From 5a06292acd93f5e0f802c98cd07f445d0c49a398 Mon Sep 17 00:00:00 2001
From: Damyan Mitev <damyan.mitev@vereign.com>
Date: Fri, 6 Dec 2019 18:55:28 +0200
Subject: [PATCH] Match certificate generation on backend
---
javascript/src/utilities/signingUtilities.js | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/javascript/src/utilities/signingUtilities.js b/javascript/src/utilities/signingUtilities.js
index 00d0854..29628d9 100644
--- a/javascript/src/utilities/signingUtilities.js
+++ b/javascript/src/utilities/signingUtilities.js
@@ -61,7 +61,9 @@ const KEY_USAGE_LeafCertificate =
KEY_USAGE_KeyEncipherment |
KEY_USAGE_DataEncipherment;
const KEY_USAGE_CertificateAuthority =
- KEY_USAGE_DigitalSignature | KEY_USAGE_KeyCertSign | KEY_USAGE_CRLSign;
+ KEY_USAGE_DigitalSignature |
+ KEY_USAGE_KeyCertSign |
+ KEY_USAGE_CRLSign;
const OID_EXT_KEY_USAGE_Any = "2.5.29.37.0";
const OID_ID_PKIX_ServerAuth = "1.3.6.1.5.5.7.3.1";
@@ -612,9 +614,18 @@ function createCertificate(certData, issuerData = null) {
//endregion "KeyUsage" extension
//region "ExtKeyUsage" extension
- if (!certData.isCA && certData.subject.email) {
+ if (!certData.isCA) {
+ const keyPurposes = [];
+ if (certData.subject.url) {
+ keyPurposes.push(OID_ID_PKIX_ServerAuth, OID_ID_PKIX_ClientAuth);
+ }
+ if (certData.subject.email) {
+ keyPurposes.push(OID_ID_PKIX_EmailProtection);
+ }
+ keyPurposes.push(OID_ID_PKIX_TimeStamping);
+
const extKeyUsage = new pkijs.ExtKeyUsage({
- keyPurposes: [OID_ID_PKIX_EmailProtection]
+ keyPurposes: keyPurposes
});
certificate.extensions.push(
@@ -678,6 +689,8 @@ function createCertificate(certData, issuerData = null) {
);
//endregion "SubjectKeyIdentifier" extension
+ //TODO add policy
+
/* COULD NOT GET IT WORKING
//region "AuthorityKeyIdentifier" extension
if (issuerData && issuerData.certificate) {
@@ -1530,3 +1543,4 @@ export class ImageData {
//Initialization block
fixPkijsRDN();
+
--
GitLab