Home 
username password  
Welcome, Guest.
Your IP: 18.97.14.82
2025-02-10 10:10:41 
 Public Support
 eASN1Error on loading pfx file
Bottom
 
Total posts: 4
 Author eASN1Error on loading pfx file
Dany Marmur

2018-12-18 11:00:13
Registered user
Hello!

I get an eASN1Error with the following message:

'Unidentified type for tPKCS12AttrSet
Add extension marker to allow unidentified types'.

when loading a pfx file i got from one of my clients.

How do i add such an extension?

TIA,

/Dany
Henrick Wibell Hellström

2018-12-18 16:19:47
Registered user
Do you have an ASN.1 definition of the attribute, plus a specification of what role the attribute is supposed to play?

In principle, if the attribute doesn't contain any critical information that would affect the cryptographic processing of the PFX file, you would just have to make a few changes to allow the decoder to parse the attribute. Most attributes are "primitive" which means they only contain a single value of type string, integer, etc. Presuming your attribute is also primitive, then you should make the following modifications to unit StreamSec.DSI.Pkcs12.pas:


  cPKCS12AttrSetIdentifiers: array [0..3{<--}] of ObjectIdentifier = (
    '1.2.840.113549.1.9.20', // pkcs-9-at-friendlyName
    '1.2.840.113549.1.9.21', // pkcs-9-at-localKeyId
    '1.3.6.1.4.1.311.17.1', // {  311 17 1 }
    '' //<-- Add the OID of the new attribute
  );

  cPKCS12AttrSetFieldDefinitions: array [0..3{<--}] of tASN1FieldDefinition = (
    ( fTagDef:
      ( fCls: V_ASN1_UNIVERSAL; fConstructed: False; fTag: V_ASN1_BMPSTRING;
        fTagKind: atkDefault;
        fVarName: ''); //pkcs-9-at-friendlyName
      fOptSpec: aosStatic; fDefaultValue: '';
      fInformationObject: nil;
      fInformationObjectField: '';
      fRange: (fRangeLow: 0; fRangeHigh: MaxInt; fKind: arkNone);
      fClass: tASN1BMPString ),
    ( fTagDef:
      ( fCls: V_ASN1_UNIVERSAL; fConstructed: False; fTag: V_ASN1_OCTET_STRING;
        fTagKind: atkDefault;
        fVarName: ''); //pkcs-9-at-localKeyId
      fOptSpec: aosStatic; fDefaultValue: '';
      fInformationObject: nil;
      fInformationObjectField: '';
      fRange: (fRangeLow: 0; fRangeHigh: MaxInt; fKind: arkNone);
      fClass: tASN1OctetString ),
    ( fTagDef:
      ( fCls: V_ASN1_UNIVERSAL; fConstructed: False; fTag: V_ASN1_BMPSTRING;
        fTagKind: atkDefault;
        fVarName: ''); //{  311 17 1 }
      fOptSpec: aosStatic; fDefaultValue: '';
      fInformationObject: nil;
      fInformationObjectField: '';
      fRange: (fRangeLow: 0; fRangeHigh: MaxInt; fKind: arkNone);
      fClass: tASN1BMPString )
    ( fTagDef:
      ( fCls: V_ASN1_UNIVERSAL; fConstructed: False; fTag: V_ASN1_???;
        fTagKind: atkDefault;
        fVarName: ''); //???
      fOptSpec: aosStatic; fDefaultValue: '';
      fInformationObject: nil;
      fInformationObjectField: '';
      fRange: (fRangeLow: 0; fRangeHigh: MaxInt; fKind: arkNone);
      fClass: tASN1??? )
  );

  cPKCS12AttrSetClassDefinition: tASN1ClassDefinition = (
    fMetaTypeName: 'st-PKCS-12.PKCS12AttrSet';
    fRange: (fRangeLow: 0; fRangeHigh: MaxInt; fKind: arkNone);
    fEnumTypeInfo: nil;
    fTagCount: 1;
    fTags: @cPKCS12AttrSetTagDefinitions;
    fFieldCount: 4; //<---
    fFields: @cPKCS12AttrSetFieldDefinitions;
  );
  cPKCS12AttrSet: pASN1ClassDefinition = @cPKCS12AttrSetClassDefinition;


Then you should make the corresponding, appropriate changes to the declarations of the class tPKCS12AttrSet (add a property), interface iPKCS12AttrSet (add a property) and enumeration tPKCS12AttrSetEnum.
Dany Marmur

2018-12-18 18:38:06
Registered user
Aha! Thanks! /D
Henrick Wibell Hellström

2018-12-18 18:40:25
Registered user
When making modifications like this, you might want to consider declaring and implementing them in a way that will not be overwritten the next time you update StreamSec Tools 4.0.

That is why the GetActualClass method is used internally, and why the classes are registered in the initialization sections, using calls to the class method RegisteredAsMappedClass.

To use this feature, simply declare a tPKCS12AttrSet descendant in one of your own units, override the class function MetaData, and make it return a pointer to your modified cPKCS12AttrSetClassDefinition, as outlined above. Let your new class call RegisterAsMappedClass in the initialization section and UnregisterMappedClass in the finalization section. Then leave unit StreamSec.DSI.Pkcs12 as it was.
Top

:: Written with and Powered by the RealThinClient SDK and StreamSec Tools 4.0::
Copyright (c) Danijel Tkalcec, StreamSec HB