refactor: add AsnUtil::decodeNonceExtension()

WE2-879 Signed-off-by: Mart Somermaa <[email protected]>
web-eid · Mar 12, 2024 · 371943e · 371943e
1 parent 7d60575
commit 371943e
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 29 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 .phpunit.result.cache
 .phpunit.cache/
+.vscode/
 vendor
 build
 .DS_Store

diff --git a/composer.json b/composer.json
@@ -34,7 +34,7 @@
             "prettier src/**/* --write",
             "prettier src/* --write"
         ],
-        "test": "phpunit --no-coverage",
+        "test": "phpunit --no-coverage --display-warnings",
         "test-coverage": [
             "@putenv XDEBUG_MODE=coverage",
             "phpunit --coverage-html coverage"

diff --git a/src/OcspBasicResponse.php b/src/OcspBasicResponse.php
@@ -121,24 +121,7 @@ public function getSignatureAlgorithm(): string
 
     public function getNonceExtension(): ?string
     {
-        $filter = array_filter(
-            $this->ocspBasicResponse["tbsResponseData"]["responseExtensions"],
-            function ($extension) {
-                return AsnUtil::ID_PKIX_OCSP_NONCE ==
-                    ASN1::getOID($extension["extnId"]);
-            }
-        );
-
-        if (isset($filter[0]["extnValue"])) {
-            $decoded = ASN1::decodeBER($filter[0]["extnValue"]);
-            if(is_array($decoded)) {
-                return ASN1::asn1map($decoded[0], ['type' => ASN1::TYPE_OCTET_STRING]);
-            } else {
-                return $filter[0]["extnValue"];
-            }
-        }
-
-        return null;
+        return AsnUtil::decodeNonceExtension($this->ocspBasicResponse["tbsResponseData"]["responseExtensions"]);
     }
 
     public function getCertID(): array

diff --git a/src/OcspRequest.php b/src/OcspRequest.php
@@ -72,16 +72,8 @@ public function addNonceExtension(string $nonce): void
      */
     public function getNonceExtension(): string
     {
-        $nonce = current(
-            array_filter(
-                $this->ocspRequest["tbsRequest"]["requestExtensions"],
-                function ($extension) {
-                    return AsnUtil::ID_PKIX_OCSP_NONCE == $extension["extnId"];
-                }
-            )
-        )["extnValue"];
-        $decoded = ASN1::decodeBER($nonce);
-        return ASN1::asn1map($decoded[0], ['type' => ASN1::TYPE_OCTET_STRING]);
+        // TODO: the ?? '' is here only for v1.0 API compatibility. Remove this in version 1.2 and change the return type to ?string.
+        return AsnUtil::decodeNonceExtension($this->ocspRequest["tbsRequest"]["requestExtensions"]) ?? '';
     }
 
     public function getEncodeDer(): string

diff --git a/src/util/AsnUtil.php b/src/util/AsnUtil.php
@@ -60,4 +60,32 @@ public static function extractKeyData(string $publicKey): string
         // Remove first byte
         return pack("c*", ...array_slice(unpack("c*", $subjectPublicKey), 1));
     }
+
+    public static function decodeNonceExtension(array $ocspExtensions): ?string
+    {
+        $nonceExtension = current(
+            array_filter(
+                $ocspExtensions,
+                function ($extension) {
+                    return self::ID_PKIX_OCSP_NONCE == ASN1::getOID($extension["extnId"]);
+                }
+            )
+        );
+        if (!$nonceExtension || !isset($nonceExtension["extnValue"])) {
+            return null;
+        }
+
+        $nonceValue = $nonceExtension["extnValue"];
+
+        $decoded = ASN1::decodeBER($nonceValue);
+        if (is_array($decoded)) {
+            // The value was DER-encoded, it is required to be an octet string.
+            $nonceString = ASN1::asn1map($decoded[0], ['type' => ASN1::TYPE_OCTET_STRING]);
+            return is_string($nonceString) ? $nonceString : null;
+        }
+
+        // The value was not DER-encoded, return it as-is.
+        return $nonceValue;
+    }
+
 }