@peculiar/certificates-viewer 3.2.0 → 3.3.0

package/dist/collection/components/crl-viewer/crl-viewer.js

@@ -0,0 +1,234 @@
+/*!
+ * © Peculiar Ventures https://peculiarventures.com/ - MIT License
+ */
+/**
+ * @license
+ * Copyright (c) Peculiar Ventures, LLC.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+import { Component, Host, h, Prop, State, Watch, } from '@stencil/core';
+import { CRL } from '../../crypto';
+import { getDNSNameLink, getIPAddressLink, getLEILink } from '../../utils/third_party_links';
+import { Signature } from '../certificate-viewer/signature';
+import { IssuerName } from '../certificate-viewer/issuer_name';
+import { Thumbprints } from '../certificate-viewer/thumbprints';
+import { Extensions } from '../certificate-viewer/extensions';
+import { Miscellaneous } from '../certificate-viewer/miscellaneous';
+import { BasicInformation } from '../certificate-viewer/basic_information';
+import { RevokedCertificates } from './revoked_certificates';
+export class CrlViewer {
+  constructor() {
+    this.isDecodeInProcess = true;
+    this.getAuthKeyIdParentLink = (value) => {
+      var _a;
+      return (_a = this.authKeyIdParentLink) === null || _a === void 0 ? void 0 : _a.replace('{{authKeyId}}', value);
+    };
+    this.getAuthKeyIdSiblingsLink = (value) => {
+      var _a;
+      return (_a = this.authKeyIdSiblingsLink) === null || _a === void 0 ? void 0 : _a.replace('{{authKeyId}}', value);
+    };
+  }
+  componentWillLoad() {
+    this.decodeCertificate(this.certificate);
+  }
+  async decodeCertificate(certificate) {
+    this.isDecodeInProcess = true;
+    try {
+      if (certificate instanceof CRL) {
+        this.certificateDecoded = certificate;
+      }
+      else if (typeof certificate === 'string') {
+        this.certificateDecoded = new CRL(certificate);
+      }
+      else {
+        return;
+      }
+      this.certificateDecoded.parseExtensions();
+      await this.certificateDecoded.getThumbprint('SHA-1');
+      await this.certificateDecoded.getThumbprint('SHA-256');
+    }
+    catch (error) {
+      this.certificateDecodeError = error;
+      console.error('Error certificate parse:', error);
+    }
+    this.isDecodeInProcess = false;
+  }
+  getIssuerDnLink() {
+    return this.issuerDnLink;
+  }
+  /**
+   * Rerun decodeCertificate if previuos value not equal current value
+   */
+  watchCertificateAndDecode(newValue, oldValue) {
+    if (typeof newValue === 'string' && typeof oldValue === 'string') {
+      if (newValue !== oldValue) {
+        this.decodeCertificate(newValue);
+      }
+      return;
+    }
+    if (newValue instanceof CRL
+      && oldValue instanceof CRL) {
+      if (newValue.commonName !== oldValue.commonName) {
+        this.decodeCertificate(newValue);
+      }
+    }
+  }
+  // eslint-disable-next-line class-methods-use-this
+  renderErrorState() {
+    return (h("div", { class: "status_wrapper" },
+      h("peculiar-typography", { type: "b1", class: "interaction_text" }, "There was an error decoding this certificate revocation list.")));
+  }
+  // eslint-disable-next-line class-methods-use-this
+  renderEmptyState() {
+    return (h("div", { class: "status_wrapper" },
+      h("peculiar-typography", { type: "b1", class: "interaction_text" }, "There is no certificate revocation list available.")));
+  }
+  render() {
+    if (this.certificateDecodeError) {
+      return this.renderErrorState();
+    }
+    if (!this.certificateDecoded) {
+      return this.renderEmptyState();
+    }
+    return (h(Host, { "data-view": this.view },
+      h("table", null,
+        h(BasicInformation, Object.assign({}, this.certificateDecoded)),
+        h(IssuerName, { name: this.certificateDecoded.issuer, issuerDnLink: this.getIssuerDnLink() }),
+        h(Signature, { signature: this.certificateDecoded.signature }),
+        h(Thumbprints, { thumbprints: this.certificateDecoded.thumbprints }),
+        h(Extensions, { extensions: this.certificateDecoded.extensions, getLEILink: getLEILink, getDNSNameLink: getDNSNameLink, getIPAddressLink: getIPAddressLink, getAuthKeyIdParentLink: this.getAuthKeyIdParentLink, getAuthKeyIdSiblingsLink: this.getAuthKeyIdSiblingsLink }),
