@gjsify/crypto 0.3.16 → 0.3.18

package/lib/esm/asn1.js

@@ -1,630 +1,2 @@
-import { Buffer } from "node:buffer";
-
-//#region src/asn1.ts
-/**
-* Strip PEM armor (header/footer lines), base64-decode the body to DER bytes.
-*/
-function pemToDer(pem) {
-	const lines = pem.trim().split(/\r?\n/);
-	const headerIdx = lines.findIndex((l) => l.startsWith("-----BEGIN "));
-	if (headerIdx === -1) {
-		throw new Error("Invalid PEM: no BEGIN line found");
-	}
-	const headerLine = lines[headerIdx];
-	const headerMatch = headerLine.match(/^-----BEGIN (.+)-----$/);
-	if (!headerMatch) {
-		throw new Error("Invalid PEM header format");
-	}
-	const type = headerMatch[1];
-	const footerIdx = lines.findIndex((l, i) => i > headerIdx && l.startsWith("-----END "));
-	if (footerIdx === -1) {
-		throw new Error("Invalid PEM: no END line found");
-	}
-	const base64Body = lines.slice(headerIdx + 1, footerIdx).join("");
-	const der = Buffer.from(base64Body, "base64");
-	return {
-		type,
-		der: new Uint8Array(der.buffer, der.byteOffset, der.byteLength)
-	};
-}
-/** ASN.1 tag constants */
-const ASN1_INTEGER = 2;
-const ASN1_BIT_STRING = 3;
-const ASN1_OCTET_STRING = 4;
-const ASN1_NULL = 5;
-const ASN1_OID = 6;
-const ASN1_SEQUENCE = 48;
-/**
-* Parse one TLV (tag-length-value) from the DER buffer starting at `offset`.
-* Returns the parsed value and the new offset past it.
-*/
-function parseTlv(buf, offset) {
-	if (offset >= buf.length) {
-		throw new Error("ASN.1 parse error: unexpected end of data");
-	}
-	const tag = buf[offset++];
-	let length;
-	const firstLenByte = buf[offset++];
-	if (firstLenByte < 128) {
-		length = firstLenByte;
-	} else {
-		const numLenBytes = firstLenByte & 127;
-		if (numLenBytes === 0) {
-			throw new Error("ASN.1 parse error: indefinite length not supported");
-		}
-		length = 0;
-		for (let i = 0; i < numLenBytes; i++) {
-			length = length << 8 | buf[offset++];
-		}
-	}
-	const data = buf.slice(offset, offset + length);
-	const next = offset + length;
-	const result = {
-		tag,
-		data
-	};
-	if (tag === ASN1_SEQUENCE) {
-		result.children = parseSequenceChildren(data);
-	}
-	return {
-		value: result,
-		next
-	};
-}
-/**
-* Parse all TLV children within a SEQUENCE's data bytes.
-*/
-function parseSequenceChildren(data) {
-	const children = [];
-	let pos = 0;
-	while (pos < data.length) {
-		const { value, next } = parseTlv(data, pos);
-		children.push(value);
-		pos = next;
-	}
-	return children;
-}
-/**
-* Parse the entire DER buffer as a single top-level TLV.
-*/
-function parseDer(buf) {
-	const { value } = parseTlv(buf, 0);
-	return value;
-}
-/**
-* Convert an ASN.1 INTEGER's raw data bytes to a non-negative BigInt.
-* ASN.1 INTEGERs are big-endian two's-complement. For RSA keys all values
-* are positive, so we just strip any leading 0x00 padding byte.
