Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to access certificate extensions through Crypto API X509Certificate class #48730

Closed
jeffsec-aws opened this issue Jul 10, 2023 · 5 comments
Labels
crypto Issues and PRs related to the crypto subsystem. feature request Issues that request new features to be added to Node.js. stale

Comments

@jeffsec-aws
Copy link

What is the problem this feature will solve?

Key usages (not extend) are completely different and can only be accessed through certificate extension under OID 2.5.29.15 which contains value in a bit array format.

Key usage can have for definition: Digital signature, Non-repudiation, Key encipherment, Data encipherment, Key agreement, Certificate signing, CRL signing, Encipher only, Decipher only.

As of now Crypto API only provides access to Extended Key usage under the x509.keyUsage but does not provide access to the Key Usage through the certificate Extensions part.

What is the feature you are proposing to solve the problem?

Having a method the class x509 that can allow to have access to the Extension part of a certificate through a safe structure.

What alternatives have you considered?

Using 3rd party libraries like PKIjs or Forge, but I would like a native feature instead.

@jeffsec-aws jeffsec-aws added the feature request Issues that request new features to be added to Node.js. label Jul 10, 2023
@jeffsec-aws
Copy link
Author

Certificate extensions cal also allow access to CRL Distribution Points which are not in Authority Information Access field.

@VoltrexKeyva VoltrexKeyva added the crypto Issues and PRs related to the crypto subsystem. label Jul 12, 2023
@mertcanaltin
Copy link
Member

i created a pr hope it is a correct solution

I would be very happy if you have a comment

#48780

@jeffsec-aws

@panva panva changed the title Ability to access certificate extensions through Cyrpto API x509 class Ability to access certificate extensions through Crypto API X509Certificate class Jul 15, 2023
@brianorwhatever
Copy link

I am grateful @mertcanaltin is working on getting extensions into this API however it's concerning that the .keyUsage property is actually hooked into the certificates "extended key usage" extension while there is also "key usage" extension. This caused some confusion for me that I'm sure many other people exploring this API will have.

Copy link
Contributor

github-actions bot commented Jun 9, 2024

There has been no activity on this feature request for 5 months. To help maintain relevant open issues, please add the never-stale Mark issue so that it is never considered stale label or close this issue if it should be closed. If not, the issue will be automatically closed 6 months after the last non-automated comment.
For more information on how the project manages feature requests, please consult the feature request management document.

@github-actions github-actions bot added the stale label Jun 9, 2024
Copy link
Contributor

There has been no activity on this feature request and it is being closed. If you feel closing this issue is not the right thing to do, please leave a comment.

For more information on how the project manages feature requests, please consult the feature request management document.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
crypto Issues and PRs related to the crypto subsystem. feature request Issues that request new features to be added to Node.js. stale
Projects
None yet
Development

No branches or pull requests

4 participants