+        this.certificateDecoded.asn.tbsCertList.revokedCertificates && (h(RevokedCertificates, { certificates: this.certificateDecoded.asn.tbsCertList.revokedCertificates })),
+        this.download && (h(Miscellaneous, { certificate: this.certificateDecoded })))));
+  }
+  static get is() { return "peculiar-crl-viewer"; }
+  static get encapsulation() { return "shadow"; }
+  static get originalStyleUrls() { return {
+    "$": ["../certificate-viewer/certificate-viewer.scss"]
+  }; }
+  static get styleUrls() { return {
+    "$": ["../certificate-viewer/certificate-viewer.css"]
+  }; }
+  static get properties() { return {
+    "certificate": {
+      "type": "string",
+      "mutable": false,
+      "complexType": {
+        "original": "CrlProp",
+        "resolved": "CRL | string",
+        "references": {
+          "CrlProp": {
+            "location": "local"
+          }
+        }
+      },
+      "required": false,
+      "optional": false,
+      "docs": {
+        "tags": [],
+        "text": "The certificate value for decode and show details. Use PEM or DER."
+      },
+      "attribute": "certificate",
+      "reflect": true
+    },
+    "download": {
+      "type": "boolean",
+      "mutable": false,
+      "complexType": {
+        "original": "boolean",
+        "resolved": "boolean",
+        "references": {}
+      },
+      "required": false,
+      "optional": true,
+      "docs": {
+        "tags": [],
+        "text": "If `true` - component will show split-button to download certificate as PEM or DER."
+      },
+      "attribute": "download",
+      "reflect": false
+    },
+    "authKeyIdParentLink": {
+      "type": "string",
+      "mutable": false,
+      "complexType": {
+        "original": "string",
+        "resolved": "string",
+        "references": {}
+      },
+      "required": false,
+      "optional": true,
+      "docs": {
+        "tags": [{
+            "name": "example",
+            "text": " https://censys.io/certificates?q=parsed.extensions.subject_key_id:%20{{authKeyId}}"
+          }],
+        "text": "Authority Key Identifier extension parent link.\n<br />\n**NOTE**: `{{authKeyId}}` will be replaced to value from the extension."
+      },
+      "attribute": "auth-key-id-parent-link",
+      "reflect": true
+    },
+    "authKeyIdSiblingsLink": {
+      "type": "string",
+      "mutable": false,
+      "complexType": {
+        "original": "string",
+        "resolved": "string",
+        "references": {}
+      },
+      "required": false,
+      "optional": true,
+      "docs": {
+        "tags": [{
+            "name": "example",
+            "text": " https://censys.io/certificates?q=parsed.extensions.authority_key_id:%20{{authKeyId}}"
+          }],
+        "text": "Authority Key Identifier extension siblings link.\n<br />\n**NOTE**: `{{authKeyId}}` will be replaced to value from the extension."
+      },
+      "attribute": "auth-key-id-siblings-link",
+      "reflect": true
+    },
+    "issuerDnLink": {
+      "type": "string",
+      "mutable": false,
+      "complexType": {
+        "original": "string",
+        "resolved": "string",
+        "references": {}
+      },
+      "required": false,
+      "optional": true,
+      "docs": {
+        "tags": [],
+        "text": "Issuer DN link.\n**NOTE**: HTML component attribute must be `issuer-dn-link`."
+      },
+      "attribute": "issuer-dn-link",
+      "reflect": true
+    },
+    "view": {
+      "type": "string",
+      "mutable": false,
+      "complexType": {
+        "original": "'mobile'",
+        "resolved": "\"mobile\"",
+        "references": {}
+      },
+      "required": false,
+      "optional": true,
+      "docs": {
+        "tags": [],
+        "text": "Choose view type instead @media."
+      },
+      "attribute": "view",
+      "reflect": true
+    }
+  }; }
+  static get states() { return {
+    "isDecodeInProcess": {}
+  }; }
+  static get watchers() { return [{
+      "propName": "certificate",
+      "methodName": "watchCertificateAndDecode"
+    }]; }
+}

