@super-protocol/sdk-js 3.12.1-beta.2 → 3.13.0-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/certificates/binary-splitter.d.ts +26 -0
- package/dist/cjs/certificates/binary-splitter.js +269 -0
- package/dist/cjs/certificates/generator.d.ts +38 -0
- package/dist/cjs/certificates/generator.js +237 -0
- package/dist/cjs/certificates/helper.d.ts +5 -2
- package/dist/cjs/certificates/helper.js +19 -15
- package/dist/cjs/certificates/index.d.ts +1 -0
- package/dist/cjs/certificates/index.js +2 -1
- package/dist/cjs/certificates/serializer.d.ts +5 -0
- package/dist/cjs/certificates/serializer.js +98 -2
- package/dist/cjs/certificates/setup-crypto.d.ts +3 -0
- package/dist/cjs/certificates/setup-crypto.js +51 -0
- package/dist/cjs/certificates/types.d.ts +77 -0
- package/dist/cjs/connectors/BlockchainConnector.js +11 -8
- package/dist/cjs/connectors/BlockchainEventsListener.d.ts +4 -4
- package/dist/cjs/connectors/BlockchainEventsListener.js +9 -8
- package/dist/cjs/constants.d.ts +5 -1
- package/dist/cjs/constants.js +12 -5
- package/dist/cjs/index.d.ts +0 -2
- package/dist/cjs/index.js +3 -6
- package/dist/cjs/models/Offer.d.ts +1 -1
- package/dist/cjs/models/Offer.js +10 -3
- package/dist/cjs/models/Order.d.ts +1 -1
- package/dist/cjs/models/Order.js +21 -20
- package/dist/cjs/models/TeeOffer.d.ts +2 -2
- package/dist/cjs/models/TeeOffer.js +18 -3
- package/dist/cjs/proto/OrderReport.d.ts +206 -15
- package/dist/cjs/proto/OrderReport.js +169 -3
- package/dist/cjs/staticModels/ActiveOrders.d.ts +1 -1
- package/dist/cjs/staticModels/ActiveOrders.js +1 -1
- package/dist/cjs/staticModels/OfferResources.js +3 -4
- package/dist/cjs/staticModels/Offers.d.ts +3 -4
- package/dist/cjs/staticModels/Offers.js +16 -17
- package/dist/cjs/staticModels/OffersCommon.d.ts +18 -0
- package/dist/cjs/staticModels/OffersCommon.js +79 -0
- package/dist/cjs/staticModels/Orders.d.ts +6 -5
- package/dist/cjs/staticModels/Orders.js +96 -5
- package/dist/cjs/staticModels/SecretRequests.js +2 -3
- package/dist/cjs/staticModels/StaticModel.d.ts +14 -2
- package/dist/cjs/staticModels/StaticModel.js +90 -2
- package/dist/cjs/staticModels/SuperproToken.d.ts +26 -1
- package/dist/cjs/staticModels/SuperproToken.js +40 -1
- package/dist/cjs/staticModels/TeeOffers.d.ts +4 -4
- package/dist/cjs/staticModels/TeeOffers.js +17 -16
- package/dist/cjs/tee/OrderReportService.js +4 -2
- package/dist/cjs/tee/QuoteValidator.d.ts +3 -2
- package/dist/cjs/tee/QuoteValidator.js +5 -4
- package/dist/cjs/tee/TeeCertificateService.d.ts +1 -1
- package/dist/cjs/tee/TeeCertificateService.js +11 -14
- package/dist/cjs/tee/TeeSignatureVerifier.d.ts +6 -4
- package/dist/cjs/tee/TeeSignatureVerifier.js +60 -32
- package/dist/cjs/tee/types.d.ts +1 -1
- package/dist/cjs/types/Order.d.ts +28 -2
- package/dist/cjs/types/Order.js +23 -2
- package/dist/cjs/types/index.d.ts +0 -1
- package/dist/cjs/types/index.js +1 -2
- package/dist/cjs/utils/CryptoKeysTransformer.d.ts +4 -0
- package/dist/cjs/utils/CryptoKeysTransformer.js +50 -1
- package/dist/cjs/utils/TxManager.d.ts +2 -0
- package/dist/cjs/utils/TxManager.js +56 -25
- package/dist/cjs/utils/helper.d.ts +11 -3
- package/dist/cjs/utils/helper.js +56 -12
- package/dist/cjs/utils/helpers/getRawRpc.d.ts +2 -0
- package/dist/cjs/utils/helpers/getRawRpc.js +19 -0
- package/dist/cjs/utils/helpers/index.d.ts +1 -0
- package/dist/cjs/utils/helpers/index.js +2 -1
- package/dist/cjs/utils/types.d.ts +14 -0
- package/dist/cjs/utils/types.js +3 -0
- package/dist/mjs/certificates/binary-splitter.d.ts +26 -0
- package/dist/mjs/certificates/binary-splitter.js +265 -0
- package/dist/mjs/certificates/generator.d.ts +38 -0
- package/dist/mjs/certificates/generator.js +230 -0
- package/dist/mjs/certificates/helper.d.ts +5 -2
- package/dist/mjs/certificates/helper.js +19 -15
- package/dist/mjs/certificates/index.d.ts +1 -0
- package/dist/mjs/certificates/index.js +2 -1
- package/dist/mjs/certificates/serializer.d.ts +5 -0
- package/dist/mjs/certificates/serializer.js +94 -1
- package/dist/mjs/certificates/setup-crypto.d.ts +3 -0
- package/dist/mjs/certificates/setup-crypto.js +22 -0
- package/dist/mjs/certificates/types.d.ts +77 -0
- package/dist/mjs/connectors/BlockchainConnector.js +11 -8
- package/dist/mjs/connectors/BlockchainEventsListener.d.ts +4 -4
- package/dist/mjs/connectors/BlockchainEventsListener.js +9 -8
- package/dist/mjs/constants.d.ts +5 -1
- package/dist/mjs/constants.js +11 -4
- package/dist/mjs/index.d.ts +0 -2
- package/dist/mjs/index.js +1 -3
- package/dist/mjs/models/Offer.d.ts +1 -1
- package/dist/mjs/models/Offer.js +10 -3
- package/dist/mjs/models/Order.d.ts +1 -1
- package/dist/mjs/models/Order.js +22 -21
- package/dist/mjs/models/TeeOffer.d.ts +2 -2
- package/dist/mjs/models/TeeOffer.js +18 -3
- package/dist/mjs/proto/OrderReport.d.ts +206 -15
- package/dist/mjs/proto/OrderReport.js +168 -2
- package/dist/mjs/staticModels/ActiveOrders.d.ts +1 -1
- package/dist/mjs/staticModels/ActiveOrders.js +1 -1
- package/dist/mjs/staticModels/OfferResources.js +4 -5
- package/dist/mjs/staticModels/Offers.d.ts +3 -4
- package/dist/mjs/staticModels/Offers.js +16 -17
- package/dist/mjs/staticModels/OffersCommon.d.ts +18 -0
- package/dist/mjs/staticModels/OffersCommon.js +73 -0
- package/dist/mjs/staticModels/Orders.d.ts +6 -5
- package/dist/mjs/staticModels/Orders.js +98 -7
- package/dist/mjs/staticModels/SecretRequests.js +3 -4
- package/dist/mjs/staticModels/StaticModel.d.ts +14 -2
- package/dist/mjs/staticModels/StaticModel.js +90 -2
