Error Parsing The Certificate Request: asn1: syntax error: PrintableString contains invalid character

[taomin597715379]

Hello During debugging, I found that BinarySecurityToken sent from the device reported an error when doing x509. ParseCertificateRequest。

The request from the device is as follows: <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization" xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <s:Header> <a:Action s:mustUnderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RST/wstep</a:Action> <a:MessageID>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:MessageID> <a:ReplyTo> <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> </a:ReplyTo> <a:To s:mustUnderstand="1">https://windows-mdm.bytedance.net/EnrollmentServer/Enrollment.svc</a:To> <wsse:Security s:mustUnderstand="1"> <wsse:UsernameToken u:Id="uuid-cc1ccc1f-2fba-4bcf-b063-ffc0cac77917-4"> wsse:Usernamebytedance.net\taomin.666</wsse:Username> <wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Tm123456</wsse:Password> </wsse:UsernameToken> </wsse:Security> </s:Header> <s:Body> wst:RequestSecurityToken wst:TokenTypehttp://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken</wst:TokenType> wst:RequestTypehttp://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary" ValueType="http://schemas.microsoft.com/windows/pki/2009/01/enrollment#PKCS10">MIICzjCCAboCAQAwSzFJMEcGA1UEAxNAM0YxOEM1QzEtMjYxOS00QjdDLUJDQUQtMjM4NjFEITFBNkFBMDhDRTRFMzY3NDg4NTAyNUVFMzcxN0Q0RjQwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkMTOs5KyilP4mH0whd/fExvgi38jqvk8/Ua9XKH2675wY6h/rXC0B2KE/r8GWSczW2CnILw3vjpBA5f4/c97iNHg3FpsDzwscMuhMH/lNKPgr+ht88zvWN6Cw630JTgQRP+1zsXPw2fTR3WTjK/hj5HzC3uZ9soXuHCVSXx+rerxbyBgnrGINcm5eQFVyGvX9Pyr8Y2Kj4Ys2CH/GPn8DYPA0waAS1uXXPxTuOh0mZxQQiKjJAlZ7ZhtsVzDZcCefZ4CL1amLZeSPsOqx+YN/BT0iIzKdM5d47UJ77zuDxQF3bcCLWi11PERQOXd4030SoOgfUp3xSXm644cxCKvUCAwEAAaBCMEAGCSqGSIb3DQEJDjEzMDEwLwYKKwYBBAGCN0IBAAQhMUE2QUEwOENFNEUzNjc0ODg1MDI1RUUzNzE3RDRGNDAAMAkGBSsOAwIdBQADggEBAJLS6oORBHc+Y5ig3shNjhv1iW8kx+48ms4XgkVJCwGmYyisZ1YGcFcM4Rs7Kjk7lSoD3vpMQd53eyp46DWZpwo79QppVoxns2LI2dBn5ZU5fHUGKMRXQ01eW/b4d0HU9w1DGgLDZUGM0T46Q/smDMNlghuKioWt9t0WpfooTglhlCJBtB5Maq4nNr9h1yqx/mWA7+o6rRFjRM5vo/QlLOWfP9h3fyvB+iEv7J0eUjHUZJxrZCgSEGJO9pZjwNQ5Fq02LUVanxuWDRz8OzsvowqF3JcNxogWE6fPDheIG7vi5uPBixM0tCCdTaoJpEBtZrB1jaoJ7/kmxKH4tZG9cCw=</wsse:BinarySecurityToken> <ac:AdditionalContext xmlns="http://schemas.xmlsoap.org/ws/2006/12/authorization"> <ac:ContextItem Name="UXInitiated"> ac:Valuetrue</ac:Value> </ac:ContextItem> <ac:ContextItem Name="HWDevID"> ac:Value7127DF0EFB0AF03AACE7B4EE1D72AFF9170C1AD3FBCC50109F1AEEFC06543296</ac:Value> </ac:ContextItem> <ac:ContextItem Name="Locale"> ac:Valuezh-CN</ac:Value> </ac:ContextItem> <ac:ContextItem Name="TargetedUserLoggedIn"> ac:Valuetrue</ac:Value> </ac:ContextItem> <ac:ContextItem Name="OSEdition"> ac:Value48</ac:Value> </ac:ContextItem> <ac:ContextItem Name="DeviceName"> ac:ValuePF2E532A-LEK</ac:Value> </ac:ContextItem> <ac:ContextItem Name="MAC"> ac:ValueCC-D9-AC-82-68-CE</ac:Value> </ac:ContextItem> <ac:ContextItem Name="MAC"> ac:ValueE4-AB-20-52-41-53</ac:Value> </ac:ContextItem> <ac:ContextItem Name="MAC"> ac:ValueCC-D9-AC-82-68-D2</ac:Value> </ac:ContextItem> <ac:ContextItem Name="MAC"> ac:ValueEE-E6-20-52-41-53</ac:Value> </ac:ContextItem> <ac:ContextItem Name="MAC"> ac:Value00-2B-67-F6-C3-0B</ac:Value> </ac:ContextItem> <ac:ContextItem Name="MAC"> ac:ValueE8-F7-20-52-41-53</ac:Value> </ac:ContextItem> <ac:ContextItem Name="MAC"> ac:Value00-FF-DD-DD-A7-18</ac:Value> </ac:ContextItem> <ac:ContextItem Name="DeviceID"> ac:Value1A6AA08CE4E3674885025EE3717D4F40</ac:Value> </ac:ContextItem> <ac:ContextItem Name="EnrollmentType"> ac:ValueFull</ac:Value> </ac:ContextItem> <ac:ContextItem Name="DeviceType"> ac:ValueCIMClient_Windows</ac:Value> </ac:ContextItem> <ac:ContextItem Name="OSVersion"> ac:Value10.0.19043.1526</ac:Value> </ac:ContextItem> <ac:ContextItem Name="ApplicationVersion"> ac:Value10.0.19043.1526</ac:Value> </ac:ContextItem> <ac:ContextItem Name="NotInOobe"> ac:Valuefalse</ac:Value> </ac:ContextItem> </ac:AdditionalContext> </wst:RequestSecurityToken> </s:Body> </s:Envelope>