package/dist/collection/components/crl-viewer/revoked_certificates.js

@@ -0,0 +1,27 @@
+/*!
+ * © Peculiar Ventures https://peculiarventures.com/ - MIT License
+ */
+/**
+ * @license
+ * Copyright (c) Peculiar Ventures, LLC.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+import { h } from '@stencil/core';
+import { Convert } from 'pvtsutils';
+import { dateShort, l10n } from '../../utils';
+import { RowTitle, RowValue } from '../certificate-viewer/row';
+export const RevokedCertificates = (props) => {
+  const { certificates, } = props;
+  return [
+    h(RowTitle, { value: l10n.getString('revokedCertificates') }),
+    certificates.map((certificate) => ([
+      h(RowValue, { name: l10n.getString('serialNumber'), value: Convert.ToHex(certificate.userCertificate), monospace: true }),
+      h(RowValue, { name: l10n.getString('revocation'), value: dateShort(certificate.revocationDate.getTime()) }),
+      h("tr", null,
+        h("td", { colSpan: 2, class: "divider" },
+          h("span", { class: "bg_fill" }))),
+    ])),
+  ];
+};

package/dist/collection/crypto/crl.js

@@ -0,0 +1,82 @@
+/*!
+ * © Peculiar Ventures https://peculiarventures.com/ - MIT License
+ */
+/**
+ * @license
+ * Copyright (c) Peculiar Ventures, LLC.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+import { AsnConvert } from '@peculiar/asn1-schema';
+import { CertificateList } from '@peculiar/asn1-x509';
+import { Convert } from 'pvtsutils';
+import { Download } from '../utils';
+import { Extension } from './extension';
+import { AsnData } from './asn_data';
+import { Name } from './name';
+import { certificateRawToBuffer, hexFormat, base64Format, getCertificateThumbprint, } from './utils';
+export class CRL extends AsnData {
+  constructor(raw) {
+    super(certificateRawToBuffer(raw), CertificateList);
+    this.thumbprints = {};
+    this.type = 'X.509 Certificate Revocation List';
+    const { tbsCertList } = this.asn;
+    this.issuer = new Name(tbsCertList.issuer).toJSON();
+    this.version = tbsCertList.version + 1;
+    this.lastUpdate = tbsCertList.thisUpdate.getTime();
+    this.nextUpdate = tbsCertList.nextUpdate.getTime();
+  }
+  async getThumbprint(algorithm = 'SHA-1') {
+    try {
+      const thumbprint = await getCertificateThumbprint(algorithm, this.raw);
+      if (thumbprint) {
+        this.thumbprints[algorithm['name'] || algorithm] = Convert.ToHex(thumbprint);
+      }
+    }
+    catch (error) {
+      console.error('Error thumbprint get:', error);
+    }
+  }
+  get signature() {
+    const { signature, signatureAlgorithm } = this.asn;
+    return {
+      value: signature,
+      algorithm: signatureAlgorithm.algorithm,
+    };
+  }
+  get commonName() {
+    if (!this.issuer) {
+      return '';
+    }
+    for (let i = 0; i < this.issuer.length; i += 1) {
+      const name = this.issuer[i];
+      if (name.shortName === 'CN' || name.shortName === 'E' || name.shortName === 'O') {
+        return name.value;
+      }
+    }
+    return '';
+  }
+  parseExtensions() {
+    const { tbsCertList } = this.asn;
+    if (tbsCertList.crlExtensions) {
+      this.extensions = tbsCertList.crlExtensions
+        .map((e) => new Extension(AsnConvert.serialize(e)));
+    }
+  }
+  exportAsBase64() {
+    return Convert.ToBase64(this.raw);
+  }
+  exportAsHexFormatted() {
+    return hexFormat(Convert.ToHex(this.raw));
+  }
+  exportAsPemFormatted() {
+    return `-----BEGIN X509 CRL-----\n${base64Format(this.exportAsBase64())}\n-----END X509 CRL-----`;
+  }
+  downloadAsPEM(name) {
+    Download.crl.asPEM(this.exportAsPemFormatted(), name || this.commonName);
+  }
+  downloadAsDER(name) {
+    Download.crl.asDER(this.exportAsHexFormatted(), name || this.commonName);
+  }
+}