- package/dist/mjs/staticModels/SuperproToken.d.ts +26 -1
- package/dist/mjs/staticModels/SuperproToken.js +40 -1
- package/dist/mjs/staticModels/TeeOffers.d.ts +4 -4
- package/dist/mjs/staticModels/TeeOffers.js +17 -16
- package/dist/mjs/tee/OrderReportService.js +4 -2
- package/dist/mjs/tee/QuoteValidator.d.ts +3 -2
- package/dist/mjs/tee/QuoteValidator.js +5 -4
- package/dist/mjs/tee/TeeCertificateService.d.ts +1 -1
- package/dist/mjs/tee/TeeCertificateService.js +12 -15
- package/dist/mjs/tee/TeeSignatureVerifier.d.ts +6 -4
- package/dist/mjs/tee/TeeSignatureVerifier.js +59 -31
- package/dist/mjs/tee/types.d.ts +1 -1
- package/dist/mjs/types/Order.d.ts +28 -2
- package/dist/mjs/types/Order.js +21 -1
- package/dist/mjs/types/index.d.ts +0 -1
- package/dist/mjs/types/index.js +1 -2
- package/dist/mjs/utils/CryptoKeysTransformer.d.ts +4 -0
- package/dist/mjs/utils/CryptoKeysTransformer.js +50 -1
- package/dist/mjs/utils/TxManager.d.ts +2 -0
- package/dist/mjs/utils/TxManager.js +57 -26
- package/dist/mjs/utils/helper.d.ts +11 -3
- package/dist/mjs/utils/helper.js +54 -12
- package/dist/mjs/utils/helpers/getRawRpc.d.ts +2 -0
- package/dist/mjs/utils/helpers/getRawRpc.js +15 -0
- package/dist/mjs/utils/helpers/index.d.ts +1 -0
- package/dist/mjs/utils/helpers/index.js +2 -1
- package/dist/mjs/utils/types.d.ts +14 -0
- package/dist/mjs/utils/types.js +2 -0
- package/package.json +5 -3
- package/readme.md +11 -0
- package/dist/cjs/contracts/Campaign.d.ts +0 -1036
- package/dist/cjs/contracts/Campaign.js +0 -1347
- package/dist/cjs/staticModels/Campaign.d.ts +0 -59
- package/dist/cjs/staticModels/Campaign.js +0 -248
- package/dist/cjs/types/Campaign.d.ts +0 -57
- package/dist/cjs/types/Campaign.js +0 -11
- package/dist/mjs/contracts/Campaign.d.ts +0 -1036
- package/dist/mjs/contracts/Campaign.js +0 -1344
- package/dist/mjs/staticModels/Campaign.d.ts +0 -59
- package/dist/mjs/staticModels/Campaign.js +0 -243
- package/dist/mjs/types/Campaign.d.ts +0 -57
- package/dist/mjs/types/Campaign.js +0 -8
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import { CertBinaryItem } from './types.js';
|
|
2
|
+
export declare enum CertificateNonOidParts {
|
|
3
|
+
SERIAL_NUMBER = "SERIAL_NUMBER",
|
|
4
|
+
SIGNATURE_ALGORITHM = "SIGNATURE_ALGORITHM",
|
|
5
|
+
ISSUER = "ISSUER",
|
|
6
|
+
NOT_BEFORE = "NOT_BEFORE",
|
|
7
|
+
NOT_AFTER = "NOT_AFTER",
|
|
8
|
+
SUBJECT = "SUBJECT",
|
|
9
|
+
SUBJECT_PUBLIC_KEY_INFO = "SUBJECT_PUBLIC_KEY_INFO",
|
|
10
|
+
SIGNATURE = "SIGNATURE"
|
|
11
|
+
}
|
|
12
|
+
export declare class CertificateBinarySplitter {
|
|
13
|
+
private parts;
|
|
14
|
+
private readonly certBinary;
|
|
15
|
+
private lastPosition;
|
|
16
|
+
constructor(certDer: ArrayBuffer);
|
|
17
|
+
split(nonOidParts: CertificateNonOidParts[], oids: string[]): Array<Uint8Array | CertBinaryItem>;
|
|
18
|
+
private processExtensions;
|
|
19
|
+
private getElementPositionInParent;
|
|
20
|
+
private addElement;
|
|
21
|
+
private addPublicKeyElement;
|
|
22
|
+
private addSignatureElement;
|
|
23
|
+
private getElementValueAndPosition;
|
|
24
|
+
private getValueHex;
|
|
25
|
+
private addPart;
|
|
26
|
+
}
|
|
@@ -0,0 +1,269 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CertificateBinarySplitter = exports.CertificateNonOidParts = void 0;
|
|
4
|
+
const asn1js_1 = require("asn1js");
|
|
5
|
+
var CertificateNonOidParts;
|
|
6
|
+
(function (CertificateNonOidParts) {
|
|
7
|
+
CertificateNonOidParts["SERIAL_NUMBER"] = "SERIAL_NUMBER";
|
|
8
|
+
CertificateNonOidParts["SIGNATURE_ALGORITHM"] = "SIGNATURE_ALGORITHM";
|
|
9
|
+
CertificateNonOidParts["ISSUER"] = "ISSUER";
|
|
10
|
+
CertificateNonOidParts["NOT_BEFORE"] = "NOT_BEFORE";
|
|
11
|
+
CertificateNonOidParts["NOT_AFTER"] = "NOT_AFTER";
|
|
12
|
+
CertificateNonOidParts["SUBJECT"] = "SUBJECT";
|
|
13
|
+
CertificateNonOidParts["SUBJECT_PUBLIC_KEY_INFO"] = "SUBJECT_PUBLIC_KEY_INFO";
|
|
14
|
+
CertificateNonOidParts["SIGNATURE"] = "SIGNATURE";
|
|
15
|
+
})(CertificateNonOidParts || (exports.CertificateNonOidParts = CertificateNonOidParts = {}));
|
|
16
|
+
class CertificateBinarySplitter {
|
|
17
|
+
parts = [];
|
|
18
|
+
certBinary;
|
|
19
|
+
lastPosition = 0;
|
|
20
|
+
constructor(certDer) {
|
|
21
|
+
this.certBinary = new Uint8Array(certDer);
|
|
22
|
+
}
|
|
23
|
+
split(nonOidParts, oids) {
|
|
24
|
+
this.parts = [];
|
|
25
|
+
this.lastPosition = 0;
|
|
26
|
+
try {
|
|
27
|
+
const asn1 = (0, asn1js_1.fromBER)(this.certBinary);
|
|
28
|
+
if (asn1.offset === -1) {
|
|
29
|
+
throw new Error('Error parsing ASN.1 structure');
|
|
30
|
+
}
|
|
31
|
+
const certificate = asn1.result;
|
|
32
|
+
// certificate.valueBlock.value[0] = TBSCertificate
|
|
33
|
+
// certificate.valueBlock.value[1] = signatureAlgorithm
|
|
34
|
+
// certificate.valueBlock.value[2] = signature
|
|
35
|
+
const tbsCertificate = certificate.valueBlock.value[0];
|
|
36
|
+
const tbsStartPosition = this.getElementPositionInParent(tbsCertificate.toBER());
|
|
37
|
+
this.addPart(new Uint8Array(this.certBinary.slice(0, tbsStartPosition)));
|
|
38
|
+
this.lastPosition = tbsStartPosition;
|
|
39
|
+
const tbsValues = tbsCertificate.valueBlock.value;
|
|
40
|
+
let tbsIndex = 0;
|
|
41
|
+
// 1. Version [0] EXPLICIT (optional, default v1)
|
|
42
|
+
if (tbsValues[tbsIndex].idBlock.tagClass === 3 &&
|
|
43
|
+
tbsValues[tbsIndex].idBlock.tagNumber === 0) {
|
|
44
|
+
tbsIndex++; // skip version
|
|
45
|
+
}
|
|
46
|
+
// 2. Serial Number (mandatory)
|
|
47
|
+
const serialNumber = tbsValues[tbsIndex++];
