From a2fe39ce23a59cb14aaff153bf48bb2252908342 Mon Sep 17 00:00:00 2001
From: Warren Parad <5056218+wparad@users.noreply.github.com>
Date: Mon, 5 Feb 2024 17:56:58 +0100
Subject: [PATCH] Add missing certification extension type
 LocalIntegerValueBlock

---
 dist/main.cjs                 | 4 +++-
 dist/main.js                  | 4 +++-
 lib/certUtils.js              | 8 ++++++--
 test/certUtils.test.js        | 5 +++++
 test/helpers/fido2-helpers.js | 3 +++
 5 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/dist/main.cjs b/dist/main.cjs
index 0034ea26..1126a1bb 100644
--- a/dist/main.cjs
+++ b/dist/main.cjs
@@ -156,8 +156,10 @@ class Certificate {
 			let kv;
 
 			let v = ext.parsedValue || ext.extnValue;
-			if (v.valueBlock) v = decodeValue(v.valueBlock);
 			try {
+				if (v.valueBlock) {
+					v = decodeValue(v.valueBlock);
+				}
 				kv = resolveOid(ext.extnID, v);
 			} catch (err) {
 				if (ext.critical === false) {
diff --git a/dist/main.js b/dist/main.js
index 81bc3505..e564d2e8 100644
--- a/dist/main.js
+++ b/dist/main.js
@@ -40014,8 +40014,10 @@ class Certificate1 {
         for (const ext of this._cert.extensions){
             let kv;
             let v = ext.parsedValue || ext.extnValue;
-            if (v.valueBlock) v = decodeValue(v.valueBlock);
             try {
+                if (v.valueBlock) {
+                  v = decodeValue(v.valueBlock);
+                }
                 kv = resolveOid(ext.extnID, v);
             } catch (err) {
                 if (ext.critical === false) {
diff --git a/lib/certUtils.js b/lib/certUtils.js
index a8b602fd..555a585f 100644
--- a/lib/certUtils.js
+++ b/lib/certUtils.js
@@ -125,8 +125,10 @@ class Certificate {
 			let kv;
 
 			let v = ext.parsedValue || ext.extnValue;
-			if (v.valueBlock) v = decodeValue(v.valueBlock);
 			try {
+				if (v.valueBlock) {
+					v = decodeValue(v.valueBlock);
+				}
 				kv = resolveOid(ext.extnID, v);
 			} catch (err) {
 				if (ext.critical === false) {
@@ -284,6 +286,8 @@ function decodeValue(valueBlock) {
 	// console.log("blockType", blockType);
 	// console.log("valueBlock", valueBlock);
 	switch (blockType) {
+		case "LocalIntegerValueBlock":
+			return valueBlock.valueDec;
 		case "LocalOctetStringValueBlock":
 			return valueBlock.valueHex;
 		case "LocalUtf8StringValueBlock":
@@ -576,4 +580,4 @@ const helpers = {
 	resolveOid,
 };
 
-export { Certificate, CertManager, CRL, helpers };
\ No newline at end of file
+export { Certificate, CertManager, CRL, helpers };
diff --git a/test/certUtils.test.js b/test/certUtils.test.js
index dae0fdc9..f844043f 100644
--- a/test/certUtils.test.js
+++ b/test/certUtils.test.js
@@ -189,6 +189,11 @@ describe("cert utils", function() {
 				assert.isTrue(u2fTransports.has("usb"));
 			});
 
+			it("does not throw for non-critical extensions, when unknown extension types are included", function() {
+				const cert = new Certificate(h.certs.certificateWithIntegerExtension);
+				const extensions = cert.getExtensions();
+			});
+
 			it("returns correct extensions for root", function() {
 				const cert = new Certificate(h.certs.yubicoRoot);
 				const extensions = cert.getExtensions();
diff --git a/test/helpers/fido2-helpers.js b/test/helpers/fido2-helpers.js
index 0e4b358e..6da696ab 100644
--- a/test/helpers/fido2-helpers.js
+++ b/test/helpers/fido2-helpers.js
@@ -3784,12 +3784,15 @@ const tpmAttestation = new Uint8Array([
 