package/dist/collection/crypto/csr.js

@@ -13,6 +13,7 @@ import { ECParameters, id_ecPublicKey } from '@peculiar/asn1-ecc';
 import { id_rsaEncryption, RSAPublicKey } from '@peculiar/asn1-rsa';
 import { CertificationRequest } from '@peculiar/asn1-csr';
 import { Convert } from 'pvtsutils';
+import { Download } from '../utils';
 import { AsnData } from './asn_data';
 import { Name } from './name';
 import { Attribute } from './attribute';
@@ -88,4 +89,10 @@ export class CSR extends AsnData {
   exportAsPemFormatted() {
     return `-----BEGIN CERTIFICATE REQUEST-----\n${base64Format(this.exportAsBase64())}\n-----END CERTIFICATE REQUEST-----`;
   }
+  downloadAsPEM(name) {
+    Download.csr.asPEM(this.exportAsPemFormatted(), name || this.commonName);
+  }
+  downloadAsDER(name) {
+    Download.csr.asDER(this.exportAsHexFormatted(), name || this.commonName);
+  }
 }

package/dist/collection/crypto/extension.js

@@ -9,7 +9,7 @@
  * LICENSE file in the root directory of this source tree.
  */
 import { Convert } from 'pvtsutils';
-import { Extension as AsnExtension, id_pe_authorityInfoAccess, AuthorityInfoAccessSyntax, id_ce_authorityKeyIdentifier, AuthorityKeyIdentifier, id_ce_basicConstraints, BasicConstraints, id_ce_certificateIssuer, CertificateIssuer, id_ce_certificatePolicies, CertificatePolicies, id_ce_cRLDistributionPoints, CRLDistributionPoints, id_ce_cRLReasons, CRLReason, id_ce_extKeyUsage, ExtendedKeyUsage, id_ce_inhibitAnyPolicy, InhibitAnyPolicy, id_ce_invalidityDate, InvalidityDate, id_ce_issuerAltName, IssueAlternativeName, id_ce_keyUsage, KeyUsage, id_ce_nameConstraints, NameConstraints, id_ce_policyConstraints, PolicyConstraints, id_ce_policyMappings, PolicyMappings, id_ce_subjectAltName, SubjectAlternativeName, id_ce_subjectDirectoryAttributes, SubjectDirectoryAttributes, id_ce_subjectKeyIdentifier, SubjectKeyIdentifier, id_ce_privateKeyUsagePeriod, PrivateKeyUsagePeriod, id_entrust_entrustVersInfo, EntrustVersionInfo, id_pe_subjectInfoAccess, SubjectInfoAccessSyntax, } from '@peculiar/asn1-x509';
+import { Extension as AsnExtension, id_pe_authorityInfoAccess, AuthorityInfoAccessSyntax, id_ce_authorityKeyIdentifier, AuthorityKeyIdentifier, id_ce_basicConstraints, BasicConstraints, id_ce_certificateIssuer, CertificateIssuer, id_ce_certificatePolicies, CertificatePolicies, id_ce_cRLDistributionPoints, CRLDistributionPoints, id_ce_issuingDistributionPoint, IssuingDistributionPoint, id_ce_cRLReasons, CRLReason, id_ce_extKeyUsage, ExtendedKeyUsage, id_ce_inhibitAnyPolicy, InhibitAnyPolicy, id_ce_invalidityDate, InvalidityDate, id_ce_issuerAltName, IssueAlternativeName, id_ce_keyUsage, KeyUsage, id_ce_nameConstraints, NameConstraints, id_ce_policyConstraints, PolicyConstraints, id_ce_policyMappings, PolicyMappings, id_ce_subjectAltName, SubjectAlternativeName, id_ce_subjectDirectoryAttributes, SubjectDirectoryAttributes, id_ce_subjectKeyIdentifier, SubjectKeyIdentifier, id_ce_privateKeyUsagePeriod, PrivateKeyUsagePeriod, id_entrust_entrustVersInfo, EntrustVersionInfo, id_pe_subjectInfoAccess, SubjectInfoAccessSyntax, id_ce_cRLNumber, CRLNumber, id_ce_deltaCRLIndicator, BaseCRLNumber, } from '@peculiar/asn1-x509';
 import { id_pe_qcStatements, QCStatements, id_pe_biometricInfo, BiometricSyntax, } from '@peculiar/asn1-x509-qualified';
 import { id_certificateTemplate, CertificateTemplate, id_enrollCertType, EnrollCertTypeChoice, id_caVersion, CaVersion, } from '@peculiar/asn1-x509-microsoft';
 import { id_netscapeComment, NetscapeComment, id_netscapeCertType, NetscapeCertType, } from '@peculiar/asn1-x509-netscape';
@@ -45,6 +45,9 @@ export class Extension extends AsnData {
         case '2.5.29.46':
           this.value = AsnParser.parse(asnExtnValue, CRLDistributionPoints);
           break;
+        case id_ce_issuingDistributionPoint:
+          this.value = AsnParser.parse(asnExtnValue, IssuingDistributionPoint);
+          break;
         case id_ce_cRLReasons:
           this.value = AsnParser.parse(asnExtnValue, CRLReason);
           break;
@@ -133,6 +136,12 @@ export class Extension extends AsnData {
         case id_pe_subjectInfoAccess:
           this.value = AsnParser.parse(asnExtnValue, SubjectInfoAccessSyntax);
           break;
+        case id_ce_cRLNumber:
+          this.value = AsnParser.parse(asnExtnValue, CRLNumber);
+          break;
+        case id_ce_deltaCRLIndicator:
+          this.value = AsnParser.parse(asnExtnValue, BaseCRLNumber);
+          break;
         default:
           console.warn(`Didn't detect parser for "${this.asn.extnID}" extension.`);
           this.value = Convert.ToHex(asnExtnValue);