|
|
48
|
+
if (serialNumber.idBlock.tagNumber !== 2) {
|
|
49
|
+
throw new Error('Expected serial number (INTEGER)');
|
|
50
|
+
}
|
|
51
|
+
if (nonOidParts.includes(CertificateNonOidParts.SERIAL_NUMBER)) {
|
|
52
|
+
this.addElement({
|
|
53
|
+
name: 'serialNumber',
|
|
54
|
+
element: serialNumber,
|
|
55
|
+
forcePushPrefix: true,
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
// 3. Signature Algorithm (mandatory)
|
|
59
|
+
const signatureAlgorithm = tbsValues[tbsIndex++];
|
|
60
|
+
if (nonOidParts.includes(CertificateNonOidParts.SIGNATURE_ALGORITHM)) {
|
|
61
|
+
this.addElement({ name: 'signatureAlgorithm', element: signatureAlgorithm });
|
|
62
|
+
}
|
|
63
|
+
// 4. Issuer (mandatory)
|
|
64
|
+
const issuer = tbsValues[tbsIndex++];
|
|
65
|
+
if (nonOidParts.includes(CertificateNonOidParts.ISSUER)) {
|
|
66
|
+
this.addElement({ name: 'issuer', element: issuer });
|
|
67
|
+
}
|
|
68
|
+
// 5. Validity (mandatory)
|
|
69
|
+
const validity = tbsValues[tbsIndex++];
|
|
70
|
+
const notBefore = validity.valueBlock.value[0];
|
|
71
|
+
const notAfter = validity.valueBlock.value[1];
|
|
72
|
+
if (nonOidParts.includes(CertificateNonOidParts.NOT_BEFORE)) {
|
|
73
|
+
this.addElement({ name: 'notBefore', element: notBefore });
|
|
74
|
+
}
|
|
75
|
+
if (nonOidParts.includes(CertificateNonOidParts.NOT_AFTER)) {
|
|
76
|
+
this.addElement({ name: 'notAfter', element: notAfter });
|
|
77
|
+
}
|
|
78
|
+
// 6. Subject
|
|
79
|
+
const subject = tbsValues[tbsIndex++];
|
|
80
|
+
if (nonOidParts.includes(CertificateNonOidParts.SUBJECT)) {
|
|
81
|
+
this.addElement({ name: 'subject', element: subject });
|
|
82
|
+
}
|
|
83
|
+
// 7.subjectPublicKeyInfo
|
|
84
|
+
const subjectPublicKeyInfo = tbsValues[tbsIndex++];
|
|
85
|
+
const publicKeyBitString = subjectPublicKeyInfo.valueBlock.value[1]; // BIT STRING with public key
|
|
86
|
+
if (nonOidParts.includes(CertificateNonOidParts.SUBJECT_PUBLIC_KEY_INFO)) {
|
|
87
|
+
this.addPublicKeyElement(publicKeyBitString);
|
|
88
|
+
}
|
|
89
|
+
// 8. issuerUniqueID [1] IMPLICIT (optional, only in v2+)
|
|
90
|
+
if (tbsIndex < tbsValues.length &&
|
|
91
|
+
tbsValues[tbsIndex].idBlock.tagClass === 3 &&
|
|
92
|
+
tbsValues[tbsIndex].idBlock.tagNumber === 1) {
|
|
93
|
+
tbsIndex++; // skip issuerUniqueID
|
|
94
|
+
}
|
|
95
|
+
// 9. subjectUniqueID [2] IMPLICIT (optional, only in v2+)
|
|
96
|
+
if (tbsIndex < tbsValues.length &&
|
|
97
|
+
tbsValues[tbsIndex].idBlock.tagClass === 3 &&
|
|
98
|
+
tbsValues[tbsIndex].idBlock.tagNumber === 2) {
|
|
99
|
+
tbsIndex++; // skip subjectUniqueID
|
|
100
|
+
}
|
|
101
|
+
// 10. Extensions
|
|
102
|
+
if (tbsIndex < tbsValues.length) {
|
|
103
|
+
const extensions = tbsValues[tbsIndex];
|
|
104
|
+
if (extensions.idBlock.tagClass === 3 && extensions.idBlock.tagNumber === 3) {
|
|
105
|
+
const extensionsSequence = extensions.valueBlock.value[0];
|
|
106
|
+
this.processExtensions(extensionsSequence, oids);
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
// 11. signature
|
|
110
|
+
if (nonOidParts.includes(CertificateNonOidParts.SIGNATURE)) {
|
|
111
|
+
const signatureAlgorithmId = certificate.valueBlock.value[1];
|
|
112
|
+
this.addElement({
|
|
113
|
+
element: signatureAlgorithmId,
|
|
114
|
+
forcePushPrefix: true,
|
|
115
|
+
forcePushHeader: true,
|
|
116
|
+
});
|
|
117
|
+
const signature = certificate.valueBlock.value[2];
|
|
118
|
+
this.addSignatureElement(signature);
|
|
119
|
+
}
|
|
120
|
+
// Add any remaining part after the last processed element
|
|
121
|
+
if (this.lastPosition < this.certBinary.length) {
|
|
122
|
+
this.addPart(new Uint8Array(this.certBinary.slice(this.lastPosition)));
|
|
123
|
+
}
|
|
124
|
+
return this.parts;
|
|
125
|
+
}
|
|
126
|
+
catch (error) {
|
|
127
|
+
throw new Error(`Failed to split certificate: ${error instanceof Error ? error.message : 'Unknown error'}`);
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
processExtensions(extensionsSequence, targetOids) {
|
|
131
|
+
for (const extension of extensionsSequence.valueBlock.value) {
|
|
132
|
+
const extValues = extension.valueBlock.value;
|
|
133
|
+
const oid = extValues[0].valueBlock.toString(); // OID as string
|
|
134
|
+
if (!targetOids.includes(oid)) {
|
|
135
|
+
continue;
|
|
136
|
+
}
|
|
137
|
+
// Find OCTET STRING with extension value
|
|
138
|
+
let octetString;
|
|
139
|
+
if (extValues.length === 3) {
|
|
140
|
+
// OID + critical + OCTET STRING
|
|
141
|
+
octetString = extValues[2];
|
|
142
|
+
}
|
|
143
|
+
else {
|
|
144
|
+
// OID + OCTET STRING
|
|
145
|
+
octetString = extValues[1];
|
|
146
|
+
}
|
|
147
|
+
this.addElement({ name: 'extension', element: octetString, oid });
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
getElementPositionInParent(element, parent) {
|
|
151
|
+
const elementBytes = new Uint8Array(element);
|
|
152
|
+
const parentToSearch = parent || this.certBinary;
|
|
153
|
+
const startPosition = parent ? 0 : this.lastPosition;
|
|
154
|
+
for (let i = startPosition; i <= parentToSearch.length - elementBytes.length; i++) {
|
|
155
|
+
let match = true;
|
|
156
|
+
for (let j = 0; j < elementBytes.length; j++) {
|
|
157
|
+
if (parentToSearch[i + j] !== elementBytes[j]) {
|
|
158
|
+
match = false;
|
|
159
|
+
break;
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
if (match) {
|
|
163
|
+
return i;
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
throw new Error('Some element not found in certificate binary');
|
|
167
|
+
}
|
|
168
|
+