-*/
-function integerToBigInt(data) {
-	let start = 0;
-	while (start < data.length - 1 && data[start] === 0) {
-		start++;
-	}
-	let result = 0n;
-	for (let i = start; i < data.length; i++) {
-		result = result << 8n | BigInt(data[i]);
-	}
-	return result;
-}
-/** RSA encryption OID: 1.2.840.113549.1.1.1 */
-const RSA_OID = new Uint8Array([
-	42,
-	134,
-	72,
-	134,
-	247,
-	13,
-	1,
-	1,
-	1
-]);
-function oidsEqual(a, b) {
-	if (a.length !== b.length) return false;
-	for (let i = 0; i < a.length; i++) {
-		if (a[i] !== b[i]) return false;
-	}
-	return true;
-}
-/**
-* Parse PKCS#1 RSAPublicKey:
-*   SEQUENCE { INTEGER n, INTEGER e }
-*/
-function parseRsaPublicKeyPkcs1(seq) {
-	const children = seq.children;
-	if (!children || children.length < 2) {
-		throw new Error("Invalid PKCS#1 RSAPublicKey structure");
-	}
-	return {
-		n: integerToBigInt(children[0].data),
-		e: integerToBigInt(children[1].data)
-	};
-}
-/**
-* Parse PKCS#1 RSAPrivateKey:
-*   SEQUENCE {
-*     INTEGER version,
-*     INTEGER n,
-*     INTEGER e,
-*     INTEGER d,
-*     INTEGER p,
-*     INTEGER q,
-*     INTEGER dp,
-*     INTEGER dq,
-*     INTEGER qi
-*   }
-*/
-function parseRsaPrivateKeyPkcs1(seq) {
-	const children = seq.children;
-	if (!children || children.length < 6) {
-		throw new Error("Invalid PKCS#1 RSAPrivateKey structure");
-	}
-	return {
-		n: integerToBigInt(children[1].data),
-		e: integerToBigInt(children[2].data),
-		d: integerToBigInt(children[3].data),
-		p: integerToBigInt(children[4].data),
-		q: integerToBigInt(children[5].data)
-	};
-}
-/**
-* Parse PKCS#8 SubjectPublicKeyInfo:
-*   SEQUENCE {
-*     SEQUENCE { OID algorithm, NULL }     -- AlgorithmIdentifier
-*     BIT STRING                            -- wraps PKCS#1 RSAPublicKey
-*   }
-*/
-function parseSubjectPublicKeyInfo(seq) {
-	const children = seq.children;
-	if (!children || children.length < 2) {
-		throw new Error("Invalid SubjectPublicKeyInfo structure");
-	}
-	const algIdSeq = children[0];
-	if (!algIdSeq.children || algIdSeq.children.length < 1) {
-		throw new Error("Invalid AlgorithmIdentifier");
-	}
-	const oid = algIdSeq.children[0];
-	if (oid.tag !== ASN1_OID || !oidsEqual(oid.data, RSA_OID)) {
-		throw new Error("Unsupported algorithm: only RSA is supported");
-	}
-	const bitString = children[1];
-	if (bitString.tag !== ASN1_BIT_STRING) {
-		throw new Error("Expected BIT STRING for public key data");
-	}
-	const innerDer = bitString.data.slice(1);
-	const innerSeq = parseDer(innerDer);
-	return parseRsaPublicKeyPkcs1(innerSeq);
-}
-/**
-* Parse PKCS#8 PrivateKeyInfo:
-*   SEQUENCE {
-*     INTEGER version,
-*     SEQUENCE { OID algorithm, NULL }     -- AlgorithmIdentifier
-*     OCTET STRING                          -- wraps PKCS#1 RSAPrivateKey
-*   }
-*/
-function parsePrivateKeyInfo(seq) {
-	const children = seq.children;
-	if (!children || children.length < 3) {
-		throw new Error("Invalid PrivateKeyInfo structure");
-	}
-	const algIdSeq = children[1];
-	if (!algIdSeq.children || algIdSeq.children.length < 1) {
-		throw new Error("Invalid AlgorithmIdentifier");
-	}
-	const oid = algIdSeq.children[0];
-	if (oid.tag !== ASN1_OID || !oidsEqual(oid.data, RSA_OID)) {
-		throw new Error("Unsupported algorithm: only RSA is supported");
-	}
-	const octetString = children[2];
-	if (octetString.tag !== ASN1_OCTET_STRING) {
-		throw new Error("Expected OCTET STRING for private key data");
-	}
-	const innerSeq = parseDer(octetString.data);
-	return parseRsaPrivateKeyPkcs1(innerSeq);
-}
-/**
-* Encode a length value in DER format.
-*/
-function encodeLength(length) {
-	if (length < 128) {
-		return new Uint8Array([length]);
-	}
-	const bytes = [];
-	let val = length;
-	while (val > 0) {
-		bytes.unshift(val & 255);
-		val >>= 8;
-	}
-	return new Uint8Array([128 | bytes.length, ...bytes]);
-}
-/**
-* Encode a TLV (tag-length-value).
-*/
-function encodeTlv(tag, data) {
-	const len = encodeLength(data.length);
-	const result = new Uint8Array(1 + len.length + data.length);
-	result[0] = tag;
-	result.set(len, 1);
-	result.set(data, 1 + len.length);
-	return result;
-}
-/**
-* Encode a BigInt as an ASN.1 INTEGER.