package/dist/collection/crypto/index.js

@@ -4,3 +4,4 @@
 export * from './x509_certificate';
 export * from './x509_attribute_certificate';
 export * from './csr';
+export * from './crl';

package/dist/collection/crypto/x509_attribute_certificate.js

@@ -11,7 +11,7 @@
 import { AsnConvert } from '@peculiar/asn1-schema';
 import { AttributeCertificate } from '@peculiar/asn1-x509-attr';
 import { Convert } from 'pvtsutils';
-import { dateDiff } from '../utils';
+import { dateDiff, Download } from '../utils';
 import { AsnData } from './asn_data';
 import { Extension } from './extension';
 import { Attribute } from './attribute';
@@ -83,4 +83,10 @@ export class X509AttributeCertificate extends AsnData {
   get commonName() {
     return `attribute-certificate-${this.thumbprints['SHA-1']}`;
   }
+  downloadAsPEM(name) {
+    Download.attrCert.asPEM(this.exportAsPemFormatted(), name || this.commonName);
+  }
+  downloadAsDER(name) {
+    Download.attrCert.asDER(this.exportAsHexFormatted(), name || this.commonName);
+  }
 }

package/dist/collection/crypto/x509_certificate.js

@@ -13,7 +13,7 @@ import { ECParameters, id_ecPublicKey } from '@peculiar/asn1-ecc';
 import { id_rsaEncryption, RSAPublicKey } from '@peculiar/asn1-rsa';
 import { Certificate } from '@peculiar/asn1-x509';
 import { Convert } from 'pvtsutils';
-import { dateDiff } from '../utils';
+import { dateDiff, Download } from '../utils';
 import { Name } from './name';
 import { Extension } from './extension';
 import { AsnData } from './asn_data';
@@ -138,4 +138,10 @@ export class X509Certificate extends AsnData {
       .map((name) => (`${name.shortName}=${name.value}`))
       .join(', ');
   }
+  downloadAsPEM(name) {
+    Download.cert.asPEM(this.exportAsPemFormatted(), name || this.commonName);
+  }
+  downloadAsDER(name) {
+    Download.cert.asDER(this.exportAsHexFormatted(), name || this.commonName);
+  }
 }

