CODEWITHSUNDEEP
gox509certificatex509asn.1pkix
Vikas Rai
Vikas Rai

Reputation: 87

How to Decode composite custom extensions in x509 certificate in golang? With current code Error is : asn1: structure error: sequence tag mismatch

I am writing golang code to parse an X509 Certificate with custom extensions: enter image description here

The code is following:

func (e *PckCert) ParseValue() error {
var ext pkix.Extension
var err error
for i := 0; i < len(e.PckCertObj.Extensions); i++ {
    ext = e.PckCertObj.Extensions[i]
    if ExtxOid.Equal(ext.Id) == true { ///ExtOid is a constant OId is known
        var asn1Extensions []asn1.RawValue
        _, err := asn1.Unmarshal(ext.Value, &asn1Extensions)
        if err != nil {
            log.Info("err: ", err)
            return errors.Wrap(err, "Asn1 Extension Unmarshal failed")
        }

        var sExtension pkix.Extension ///For normal OIDs
        var sExtensions1 []pkix.Extension /// For TC1 SVN OID extensions under extension
        for j := 0; j < len(asn1Extensions); j++ {
            _, err = asn1.Unmarshal(asn1Extensions[j].FullBytes, &sExtension)
            if err != nil {
                log.Info("err came: ", err)
                log.Info("Warning: Asn1 Extension Unmarshal failed - 2 for index:", j)
                _, err = asn1.Unmarshal(asn1Extensions[j].FullBytes, &sExtensions1)
                if err != nil {
                    log.Info("err came 2: ", err) ///**for extensions within extensions here code is failing with error: sequence tag mismatch**
                }
            }
        }
    }
}

}

The above code is failing only for composite extensions sequence TC OID. For composite extensions sequence I am getting "asn1: structure error: sequence tag mismatch". Please help in this..I am able to unmarshal all rest of it except composite extension TC OID

Upvotes: 0

Views: 1437

Answers (1)

Vinil Cheeramvelil
Vinil Cheeramvelil

Reputation: 11

Basically, you need to distinguish between a regular extension and a collection. If an OID is a collection, you need to pass in slice of type []asn1.RawValue just like you are parsing e.PckCertObj.Extensions[i] in the above code.

So, how do you know if have extension with a value or a collection. You need to extract the Object Identified (OID) from asn byte stream as follows

var oid asn1.ObjectIdentifier
rest, _ := asn1.Ummarshal(bytes, &oid)

You can then compare against a particular OID

if oid.Equal(knownCollectionOID) {
    var collExts []asn1.RawValue
    asn1.Unmarshal(rest, &collExts)
    for _, ext := range collExts {
        fmt.Println("Do something with the extension")
    }
}

Upvotes: 1

Related Questions