AuthorityInfoAccess Extension value

[NoFrust]

Hi,

I have the following code to add a authorityInfoAccess extension to a certificate:

{
    name: 'authorityInfoAccess',
    value: '0f04\u0006\b+\u0006\u0001\u0005\u0005\u00070\u0002 (http://example.com/int.example.com.crt0.\u0006\b+\u0006\u0001\u0005\u0005\u00070\u0001 "http://ocsp.example.com/int.example.com:8888/'
},

I used the value field directly since the ocsp and caIssuer fields are currently not supported. To get the value content I parsed a pem formatted certificate (created with openssl) which contains the following authorityInfoAccess extension:

Authority Information Access: 
    CA Issuers - URI:http://example.com/int.example.com.crt
    OCSP - URI:http://ocsp.example.com/int.example.com:8888/

Unfortunately, within the final certificate the information cannot be parsed properly and only a data field is shown.

Is it possible to use the value field to set this extension type?

[davidlehn]

What API are you using to add that JSON? Seems like using the ASN.1 API might be easier to understand, though those APIs might not be advanced enough to handle these sorts of cases. Feel free to propose updates if needed. There could also be issues using utf8 strings like that vs the binary string format used elsewhere in forge.

[x-077]

Hello @NoFrust , did you manage to add the OCSP ( authorityInfoAccess ) when generating a certificate x.509 ?

thanks

[clarkttfu]

Searching through the code, there is only OID registered at https://github.com/digitalbazaar/forge/blob/main/lib/oids.js#L174. One may have to hack a little bit to insert those bytes into the extension attributes manually.

[clarkttfu]

Made a fork and implemented OCSP support here. The generated cert could be correctly parsed and loaded by node-forge, openssl and my Mac (Sonoma). No time to work on OCSP chain verification though.