LibTLS: Parse Certificate signature algorithm and value

This part of the certificate was originally just skipped, however it will be needed to check the validity of the certificate.
2025-07-27 08:17:35 +00:00 · 2022-02-21 22:14:40 +01:00 · 2022-02-21 22:14:40 +01:00 · d5cef41bb6
commit d5cef41bb6
parent 2b416e5faa
2 changed files with 20 additions and 1 deletions
--- a/Userland/Libraries/LibTLS/Certificate.cpp
+++ b/Userland/Libraries/LibTLS/Certificate.cpp
@ -463,8 +463,25 @@ Optional<Certificate> Certificate::parse_asn1(ReadonlyBytes buffer, bool)
        }
    }

-    // Just ignore the rest of the data for now.
    EXIT_SCOPE("Certificate::TBSCertificate");
+
+    // signature_algorithm
+    {
+        if (!parse_algorithm_identifier(certificate.signature_algorithm).has_value())
+            return {};
+    }
+
+    // signature_value
+    {
+        READ_OBJECT_OR_FAIL(BitString, const BitmapView, value, "Certificate");
+        auto signature_data_result = ByteBuffer::copy(value.data(), value.size_in_bytes());
+        if (signature_data_result.is_error()) {
+            dbgln("Certificate::signature_value: out of memory");
+            return {};
+        }
+        certificate.signature_value = signature_data_result.release_value();
+    }
+
    EXIT_SCOPE("Certificate");

    dbgln_if(TLS_DEBUG, "Certificate issued for {} by {}", certificate.subject.subject, certificate.issuer.subject);
--- a/Userland/Libraries/LibTLS/Certificate.h
+++ b/Userland/Libraries/LibTLS/Certificate.h
@ -53,6 +53,8 @@ public:
    ByteBuffer fingerprint {};
    ByteBuffer der {};
    ByteBuffer data {};
+    CertificateKeyAlgorithm signature_algorithm { CertificateKeyAlgorithm::Unsupported };
+    ByteBuffer signature_value {};

    static Optional<Certificate> parse_asn1(ReadonlyBytes, bool client_cert = false);