go test code:

func TestPEMDecode(t *testing.T) { formatted := MIICzjCCAboCAQAwSzFJMEcGA1UEAxNAM0YxOEM1QzEtMjYxOS00QjdDLUJDQUQtMjM4NjFEITFBNkFBMDhDRTRFMzY3NDg4NTAyNUVFMzcxN0Q0RjQwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkMTOs5KyilP4mH0whd/fExvgi38jqvk8/Ua9XKH2675wY6h/rXC0B2KE/r8GWSczW2CnILw3vjpBA5f4/c97iNHg3FpsDzwscMuhMH/lNKPgr+ht88zvWN6Cw630JTgQRP+1zsXPw2fTR3WTjK/hj5HzC3uZ9soXuHCVSXx+rerxbyBgnrGINcm5eQFVyGvX9Pyr8Y2Kj4Ys2CH/GPn8DYPA0waAS1uXXPxTuOh0mZxQQiKjJAlZ7ZhtsVzDZcCefZ4CL1amLZeSPsOqx+YN/BT0iIzKdM5d47UJ77zuDxQF3bcCLWi11PERQOXd4030SoOgfUp3xSXm644cxCKvUCAwEAAaBCMEAGCSqGSIb3DQEJDjEzMDEwLwYKKwYBBAGCN0IBAAQhMUE2QUEwOENFNEUzNjc0ODg1MDI1RUUzNzE3RDRGNDAAMAkGBSsOAwIdBQADggEBAJLS6oORBHc+Y5ig3shNjhv1iW8kx+48ms4XgkVJCwGmYyisZ1YGcFcM4Rs7Kjk7lSoD3vpMQd53eyp46DWZpwo79QppVoxns2LI2dBn5ZU5fHUGKMRXQ01eW/b4d0HU9w1DGgLDZUGM0T46Q/smDMNlghuKioWt9t0WpfooTglhlCJBtB5Maq4nNr9h1yqx/mWA7+o6rRFjRM5vo/QlLOWfP9h3fyvB+iEv7J0eUjHUZJxrZCgSEGJO9pZjwNQ5Fq02LUVanxuWDRz8OzsvowqF3JcNxogWE6fPDheIG7vi5uPBixM0tCCdTaoJpEBtZrB1jaoJ7/kmxKH4tZG9cCw= csrRaw, err := base64.StdEncoding.DecodeString(formatted) if err != nil { fmt.Println(err) return } req, err := x509.ParseCertificateRequest(csrRaw) if err != nil { fmt.Println(err) return } if err = req.CheckSignature(); err != nil { fmt.Println(err) return } }