addElement({ name, element, oid, forcePushPrefix, forcePushHeader, }) {
|
|
169
|
+
const { value, position } = this.getElementValueAndPosition({
|
|
170
|
+
element,
|
|
171
|
+
forcePushPrefix,
|
|
172
|
+
forcePushHeader,
|
|
173
|
+
});
|
|
174
|
+
name ? this.addPart({ name, value, oid }) : this.addPart(new Uint8Array(value));
|
|
175
|
+
this.lastPosition = position + value.byteLength;
|
|
176
|
+
}
|
|
177
|
+
addPublicKeyElement(element) {
|
|
178
|
+
const { value, position } = this.getElementValueAndPosition({ element });
|
|
179
|
+
// extract first byte 0x04 - uncompressed public key
|
|
180
|
+
this.addPart(new Uint8Array(value.slice(0, 1)));
|
|
181
|
+
this.addPart({ name: 'publicKey', value: value.slice(1) });
|
|
182
|
+
this.lastPosition = position + value.byteLength;
|
|
183
|
+
}
|
|
184
|
+
addSignatureElement(element) {
|
|
185
|
+
const { value, position } = this.getElementValueAndPosition({ element });
|
|
186
|
+
// Parse the signature as ASN.1 SEQUENCE containing R and S values
|
|
187
|
+
const signatureAsn1 = (0, asn1js_1.fromBER)(value);
|
|
188
|
+
const sequence = signatureAsn1.result;
|
|
189
|
+
const rElement = sequence.valueBlock.value[0];
|
|
190
|
+
const sElement = sequence.valueBlock.value[1];
|
|
191
|
+
const rBer = rElement.toBER();
|
|
192
|
+
const sBer = sElement.toBER();
|
|
193
|
+
// R value
|
|
194
|
+
const rPosition = this.getElementPositionInParent(rBer, value);
|
|
195
|
+
this.addPart(new Uint8Array(value.slice(0, rPosition)));
|
|
196
|
+
let rValue = this.getValueHex(rElement);
|
|
197
|
+
if (rValue.byteLength > 32) {
|
|
198
|
+
rValue = rValue.slice(rValue.byteLength - 32);
|
|
199
|
+
}
|
|
200
|
+
const rHeaderLength = rBer.byteLength - rValue.byteLength;
|
|
201
|
+
if (rHeaderLength > 0) {
|
|
202
|
+
this.addPart(new Uint8Array(value.slice(rPosition, rPosition + rHeaderLength)));
|
|
203
|
+
}
|
|
204
|
+
const rEndPos = rPosition + rBer.byteLength;
|
|
205
|
+
// S value
|
|
206
|
+
const sPosition = this.getElementPositionInParent(sBer, value);
|
|
207
|
+
if (sPosition > rEndPos) {
|
|
208
|
+
this.addPart(new Uint8Array(value.slice(rEndPos, sPosition)));
|
|
209
|
+
}
|
|
210
|
+
let sValue = this.getValueHex(sElement);
|
|
211
|
+
if (sValue.byteLength > 32) {
|
|
212
|
+
sValue = sValue.slice(sValue.byteLength - 32);
|
|
213
|
+
}
|
|
214
|
+
const sHeaderLength = sBer.byteLength - sValue.byteLength;
|
|
215
|
+
if (sHeaderLength > 0) {
|
|
216
|
+
this.addPart(new Uint8Array(value.slice(sPosition, sPosition + sHeaderLength)), true);
|
|
217
|
+
}
|
|
218
|
+
const fullSignature = Buffer.concat([Buffer.from(rValue), Buffer.from(sValue)]);
|
|
219
|
+
this.addPart({ name: 'signature', value: new Uint8Array(fullSignature) });
|
|
220
|
+
const sEndPos = sPosition + sBer.byteLength;
|
|
221
|
+
if (sEndPos < value.byteLength) {
|
|
222
|
+
this.addPart(new Uint8Array(value.slice(sEndPos)));
|
|
223
|
+
}
|
|
224
|
+
this.lastPosition = position + value.byteLength;
|
|
225
|
+
}
|
|
226
|
+
getElementValueAndPosition({ element, forcePushPrefix = false, forcePushHeader = false, }) {
|
|
227
|
+
const elementBer = element.toBER();
|
|
228
|
+
const elementValue = this.getValueHex(element);
|
|
229
|
+
const elementPosition = this.getElementPositionInParent(elementBer);
|
|
230
|
+
const valueOffsetInElement = elementBer.byteLength - elementValue.byteLength;
|
|
231
|
+
const valuePosition = elementPosition + valueOffsetInElement;
|
|
232
|
+
// Part before element
|
|
233
|
+
if (this.lastPosition < elementPosition) {
|
|
234
|
+
this.addPart(new Uint8Array(this.certBinary.slice(this.lastPosition, elementPosition)), forcePushPrefix);
|
|
235
|
+
}
|
|
236
|
+
// Element header
|
|
237
|
+
if (valueOffsetInElement > 0) {
|
|
238
|
+
this.addPart(new Uint8Array(this.certBinary.slice(elementPosition, valuePosition)), forcePushHeader);
|
|
239
|
+
}
|
|
240
|
+
return {
|
|
241
|
+
value: new Uint8Array(elementValue),
|
|
242
|
+
position: valuePosition,
|
|
243
|
+
};
|
|
244
|
+
}
|
|
245
|
+
getValueHex(element) {
|
|
246
|
+
if ('valueHex' in element.valueBlock) {
|
|
247
|
+
return element.valueBlock.valueHex;
|
|
248
|
+
}
|
|
249
|
+
if ('value' in element.valueBlock && Array.isArray(element.valueBlock.value)) {
|
|
250
|
+
const arrayBuffers = element.valueBlock.value.map((valueItem) => valueItem.toBER());
|
|
251
|
+
const concatenatedBuffer = arrayBuffers.reduce((acc, current) => Buffer.concat([acc, Buffer.from(current)]), Buffer.alloc(0));
|
|
252
|
+
return new Uint8Array(concatenatedBuffer).buffer;
|
|
253
|
+
}
|
|
254
|
+
throw new Error('Cannot extract valueHex from element');
|
|
255
|
+
}
|
|
256
|
+
addPart(part, forcePush = false) {
|
|
257
|
+
const lastPart = this.parts[this.parts.length - 1];
|
|
258
|
+
if (part instanceof Uint8Array && lastPart instanceof Uint8Array && !forcePush) {
|
|
259
|
+
const merged = new Uint8Array(lastPart.length + part.length);
|
|
260
|
+
merged.set(lastPart, 0);
|
|
261
|
+
merged.set(part, lastPart.length);
|
|
262
|
+
this.parts[this.parts.length - 1] = merged;
|
|
263
|
+
return;
|
|
264
|
+
}
|
|
265
|
+
this.parts.push(part);
|
|
266
|
+
}
|
|
267
|
+
}
|
|
268
|
+
exports.CertificateBinarySplitter = CertificateBinarySplitter;
|
|
269
