From c596078d7aa6bc4f710734781fbebccce9def8e1 Mon Sep 17 00:00:00 2001
From: Kyle <kylekatarnls@users.noreply.github.com>
Date: Tue, 20 Apr 2021 14:28:47 +0200
Subject: [PATCH] Create tbsCertificate/extensions if missing

Fix #1642
Create tbsCertificate/extensions if missing when extensions values are proceeded
---
 phpseclib/File/X509.php                    |  2 +-
 tests/Unit/File/X509/X509ExtensionTest.php | 34 ++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php
index 38e0a97b..88dd1a80 100644
--- a/phpseclib/File/X509.php
+++ b/phpseclib/File/X509.php
@@ -670,7 +670,7 @@ class X509
      */
     private function mapOutExtensions(&$root, $path)
     {
-        $extensions = &$this->subArray($root, $path);
+        $extensions = &$this->subArray($root, $path, true);
 
         foreach ($this->extensionValues as $id => $data) {
             extract($data);
diff --git a/tests/Unit/File/X509/X509ExtensionTest.php b/tests/Unit/File/X509/X509ExtensionTest.php
index 4613d9e3..74a062db 100644
--- a/tests/Unit/File/X509/X509ExtensionTest.php
+++ b/tests/Unit/File/X509/X509ExtensionTest.php
@@ -5,6 +5,7 @@
  * @license   http://www.opensource.org/licenses/mit-license.html  MIT License
  */
 
+use phpseclib3\Crypt\EC;
 use phpseclib3\Crypt\RSA;
 use phpseclib3\File\ASN1;
 use phpseclib3\File\X509;
@@ -114,4 +115,37 @@ class Unit_File_X509_X509ExtensionTest extends PhpseclibTestCase
         X509::registerExtension('bar', ['type' => ASN1::TYPE_OCTET_STRING]);
         X509::registerExtension('bar', ['type' => ASN1::TYPE_ANY]);
     }
+
+    public function testExtensionsAreInitializedIfMissing()
+    {
+        $issuerKey = EC::createKey('ed25519');
+        $subjectKey = EC::createKey('ed25519')->getPublicKey();
+
+        $subject = new X509();
+        $subject->setPublicKey($subjectKey);
+        $subject->setDN(['commonName' => 'subject']);
+
+        $issuer = new X509();
+        $issuer->setPrivateKey($issuerKey);
+        $issuer->setDN(['commonName' => 'issuer']);
+
+        $authority = new X509();
+
+        $authority->setExtensionValue('id-ce-keyUsage', ['digitalSignature']);
+
+        $cert = $authority->saveX509($authority->sign($issuer, $subject));
+
+        $loader = new X509();
+
+        $this->assertSame(
+            [
+                [
+                    'extnId' => 'id-ce-keyUsage',
+                    'critical' => false,
+                    'extnValue' => ['digitalSignature'],
+                ],
+            ],
+            $loader->loadX509($cert)['tbsCertificate']['extensions']
+        );
+    }
 }