 const truUCert = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNTekNDQWZLZ0F3SUJBZ0lVVzNYSzh5eXdiQVdsaWdsaXhJRjYzZHZxWXk4d0NnWUlLb1pJemowRUF3SXcKZkRFTE1Ba0dBMVVFQmhNQ1ZWTXhFVEFQQmdOVkJBZ01DRU52Ykc5eVlXUnZNUTh3RFFZRFZRUUhEQVpFWlc1MgpaWEl4RXpBUkJnTlZCQW9NQ2xSeWRWVXNJRWx1WXk0eElqQWdCZ05WQkFzTUdVRjFkR2hsYm5ScFkyRjBiM0lnClFYUjBaWE4wWVhScGIyNHhFREFPQmdOVkJBTU1CM1J5ZFhVdVlXa3dJQmNOTWpNeE1UQXpNakF6TmpVeFdoZ1AKTWpBMU16RXdNall5TURNMk5URmFNSHd4Q3pBSkJnTlZCQVlUQWxWVE1SRXdEd1lEVlFRSURBaERiMnh2Y21GawpiekVQTUEwR0ExVUVCd3dHUkdWdWRtVnlNUk13RVFZRFZRUUtEQXBVY25WVkxDQkpibU11TVNJd0lBWURWUVFMCkRCbEJkWFJvWlc1MGFXTmhkRzl5SUVGMGRHVnpkR0YwYVc5dU1SQXdEZ1lEVlFRRERBZDBjblYxTG1GcE1Ga3cKRXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVOQXZidGNjTXI3ai9TUldtcUlFWlRSV05KeWo2bXNZcgo1bEdlQWdkU0d5QzlPMDM1NlJJZWN1YVZpT3F6MER4Z1MxZi81S1BiWnAxdDB5RDJmVlJYOTZOUU1FNHdIUVlEClZSME9CQllFRkE1dEwxMGc4OHQycVhsUGxoSVNJMmRJemxhVk1COEdBMVVkSXdRWU1CYUFGQTV0TDEwZzg4dDIKcVhsUGxoSVNJMmRJemxhVk1Bd0dBMVVkRXdFQi93UUNNQUF3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnWGZ1dgpqc3ArNHY1aUdPcW5nVWdPZzFobWJnRlBGTWdJanlXeENLcXcvZDhDSUZpbUxOWExESXdBK29JYlAxeU9mcUU4CnhrNnE3LzRMV09WWWtSQUxvQkMyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=";
 
+const certificateWithIntegerExtension = "MIIC7DCCAdSgAwIBAgIJAN1TJeaFJ6cVMA0GCSqGSIb3DQEBCwUAMC4xLDAqBgNVBAMTI1l1YmljbyBVMkYgUm9vdCBDQSBTZXJpYWwgNDU3MjAwNjMxMCAXDTE0MDgwMTAwMDAwMFoYDzIwNTAwOTA0MDAwMDAwWjBvMQswCQYDVQQGEwJTRTESMBAGA1UECgwJWXViaWNvIEFCMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMSgwJgYDVQQDDB9ZdWJpY28gVTJGIEVFIFNlcmlhbCAxNzEzNzIyMzMzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDeoY3vFmcuLvf1SL2oqIV5WaVs9VGyB4GPmtxdHY84v/+R2wtLKvAfjIH9eTIq3+Ev3+UQLipTY0Bb9Xn9Sp3KOBlDCBkTATBgorBgEEAYLECg0BBAUEAwUEAjAQBgkrBgEEAYLECgwEAwIBBDAiBgkrBgEEAYLECgIEFTEuMy42LjEuNC4xLjQxNDgyLjEuNzATBgsrBgEEAYLlHAIBAQQEAwIEMDAhBgsrBgEEAYLlHAEBBAQSBBDB+aC8HdJASrJ/jikEekP9MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAGl5dmZIe5GOHFOAvVUaWFWyet89UCHWKmLBTXXfuoPwYqatxGhVqIeiV4nAuFF127294SzJcMgzycToui5/g8OUonTvs9xWF9yH23fXjGcBWoGErlF7DqkycOz2NtjPhGwEfBnE++0/KRc/IN6bu7u/XPXNwNmCLcg0reERI23NO/ZftcWebjRBCwY3p6l0ahalKmrgqOi7bhU1AjbHmiEvJgeBcpZphS87eikierMO5PmwvdbV3okNseEoaeoHDDQ7Av6RwCtKCXwYupRs6sULgUwo0fz2znURA+zSuTzK4iZ/hmQvRVJtQBPtfpwBEmNEdwwZ1A+VxfspsYzA7AU=";
+
 const certs = {
 	yubiKeyAttestation,
 	yubicoRoot,
 	feitianFido2,
 	tpmAttestation,
 	truUCert,
+	certificateWithIntegerExtension,
 };
 
 /** ******************************************************************************