-*/
-function bigintToAsn1Integer(value) {
-	if (value === 0n) {
-		return encodeTlv(ASN1_INTEGER, new Uint8Array([0]));
-	}
-	const hex = value.toString(16);
-	const paddedHex = hex.length % 2 ? "0" + hex : hex;
-	const bytes = [];
-	for (let i = 0; i < paddedHex.length; i += 2) {
-		bytes.push(parseInt(paddedHex.substring(i, i + 2), 16));
-	}
-	if (bytes[0] & 128) {
-		bytes.unshift(0);
-	}
-	return encodeTlv(ASN1_INTEGER, new Uint8Array(bytes));
-}
-/**
-* Encode an ASN.1 SEQUENCE from its children.
-*/
-function encodeSequence(children) {
-	let totalLen = 0;
-	for (const child of children) totalLen += child.length;
-	const data = new Uint8Array(totalLen);
-	let offset = 0;
-	for (const child of children) {
-		data.set(child, offset);
-		offset += child.length;
-	}
-	return encodeTlv(ASN1_SEQUENCE, data);
-}
-/**
-* Encode an ASN.1 BIT STRING (with 0 unused bits).
-*/
-function encodeBitString(data) {
-	const inner = new Uint8Array(1 + data.length);
-	inner[0] = 0;
-	inner.set(data, 1);
-	return encodeTlv(ASN1_BIT_STRING, inner);
-}
-/**
-* Encode an ASN.1 OCTET STRING.
-*/
-function encodeOctetString(data) {
-	return encodeTlv(ASN1_OCTET_STRING, data);
-}
-/**
-* Encode an ASN.1 OID.
-*/
-function encodeOid(oidBytes) {
-	return encodeTlv(ASN1_OID, oidBytes);
-}
-/**
-* Encode ASN.1 NULL.
-*/
-function encodeNull() {
-	return new Uint8Array([ASN1_NULL, 0]);
-}
-/**
-* Encode RSA public key components as PKCS#1 RSAPublicKey DER.
-*/
-function encodeRsaPublicKeyPkcs1(components) {
-	return encodeSequence([bigintToAsn1Integer(components.n), bigintToAsn1Integer(components.e)]);
-}
-/**
-* Encode RSA public key as PKCS#8 SubjectPublicKeyInfo DER.
-*/
-function encodeSubjectPublicKeyInfo(components) {
-	const algorithmId = encodeSequence([encodeOid(RSA_OID), encodeNull()]);
-	const rsaPublicKey = encodeRsaPublicKeyPkcs1(components);
-	const bitString = encodeBitString(rsaPublicKey);
-	return encodeSequence([algorithmId, bitString]);
-}
-/**
-* Encode RSA private key components as PKCS#1 RSAPrivateKey DER.
-*/
-function encodeRsaPrivateKeyPkcs1(components) {
-	const dp = components.d % (components.p - 1n);
-	const dq = components.d % (components.q - 1n);
-	const qi = modInverse(components.q, components.p);
-	return encodeSequence([
-		bigintToAsn1Integer(0n),
-		bigintToAsn1Integer(components.n),
-		bigintToAsn1Integer(components.e),
-		bigintToAsn1Integer(components.d),
-		bigintToAsn1Integer(components.p),
-		bigintToAsn1Integer(components.q),
-		bigintToAsn1Integer(dp),
-		bigintToAsn1Integer(dq),
-		bigintToAsn1Integer(qi)
-	]);
-}
-/**
-* Encode RSA private key as PKCS#8 PrivateKeyInfo DER.
-*/
-function encodePrivateKeyInfo(components) {
-	const algorithmId = encodeSequence([encodeOid(RSA_OID), encodeNull()]);
-	const rsaPrivateKey = encodeRsaPrivateKeyPkcs1(components);
-	const octetString = encodeOctetString(rsaPrivateKey);
-	return encodeSequence([
-		bigintToAsn1Integer(0n),
-		algorithmId,
-		octetString
-	]);
-}
-/**
-* Convert DER bytes to PEM string.
-*/
-function derToPem(der, type) {
-	const base64 = Buffer.from(der).toString("base64");
-	const lines = [`-----BEGIN ${type}-----`];
-	for (let i = 0; i < base64.length; i += 64) {
-		lines.push(base64.substring(i, i + 64));
-	}
-	lines.push(`-----END ${type}-----`);
-	return lines.join("\n");
-}
-/**
-* Modular inverse: a^(-1) mod m using extended Euclidean algorithm.
-*/
-function modInverse(a, m) {
-	let [old_r, r] = [a % m, m];
-	let [old_s, s] = [1n, 0n];
-	while (r !== 0n) {
-		const q = old_r / r;
-		[old_r, r] = [r, old_r - q * r];
-		[old_s, s] = [s, old_s - q * s];
-	}
-	return (old_s % m + m) % m;
-}
-/**
-* Parse an X.509 certificate from PEM or DER.
