@expo/pkcs12 0.0.2 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/index.d.ts +4 -0
- package/build/index.js +44 -14
- package/build/index.js.map +1 -1
- package/package.json +3 -3
package/build/index.d.ts
CHANGED
|
@@ -16,7 +16,11 @@ export declare function getX509Certificate(p12: forge.pkcs12.Pkcs12Pfx): forge.p
|
|
|
16
16
|
* https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.PrivateKeyEntry.html
|
|
17
17
|
*/
|
|
18
18
|
export declare function getX509CertificateByFriendlyName(p12: forge.pkcs12.Pkcs12Pfx, friendlyName: string): forge.pki.Certificate | null;
|
|
19
|
+
export declare function getX509Asn1ByFriendlyName(p12: forge.pkcs12.Pkcs12Pfx, friendlyName: string): forge.asn1.Asn1 | null;
|
|
19
20
|
export declare function parsePKCS12(p12BufferOrBase64String: Buffer | string, maybePassword: string | null): forge.pkcs12.Pkcs12Pfx;
|
|
21
|
+
export declare function getAsn1Hash(asn1: forge.asn1.Asn1, { hashAlgorithm, }: {
|
|
22
|
+
hashAlgorithm?: string;
|
|
23
|
+
}): string;
|
|
20
24
|
export declare function getCertificateFingerprint(certificate: forge.pki.Certificate, { hashAlgorithm, }: {
|
|
21
25
|
hashAlgorithm?: string;
|
|
22
26
|
}): string;
|
package/build/index.js
CHANGED
|
@@ -3,6 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.getCertificateFingerprint = exports.getAsn1Hash = exports.parsePKCS12 = exports.getX509Asn1ByFriendlyName = exports.getX509CertificateByFriendlyName = exports.getX509Certificate = exports.getFormattedSerialNumber = void 0;
|
|
6
7
|
const crypto_1 = __importDefault(require("crypto"));
|
|
7
8
|
const node_forge_1 = __importDefault(require("node-forge"));
|
|
8
9
|
/**
|
|
@@ -23,11 +24,7 @@ function getX509Certificate(p12) {
|
|
|
23
24
|
if (!bags || bags.length === 0) {
|
|
24
25
|
throw new Error(`PKCS12: No certificates found`);
|
|
25
26
|
}
|
|
26
|
-
|
|
27
|
-
if (!certificate) {
|
|
28
|
-
throw new Error('PKCS12: bag is not a certificate');
|
|
29
|
-
}
|
|
30
|
-
return certificate;
|
|
27
|
+
return getX509CertificateFromBag(bags[0]);
|
|
31
28
|
}
|
|
32
29
|
exports.getX509Certificate = getX509Certificate;
|
|
33
30
|
/**
|
|
@@ -38,17 +35,44 @@ exports.getX509Certificate = getX509Certificate;
|
|
|
38
35
|
*/
|
|
39
36
|
function getX509CertificateByFriendlyName(p12, friendlyName) {
|
|
40
37
|
const certBagType = node_forge_1.default.pki.oids.certBag;
|
|
41
|
-
|
|
38
|
+
// node-forge converts friendly names to lowercase, so we search by lowercase
|
|
39
|
+
const bags = p12.getBags({ friendlyName: friendlyName.toLowerCase(), bagType: certBagType })
|
|
40
|
+
.friendlyName;
|
|
42
41
|
if (!bags || bags.length === 0) {
|
|
43
42
|
return null;
|
|
44
43
|
}
|
|
45
|
-
|
|
46
|
-
|
|
44
|
+
return getX509CertificateFromBag(bags[0]);
|
|
45
|
+
}
|
|
46
|
+
exports.getX509CertificateByFriendlyName = getX509CertificateByFriendlyName;
|
|
47
|
+
function getX509CertificateFromBag(bag) {
|
|
48
|
+
const { cert, asn1 } = bag;
|
|
49
|
+
if (!cert && asn1) {
|
|
50
|
+
// if asn1 is present but certificate isnt, the certificate type was unknown
|
|
51
|
+
// github.com/digitalbazaar/forge/blob/1887cfce43a8f5ca9cb5c256168cf12ce1715ecf/lib/pkcs12.js#L703
|
|
52
|
+
throw new Error('PKCS12: unknown X.509 certificate type');
|
|
53
|
+
}
|
|
54
|
+
if (!cert) {
|
|
47
55
|
throw new Error('PKCS12: bag is not a certificate');
|
|
48
56
|
}
|
|
49
|
-
return
|
|
57
|
+
return cert;
|
|
50
58
|
}
|
|
51
|
-
|
|
59
|
+
function getX509Asn1ByFriendlyName(p12, friendlyName) {
|
|
60
|
+
const certBagType = node_forge_1.default.pki.oids.certBag;
|
|
61
|
+
// node-forge converts friendly names to lowercase, so we search by lowercase