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmluYXJ5LXNwbGl0dGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9iaW5hcnktc3BsaXR0ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsbUNBQThDO0FBRzlDLElBQVksc0JBU1g7QUFURCxXQUFZLHNCQUFzQjtJQUNoQyx5REFBK0IsQ0FBQTtJQUMvQixxRUFBMkMsQ0FBQTtJQUMzQywyQ0FBaUIsQ0FBQTtJQUNqQixtREFBeUIsQ0FBQTtJQUN6QixpREFBdUIsQ0FBQTtJQUN2Qiw2Q0FBbUIsQ0FBQTtJQUNuQiw2RUFBbUQsQ0FBQTtJQUNuRCxpREFBdUIsQ0FBQTtBQUN6QixDQUFDLEVBVFcsc0JBQXNCLHNDQUF0QixzQkFBc0IsUUFTakM7QUFFRCxNQUFhLHlCQUF5QjtJQUM1QixLQUFLLEdBQXVDLEVBQUUsQ0FBQztJQUN0QyxVQUFVLENBQWE7SUFDaEMsWUFBWSxHQUFHLENBQUMsQ0FBQztJQUV6QixZQUFZLE9BQW9CO1FBQzlCLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVELEtBQUssQ0FBQyxXQUFxQyxFQUFFLElBQWM7UUFDekQsSUFBSSxDQUFDLEtBQUssR0FBRyxFQUFFLENBQUM7UUFDaEIsSUFBSSxDQUFDLFlBQVksR0FBRyxDQUFDLENBQUM7UUFFdEIsSUFBSSxDQUFDO1lBQ0gsTUFBTSxJQUFJLEdBQUcsSUFBQSxnQkFBTyxFQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUN0QyxJQUFJLElBQUksQ0FBQyxNQUFNLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDdkIsTUFBTSxJQUFJLEtBQUssQ0FBQywrQkFBK0IsQ0FBQyxDQUFDO1lBQ25ELENBQUM7WUFFRCxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsTUFBcUIsQ0FBQztZQUUvQyxtREFBbUQ7WUFDbkQsdURBQXVEO1lBQ3ZELDhDQUE4QztZQUU5QyxNQUFNLGNBQWMsR0FBRyxXQUFXLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQWdCLENBQUM7WUFFdEUsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsMEJBQTBCLENBQUMsY0FBYyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUM7WUFDakYsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDekUsSUFBSSxDQUFDLFlBQVksR0FBRyxnQkFBZ0IsQ0FBQztZQUVyQyxNQUFNLFNBQVMsR0FBRyxjQUFjLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQztZQUNsRCxJQUFJLFFBQVEsR0FBRyxDQUFDLENBQUM7WUFFakIsaURBQWlEO1lBQ2pELElBQ0UsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxRQUFRLEtBQUssQ0FBQztnQkFDMUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxTQUFTLEtBQUssQ0FBQyxFQUMzQyxDQUFDO2dCQUNELFFBQVEsRUFBRSxDQUFDLENBQUMsZUFBZTtZQUM3QixDQUFDO1lBRUQsK0JBQStCO1lBQy9CLE1BQU0sWUFBWSxHQUFHLFNBQVMsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBQzNDLElBQUksWUFBWSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEtBQUssQ0FBQyxFQUFFLENBQUM7Z0JBQ3pDLE1BQU0sSUFBSSxLQUFLLENBQUMsa0NBQWtDLENBQUMsQ0FBQztZQUN0RCxDQUFDO1lBRUQsSUFBSSxXQUFXLENBQUMsUUFBUSxDQUFDLHNCQUFzQixDQUFDLGFBQWEsQ0FBQyxFQUFFLENBQUM7Z0JBQy9ELElBQUksQ0FBQyxVQUFVLENBQUM7b0JBQ2QsSUFBSSxFQUFFLGNBQWM7b0JBQ3BCLE9BQU8sRUFBRSxZQUFZO29CQUNyQixlQUFlLEVBQUUsSUFBSTtpQkFDdEIsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztZQUVELHFDQUFxQztZQUNyQyxNQUFNLGtCQUFrQixHQUFHLFNBQVMsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBQ2pELElBQUksV0FBVyxDQUFDLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLENBQUM7Z0JBQ3JFLElBQUksQ0FBQyxVQUFVLENBQUMsRUFBRSxJQUFJLEVBQUUsb0JBQW9CLEVBQUUsT0FBTyxFQUFFLGtCQUFrQixFQUFFLENBQUMsQ0FBQztZQUMvRSxDQUFDO1lBRUQsd0JBQXdCO1lBQ3hCLE1BQU0sTUFBTSxHQUFHLFNBQVMsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBQ3JDLElBQUksV0FBVyxDQUFDLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO2dCQUN4RCxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsSUFBSSxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsTUFBTSxFQUFFLENBQUMsQ0FBQztZQUN2RCxDQUFDO1lBRUQsMEJBQTBCO1lBQzFCLE1BQU0sUUFBUSxHQUFHLFNBQVMsQ0FBQyxRQUFRLEVBQUUsQ0FBZ0IsQ0FBQztZQUN0RCxNQUFNLFNBQVMsR0FBRyxRQUFRLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUMvQyxNQUFNLFFBQVEsR0FBRyxRQUFRLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUU5QyxJQUFJLFdBQVcsQ0FBQyxRQUFRLENBQUMsc0JBQXNCLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQztnQkFDNUQsSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLElBQUksRUFBRSxXQUFXLEVBQUUsT0FBTyxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDN0QsQ0FBQztZQUVELElBQUksV0FBVyxDQUFDLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO2dCQUMzRCxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLENBQUMsQ0FBQztZQUMzRCxDQUFDO1lBRUQsYUFBYTtZQUNiLE1BQU0sT0FBTyxHQUFHLFNBQVMsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBQ3RDLElBQUksV0FBVyxDQUFDLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUN6RCxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUN6RCxDQUFDO1lBRUQseUJBQXlCO1lBQ3pCLE1BQU0sb0JBQW9CLEdBQUcsU0FBUyxDQUFDLFFBQVEsRUFBRSxDQUFnQixDQUFDO1lBQ2xFLE1BQU0sa0JBQWtCLEdBQUcsb0JBQW9CLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLDZCQUE2QjtZQUNsRyxJQUFJLFdBQVcsQ0FBQyxRQUFRLENBQUMsc0JBQXNCLENBQUMsdUJBQXVCLENBQUMsRUFBRSxDQUFDO2dCQUN6RSxJQUFJLENBQUMsbUJBQW1CLENBQUMsa0JBQWtCLENBQUMsQ0FBQztZQUMvQyxDQUFDO1lBRUQseURBQXlEO1lBQ3pELElBQ0UsUUFBUSxHQUFHLFNBQVMsQ0FBQyxNQUFNO2dCQUMzQixTQUFTLENBQUMsUUFBUSxDQUFDLENBQUMsT0FBTyxDQUFDLFFBQVEsS0FBSyxDQUFDO2dCQUMxQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUMsT0FBTyxDQUFDLFNBQVMsS0FBSyxDQUFDLEVBQzNDLENBQUM7Z0JBQ0QsUUFBUSxFQUFFLENBQUMsQ0FBQyxzQkFBc0I7WUFDcEMsQ0FBQztZQUVELDBEQUEwRDtZQUMxRCxJQUNFLFFBQVEsR0FBRyxTQUFTLENBQUMsTUFBTTtnQkFDM0IsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxRQUFRLEtBQUssQ0FBQztnQkFDMUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxTQUFTLEtBQUssQ0FBQyxFQUMzQyxDQUFDO2dCQUNELFFBQVEsRUFBRSxDQUFDLENBQUMsdUJBQXVCO1lBQ3JDLENBQUM7WUFFRCxpQkFBaUI7WUFDakIsSUFBSSxRQUFRLEdBQUcsU0FBUyxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUNoQyxNQUFNLFVBQVUsR0FBRyxTQUFTLENBQUMsUUFBUSxDQUFnQixDQUFDO2dCQUN0RCxJQUFJLFVBQVUsQ0FBQyxPQUFPLENBQUMsUUFBUSxLQUFLLENBQUMsSUFBSSxVQUFVLENBQUMsT0FBTyxDQUFDLFNBQVMsS0FBSyxDQUFDLEVBQUUsQ0FBQztvQkFDNUUsTUFBTSxrQkFBa0IsR0FBRyxVQUFVLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQWdCLENBQUM7b0JBQ3pFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsQ0FBQztnQkFDbkQsQ0FBQztZQUNILENBQUM7WUFFRCxnQkFBZ0I7WUFFaEIsSUFBSSxXQUFXLENBQUMsUUFBUSxDQUFDLHNCQUFzQixDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7Z0JBQzNELE1BQU0sb0JBQW9CLEdBQUcsV0FBVyxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQzdELElBQUksQ0FBQyxVQUFVLENBQUM7b0JBQ2QsT0FBTyxFQUFFLG9CQUFvQjtvQkFDN0IsZUFBZSxFQUFFLElBQUk7b0JBQ3JCLGVBQWUsRUFBRSxJQUFJO2lCQUN0QixDQUFDLENBQUM7Z0JBRUgsTUFBTSxTQUFTLEdBQUcsV0FBVyxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ2xELElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUN0QyxDQUFDO1lBRUQsMERBQTBEO1lBQzFELElBQUksSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUMvQyxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDekUsQ0FBQztZQUVELE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQztRQUNwQixDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLE1BQU0sSUFBSSxLQUFLLENBQ2IsZ0NBQWdDLEtBQUssWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLGVBQWUsRUFBRSxDQUMzRixDQUFDO1FBQ0osQ0FBQztJQUNILENBQUM7SUFFTyxpQkFBaUIsQ0FBQyxrQkFBK0IsRUFBRSxVQUFvQjtRQUM3RSxLQUFLLE1BQU0sU0FBUyxJQUFJLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxLQUFzQixFQUFFLENBQUM7WUFDN0UsTUFBTSxTQUFTLEdBQUcsU0FBUyxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUM7WUFDN0MsTUFBTSxHQUFHLEdBQUcsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLGdCQUFnQjtZQUVoRSxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUM5QixTQUFTO1lBQ1gsQ0FBQztZQUVELHlDQUF5QztZQUN6QyxJQUFJLFdBQVcsQ0FBQztZQUNoQixJQUFJLFNBQVMsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7Z0JBQzNCLGdDQUFnQztnQkFDaEMsV0FBVyxHQUFHLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUM3QixDQUFDO2lCQUFNLENBQUM7Z0JBQ04scUJBQXFCO2dCQUNyQixXQUFXLEdBQUcsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQzdCLENBQUM7WUFFRCxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxPQUFPLEVBQUUsV0FBVyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUM7UUFDcEUsQ0FBQztJQUNILENBQUM7SUFFTywwQkFBMEIsQ0FBQyxPQUFvQixFQUFFLE1BQW1CO1FBQzFFLE1BQU0sWUFBWSxHQUFHLElBQUksVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzdDLE1BQU0sY0FBYyxHQUFHLE1BQU0sSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDO1FBQ2pELE1BQU0sYUFBYSxHQUFHLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDO1FBRXJELEtBQUssSUFBSSxDQUFDLEdBQUcsYUFBYSxFQUFFLENBQUMsSUFBSSxjQUFjLENBQUMsTUFBTSxHQUFHLFlBQVksQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNsRixJQUFJLEtBQUssR0FBRyxJQUFJLENBQUM7WUFDakIsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLFlBQVksQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztnQkFDN0MsSUFBSSxjQUFjLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxLQUFLLFlBQVksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO29CQUM5QyxLQUFLLEdBQUcsS0FBSyxDQUFDO29CQUNkLE1BQU07Z0JBQ1IsQ0FBQztZQUNILENBQUM7WUFDRCxJQUFJLEtBQUssRUFBRSxDQUFDO2dCQUNWLE9BQU8sQ0FBQyxDQUFDO1lBQ1gsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLElBQUksS0FBSyxDQUFDLDhDQUE4QyxDQUFDLENBQUM7SUFDbEUsQ0FBQztJQUVPLFVBQVUsQ0FBQyxFQUNqQixJQUFJLEVBQ0osT0FBTyxFQUNQLEdBQUcsRUFDSCxlQUFlLEVBQ2YsZUFBZSxHQU9oQjtRQUNDLE1BQU0sRUFBRSxLQUFLLEVBQUUsUUFBUSxFQUFFLEdBQUcsSUFBSSxDQUFDLDBCQUEwQixDQUFDO1lBQzFELE9BQU87WUFDUCxlQUFlO1lBQ2YsZUFBZTtTQUNoQixDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztRQUVoRixJQUFJLENBQUMsWUFBWSxHQUFHLFFBQVEsR0FBRyxLQUFLLENBQUMsVUFBVSxDQUFDO0lBQ2xELENBQUM7SUFFTyxtQkFBbUIsQ0FDekIsT0FBaUU7UUFFakUsTUFBTSxFQUFFLEtBQUssRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUMsMEJBQTBCLENBQUMsRUFBRSxPQUFPLEVBQUUsQ0FBQyxDQUFDO1FBQ3pFLG9EQUFvRDtRQUNwRCxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksVUFBVSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNoRCxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxLQUFLLEVBQUUsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7UUFFM0QsSUFBSSxDQUFDLFlBQVksR0FBRyxRQUFRLEdBQUcsS0FBSyxDQUFDLFVBQVUsQ0FBQztJQUNsRCxDQUFDO0lBRU8sbUJBQW1CLENBQ3pCLE9BQWlFO1FBRWpFLE1BQU0sRUFBRSxLQUFLLEVBQUUsUUFBUSxFQUFFLEdBQUcsSUFBSSxDQUFDLDBCQUEwQixDQUFDLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQztRQUV6RSxrRUFBa0U7UUFDbEUsTUFBTSxhQUFhLEdBQUcsSUFBQSxnQkFBTyxFQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ3JDLE1BQU0sUUFBUSxHQUFHLGFBQWEsQ0FBQyxNQUFxQixDQUFDO1FBQ3JELE1BQU0sUUFBUSxHQUFHLFFBQVEsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzlDLE1BQU0sUUFBUSxHQUFHLFFBQVEsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBRTlDLE1BQU0sSUFBSSxHQUFHLFFBQVEsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUM5QixNQUFNLElBQUksR0FBRyxRQUFRLENBQUMsS0FBSyxFQUFFLENBQUM7UUFFOUIsVUFBVTtRQUNWLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQywwQkFBMEIsQ0FBQyxJQUFJLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDL0QsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLFVBQVUsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDeEQsSUFBSSxNQUFNLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN4QyxJQUFJLE1BQU0sQ0FBQyxVQUFVLEdBQUcsRUFBRSxFQUFFLENBQUM7WUFDM0IsTUFBTSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLFVBQVUsR0FBRyxFQUFFLENBQUMsQ0FBQztRQUNoRCxDQUFDO1FBQ0QsTUFBTSxhQUFhLEdBQUcsSUFBSSxDQUFDLFVBQVUsR0FBRyxNQUFNLENBQUMsVUFBVSxDQUFDO1FBQzFELElBQUksYUFBYSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3RCLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxVQUFVLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxTQUFTLEVBQUUsU0FBUyxHQUFHLGFBQWEsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNsRixDQUFDO1FBQ0QsTUFBTSxPQUFPLEdBQUcsU0FBUyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUM7UUFFNUMsVUFBVTtRQUNWLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQywwQkFBMEIsQ0FBQyxJQUFJLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDL0QsSUFBSSxTQUFTLEdBQUcsT0FBTyxFQUFFLENBQUM7WUFDeEIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLFVBQVUsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDaEUsQ0FBQztRQUNELElBQUksTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDeEMsSUFBSSxNQUFNLENBQUMsVUFBVSxHQUFHLEVBQUUsRUFBRSxDQUFDO1lBQzNCLE1BQU0sR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxVQUFVLEdBQUcsRUFBRSxDQUFDLENBQUM7UUFDaEQsQ0FBQztRQUNELE1BQU0sYUFBYSxHQUFHLElBQUksQ0FBQyxVQUFVLEdBQUcsTUFBTSxDQUFDLFVBQVUsQ0FBQztRQUMxRCxJQUFJLGFBQWEsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN0QixJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksVUFBVSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsU0FBUyxFQUFFLFNBQVMsR0FBRyxhQUFhLENBQUMsQ0FBQyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQ3hGLENBQUM7UUFFRCxNQUFNLGFBQWEsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNoRixJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxLQUFLLEVBQUUsSUFBSSxVQUFVLENBQUMsYUFBYSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBRTFFLE1BQU0sT0FBTyxHQUFHLFNBQVMsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDO1FBQzVDLElBQUksT0FBTyxHQUFHLEtBQUssQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUMvQixJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksVUFBVSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3JELENBQUM7UUFFRCxJQUFJLENBQUMsWUFBWSxHQUFHLFFBQVEsR0FBRyxLQUFLLENBQUMsVUFBVSxDQUFDO0lBQ2xELENBQUM7SUFFTywwQkFBMEIsQ0FBQyxFQUNqQyxPQUFPLEVBQ1AsZUFBZSxHQUFHLEtBQUssRUFDdkIsZUFBZSxHQUFHLEtBQUssR0FLeEI7UUFDQyxNQUFNLFVBQVUsR0FBRyxPQUFPLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDbkMsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMvQyxNQUFNLGVBQWUsR0FBRyxJQUFJLENBQUMsMEJBQTBCLENBQUMsVUFBVSxDQUFDLENBQUM7UUFFcEUsTUFBTSxvQkFBb0IsR0FBRyxVQUFVLENBQUMsVUFBVSxHQUFHLFlBQVksQ0FBQyxVQUFVLENBQUM7UUFDN0UsTUFBTSxhQUFhLEdBQUcsZUFBZSxHQUFHLG9CQUFvQixDQUFDO1FBRTdELHNCQUFzQjtRQUN0QixJQUFJLElBQUksQ0FBQyxZQUFZLEdBQUcsZUFBZSxFQUFFLENBQUM7WUFDeEMsSUFBSSxDQUFDLE9BQU8sQ0FDVixJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsWUFBWSxFQUFFLGVBQWUsQ0FBQyxDQUFDLEVBQ3pFLGVBQWUsQ0FDaEIsQ0FBQztRQUNKLENBQUM7UUFFRCxpQkFBaUI7UUFDakIsSUFBSSxvQkFBb0IsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUM3QixJQUFJLENBQUMsT0FBTyxDQUNWLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLGVBQWUsRUFBRSxhQUFhLENBQUMsQ0FBQyxFQUNyRSxlQUFlLENBQ2hCLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTztZQUNMLEtBQUssRUFBRSxJQUFJLFVBQVUsQ0FBQyxZQUFZLENBQUM7WUFDbkMsUUFBUSxFQUFFLGFBQWE7U0FDeEIsQ0FBQztJQUNKLENBQUM7SUFFTyxXQUFXLENBQ2pCLE9BQWlFO1FBRWpFLElBQUksVUFBVSxJQUFJLE9BQU8sQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUNyQyxPQUFPLE9BQU8sQ0FBQyxVQUFVLENBQUMsUUFBdUIsQ0FBQztRQUNwRCxDQUFDO1FBRUQsSUFBSSxPQUFPLElBQUksT0FBTyxDQUFDLFVBQVUsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUM3RSxNQUFNLFlBQVksR0FBRyxPQUFPLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDO1lBQ3BGLE1BQU0sa0JBQWtCLEdBQUcsWUFBWSxDQUFDLE1BQU0sQ0FDNUMsQ0FBQyxHQUFXLEVBQUUsT0FBb0IsRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFDakYsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FDaEIsQ0FBQztZQUNGLE9BQU8sSUFBSSxVQUFVLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxNQUFNLENBQUM7UUFDbkQsQ0FBQztRQUVELE1BQU0sSUFBSSxLQUFLLENBQUMsc0NBQXNDLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRU8sT0FBTyxDQUFDLElBQWlDLEVBQUUsU0FBUyxHQUFHLEtBQUs7UUFDbEUsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQztRQUNuRCxJQUFJLElBQUksWUFBWSxVQUFVLElBQUksUUFBUSxZQUFZLFVBQVUsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQy9FLE1BQU0sTUFBTSxHQUFHLElBQUksVUFBVSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQzdELE1BQU0sQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUNsQyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxHQUFHLE1BQU0sQ0FBQztZQUMzQyxPQUFPO1FBQ1QsQ0FBQztRQUVELElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQ3hCLENBQUM7Q0FDRjtBQTNWRCw4REEyVkMifQ==
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import { GenerateCertParams, GenerateCsrParams, ParsedCert, ParsedCsr, SignatureAlgorithm } from './types.js';
|
|
2
|
+
export declare class CertificateGenerator {
|
|
3
|
+
/**
|
|
4
|
+
* Generates certificate based on the provided parameters.
|
|
5
|
+
* @param params - Parameters for generating the certificate.
|
|
6
|
+
* @returns The generated certificate in PEM format.
|
|
7
|
+
*/
|
|
8
|
+
static generateCert(params: GenerateCertParams): Promise<string>;
|
|
9
|
+
/**
|
|
10
|
+
* Generates a pair of cryptographic keys based on the specified signature algorithm.
|
|
11
|
+
* @param signatureAlgorithm - The algorithm to use for key generation.
|
|
12
|
+
* @returns A promise that resolves to a CryptoKeyPair containing the public and private keys.
|
|
13
|
+
*/
|
|
14
|
+
static generateKeys(signatureAlgorithm: SignatureAlgorithm): Promise<CryptoKeyPair>;
|
|
15
|
+
/**
|
|
16
|
+
* Generates a Certificate Signing Request (CSR) based on the provided parameters.
|
|
17
|
+
* @param params - Parameters for generating the CSR.
|
|
18
|
+
* @returns The generated CSR in PEM format.
|
|
19
|
+
*/
|
|
20
|
+
static generateCsr(params: GenerateCsrParams): Promise<string>;
|
|
21
|
+
/**
|
|
22
|
+
* Checks and parses a certificate in PEM format.
|
|
23
|
+
* @param certPem - The certificate in PEM format.
|
|
24
|
+
* @returns An object containing the parsed certificate details.
|
|
25
|
+
*/
|
|
26
|
+
static checkAndParseCert(certPem: string): Promise<ParsedCert>;
|
|
27
|
+
/**
|
|
28
|
+
* Checks and parses a Certificate Signing Request (CSR) in PEM format.
|
|
29
|
+
* @param csrPem - The CSR in PEM format.
|
|
30
|
+
* @returns An object containing the parsed CSR details.