-*/
-function parseX509(pem) {
-	const { der } = pemToDer(pem);
-	return parseX509Der(der);
-}
-/**
-* Parse an X.509 certificate from DER bytes.
-*/
-function parseX509Der(der) {
-	const root = parseDer(der);
-	if (root.tag !== ASN1_SEQUENCE || !root.children || root.children.length < 3) {
-		throw new Error("Invalid X.509 certificate structure");
-	}
-	const tbsCertificate = root.children[0];
-	const signatureAlgorithm = root.children[1];
-	const signatureBitString = root.children[2];
-	if (!tbsCertificate.children || tbsCertificate.children.length < 6) {
-		throw new Error("Invalid TBSCertificate structure");
-	}
-	let idx = 0;
-	if (tbsCertificate.children[0].tag === 160) {
-		idx++;
-	}
-	const serialNumber = integerToBigInt(tbsCertificate.children[idx].data);
-	idx++;
-	idx++;
-	const issuer = parseDN(tbsCertificate.children[idx]);
-	idx++;
-	const validity = tbsCertificate.children[idx];
-	const validFrom = parseAsn1Time(validity.children[0]);
-	const validTo = parseAsn1Time(validity.children[1]);
-	idx++;
-	const subject = parseDN(tbsCertificate.children[idx]);
-	idx++;
-	let publicKey = null;
-	let publicKeyAlgorithm = "unknown";
-	if (idx < tbsCertificate.children.length) {
-		const spki = tbsCertificate.children[idx];
-		try {
-			if (spki.children && spki.children.length >= 2) {
-				const algId = spki.children[0];
-				if (algId.children && algId.children.length >= 1) {
-					const oid = algId.children[0];
-					if (oid.tag === ASN1_OID && oidsEqual(oid.data, RSA_OID)) {
-						publicKeyAlgorithm = "rsa";
-						publicKey = parseSubjectPublicKeyInfo(spki);
-					}
-				}
-			}
-		} catch {}
-		idx++;
-	}
-	let subjectAltName;
-	let extensions;
-	for (let i = idx; i < tbsCertificate.children.length; i++) {
-		const child = tbsCertificate.children[i];
-		if (child.tag === 163 && child.data.length > 0) {
-			const extSeq = parseDer(child.data);
-			if (extSeq.children) {
-				extensions = extSeq.children;
-				const SAN_OID = new Uint8Array([
-					85,
-					29,
-					17
-				]);
-				for (const ext of extSeq.children) {
-					if (ext.children && ext.children.length >= 2) {
-						const extOid = ext.children[0];
-						if (extOid.tag === ASN1_OID && oidsEqual(extOid.data, SAN_OID)) {
-							const extValue = ext.children[ext.children.length - 1];
-							subjectAltName = parseSAN(extValue.data);
-						}
-					}
-				}
-			}
-		}
-	}
-	let sigAlg = "unknown";
-	if (signatureAlgorithm.children && signatureAlgorithm.children.length >= 1) {
-		sigAlg = oidToName(signatureAlgorithm.children[0].data);
-	}
-	const signature = signatureBitString.tag === ASN1_BIT_STRING ? signatureBitString.data.slice(1) : signatureBitString.data;
-	return {
-		raw: der,
-		tbsCertificate: tbsCertificate.data,
-		serialNumber,
-		issuer,
-		subject,
-		validFrom,
-		validTo,
-		publicKey,
-		publicKeyAlgorithm,
-		signatureAlgorithm: sigAlg,
-		signature,
-		subjectAltName,
-		extensions
-	};
-}
-const OID_NAMES = {
-	"2.5.4.3": "CN",
-	"2.5.4.6": "C",
-	"2.5.4.7": "L",
-	"2.5.4.8": "ST",
-	"2.5.4.10": "O",
-	"2.5.4.11": "OU",
-	"1.2.840.113549.1.9.1": "emailAddress"
-};
-const SIG_ALG_NAMES = {
-	"1.2.840.113549.1.1.1": "rsaEncryption",
-	"1.2.840.113549.1.1.5": "sha1WithRSAEncryption",
-	"1.2.840.113549.1.1.11": "sha256WithRSAEncryption",
-	"1.2.840.113549.1.1.12": "sha384WithRSAEncryption",
-	"1.2.840.113549.1.1.13": "sha512WithRSAEncryption"
-};
-function decodeOidString(data) {
-	if (data.length === 0) return "";
-	const components = [];
-	components.push(Math.floor(data[0] / 40));
-	components.push(data[0] % 40);
-	let value = 0;
-	for (let i = 1; i < data.length; i++) {