package/dist/collection/locales/en.json

@@ -14,6 +14,8 @@
   "validity": "Validity",
   "issued": "Issued",
   "expired": "Expired",
+  "lastUpdate": "Last Update",
+  "nextUpdate": "Next Update",
   "algorithm": "Algorithm",
   "namedCurve": "Named Curve",
   "exponent": "Exponent",
@@ -32,5 +34,14 @@
   "certificateDetails": "Certificate Details",
   "holder": "Holder",
   "digestInfo": "Digest Info",
-  "type": "Type"
+  "type": "Type",
+  "revokedCertificates": "Revoked Certificates",
+  "revocation": "Revocation",
+  "yes": "Yes",
+  "no": "No",
+  "onlyUserCertificates": "Only User Certificates",
+  "onlyAttributeCertificates": "Only Attribute Certificates",
+  "onlyCACertificates": "Only CA Certificates",
+  "indirectCRL": "Indirect CRL",
+  "onlyReasons": "Only Reasons"
 }

package/dist/collection/utils/download.js

@@ -12,7 +12,7 @@ import { Convert } from 'pvtsutils';
 import { downloadFromBuffer } from './download_from_buffer';
 export class Download {
 }
-Download.x509 = {
+Download.cert = {
   asPEM: (pem, name) => {
     downloadFromBuffer(Convert.FromString(pem), name, 'cer', 'application/pkix-cert');
   },
@@ -20,7 +20,15 @@ Download.x509 = {
     downloadFromBuffer(Convert.FromString(hex), name, 'cer', 'application/pkix-cert');
   },
 };
-Download.pkcs10 = {
+Download.attrCert = {
+  asPEM: (pem, name) => {
+    downloadFromBuffer(Convert.FromString(pem), name, 'cer', 'application/pkix-attr-cert');
+  },
+  asDER: (hex, name) => {
+    downloadFromBuffer(Convert.FromString(hex), name, 'cer', 'application/pkix-attr-cert');
+  },
+};
+Download.csr = {
   asPEM: (pem, name) => {
     downloadFromBuffer(Convert.FromString(pem), name, 'csr', 'application/pkcs10');
   },
@@ -28,3 +36,11 @@ Download.pkcs10 = {
     downloadFromBuffer(Convert.FromString(hex), name, 'csr', 'application/pkcs10');
   },
 };
+Download.crl = {
+  asPEM: (pem, name) => {
+    downloadFromBuffer(Convert.FromString(pem), name, 'crl', 'application/pkix-crl');
+  },
+  asDER: (hex, name) => {
+    downloadFromBuffer(Convert.FromString(hex), name, 'crl', 'application/pkix-crl');
+  },
+};

package/dist/collection/utils/index.js

@@ -5,4 +5,5 @@ import * as validator from './validator';
 export * from './read_file';
 export * from './date_formatter';
 export * from './l10n';
+export * from './download';
 export { validator, };

package/dist/collection/utils/validator.js

@@ -15,6 +15,8 @@ export const isPem = (value) => (/-----BEGIN [^-]+-----([A-Za-z0-9+\/=\s]+)-----
   .test(value));
 export const isX509Pem = (value) => (/-----BEGIN CERTIFICATE-----([A-Za-z0-9+\/=\s]+)-----END CERTIFICATE-----/
   .test(value));
+export const isX509CRLPem = (value) => (/-----BEGIN X509 CRL-----([A-Za-z0-9+\/=\s]+)-----END X509 CRL-----/
+  .test(value));
 export const isPkcs10Pem = (value) => (/-----BEGIN CERTIFICATE REQUEST-----([A-Za-z0-9+\/=\s]+)-----END CERTIFICATE REQUEST-----/
   .test(value));
 export const isX509AttributePem = (value) => (/-----BEGIN ATTRIBUTE CERTIFICATE-----([A-Za-z0-9+\/=\s]+)-----END ATTRIBUTE CERTIFICATE-----/