@sphereon/ssi-sdk-ext.x509-utils 0.28.1-feature.jose.vcdm.52 → 0.28.1-feature.oyd.cmsm.improv.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +5 -171
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +21 -750
- package/dist/index.js.map +1 -1
- package/dist/types/index.d.ts +14 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +9 -0
- package/dist/types/index.js.map +1 -0
- package/dist/x509/crypto.d.ts +2 -0
- package/dist/x509/crypto.d.ts.map +1 -0
- package/dist/x509/crypto.js +28 -0
- package/dist/x509/crypto.js.map +1 -0
- package/dist/x509/index.d.ts +5 -0
- package/dist/x509/index.d.ts.map +1 -0
- package/dist/x509/index.js +21 -0
- package/dist/x509/index.js.map +1 -0
- package/dist/x509/rsa-key.d.ts +10 -0
- package/dist/x509/rsa-key.d.ts.map +1 -0
- package/dist/x509/rsa-key.js +102 -0
- package/dist/x509/rsa-key.js.map +1 -0
- package/dist/x509/rsa-signer.d.ts +24 -0
- package/dist/x509/rsa-signer.d.ts.map +1 -0
- package/dist/x509/rsa-signer.js +105 -0
- package/dist/x509/rsa-signer.js.map +1 -0
- package/dist/x509/x509-utils.d.ts +31 -0
- package/dist/x509/x509-utils.d.ts.map +1 -0
- package/dist/x509/x509-utils.js +215 -0
- package/dist/x509/x509-utils.js.map +1 -0
- package/dist/x509/x509-validator.d.ts +97 -0
- package/dist/x509/x509-validator.d.ts.map +1 -0
- package/dist/x509/x509-validator.js +489 -0
- package/dist/x509/x509-validator.js.map +1 -0
- package/package.json +12 -25
- package/src/x509/crypto.ts +5 -11
- package/src/x509/rsa-key.ts +2 -8
- package/src/x509/rsa-signer.ts +5 -9
- package/src/x509/x509-utils.ts +5 -8
- package/src/x509/x509-validator.ts +3 -6
- package/dist/index.cjs +0 -777
- package/dist/index.cjs.map +0 -1
- package/dist/index.d.cts +0 -173
|
@@ -0,0 +1,215 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
26
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
27
|
+
};
|
|
28
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
|
+
exports.hexToPEM = exports.hexToBase64 = exports.base64ToHex = exports.PEMToHex = exports.publicKeyHexFromPEM = exports.hexKeyFromPEMBasedJwk = exports.privateKeyHexFromPEM = exports.PEMToJwk = exports.jwkToPEM = exports.toKeyObject = exports.areCertificatesEqual = exports.pemOrDerToX509Certificate = void 0;
|
|
30
|
+
exports.pemCertChainTox5c = pemCertChainTox5c;
|
|
31
|
+
exports.x5cToPemCertChain = x5cToPemCertChain;
|
|
32
|
+
exports.PEMToBinary = PEMToBinary;
|
|
33
|
+
exports.PEMToDer = PEMToDer;
|
|
34
|
+
exports.derToPEM = derToPEM;
|
|
35
|
+
const pkijs_1 = require("pkijs");
|
|
36
|
+
const u8a = __importStar(require("uint8arrays"));
|
|
37
|
+
// @ts-ignore
|
|
38
|
+
const keyto_1 = __importDefault(require("@trust/keyto"));
|
|
39
|
+
// Based on (MIT licensed):
|
|
40
|
+
// https://github.com/hildjj/node-posh/blob/master/lib/index.js
|
|
41
|
+
function pemCertChainTox5c(cert, maxDepth) {
|
|
42
|
+
if (!maxDepth) {
|
|
43
|
+
maxDepth = 0;
|
|
44
|
+
}
|
|
45
|
+
/*
|
|
46
|
+
* Convert a PEM-encoded certificate to the version used in the x5c element
|
|
47
|
+
* of a [JSON Web Key](http://tools.ietf.org/html/draft-ietf-jose-json-web-key).
|
|
48
|
+
*
|
|
49
|
+
* `cert` PEM-encoded certificate chain
|
|
50
|
+
* `maxdepth` The maximum number of certificates to use from the chain.
