=;Y8E;32>D}C6X||E1Y3Ht1>(9r!l3mBwS6QYLBv$4U<}s&(GbfkTGhSamL&o;Y
zgF9P#T~?Xvls2igWTX><PkF%xYy7M$ZoO_29aoi^NfZ@1ZKu0(?L*6wT7Njmb!rH8
z=pJznPiy`z(EG@)0UwwM5ul@zJ|OA&Lzu=i1O^1)j{kULI^qO4fc<_ZAqXfn@m8@g
zq-PW_7N<Bd7%{@=RNHlbjgD>XItK7omM}%!z&zkw?pW@SWB(Q$E#iNKeSb4ToEjA&
z5(>o;N?qCFP@t)-qXj`z2ttHavw)s5wot|zK<!;GL^3c{o|_{EKrc)8)nY}cbFJIR
zZq@;H$I8rboqMX@(`A4U3oZkQFeAGg%)I7N^x#cxdthDN!zoU*>x<mc?DLA4#yirz
zHN}Y(?M*K=MHbE_=Mq9Z*FGv~brMF-JbA6IztUzq&p2CatWX7N9o%E_kb_-L30N)g
zc&w-WqWQ6yX86@;laEG+j#S&FVsWL@`E&jjGlGhe$sQuh=b`eO&2WP#@8IU*wVvkp
zd#9w?^W;rY`7~M2O)r}=hW>!DU+RtCH<NP}6M0n&i#0<w%y|{{QZH_t+pQT7_LbBe
zdot3jX*%{jmbjfg`ut$h(9`3J3&FJ^A*_KzSp@~77qbNv_U30@+#pY1*H>%G>aG;t
zj$^5HJN9!c8iO3~#BGtwy{?6#82lr^;5OU|fn@t9^N+uGwrOhv-x4!$-+gCx6e3Ff
zV2c38`y7IrA#~0f!)I!HYh)!u8=|LpMM2)@WNyx(%)$HB0-IY&^j$#GFs%Trfl8`?
z<SdY!0+JJmu7&QSGZ%lU6lu$S4+ze6kmBzgQUFN-$f(@-KjUbc`{P@b5aVyXti6R$
zQcn!eY#V=d<LoTo$78OI=pmc6lfy<SODiHTF4q;DoRC}8I4=VRer!gzwED%)e#tgL
zOx6?ct@k4NguY8#EGGwL-)`eHwDx-&a2TzZGfta?32dT`W%68d3xD>QyQaIiN1g66
zc9k1T&a&HFW4}l*F(Z%d*BI$@VAQA9MvxeG`wAN9-q~Ip;4yHZv2X#HU@kAZA3*kT
zuuSZc=kdl*N9;9R)M-1_P*EDaHB;PY;AWP`XAL>E@AhxIV9l6s8<`|)rS7xtG1;%3
tVzE)@hIu}rO8!l1uNJvrhITX`9=2p(<n^WXJbg2A&tG+Yg1WA6=kMi;@hboT

literal 0
HcmV?d00001

diff --git a/spec/lib/asn1/timestamp_spec.rb b/spec/lib/asn1/timestamp_spec.rb
new file mode 100644
index 000000000..3ae0d6272
--- /dev/null
+++ b/spec/lib/asn1/timestamp_spec.rb
@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+describe ASN1::Timestamp do
+  let(:asn1timestamp) { File.read('spec/fixtures/files/bill_signature/signature.der') }
+
+  describe '.timestamp_time' do
+    subject { described_class.signature_time(asn1timestamp) }
+
+    it { is_expected.to eq Time.zone.parse('2019-04-30 15:30:20 UTC') }
+  end
+
+  describe '.timestamp_signed_data' do
+    subject { described_class.signed_digest(asn1timestamp) }
+
+    let(:data) { Digest::SHA256.hexdigest('CECI EST UN BLOB') }
+
+    it { is_expected.to eq data }
+  end
+end