Encode correctly OCSP NONCE extension

WE2-819 Signed-off-by: Raul Metsma <[email protected]>
web-eid · Mar 6, 2024 · a8cdadc · a8cdadc
1 parent d67af07
commit a8cdadc
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/src/OcspRequest.php b/src/OcspRequest.php
@@ -60,7 +60,7 @@ public function addNonceExtension(string $nonce): void
         $nonceExtension = [
             "extnId" => AsnUtil::ID_PKIX_OCSP_NONCE,
             "critical" => false,
-            "extnValue" => $nonce,
+            "extnValue" => ASN1::encodeDER($nonce, ['type' => ASN1::TYPE_OCTET_STRING]),
         ];
         $this->ocspRequest["tbsRequest"][
             "requestExtensions"
@@ -72,14 +72,16 @@ public function addNonceExtension(string $nonce): void
      */
     public function getNonceExtension(): string
     {
-        return current(
+        $nonce = current(
             array_filter(
                 $this->ocspRequest["tbsRequest"]["requestExtensions"],
                 function ($extension) {
                     return AsnUtil::ID_PKIX_OCSP_NONCE == $extension["extnId"];
                 }
             )
         )["extnValue"];
+        $decoded = ASN1::decodeBER($nonce);
+        return ASN1::asn1map($decoded[0], ['type' => ASN1::TYPE_OCTET_STRING]);
     }
 
     public function getEncodeDer(): string

diff --git a/tests/OcspRequestTest.php b/tests/OcspRequestTest.php
@@ -26,6 +26,7 @@
 
 namespace web_eid\ocsp_php;
 
+use phpseclib3\File\ASN1;
 use PHPUnit\Framework\TestCase;
 use ReflectionClass;
 use web_eid\ocsp_php\util\AsnUtil;
@@ -49,7 +50,7 @@ private function getNonce(): array
         return [
             'extnId' => AsnUtil::ID_PKIX_OCSP_NONCE,
             'critical' => false,
-            'extnValue' => "nonce",
+            'extnValue' => ASN1::encodeDER("nonce", ['type' => ASN1::TYPE_OCTET_STRING]),
         ];
     }