|
|
51
|
+
*/
|
|
52
|
+
const intermediate = cert
|
|
53
|
+
.replace(/-----[^\n]+\n?/gm, ',')
|
|
54
|
+
.replace(/\n/g, '')
|
|
55
|
+
.replace(/\r/g, '');
|
|
56
|
+
let x5c = intermediate.split(',').filter(function (c) {
|
|
57
|
+
return c.length > 0;
|
|
58
|
+
});
|
|
59
|
+
if (maxDepth > 0) {
|
|
60
|
+
x5c = x5c.splice(0, maxDepth);
|
|
61
|
+
}
|
|
62
|
+
return x5c;
|
|
63
|
+
}
|
|
64
|
+
function x5cToPemCertChain(x5c, maxDepth) {
|
|
65
|
+
if (!maxDepth) {
|
|
66
|
+
maxDepth = 0;
|
|
67
|
+
}
|
|
68
|
+
const length = maxDepth === 0 ? x5c.length : Math.min(maxDepth, x5c.length);
|
|
69
|
+
let pem = '';
|
|
70
|
+
for (let i = 0; i < length; i++) {
|
|
71
|
+
pem += derToPEM(x5c[i], 'CERTIFICATE');
|
|
72
|
+
}
|
|
73
|
+
return pem;
|
|
74
|
+
}
|
|
75
|
+
const pemOrDerToX509Certificate = (cert) => {
|
|
76
|
+
let DER = typeof cert === 'string' ? cert : undefined;
|
|
77
|
+
if (typeof cert === 'object' && !(cert instanceof Uint8Array)) {
|
|
78
|
+
// X509Certificate object
|
|
79
|
+
return pkijs_1.Certificate.fromBER(cert.rawData);
|
|
80
|
+
}
|
|
81
|
+
else if (typeof cert !== 'string') {
|
|
82
|
+
return pkijs_1.Certificate.fromBER(cert);
|
|
83
|
+
}
|
|
84
|
+
else if (cert.includes('CERTIFICATE')) {
|
|
85
|
+
DER = PEMToDer(cert);
|
|
86
|
+
}
|
|
87
|
+
if (!DER) {
|
|
88
|
+
throw Error('Invalid cert input value supplied. PEM, DER, Bytes and X509Certificate object are supported');
|
|
89
|
+
}
|
|
90
|
+
return pkijs_1.Certificate.fromBER(u8a.fromString(DER, 'base64pad'));
|
|
91
|
+
};
|
|
92
|
+
exports.pemOrDerToX509Certificate = pemOrDerToX509Certificate;
|
|
93
|
+
const areCertificatesEqual = (cert1, cert2) => {
|
|
94
|
+
return cert1.signatureValue.isEqual(cert2.signatureValue);
|
|
95
|
+
};
|
|
96
|
+
exports.areCertificatesEqual = areCertificatesEqual;
|
|
97
|
+
const toKeyObject = (PEM, visibility = 'public') => {
|
|
98
|
+
const jwk = (0, exports.PEMToJwk)(PEM, visibility);
|
|
99
|
+
const keyVisibility = jwk.d ? 'private' : 'public';
|
|
100
|
+
const keyHex = keyVisibility === 'private' ? (0, exports.privateKeyHexFromPEM)(PEM) : (0, exports.publicKeyHexFromPEM)(PEM);
|
|
101
|
+
return {
|
|
102
|
+
pem: (0, exports.hexToPEM)(keyHex, visibility),
|
|
103
|
+
jwk,
|
|
104
|
+
keyHex,
|
|
105
|
+
keyType: keyVisibility,
|
|
106
|
+
};
|
|
107
|
+
};
|
|
108
|
+
exports.toKeyObject = toKeyObject;
|
|
109
|
+
const jwkToPEM = (jwk, visibility = 'public') => {
|
|
110
|
+
return keyto_1.default.from(jwk, 'jwk').toString('pem', visibility === 'public' ? 'public_pkcs8' : 'private_pkcs8');
|
|
111
|
+
};
|
|
112
|
+
exports.jwkToPEM = jwkToPEM;
|
|
113
|
+
const PEMToJwk = (pem, visibility = 'public') => {
|
|
114
|
+
return keyto_1.default.from(pem, 'pem').toJwk(visibility);
|
|
115
|
+
};
|
|
116
|
+
exports.PEMToJwk = PEMToJwk;
|
|
117
|
+
const privateKeyHexFromPEM = (PEM) => {
|
|
118
|
+
return (0, exports.PEMToHex)(PEM);
|
|
119
|
+
};
|
|
120
|
+
exports.privateKeyHexFromPEM = privateKeyHexFromPEM;
|
|
121
|
+
const hexKeyFromPEMBasedJwk = (jwk, visibility = 'public') => {
