ASN1Decoder
ASN1Decoder copied to clipboard
Expose signature string (RFC 5280 4.1.2.3)
The current signature field exposes the signature value (RFC 5280 4.1.1.3). But at the beginning of the certificate, we have a field called signature which should contain the OID of the signature algorithm.
See https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.3
Isn't that already implemented here? https://github.com/filom/ASN1Decoder/blob/master/ASN1Decoder/X509Certificate.swift#L208
@tmolitor-stud-tu you're right, thanks for pointing that out! sigAlgOID seems to be RFC 5280 4.1.2.3.
But there must be the same value in RFC 5280 4.1.1.2:
This field MUST contain the same algorithm identifier as the signature field in the sequence tbsCertificate (Section 4.1.2.3).
So this is what is missing. Will update my PR
@filom could you check this PR please :)?
The signature algorithm identifier is present in the certificate first level and in the TBSCertificate (what I call with the variable "block1") and they have to be identical by spec, so there is no reason to create additional parameters to return the same information.
Changing the names will also break compatibility.
The only missing part in the current implementation would be the algorithm optional parameter sigAlgParams
and the proper implementation should be:
/// Gets the DER-encoded signature algorithm parameters from this certificate's signature algorithm.
public var sigAlgParams: Data? {
return block1[X509BlockPosition.signatureAlg]?.sub(1)?.rawValue?.derEncodedSequence
}