-		value = value << 7 | data[i] & 127;
-		if (!(data[i] & 128)) {
-			components.push(value);
-			value = 0;
-		}
-	}
-	return components.join(".");
-}
-function oidToName(data) {
-	const oidStr = decodeOidString(data);
-	return SIG_ALG_NAMES[oidStr] || oidStr;
-}
-function parseDN(seq) {
-	if (!seq.children) return "";
-	const parts = [];
-	for (const rdn of seq.children) {
-		const rdnChildren = rdn.tag === 49 ? parseSequenceChildren(rdn.data) : rdn.children || [];
-		for (const atv of rdnChildren) {
-			if (atv.children && atv.children.length >= 2) {
-				const oidData = atv.children[0].data;
-				const oidStr = decodeOidString(oidData);
-				const name = OID_NAMES[oidStr] || oidStr;
-				const valueBytes = atv.children[1].data;
-				const value = new TextDecoder().decode(valueBytes);
-				parts.push(`${name}=${value}`);
-			}
-		}
-	}
-	return parts.join(", ");
-}
-function parseAsn1Time(tlv) {
-	const str = new TextDecoder().decode(tlv.data);
-	if (tlv.tag === 23) {
-		let year = parseInt(str.substring(0, 2), 10);
-		year = year >= 50 ? 1900 + year : 2e3 + year;
-		const month = parseInt(str.substring(2, 4), 10) - 1;
-		const day = parseInt(str.substring(4, 6), 10);
-		const hour = parseInt(str.substring(6, 8), 10);
-		const minute = parseInt(str.substring(8, 10), 10);
-		const second = parseInt(str.substring(10, 12), 10);
-		return new Date(Date.UTC(year, month, day, hour, minute, second));
-	}
-	if (tlv.tag === 24) {
-		const year = parseInt(str.substring(0, 4), 10);
-		const month = parseInt(str.substring(4, 6), 10) - 1;
-		const day = parseInt(str.substring(6, 8), 10);
-		const hour = parseInt(str.substring(8, 10), 10);
-		const minute = parseInt(str.substring(10, 12), 10);
-		const second = parseInt(str.substring(12, 14), 10);
-		return new Date(Date.UTC(year, month, day, hour, minute, second));
-	}
-	throw new Error(`Unsupported time tag: 0x${tlv.tag.toString(16)}`);
-}
-function parseSAN(data) {
-	const names = [];
-	try {
-		const seq = parseDer(data);
-		if (seq.tag === ASN1_SEQUENCE && seq.children) {
-			for (const child of seq.children) {
-				if (child.tag === 130) {
-					names.push("DNS:" + new TextDecoder().decode(child.data));
-				} else if (child.tag === 135) {
-					if (child.data.length === 4) {
-						names.push("IP Address:" + child.data.join("."));
-					} else if (child.data.length === 16) {
-						const parts = [];
-						for (let i = 0; i < 16; i += 2) {
-							parts.push((child.data[i] << 8 | child.data[i + 1]).toString(16));
-						}
-						names.push("IP Address:" + parts.join(":"));
-					}
-				}
-			}
-		}
-	} catch {}
-	return names;
-}
-/**
-* Parse a PEM-encoded RSA key. Supports:
-* - RSA PUBLIC KEY (PKCS#1)
-* - PUBLIC KEY (PKCS#8 SubjectPublicKeyInfo)
-* - RSA PRIVATE KEY (PKCS#1)
-* - PRIVATE KEY (PKCS#8 PrivateKeyInfo)
-*/
-function parsePemKey(pem) {
-	const { type, der } = pemToDer(pem);
-	const root = parseDer(der);
-	if (root.tag !== ASN1_SEQUENCE) {
-		throw new Error("Invalid key format: expected top-level SEQUENCE");
-	}
-	switch (type) {
-		case "RSA PUBLIC KEY": return {
-			type: "rsa-public",
-			components: parseRsaPublicKeyPkcs1(root)
-		};
-		case "PUBLIC KEY": return {
-			type: "rsa-public",
-			components: parseSubjectPublicKeyInfo(root)
-		};
-		case "RSA PRIVATE KEY": return {
-			type: "rsa-private",
-			components: parseRsaPrivateKeyPkcs1(root)
-		};
-		case "PRIVATE KEY": return {
-			type: "rsa-private",
-			components: parsePrivateKeyInfo(root)
-		};
-		default: throw new Error(`Unsupported PEM type: ${type}`);
-	}
-}
-/**
-* Get the key size in bytes (byte length of modulus n).
-*/
-function rsaKeySize(n) {
-	let bits = 0;
-	let val = n;
-	while (val > 0n) {
-		bits++;
-		val >>= 1n;
-	}
-	return Math.ceil(bits / 8);
-}
-
-//#endregion
-export { bigintToAsn1Integer, derToPem, encodePrivateKeyInfo, encodeRsaPrivateKeyPkcs1, encodeRsaPublicKeyPkcs1, encodeSequence, encodeSubjectPublicKeyInfo, parsePemKey, parseX509, parseX509Der, rsaKeySize };
+import{Buffer as e}from"node:buffer";function t(t){let n=t.trim().split(/\r?\n/),r=n.findIndex(e=>e.startsWith(`-----BEGIN `));if(r===-1)throw Error(`Invalid PEM: no BEGIN line found`);let i=n[r].match(/^-----BEGIN (.+)-----$/);if(!i)throw Error(`Invalid PEM header format`);let a=i[1],o=n.findIndex((e,t)=>t>r&&e.startsWith(`-----END `));if(o===-1)throw Error(`Invalid PEM: no END line found`);let s=n.slice(r+1,o).join(``),c=e.from(s,`base64`);return{type:a,der:new Uint8Array(c.buffer,c.byteOffset,c.byteLength)}}function n(e,t){if(t>=e.length)throw Error(`ASN.1 parse error: unexpected end of data`);let n=e[t++],i,a=e[t++];if(a<128)i=a;else{let n=a&127;if(n===0)throw Error(`ASN.1 parse error: indefinite length not supported`);i=0;for(let r=0;r<n;r++)i=i<<8|e[t++]}let o=e.slice(t,t+i),s=t+i,c={tag:n,data:o};return n===48&&(c.children=r(o)),{value:c,next:s}}function r(e){let t=[],r=0;for(;r<e.length;){let{value:i,next:a}=n(e,r);t.push(i),r=a}return t}function i(e){let{value:t}=n(e,0);return t}function a(e){let t=0;for(;t<e.length-1&&e[t]===0;)t++;let n=0n;for(let r=t;r<e.length;r++)n=n<<8n|BigInt(e[r]);return n}const o=new Uint8Array([42,134,72,134,247,13,1,1,1]);function s(e,t){if(e.length!==t.length)return!1;for(let n=0;n<e.length;n++)if(e[n]!==t[n])return!1;return!0}function c(e){let t=e.children;if(!t||t.length<2)throw Error(`Invalid PKCS#1 RSAPublicKey structure`);return{n:a(t[0].data),e:a(t[1].data)}}function l(e){let t=e.children;if(!t||t.length<6)throw Error(`Invalid PKCS#1 RSAPrivateKey structure`);return{n:a(t[1].data),e:a(t[2].data),d:a(t[3].data),p:a(t[4].data),q:a(t[5].data)}}function u(e){let t=e.children;if(!t||t.length<2)throw Error(`Invalid SubjectPublicKeyInfo structure`);let n=t[0];if(!n.children||n.children.length<1)throw Error(`Invalid AlgorithmIdentifier`);let r=n.children[0];if(r.tag!==6||!s(r.data,o))throw Error(`Unsupported algorithm: only RSA is supported`);let a=t[1];if(a.tag!==3)throw Error(`Expected BIT STRING for public key data`);return c(i(a.data.slice(1)))}function d(e){let t=e.children;if(!t||t.length<3)throw Error(`Invalid PrivateKeyInfo structure`);let n=t[1];if(!n.children||n.children.length<1)throw Error(`Invalid AlgorithmIdentifier`);let r=n.children[0];if(r.tag!==6||!s(r.data,o))throw Error(`Unsupported algorithm: only RSA is supported`);let a=t[2];if(a.tag!==4)throw Error(`Expected OCTET STRING for private key data`);return l(i(a.data))}function f(e){if(e<128)return new Uint8Array([e]);let t=[],n=e;for(;n>0;)t.unshift(n&255),n>>=8;return new Uint8Array([128|t.length,...t])}function p(e,t){let n=f(t.length),r=new Uint8Array(1+n.length+t.length);return r[0]=e,r.set(n,1),r.set(t,1+n.length),r}function m(e){if(e===0n)return p(2,new Uint8Array([0]));let t=e.toString(16),n=t.length%2?