|
|
122
|
+
if (visibility === 'private') {
|
|
123
|
+
return (0, exports.privateKeyHexFromPEM)((0, exports.jwkToPEM)(jwk, 'private'));
|
|
124
|
+
}
|
|
125
|
+
else {
|
|
126
|
+
return (0, exports.publicKeyHexFromPEM)((0, exports.jwkToPEM)(jwk, 'public'));
|
|
127
|
+
}
|
|
128
|
+
};
|
|
129
|
+
exports.hexKeyFromPEMBasedJwk = hexKeyFromPEMBasedJwk;
|
|
130
|
+
const publicKeyHexFromPEM = (PEM) => {
|
|
131
|
+
const hex = (0, exports.PEMToHex)(PEM);
|
|
132
|
+
if (PEM.includes('CERTIFICATE')) {
|
|
133
|
+
throw Error('Cannot directly deduce public Key from PEM Certificate yet');
|
|
134
|
+
}
|
|
135
|
+
else if (!PEM.includes('PRIVATE')) {
|
|
136
|
+
return hex;
|
|
137
|
+
}
|
|
138
|
+
const publicJwk = (0, exports.PEMToJwk)(PEM, 'public');
|
|
139
|
+
const publicPEM = (0, exports.jwkToPEM)(publicJwk, 'public');
|
|
140
|
+
return (0, exports.PEMToHex)(publicPEM);
|
|
141
|
+
};
|
|
142
|
+
exports.publicKeyHexFromPEM = publicKeyHexFromPEM;
|
|
143
|
+
const PEMToHex = (PEM, headerKey) => {
|
|
144
|
+
if (PEM.indexOf('-----BEGIN ') == -1) {
|
|
145
|
+
throw Error(`PEM header not found: ${headerKey}`);
|
|
146
|
+
}
|
|
147
|
+
let strippedPem;
|
|
148
|
+
if (headerKey) {
|
|
149
|
+
strippedPem = PEM.replace(new RegExp('^[^]*-----BEGIN ' + headerKey + '-----'), '');
|
|
150
|
+
strippedPem = strippedPem.replace(new RegExp('-----END ' + headerKey + '-----[^]*$'), '');
|
|
151
|
+
}
|
|
152
|
+
else {
|
|
153
|
+
strippedPem = PEM.replace(/^[^]*-----BEGIN [^-]+-----/, '');
|
|
154
|
+
strippedPem = strippedPem.replace(/-----END [^-]+-----[^]*$/, '');
|
|
155
|
+
}
|
|
156
|
+
return (0, exports.base64ToHex)(strippedPem, 'base64pad');
|
|
157
|
+
};
|
|
158
|
+
exports.PEMToHex = PEMToHex;
|
|
159
|
+
function PEMToBinary(pem) {
|
|
160
|
+
const pemContents = pem
|
|
161
|
+
.replace(/^[^]*-----BEGIN [^-]+-----/, '')
|
|
162
|
+
.replace(/-----END [^-]+-----[^]*$/, '')
|
|
163
|
+
.replace(/\s/g, '');
|
|
164
|
+
return u8a.fromString(pemContents, 'base64pad');
|
|
165
|
+
}
|
|
166
|
+
/**
|
|
167
|
+
* Converts a base64 encoded string to hex string, removing any non-base64 characters, including newlines
|
|
168
|
+
* @param input The input in base64, with optional newlines
|
|
169
|
+
* @param inputEncoding
|
|
170
|
+
*/
|
|
171
|
+
const base64ToHex = (input, inputEncoding) => {
|
|
172
|
+
const base64NoNewlines = input.replace(/[^0-9A-Za-z_\-~\/+=]*/g, '');
|
|
173
|
+
return u8a.toString(u8a.fromString(base64NoNewlines, inputEncoding ? inputEncoding : 'base64pad'), 'base16');
|
|
174
|
+
};
|
|
175
|
+
exports.base64ToHex = base64ToHex;
|
|
176
|
+
const hexToBase64 = (input, targetEncoding) => {
|
|
177
|
+
let hex = typeof input === 'string' ? input : input.toString(16);
|
|
178
|
+
if (hex.length % 2 === 1) {
|
|
179
|
+
hex = `0${hex}`;
|
|
180
|
+
}
|
|
181
|
+
return u8a.toString(u8a.fromString(hex, 'base16'), targetEncoding ? targetEncoding : 'base64pad');
|
|
182
|
+
};
|
|
183
|
+
exports.hexToBase64 = hexToBase64;
|
|
184
|
+
const hexToPEM = (hex, type) => {
|
|
185
