Skip to content

Commit

Permalink
default for isCA value in basic const extension (#920)
Browse files Browse the repository at this point in the history
Signed-off-by: Brian DeHamer <[email protected]>
  • Loading branch information
bdehamer authored Jan 3, 2024
1 parent 9318c9c commit 922a1be
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 1 deletion.
5 changes: 5 additions & 0 deletions .changeset/tough-adults-sing.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@sigstore/core": patch
---

Ensure the `isCA` value for the `X509BasicConstraintsExtension` defaults to `false` if no other value is present
15 changes: 15 additions & 0 deletions packages/core/src/__tests__/x509/ext.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,21 @@ describe('x509BasicConstraintsExtension', () => {
expect(subject.isCA).toBe(true);
});
});

describe('when the extension contains no value for the CA', () => {
// Extension w/ NO isCA value specified
const basicConstraintsExtension = Buffer.from(
'300C0603551D130101FF04023000',
'hex'
);
const subject = new X509BasicConstraintsExtension(
ASN1Obj.parseBuffer(basicConstraintsExtension)
);

it('returns false', () => {
expect(subject.isCA).toBe(false);
});
});
});

describe('#pathLenConstraint', () => {
Expand Down
2 changes: 1 addition & 1 deletion packages/core/src/x509/ext.ts
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ export class X509Extension {
// https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.9
export class X509BasicConstraintsExtension extends X509Extension {
get isCA(): boolean {
return this.sequence.subs[0].toBoolean();
return this.sequence.subs[0]?.toBoolean() ?? false;
}

get pathLenConstraint(): bigint | undefined {
Expand Down

0 comments on commit 922a1be

Please sign in to comment.