Support converting to/from textual IP for subjectAltName extension.

nvdnkpr · Sep 18, 2013 · a09c0a6 · a09c0a6
1 parent 42d1107
commit a09c0a6
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -575,6 +575,9 @@ cert.setExtensions([{
   altNames: [{
     type: 6, // URI
     value: 'http://example.org/webid#me'
+  }, {
+    type: 7, // IP
+    ip: '127.0.0.1'
   }]
 }, {
   name: 'subjectKeyIdentifier'

diff --git a/js/x509.js b/js/x509.js
@@ -783,7 +783,8 @@ var _parseExtensions = function(exts) {
               break;
             // IPAddress
             case 7:
-              // FIXME: convert to IPv4 dotted string/IPv6
+              // convert to IPv4/IPv6 string representation
+              altName.ip = forge.util.bytesToIP(gn.value);
               break;
             // registeredID
             case 8:
@@ -1320,9 +1321,26 @@ pki.createCertificate = function() {
           for(var n = 0; n < e.altNames.length; ++n) {
             altName = e.altNames[n];
             var value = altName.value;
+            // handle IP
+            if(altName.type === 7 && altName.ip) {
+              value = forge.util.bytesFromIP(altName.ip);
+              if(value === null) {
+                throw {
+                  message: 'Extension "ip" value is not a valid IPv4 ' +
+                    'or IPv6 address.',
+                  extension: e
+                };
+              }
+            }
             // handle OID
-            if(altName.type === 8) {
-              value = asn1.oidToDer(value);
+            else if(altName.type === 8) {
+              if(altName.oid) {
+                value = asn1.oidToDer(asn1.oidToDer(altName.oid));
+              }
+              // deprecated ... convert value to OID
+              else {
+                value = asn1.oidToDer(value);
+              }
             }
             e.value.value.push(asn1.create(
               asn1.Class.CONTEXT_SPECIFIC, altName.type, false,

diff --git a/tests/nodejs-create-cert.js b/tests/nodejs-create-cert.js
@@ -63,6 +63,9 @@ cert.setExtensions([{
   altNames: [{
     type: 6, // URI
     value: 'http://example.org/webid#me'
+  }, {
+    type: 7, // IP
+    ip: '127.0.0.1'
   }]
 }, {
   name: 'subjectKeyIdentifier'