|
+
const base64 = (0, exports.hexToBase64)(hex, 'base64pad');
|
|
186
|
+
const headerKey = type === 'private' ? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
|
|
187
|
+
if (type === 'private') {
|
|
188
|
+
const pem = derToPEM(base64, headerKey);
|
|
189
|
+
try {
|
|
190
|
+
(0, exports.PEMToJwk)(pem); // We only use it to test the private key
|
|
191
|
+
return pem;
|
|
192
|
+
}
|
|
193
|
+
catch (error) {
|
|
194
|
+
return derToPEM(base64, 'PRIVATE KEY');
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
return derToPEM(base64, headerKey);
|
|
198
|
+
};
|
|
199
|
+
exports.hexToPEM = hexToPEM;
|
|
200
|
+
function PEMToDer(pem) {
|
|
201
|
+
return pem.replace(/(-----(BEGIN|END) CERTIFICATE-----|[\n\r])/g, '');
|
|
202
|
+
}
|
|
203
|
+
function derToPEM(cert, headerKey) {
|
|
204
|
+
const key = headerKey !== null && headerKey !== void 0 ? headerKey : 'CERTIFICATE';
|
|
205
|
+
if (cert.includes(key)) {
|
|
206
|
+
// Was already in PEM it seems
|
|
207
|
+
return cert;
|
|
208
|
+
}
|
|
209
|
+
const matches = cert.match(/.{1,64}/g);
|
|
210
|
+
if (!matches) {
|
|
211
|
+
throw Error('Invalid cert input value supplied');
|
|
212
|
+
}
|
|
213
|
+
return `-----BEGIN ${key}-----\n${matches.join('\n')}\n-----END ${key}-----\n`;
|
|
214
|
+
}
|
|
215
|
+
//# sourceMappingURL=x509-utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"x509-utils.js","sourceRoot":"","sources":["../../src/x509/x509-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASA,8CAuBC;AAED,8CAUC;AAkFD,kCAOC;AAmCD,4BAEC;AAED,4BAWC;AAtLD,iCAAmC;AACnC,iDAAkC;AAClC,aAAa;AACb,yDAAgC;AAGhC,2BAA2B;AAC3B,+DAA+D;AAC/D,SAAgB,iBAAiB,CAAC,IAAY,EAAE,QAAiB;IAC/D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,CAAC,CAAA;IACd,CAAC;IACD;;;;;;OAMG;IAEH,MAAM,YAAY,GAAG,IAAI;SACtB,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC;SAChC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IACrB,IAAI,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;QAClD,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAA;IACrB,CAAC,CAAC,CAAA;IACF,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;QACjB,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;IAC/B,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAgB,iBAAiB,CAAC,GAAa,EAAE,QAAiB;IAChE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,CAAC,CAAA;IACd,CAAC;IACD,MAAM,MAAM,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;IAC3E,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChC,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,CAAA;IACxC,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAEM,MAAM,yBAAyB,GAAG,CAAC,IAA2C,EAAe,EAAE;IACpG,IAAI,GAAG,GAAuB,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAA;IACzE,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,YAAY,UAAU,CAAC,EAAE,CAAC;QAC9D,yBAAyB;QACzB,OAAO,mBAAW,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC1C,CAAC;SAAM,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,mBAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;IAClC,CAAC;SAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACxC,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;IACtB,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,KAAK,CAAC,6FAA6F,CAAC,CAAA;IAC5G,CAAC;IACD,OAAO,mBAAW,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,CAAA;AAC9D,CAAC,CAAA;AAdY,QAAA,yBAAyB,6BAcrC;AAEM,MAAM,oBAAoB,GAAG,CAAC,KAAkB,EAAE,KAAkB,EAAW,EAAE;IACtF,OAAO,KAAK,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;AAC3D,CAAC,CAAA;AAFY,QAAA,oBAAoB,wBAEhC;AAEM,MAAM,WAAW,GAAG,CAAC,GAAW,EAAE,aAA4B,QAAQ,EAAE,EAAE;IAC/E,MAAM,GAAG,GAAG,IAAA,gBAAQ,EAAC,GAAG,EAAE,UAAU,CAAC,CAAA;IACrC,MAAM,aAAa,GAAkB,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAA;IACjE,MAAM,MAAM,GAAG,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,IAAA,4BAAoB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAA,2BAAmB,EAAC,GAAG,CAAC,CAAA;IAEjG,OAAO;QACL,GAAG,EAAE,IAAA,gBAAQ,EAAC,MAAM,EAAE,UAAU,CAAC;QACjC,GAAG;QACH,MAAM;QACN,OAAO,EAAE,aAAa;KACvB,CAAA;AACH,CAAC,CAAA;AAXY,QAAA,WAAW,eAWvB;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAe,EAAE,aAA4B,QAAQ,EAAU,EAAE;IACxF,OAAO,eAAK,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,eAAe,CAAC,CAAA;AAC3G,CAAC,CAAA;AAFY,QAAA,QAAQ,YAEpB;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,aAA4B,QAAQ,EAAc,EAAE;IACxF,OAAO,eAAK,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;AACjD,CAAC,CAAA;AAFY,QAAA,QAAQ,YAEpB;AACM,MAAM,oBAAoB,GAAG,CAAC,GAAW,EAAE,EAAE;IAClD,OAAO,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAA;AACtB,CAAC,CAAA;AAFY,QAAA,oBAAoB,wBAEhC;AAEM,MAAM,qBAAqB,GAAG,CAAC,GAAe,EAAE,aAA4B,QAAQ,EAAU,EAAE;IACrG,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,IAAA,4BAAoB,EAAC,IAAA,gBAAQ,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAA;IACvD,CAAC;SAAM,CAAC;QACN,OAAO,IAAA,2BAAmB,EAAC,IAAA,gBAAQ,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAA;IACrD,CAAC;AACH,CAAC,CAAA;AANY,QAAA,qBAAqB,yBAMjC;AAEM,MAAM,mBAAmB,GAAG,CAAC,GAAW,EAAE,EAAE;IACjD,MAAM,GAAG,GAAG,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAA;IACzB,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAChC,MAAM,KAAK,CAAC,4DAA4D,CAAC,CAAA;IAC3E,CAAC;SAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,OAAO,GAAG,CAAA;IACZ,CAAC;IACD,MAAM,SAAS,GAAG,IAAA,gBAAQ,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IACzC,MAAM,SAAS,GAAG,IAAA,gBAAQ,EAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;IAC/C,OAAO,IAAA,gBAAQ,EAAC,SAAS,CAAC,CAAA;AAC5B,CAAC,CAAA;AAVY,QAAA,mBAAmB,uBAU/B;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,SAAkB,EAAU,EAAE;IAClE,IAAI,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACrC,MAAM,KAAK,CAAC,yBAAyB,SAAS,EAAE,CAAC,CAAA;IACnD,CAAC;IAED,IAAI,WAAmB,CAAA;IACvB,IAAI,SAAS,EAAE,CAAC;QACd,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,kBAAkB,GAAG,SAAS,GAAG,OAAO,CAAC,EAAE,EAAE,CAAC,CAAA;QACnF,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,WAAW,GAAG,SAAS,GAAG,YAAY,CAAC,EAAE,EAAE,CAAC,CAAA;IAC3F,CAAC;SAAM,CAAC;QACN,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,4BAA4B,EAAE,EAAE,CAAC,CAAA;QAC3D,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAA;IACnE,CAAC;IACD,OAAO,IAAA,mBAAW,EAAC,WAAW,EAAE,WAAW,CAAC,CAAA;AAC9C,CAAC,CAAA;AAdY,QAAA,QAAQ,YAcpB;AAED,SAAgB,WAAW,CAAC,GAAW;IACrC,MAAM,WAAW,GAAG,GAAG;SACpB,OAAO,CAAC,4BAA4B,EAAE,EAAE,CAAC;SACzC,OAAO,CAAC,0BAA0B,EAAE,EAAE,CAAC;SACvC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IAErB,OAAO,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,WAAW,CAAC,CAAA;AACjD,CAAC;AAED;;;;GAIG;AACI,MAAM,WAAW,GAAG,CAAC,KAAa,EAAE,aAAqE,EAAE,EAAE;IAClH,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,wBAAwB,EAAE,EAAE,CAAC,CAAA;IACpE,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,CAAC,CAAA;AAC9G,CAAC,CAAA;AAHY,QAAA,WAAW,eAGvB;AAEM,MAAM,WAAW,GAAG,CAAC,KAA+B,EAAE,cAAsE,EAAU,EAAE;IAC7I,IAAI,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAChE,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,GAAG,GAAG,IAAI,GAAG,EAAE,CAAA;IACjB,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;AACnG,CAAC,CAAA;AANY,QAAA,WAAW,eAMvB;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,IAAmB,EAAU,EAAE;IACnE,MAAM,MAAM,GAAG,IAAA,mBAAW,EAAC,GAAG,EAAE,WAAW,CAAC,CAAA;IAC5C,MAAM,SAAS,GAAG,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,YAAY,CAAA;IACvE,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;QACvC,IAAI,CAAC;YACH,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAA,CAAC,yCAAyC;YACvD,OAAO,GAAG,CAAA;QACZ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;QACxC,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;AACpC,CAAC,CAAA;AAbY,QAAA,QAAQ,YAapB;AAED,SAAgB,QAAQ,CAAC,GAAW;IAClC,OAAO,GAAG,CAAC,OAAO,CAAC,6CAA6C,EAAE,EAAE,CAAC,CAAA;AACvE,CAAC;AAED,SAAgB,QAAQ,CAAC,IAAY,EAAE,SAA4E;IACjH,MAAM,GAAG,GAAG,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,aAAa,CAAA;IACtC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,8BAA8B;QAC9B,OAAO,IAAI,CAAA;IACb,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;IACtC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,KAAK,CAAC,mCAAmC,CAAC,CAAA;IAClD,CAAC;IACD,OAAO,cAAc,GAAG,UAAU,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,GAAG,SAAS,CAAA;AAChF,CAAC"}
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
import { SubjectPublicKeyInfo } from '@peculiar/asn1-x509';
|
|
2
|
+
import { AlgorithmProvider, X509Certificate } from '@peculiar/x509';
|
|
3
|
+
import { JWK } from '@sphereon/ssi-types';
|
|
4
|
+
import { Certificate } from 'pkijs';
|
|
5
|
+
export type DNInfo = {
|
|
6
|
+
DN: string;
|
|
7
|
+
attributes: Record<string, string>;
|
|
8
|
+
};
|
|
9
|
+
export type CertificateInfo = {
|
|
10
|
+
certificate?: any;
|
|
11
|
+
notBefore: Date;
|
|
12
|
+
notAfter: Date;
|
|
13
|
+
publicKeyJWK?: any;
|
|
14
|
+
issuer: {
|
|
15
|
+
dn: DNInfo;
|
|
16
|
+
};
|
|
17
|
+
subject: {
|
|
18
|
+
dn: DNInfo;
|
|
19
|
+
subjectAlternativeNames: SubjectAlternativeName[];
|
|
20
|
+
};
|
|
21
|
+
};
|
|
22
|
+
export type X509ValidationResult = {
|
|
23
|
+
error: boolean;
|
|
24
|
+
critical: boolean;
|
|
25
|
+
message: string;
|
|
26
|
+
detailMessage?: string;
|
|
27
|
+
verificationTime: Date;
|
|
28
|
+
certificateChain?: Array<CertificateInfo>;
|
|
29
|
+
