Fix malformed OCSP request:

Mihkel Kivisild · Mihkel Kivisild · commit a93710821042 · 2024-11-04T11:48:20.000+02:00
- Remove empty arrays from request
- Array will be created when value is added to it
- Always having an empty array leads to additional nodes in request that are considered malformed

Signed-off-by: Kai Hölscher 51371415+hoels@users.noreply.github.com
Co-authored-by: Mihkel Kivisild &lt;mihkel.kivisild@cgi.com&gt;
diff --git a/src/ocsp/OcspRequest.php b/src/ocsp/OcspRequest.php
@@ -32,7 +32,7 @@
 
 class OcspRequest
 {
-    private array $ocspRequest = [];
+    private array $ocspRequest;
 
     public function __construct()
     {
@@ -41,8 +41,6 @@ public function __construct()
         $this->ocspRequest = [
             "tbsRequest" => [
                 "version" => "v1",
-                "requestList" => [],
-                "requestExtensions" => [],
             ],
         ];
     }
@@ -62,18 +60,16 @@ public function addNonceExtension(string $nonce): void
             "critical" => false,
             "extnValue" => ASN1::encodeDER($nonce, ['type' => ASN1::TYPE_OCTET_STRING]),
         ];
-        $this->ocspRequest["tbsRequest"][
-            "requestExtensions"
-        ][] = $nonceExtension;
+        $this->ocspRequest["tbsRequest"]["requestExtensions"][] = $nonceExtension;
     }
 
     /**
      * @copyright 2022 Petr Muzikant pmuzikant@email.cz
      */
-    public function getNonceExtension(): string
+    public function getNonceExtension(): ?string
     {
         // TODO: the ?? '' is here only for v1.0 API compatibility. Remove this in version 1.2 and change the return type to ?string.
-        return AsnUtil::decodeNonceExtension($this->ocspRequest["tbsRequest"]["requestExtensions"]) ?? '';
+        return AsnUtil::decodeNonceExtension($this->ocspRequest["tbsRequest"]["requestExtensions"] ?? []);
     }
 
     public function getEncodeDer(): string
diff --git a/tests/ocsp/OcspRequestTest.php b/tests/ocsp/OcspRequestTest.php
@@ -39,8 +39,6 @@ private function getRequest(): array
         return [
             'tbsRequest' => [
                 'version' => 'v1',
-                'requestList' => [],
-                'requestExtensions' => [],
             ],
         ];
     }

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@`
`32`	`32`
`33`	`33`	`class OcspRequest`
`34`	`34`	`{`
`35`		`- private array $ocspRequest = [];`
	`35`	`+ private array $ocspRequest;`
`36`	`36`
`37`	`37`	`public function __construct()`
`38`	`38`	`{`
`@@ -41,8 +41,6 @@ public function __construct()`
`41`	`41`	`$this->ocspRequest = [`
`42`	`42`	`"tbsRequest" => [`
`43`	`43`	`"version" => "v1",`
`44`		`- "requestList" => [],`
`45`		`- "requestExtensions" => [],`
`46`	`44`	`],`
`47`	`45`	`];`
`48`	`46`	`}`
`@@ -62,18 +60,16 @@ public function addNonceExtension(string $nonce): void`
`62`	`60`	`"critical" => false,`
`63`	`61`	`"extnValue" => ASN1::encodeDER($nonce, ['type' => ASN1::TYPE_OCTET_STRING]),`
`64`	`62`	`];`
`65`		`- $this->ocspRequest["tbsRequest"][`
`66`		`- "requestExtensions"`
`67`		`- ][] = $nonceExtension;`
	`63`	`+ $this->ocspRequest["tbsRequest"]["requestExtensions"][] = $nonceExtension;`
`68`	`64`	`}`
`69`	`65`
`70`	`66`	`/**`
`71`	`67`	`* @copyright 2022 Petr Muzikant [email protected]`
`72`	`68`	`*/`
`73`		`- public function getNonceExtension(): string`
	`69`	`+ public function getNonceExtension(): ?string`
`74`	`70`	`{`
`75`	`71`	`// TODO: the ?? '' is here only for v1.0 API compatibility. Remove this in version 1.2 and change the return type to ?string.`
`76`		`- return AsnUtil::decodeNonceExtension($this->ocspRequest["tbsRequest"]["requestExtensions"]) ?? '';`
	`72`	`+ return AsnUtil::decodeNonceExtension($this->ocspRequest["tbsRequest"]["requestExtensions"] ?? []);`
`77`	`73`	`}`
`78`	`74`
`79`	`75`	`public function getEncodeDer(): string`
Original file line number	Diff line number	Diff line change
`@@ -39,8 +39,6 @@ private function getRequest(): array`
`39`	`39`	`return [`
`40`	`40`	`'tbsRequest' => [`
`41`	`41`	`'version' => 'v1',`
`42`		`- 'requestList' => [],`
`43`		`- 'requestExtensions' => [],`
`44`	`42`	`],`
`45`	`43`	`];`
`46`	`44`	`}`