`0`+t:t,r=[];for(let e=0;e<n.length;e+=2)r.push(parseInt(n.substring(e,e+2),16));return r[0]&128&&r.unshift(0),p(2,new Uint8Array(r))}function h(e){let t=0;for(let n of e)t+=n.length;let n=new Uint8Array(t),r=0;for(let t of e)n.set(t,r),r+=t.length;return p(48,n)}function g(e){let t=new Uint8Array(1+e.length);return t[0]=0,t.set(e,1),p(3,t)}function _(e){return p(4,e)}function v(e){return p(6,e)}function y(){return new Uint8Array([5,0])}function b(e){return h([m(e.n),m(e.e)])}function x(e){return h([h([v(o),y()]),g(b(e))])}function S(e){let t=e.d%(e.p-1n),n=e.d%(e.q-1n),r=T(e.q,e.p);return h([m(0n),m(e.n),m(e.e),m(e.d),m(e.p),m(e.q),m(t),m(n),m(r)])}function C(e){let t=h([v(o),y()]),n=_(S(e));return h([m(0n),t,n])}function w(t,n){let r=e.from(t).toString(`base64`),i=[`-----BEGIN ${n}-----`];for(let e=0;e<r.length;e+=64)i.push(r.substring(e,e+64));return i.push(`-----END ${n}-----`),i.join(`
+`)}function T(e,t){let[n,r]=[e%t,t],[i,a]=[1n,0n];for(;r!==0n;){let e=n/r;[n,r]=[r,n-e*r],[i,a]=[a,i-e*a]}return(i%t+t)%t}function E(e){let{der:n}=t(e);return D(n)}function D(e){let t=i(e);if(t.tag!==48||!t.children||t.children.length<3)throw Error(`Invalid X.509 certificate structure`);let n=t.children[0],r=t.children[1],c=t.children[2];if(!n.children||n.children.length<6)throw Error(`Invalid TBSCertificate structure`);let l=0;n.children[0].tag===160&&l++;let d=a(n.children[l].data);l++,l++;let f=M(n.children[l]);l++;let p=n.children[l],m=N(p.children[0]),h=N(p.children[1]);l++;let g=M(n.children[l]);l++;let _=null,v=`unknown`;if(l<n.children.length){let e=n.children[l];try{if(e.children&&e.children.length>=2){let t=e.children[0];if(t.children&&t.children.length>=1){let n=t.children[0];n.tag===6&&s(n.data,o)&&(v=`rsa`,_=u(e))}}}catch{}l++}let y,b;for(let e=l;e<n.children.length;e++){let t=n.children[e];if(t.tag===163&&t.data.length>0){let e=i(t.data);if(e.children){b=e.children;let t=new Uint8Array([85,29,17]);for(let n of e.children)if(n.children&&n.children.length>=2){let e=n.children[0];if(e.tag===6&&s(e.data,t)){let e=n.children[n.children.length-1];y=P(e.data)}}}}}let x=`unknown`;r.children&&r.children.length>=1&&(x=j(r.children[0].data));let S=c.tag===3?c.data.slice(1):c.data;return{raw:e,tbsCertificate:n.data,serialNumber:d,issuer:f,subject:g,validFrom:m,validTo:h,publicKey:_,publicKeyAlgorithm:v,signatureAlgorithm:x,signature:S,subjectAltName:y,extensions:b}}const O={"2.5.4.3":`CN`,"2.5.4.6":`C`,"2.5.4.7":`L`,"2.5.4.8":`ST`,"2.5.4.10":`O`,"2.5.4.11":`OU`,"1.2.840.113549.1.9.1":`emailAddress`},k={"1.2.840.113549.1.1.1":`rsaEncryption`,"1.2.840.113549.1.1.5":`sha1WithRSAEncryption`,"1.2.840.113549.1.1.11":`sha256WithRSAEncryption`,"1.2.840.113549.1.1.12":`sha384WithRSAEncryption`,"1.2.840.113549.1.1.13":`sha512WithRSAEncryption`};function A(e){if(e.length===0)return``;let t=[];t.push(Math.floor(e[0]/40)),t.push(e[0]%40);let n=0;for(let r=1;r<e.length;r++)n=n<<7|e[r]&127,e[r]&128||(t.push(n),n=0);return t.join(`.