trustAnchor?: CertificateInfo;
|
|
30
|
+
client?: {
|
|
31
|
+
clientId: string;
|
|
32
|
+
clientIdScheme: ClientIdScheme;
|
|
33
|
+
};
|
|
34
|
+
};
|
|
35
|
+
export declare const getCertificateInfo: (certificate: Certificate, opts?: {
|
|
36
|
+
sanTypeFilter: SubjectAlternativeGeneralName | SubjectAlternativeGeneralName[];
|
|
37
|
+
}) => Promise<CertificateInfo>;
|
|
38
|
+
export type X509CertificateChainValidationOpts = {
|
|
39
|
+
allowNoTrustAnchorsFound?: boolean;
|
|
40
|
+
trustRootWhenNoAnchors?: boolean;
|
|
41
|
+
allowSingleNoCAChainElement?: boolean;
|
|
42
|
+
blindlyTrustedAnchors?: string[];
|
|
43
|
+
disallowReversedChain?: boolean;
|
|
44
|
+
client?: {
|
|
45
|
+
clientId: string;
|
|
46
|
+
clientIdScheme: ClientIdScheme;
|
|
47
|
+
};
|
|
48
|
+
};
|
|
49
|
+
export declare const validateX509CertificateChain: ({ chain: pemOrDerChain, trustAnchors, verificationTime, opts, }: {
|
|
50
|
+
chain: (Uint8Array | string)[];
|
|
51
|
+
trustAnchors?: string[];
|
|
52
|
+
verificationTime?: Date;
|
|
53
|
+
opts?: X509CertificateChainValidationOpts;
|
|
54
|
+
}) => Promise<X509ValidationResult>;
|
|
55
|
+
export declare const getX509AlgorithmProvider: () => AlgorithmProvider;
|
|
56
|
+
export type ParsedCertificate = {
|
|
57
|
+
publicKeyInfo: SubjectPublicKeyInfo;
|
|
58
|
+
publicKeyJwk?: JWK;
|
|
59
|
+
publicKeyRaw: Uint8Array;
|
|
60
|
+
publicKeyAlgorithm: Algorithm;
|
|
61
|
+
certificateInfo: CertificateInfo;
|
|
62
|
+
certificate: Certificate;
|
|
63
|
+
x509Certificate: X509Certificate;
|
|
64
|
+
};
|
|
65
|
+
export declare const parseCertificate: (rawCert: string | Uint8Array) => Promise<ParsedCertificate>;
|
|
66
|
+
export declare const getIssuerDN: (cert: Certificate) => DNInfo;
|
|
67
|
+
export declare const getSubjectDN: (cert: Certificate) => DNInfo;
|
|
68
|
+
export declare const getCertificateSubjectPublicKeyJWK: (pemOrDerCert: string | Uint8Array | Certificate) => Promise<JWK>;
|
|
69
|
+
/**
|
|
70
|
+
* otherName [0] OtherName,
|
|
71
|
+
* rfc822Name [1] IA5String,
|
|
72
|
+
* dNSName [2] IA5String,
|
|
73
|
+
* x400Address [3] ORAddress,
|
|
74
|
+
* directoryName [4] Name,
|
|
75
|
+
* ediPartyName [5] EDIPartyName,
|
|
76
|
+
* uniformResourceIdentifier [6] IA5String,
|
|
77
|
+
* iPAddress [7] OCTET STRING,
|
|
78
|
+
* registeredID [8] OBJECT IDENTIFIER }
|
|
79
|
+
*/
|
|
80
|
+
export declare enum SubjectAlternativeGeneralName {
|
|
81
|
+
rfc822Name = 1,// email
|
|
82
|
+
dnsName = 2,
|
|
83
|
+
uniformResourceIdentifier = 6,
|
|
84
|
+
ipAddress = 7
|
|
85
|
+
}
|
|
86
|
+
export interface SubjectAlternativeName {
|
|
87
|
+
value: string;
|
|
88
|
+
type: SubjectAlternativeGeneralName;
|
|
89
|
+
}
|
|
90
|
+
export type ClientIdScheme = 'x509_san_dns' | 'x509_san_uri';
|
|
91
|
+
export declare const assertCertificateMatchesClientIdScheme: (certificate: Certificate, clientId: string, clientIdScheme: ClientIdScheme) => void;
|
|
92
|
+
export declare const validateCertificateChainMatchesClientIdScheme: (certificate: Certificate, clientId: string, clientIdScheme: ClientIdScheme) => Promise<X509ValidationResult>;