|
|
62
|
+
const bags = p12.getBags({ friendlyName: friendlyName.toLowerCase(), bagType: certBagType })
|
|
63
|
+
.friendlyName;
|
|
64
|
+
if (!bags || bags.length === 0) {
|
|
65
|
+
return null;
|
|
66
|
+
}
|
|
67
|
+
const { cert, asn1 } = bags[0];
|
|
68
|
+
if (cert) {
|
|
69
|
+
return node_forge_1.default.pki.certificateToAsn1(cert);
|
|
70
|
+
}
|
|
71
|
+
// if asn1 is present but certificate isnt, the certificate type was unknown
|
|
72
|
+
// github.com/digitalbazaar/forge/blob/1887cfce43a8f5ca9cb5c256168cf12ce1715ecf/lib/pkcs12.js#L703
|
|
73
|
+
return asn1 !== null && asn1 !== void 0 ? asn1 : null;
|
|
74
|
+
}
|
|
75
|
+
exports.getX509Asn1ByFriendlyName = getX509Asn1ByFriendlyName;
|
|
52
76
|
function parsePKCS12(p12BufferOrBase64String, maybePassword) {
|
|
53
77
|
const base64EncodedP12 = Buffer.isBuffer(p12BufferOrBase64String)
|
|
54
78
|
? p12BufferOrBase64String.toString('base64')
|
|
@@ -69,13 +93,19 @@ function getHash(data, { hashAlgorithm, hashEncoding, inputEncoding, }) {
|
|
|
69
93
|
}
|
|
70
94
|
return hash.digest(hashEncoding !== null && hashEncoding !== void 0 ? hashEncoding : 'hex');
|
|
71
95
|
}
|
|
72
|
-
function
|
|
73
|
-
const
|
|
74
|
-
const certDer = node_forge_1.default.asn1.toDer(certAsn1).getBytes(); // binary encoded string
|
|
96
|
+
function getAsn1Hash(asn1, { hashAlgorithm, }) {
|
|
97
|
+
const certDer = node_forge_1.default.asn1.toDer(asn1).getBytes(); // binary encoded string
|
|
75
98
|
return getHash(certDer, {
|
|
76
99
|
hashAlgorithm,
|
|
77
100
|
hashEncoding: 'hex',
|
|
78
|
-
inputEncoding: 'latin1',
|
|
101
|
+
inputEncoding: 'latin1', // latin1 is an alias for binary
|
|
102
|
+
});
|
|
103
|
+
}
|
|
104
|
+
exports.getAsn1Hash = getAsn1Hash;
|
|
105
|
+
function getCertificateFingerprint(certificate, { hashAlgorithm, }) {
|
|
106
|
+
const certAsn1 = node_forge_1.default.pki.certificateToAsn1(certificate);
|
|
107
|
+
return getAsn1Hash(certAsn1, {
|
|
108
|
+
hashAlgorithm,
|
|
79
109
|
});
|
|
80
110
|
}
|
|
81
111
|
exports.getCertificateFingerprint = getCertificateFingerprint;
|
package/build/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;AAAA,oDAAkF;AAClF,4DAA+B;AAE/B;;GAEG;AACH,SAAgB,wBAAwB,CAAC,WAAkC;IACzE,MAAM,EAAE,YAAY,EAAE,GAAG,WAAW,CAAC;IACrC,OAAO,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7E,CAAC;AAHD,4DAGC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,GAA2B;IAC5D,MAAM,WAAW,GAAG,oBAAK,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC;IAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,CAAC,CAAC;IAChE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE;QAC9B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IACD,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5C,CAAC;AAPD,gDAOC;AAED;;;;;GAKG;AACH,SAAgB,gCAAgC,CAC9C,GAA2B,EAC3B,YAAoB;IAEpB,MAAM,WAAW,GAAG,oBAAK,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC;IAC3C,6EAA6E;IAC7E,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,YAAY,CAAC,WAAW,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;SACzF,YAAY,CAAC;IAChB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE;QAC9B,OAAO,IAAI,CAAC;KACb;IACD,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5C,CAAC;AAZD,4EAYC;AAED,SAAS,yBAAyB,CAAC,GAAqB;IACtD,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IAC3B,IAAI,CAAC,IAAI,IAAI,IAAI,EAAE;QACjB,4EAA4E;QAC5E,kGAAkG;QAClG,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;KAC3D;IACD,IAAI,CAAC,IAAI,EAAE;QACT,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;KACrD;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,yBAAyB,CACvC,GAA2B,EAC3B,YAAoB;IAEpB,MAAM,WAAW,GAAG,oBAAK,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC;IAC3C,6EAA6E;IAC7E,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,YAAY,CAAC,WAAW,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;SACzF,YAAY,CAAC;IAChB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE;QAC9B,OAAO,IAAI,CAAC;KACb;IACD,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAC/B,IAAI,IAAI,EAAE;QACR,OAAO,oBAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;KAC1C;IACD,4EAA4E;IAC5E,kGAAkG;IAClG,OAAO,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,IAAI,CAAC;AACtB,CAAC;AAlBD,8DAkBC;AAED,SAAgB,WAAW,CACzB,uBAAwC,EACxC,aAA4B;IAE5B,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAC;QAC/D,CAAC,CAAC,uBAAuB,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC5C,CAAC,CAAC,uBAAuB,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAM,CAAC,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,oBAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,oBAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3C,OAAO,oBAAK,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AACxD,CAAC;AAXD,kCAWC;AAED,SAAS,OAAO,CACd,IAAY,EACZ,EACE,aAAa,EACb,YAAY,EACZ,aAAa,GAKd;IAED,MAAM,IAAI,GAAG,gBAAM,CAAC,UAAU,CAAC,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,MAAM,CAAC,CAAC;IACxD,IAAI,aAAa,EAAE;QACjB,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;KAClC;SAAM;QACL,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,mCAAmC;KACvD;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,aAAZ,YAAY,cAAZ,YAAY,GAAI,KAAK,CAAC,CAAC;AAC5C,CAAC;AAED,SAAgB,WAAW,CACzB,IAAqB,EACrB,EACE,aAAa,GAGd;IAED,MAAM,OAAO,GAAG,oBAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,wBAAwB;IAC3E,OAAO,OAAO,CAAC,OAAO,EAAE;QACtB,aAAa;QACb,YAAY,EAAE,KAAK;QACnB,aAAa,EAAE,QAAQ,EAAE,gCAAgC;KAC1D,CAAC,CAAC;AACL,CAAC;AAdD,kCAcC;AAED,SAAgB,yBAAyB,CACvC,WAAkC,EAClC,EACE,aAAa,GAGd;IAED,MAAM,QAAQ,GAAG,oBAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAC1D,OAAO,WAAW,CAAC,QAAQ,EAAE;QAC3B,aAAa;KACd,CAAC,CAAC;AACL,CAAC;AAZD,8DAYC","sourcesContent":["import crypto, { HexBase64Latin1Encoding, Utf8AsciiLatin1Encoding } from 'crypto';\nimport forge from 'node-forge';\n\n/**\n * Returns the serial number of the given X.509 certificate as an uppercased hexadecimal string\n */\nexport function getFormattedSerialNumber(certificate: forge.pki.Certificate): string | null {\n const { serialNumber } = certificate;\n return serialNumber ? serialNumber.replace(/^0+/, '').toUpperCase() : null;\n}\n\n/**\n * Extracts a certificate from PKCS#12\n * This is assumed to be a conventional PKCS#12 where there is exactly one certificate and one key\n */\nexport function getX509Certificate(p12: forge.pkcs12.Pkcs12Pfx): forge.pki.Certificate {\n const certBagType = forge.pki.oids.certBag;\n const bags = p12.getBags({ bagType: certBagType })[certBagType];\n if (!bags || bags.length === 0) {\n throw new Error(`PKCS12: No certificates found`);\n }\n return getX509CertificateFromBag(bags[0]);\n}\n\n/**\n * Extracts a certificate from PKCS#12\n * This is assumed to be a PKCS#12 containing a keystore where the friendlyName (alias) contains a PrivateKeyEntry\n * A PrivateKeyEntry contains exactly one certificate and one key\n * https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.PrivateKeyEntry.html\n */\nexport function getX509CertificateByFriendlyName(\n p12: forge.pkcs12.Pkcs12Pfx,\n friendlyName: string\n): forge.pki.Certificate | null {\n const certBagType = forge.pki.oids.certBag;\n // node-forge converts friendly names to lowercase, so we search by lowercase\n const bags = p12.getBags({ friendlyName: friendlyName.toLowerCase(), bagType: certBagType })\n .friendlyName;\n if (!bags || bags.length === 0) {\n return null;\n }\n return getX509CertificateFromBag(bags[0]);\n}\n\nfunction getX509CertificateFromBag(bag: forge.pkcs12.Bag): forge.pki.Certificate {\n const { cert, asn1 } = bag;\n if (!cert && asn1) {\n // if asn1 is present but certificate isnt, the certificate type was unknown\n // github.com/digitalbazaar/forge/blob/1887cfce43a8f5ca9cb5c256168cf12ce1715ecf/lib/pkcs12.js#L703\n throw new Error('PKCS12: unknown X.509 certificate type');\n }\n if (!cert) {\n throw new Error('PKCS12: bag is not a certificate');\n }\n return cert;\n}\n\nexport function getX509Asn1ByFriendlyName(\n p12: forge.pkcs12.Pkcs12Pfx,\n friendlyName: string\n): forge.asn1.Asn1 | null {\n const certBagType = forge.pki.oids.certBag;\n // node-forge converts friendly names to lowercase, so we search by lowercase\n const bags = p12.getBags({ friendlyName: friendlyName.toLowerCase(), bagType: certBagType })\n .friendlyName;\n if (!bags || bags.length === 0) {\n return null;\n }\n const { cert, asn1 } = bags[0];\n if (cert) {\n return forge.pki.certificateToAsn1(cert);\n }\n // if asn1 is present but certificate isnt, the certificate type was unknown\n // github.com/digitalbazaar/forge/blob/1887cfce43a8f5ca9cb5c256168cf12ce1715ecf/lib/pkcs12.js#L703\n return asn1 ?? null;\n}\n\nexport function parsePKCS12(\n p12BufferOrBase64String: Buffer | string,\n maybePassword: string | null\n): forge.pkcs12.Pkcs12Pfx {\n const base64EncodedP12 = Buffer.isBuffer(p12BufferOrBase64String)\n ? p12BufferOrBase64String.toString('base64')\n : p12BufferOrBase64String;\n const password = String(maybePassword ?? '');\n const p12Der = forge.util.decode64(base64EncodedP12);\n const p12Asn1 = forge.asn1.fromDer(p12Der);\n return forge.pkcs12.pkcs12FromAsn1(p12Asn1, password);\n}\n\nfunction getHash(\n data: string,\n {\n hashAlgorithm,\n hashEncoding,\n inputEncoding,\n }: {\n hashAlgorithm?: string;\n hashEncoding?: HexBase64Latin1Encoding;\n inputEncoding?: Utf8AsciiLatin1Encoding;\n }\n): string {\n const hash = crypto.createHash(hashAlgorithm ?? 'sha1');\n if (inputEncoding) {\n hash.update(data, inputEncoding);\n } else {\n hash.update(data); // use Node's default inputEncoding\n }\n return hash.digest(hashEncoding ?? 'hex');\n}\n\nexport function getAsn1Hash(\n asn1: forge.asn1.Asn1,\n {\n hashAlgorithm,\n }: {\n hashAlgorithm?: string;\n }\n): string {\n const certDer = forge.asn1.toDer(asn1).getBytes(); // binary encoded string\n return getHash(certDer, {\n hashAlgorithm,\n hashEncoding: 'hex',\n inputEncoding: 'latin1', // latin1 is an alias for binary\n });\n}\n\nexport function getCertificateFingerprint(\n certificate: forge.pki.Certificate,\n {\n hashAlgorithm,\n }: {\n hashAlgorithm?: string;\n }\n): string {\n const certAsn1 = forge.pki.certificateToAsn1(certificate);\n return getAsn1Hash(certAsn1, {\n hashAlgorithm,\n });\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@expo/pkcs12",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.6",
|
|
4
4
|
"description": "PKCS#12 Utilities for Node.js",
|
|
5
5
|
"main": "build/index.js",
|
|
6
6
|
"scripts": {
|
|
7
|
-
"watch": "tsc --watch",
|
|
7
|
+
"watch": "tsc --watch --preserveWatchOutput",
|
|
8
8
|
"build": "tsc",
|
|
9
9
|
"prepare": "yarn build",
|
|
10
10
|
"lint": "eslint .",
|
|
@@ -22,7 +22,7 @@
|
|
|
22
22
|
"bugs": {
|
|
23
23
|
"url": "https://github.com/expo/expo-cli/issues"
|
|
24
24
|
},
|
|
25
|
-
"homepage": "https://github.com/expo/expo-cli/tree/
|
|
25
|
+
"homepage": "https://github.com/expo/expo-cli/tree/main/packages/pkcs12#readme",
|
|
26
26
|
"files": [
|
|
27
27
|
"build"
|
|
28
28
|
],
|