`)}function j(e){let t=A(e);return k[t]||t}function M(e){if(!e.children)return``;let t=[];for(let n of e.children){let e=n.tag===49?r(n.data):n.children||[];for(let n of e)if(n.children&&n.children.length>=2){let e=n.children[0].data,r=A(e),i=O[r]||r,a=n.children[1].data,o=new TextDecoder().decode(a);t.push(`${i}=${o}`)}}return t.join(`, `)}function N(e){let t=new TextDecoder().decode(e.data);if(e.tag===23){let e=parseInt(t.substring(0,2),10);e=e>=50?1900+e:2e3+e;let n=parseInt(t.substring(2,4),10)-1,r=parseInt(t.substring(4,6),10),i=parseInt(t.substring(6,8),10),a=parseInt(t.substring(8,10),10),o=parseInt(t.substring(10,12),10);return new Date(Date.UTC(e,n,r,i,a,o))}if(e.tag===24){let e=parseInt(t.substring(0,4),10),n=parseInt(t.substring(4,6),10)-1,r=parseInt(t.substring(6,8),10),i=parseInt(t.substring(8,10),10),a=parseInt(t.substring(10,12),10),o=parseInt(t.substring(12,14),10);return new Date(Date.UTC(e,n,r,i,a,o))}throw Error(`Unsupported time tag: 0x${e.tag.toString(16)}`)}function P(e){let t=[];try{let n=i(e);if(n.tag===48&&n.children){for(let e of n.children)if(e.tag===130)t.push(`DNS:`+new TextDecoder().decode(e.data));else if(e.tag===135){if(e.data.length===4)t.push(`IP Address:`+e.data.join(`.`));else if(e.data.length===16){let n=[];for(let t=0;t<16;t+=2)n.push((e.data[t]<<8|e.data[t+1]).toString(16));t.push(`IP Address:`+n.join(`:`))}}}}catch{}return t}function F(e){let{type:n,der:r}=t(e),a=i(r);if(a.tag!==48)throw Error(`Invalid key format: expected top-level SEQUENCE`);switch(n){case`RSA PUBLIC KEY`:return{type:`rsa-public`,components:c(a)};case`PUBLIC KEY`:return{type:`rsa-public`,components:u(a)};case`RSA PRIVATE KEY`:return{type:`rsa-private`,components:l(a)};case`PRIVATE KEY`:return{type:`rsa-private`,components:d(a)};default:throw Error(`Unsupported PEM type: ${n}`)}}function I(e){let t=0,n=e;for(;n>0n;)t++,n>>=1n;return Math.ceil(t/8)}export{m as bigintToAsn1Integer,w as derToPem,C as encodePrivateKeyInfo,S as encodeRsaPrivateKeyPkcs1,b as encodeRsaPublicKeyPkcs1,h as encodeSequence,x as encodeSubjectPublicKeyInfo,F as parsePemKey,E as parseX509,D as parseX509Der,I as rsaKeySize};

package/lib/esm/bigint-math.js

@@ -1,43 +1 @@
-//#region src/bigint-math.ts
-/**
-* Modular exponentiation using square-and-multiply (BigInt).
-* Returns (base ** exp) % mod.
-*/
-function modPow(base, exp, mod) {
-	if (mod === 1n) return 0n;
-	base = (base % mod + mod) % mod;
-	let result = 1n;
-	while (exp > 0n) {
-		if (exp & 1n) {
-			result = result * base % mod;
-		}
-		exp >>= 1n;
-		base = base * base % mod;
-	}
-	return result;
-}
-/**
-* Convert a BigInt to a big-endian Uint8Array of exactly `length` bytes.
-*/
-function bigIntToBytes(value, length) {
-	const result = new Uint8Array(length);
-	let v = value;
-	for (let i = length - 1; i >= 0; i--) {
-		result[i] = Number(v & 255n);
-		v >>= 8n;
-	}
-	return result;
-}
-/**
-* Convert a Uint8Array (big-endian) to a non-negative BigInt.
-*/
-function bytesToBigInt(bytes) {
-	let result = 0n;
-	for (let i = 0; i < bytes.length; i++) {
-		result = result << 8n | BigInt(bytes[i]);
-	}
-	return result;
-}
-
-//#endregion
-export { bigIntToBytes, bytesToBigInt, modPow };
+function e(e,t,n){if(n===1n)return 0n;e=(e%n+n)%n;let r=1n;for(;t>0n;)t&1n&&(r=r*e%n),t>>=1n,e=e*e%n;return r}function t(e,t){let n=new Uint8Array(t),r=e;for(let e=t-1;e>=0;e--)n[e]=Number(r&255n),r>>=8n;return n}function n(e){let t=0n;for(let n=0;n<e.length;n++)t=t<<8n|BigInt(e[n]);return t}export{t as bigIntToBytes,n as bytesToBigInt,e as modPow};