|
|
93
|
+
export declare const getSubjectAlternativeNames: (certificate: Certificate, opts?: {
|
|
94
|
+
typeFilter?: SubjectAlternativeGeneralName | SubjectAlternativeGeneralName[];
|
|
95
|
+
clientIdSchemeFilter?: ClientIdScheme;
|
|
96
|
+
}) => SubjectAlternativeName[];
|
|
97
|
+
//# sourceMappingURL=x509-validator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"x509-validator.d.ts","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAEnE,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAA;AAEzC,OAAO,EAAkC,WAAW,EAAyD,MAAM,OAAO,CAAA;AAM1H,MAAM,MAAM,MAAM,GAAG;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACnC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,WAAW,CAAC,EAAE,GAAG,CAAA;IACjB,SAAS,EAAE,IAAI,CAAA;IACf,QAAQ,EAAE,IAAI,CAAA;IACd,YAAY,CAAC,EAAE,GAAG,CAAA;IAClB,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAA;KACX,CAAA;IACD,OAAO,EAAE;QACP,EAAE,EAAE,MAAM,CAAA;QACV,uBAAuB,EAAE,sBAAsB,EAAE,CAAA;KAClD,CAAA;CACF,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,gBAAgB,EAAE,IAAI,CAAA;IACtB,gBAAgB,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;IACzC,WAAW,CAAC,EAAE,eAAe,CAAA;IAC7B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAQD,eAAO,MAAM,kBAAkB,gBAChB,WAAW,SACjB;IACL,aAAa,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAA;CAC/E,KACA,OAAO,CAAC,eAAe,CAgBzB,CAAA;AAED,MAAM,MAAM,kCAAkC,GAAG;IAE/C,wBAAwB,CAAC,EAAE,OAAO,CAAA;IAGlC,sBAAsB,CAAC,EAAE,OAAO,CAAA;IAEhC,2BAA2B,CAAC,EAAE,OAAO,CAAA;IAGrC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAA;IAEhC,qBAAqB,CAAC,EAAE,OAAO,CAAA;IAE/B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAED,eAAO,MAAM,4BAA4B,oEAYtC;IACD,KAAK,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,CAAA;IAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IACvB,gBAAgB,CAAC,EAAE,IAAI,CAAA;IACvB,IAAI,CAAC,EAAE,kCAAkC,CAAA;CAC1C,KAAG,OAAO,CAAC,oBAAoB,CAS/B,CAAA;AAiLD,eAAO,MAAM,wBAAwB,QAAO,iBAE3C,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,aAAa,EAAE,oBAAoB,CAAA;IACnC,YAAY,CAAC,EAAE,GAAG,CAAA;IAClB,YAAY,EAAE,UAAU,CAAA;IACxB,kBAAkB,EAAE,SAAS,CAAA;IAC7B,eAAe,EAAE,eAAe,CAAA;IAChC,WAAW,EAAE,WAAW,CAAA;IACxB,eAAe,EAAE,eAAe,CAAA;CACjC,CAAA;AAED,eAAO,MAAM,gBAAgB,YAAmB,MAAM,GAAG,UAAU,KAAG,OAAO,CAAC,iBAAiB,CAsB9F,CAAA;AAwJD,eAAO,MAAM,WAAW,SAAU,WAAW,KAAG,MAK/C,CAAA;AAED,eAAO,MAAM,YAAY,SAAU,WAAW,KAAG,MAKhD,CAAA;AAgBD,eAAO,MAAM,iCAAiC,iBAAwB,MAAM,GAAG,UAAU,GAAG,WAAW,KAAG,OAAO,CAAC,GAAG,CA4BpH,CAAA;AAED;;;;;;;;;;GAUG;AACH,oBAAY,6BAA6B;IACvC,UAAU,IAAI,CAAE,QAAQ;IACxB,OAAO,IAAI;IACX,yBAAyB,IAAI;IAC7B,SAAS,IAAI;CACd;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,6BAA6B,CAAA;CACpC;AAED,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,cAAc,CAAA;AAE5D,eAAO,MAAM,sCAAsC,gBAAiB,WAAW,YAAY,MAAM,kBAAkB,cAAc,KAAG,IAUnI,CAAA;AAED,eAAO,MAAM,6CAA6C,gBAC3C,WAAW,YACd,MAAM,kBACA,cAAc,KAC7B,OAAO,CAAC,oBAAoB,CAoB9B,CAAA;AAED,eAAO,MAAM,0BAA0B,gBACxB,WAAW,SACjB;IACL,UAAU,CAAC,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAA;IAE5E,oBAAoB,CAAC,EAAE,cAAc,CAAA;CACtC,KACA,sBAAsB,EAsBxB,CAAA"}
|