|
|
31
|
+
*/
|
|
32
|
+
static checkAndParseCsr(csrPem: string): Promise<ParsedCsr>;
|
|
33
|
+
private static getCryptoKeys;
|
|
34
|
+
private static generateSerialNumber;
|
|
35
|
+
private static getPrincipalInfo;
|
|
36
|
+
private static getAlgorithm;
|
|
37
|
+
private static extractDnsNamesFromExtensions;
|
|
38
|
+
}
|
|
@@ -0,0 +1,237 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.CertificateGenerator = void 0;
|
|
7
|
+
const assert_1 = __importDefault(require("assert"));
|
|
8
|
+
const crypto_1 = require("crypto");
|
|
9
|
+
const node_forge_1 = __importDefault(require("node-forge"));
|
|
10
|
+
const x509_1 = require("@peculiar/x509");
|
|
11
|
+
const setup_crypto_js_1 = require("./setup-crypto.js");
|
|
12
|
+
const CryptoKeysTransformer_js_1 = require("../utils/CryptoKeysTransformer.js");
|
|
13
|
+
const helper_js_1 = require("../utils/helper.js");
|
|
14
|
+
const MAX_X509_SERIAL = BigInt('0x' + 'F'.repeat(40));
|
|
15
|
+
const principalAttributeMap = {
|
|
16
|
+
commonName: 'CN',
|
|
17
|
+
country: 'C',
|
|
18
|
+
localityName: 'L',
|
|
19
|
+
stateName: 'ST',
|
|
20
|
+
organization: 'O',
|
|
21
|
+
organizationalUnit: 'OU',
|
|
22
|
+
};
|
|
23
|
+
const notAllowedCertificateCustomExtensions = [...Object.values(node_forge_1.default.pki.oids)];
|
|
24
|
+
class CertificateGenerator {
|
|
25
|
+
/**
|
|
26
|
+
* Generates certificate based on the provided parameters.
|
|
27
|
+
* @param params - Parameters for generating the certificate.
|
|
28
|
+
* @returns The generated certificate in PEM format.
|
|
29
|
+
*/
|
|
30
|
+
static async generateCert(params) {
|
|
31
|
+
const ca = Boolean(params.ca);
|
|
32
|
+
const { publicKey, privateKey } = await CertificateGenerator.getCryptoKeys(params);
|
|
33
|
+
const signingAlgorithm = publicKey.algorithm;
|
|
34
|
+
const extensions = [new x509_1.BasicConstraintsExtension(ca, undefined, true)];
|
|
35
|
+
const extendedKeyUsageItems = [];
|
|
36
|
+
if (signingAlgorithm.namedCurve !== 'K-256' && params.dnsNames?.length) {
|
|
37
|
+
const generalNames = params.dnsNames.map((dnsName) => ({
|
|
38
|
+
type: ((0, helper_js_1.isIpAddress)(dnsName) ? 'ip' : 'dns'),
|
|
39
|
+
value: dnsName,
|
|
40
|
+
}));
|
|
41
|
+
extensions.push(new x509_1.SubjectAlternativeNameExtension(generalNames));
|
|
42
|
+
extendedKeyUsageItems.push(...[x509_1.ExtendedKeyUsage.serverAuth, x509_1.ExtendedKeyUsage.clientAuth]);
|
|
43
|
+
}
|
|
44
|
+
if (params.ocspSigning) {
|
|
45
|
+
extendedKeyUsageItems.push(x509_1.ExtendedKeyUsage.ocspSigning);
|
|
46
|
+
}
|
|
47
|
+
if (extendedKeyUsageItems.length) {
|
|
48
|
+
extensions.push(new x509_1.ExtendedKeyUsageExtension(extendedKeyUsageItems, false));
|
|
49
|
+
}
|
|
50
|
+
let keyUsageFlags = x509_1.KeyUsageFlags.digitalSignature | x509_1.KeyUsageFlags.keyEncipherment;
|
|
51
|
+
if (params.ca) {
|
|
52
|
+
keyUsageFlags |= x509_1.KeyUsageFlags.keyCertSign;
|
|
53
|
+
}
|
|
54
|
+
extensions.push(new x509_1.KeyUsagesExtension(keyUsageFlags, true));
|
|
55
|
+
if (params.customExtensions?.length) {
|
|
56
|
+
const filteredExtensions = params.customExtensions.filter((ext) => !notAllowedCertificateCustomExtensions.includes(ext.oid));
|
|
57
|
+
for (const customExtension of filteredExtensions) {
|
|
58
|
+
if (!customExtension.oid || !customExtension.value) {
|
|
59
|
+
throw new Error('Custom extension OID and value are required');
|
|
60
|
+
}
|
|
61
|
+
extensions.push(new x509_1.Extension(customExtension.oid, false, customExtension.value));
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
const createCertificateParams = {
|
|
65
|
+
serialNumber: CertificateGenerator.generateSerialNumber(),
|
|
66
|
+
issuer: CertificateGenerator.getPrincipalInfo(params.issuer),
|
|
67
|
+
subject: CertificateGenerator.getPrincipalInfo(params.subject),
|
|
68
|
+
notBefore: new Date(),
|
|
69
|
+
notAfter: params.notAfter,
|
|
70
|
+
publicKey,
|
|
71
|
+
signingKey: privateKey,
|
|
72
|
+
signingAlgorithm,
|
|
73
|
+
extensions,
|
|
74
|
+
};
|
|
75
|
+
const cert = await x509_1.X509CertificateGenerator.create(createCertificateParams);
|
|
76
|
+
return cert.toString('pem');
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Generates a pair of cryptographic keys based on the specified signature algorithm.
|
|
80
|
+
* @param signatureAlgorithm - The algorithm to use for key generation.
|
|
81
|
+
* @returns A promise that resolves to a CryptoKeyPair containing the public and private keys.
|
|
82
|
+
*/
|
|
83
|
+
static generateKeys(signatureAlgorithm) {
|
|
84
|
+
const algorithm = CertificateGenerator.getAlgorithm(signatureAlgorithm);
|
|
85
|
+
return setup_crypto_js_1.cryptoProvider.subtle.generateKey(algorithm, true, ['sign', 'verify']);
|
|
86
|
+
}
|
|
87
|
+
/**
|
|
88
|
+
* Generates a Certificate Signing Request (CSR) based on the provided parameters.
|
|
89
|
+
* @param params - Parameters for generating the CSR.
|
|
90
|
+
* @returns The generated CSR in PEM format.
|
|
91
|
+
*/
|
|
92
|
+
static async generateCsr(params) {
|
|
93
|
+
const keys = await CertificateGenerator.getCryptoKeys(params);
|
|
94
|
+
const signingAlgorithm = keys.publicKey.algorithm;
|
|
95
|
+
signingAlgorithm.hash = { name: 'SHA-256' };
|
|
96
|
+
const extensions = [];
|
|
97
|
+
if (signingAlgorithm.namedCurve !== 'K-256' && params.dnsNames?.length) {
|
|
98
|
+
const generalNames = params.dnsNames.map((dnsName) => ({
|
|
99
|
+
type: ((0, helper_js_1.isIpAddress)(dnsName) ? 'ip' : 'dns'),
|
|
100
|
+
value: dnsName,
|
|
101
|
+
}));
|
|
102
|
+
extensions.push(new x509_1.SubjectAlternativeNameExtension(generalNames));
|
|
103
|
+
}
|
|
104
|
+
if (params.customExtensions?.length) {
|
|
105
|
+
for (const customExtension of params.customExtensions) {
|
|
106
|
+
if (!customExtension.oid || !customExtension.value) {
|
|
107
|
+
throw new Error(`Some custom extension missed OID or value`);
|
|
108
|
+
}
|
|
109
|
+
extensions.push(new x509_1.Extension(customExtension.oid, false, customExtension.value));
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
const createCsrParams = {
|
|
113
|
+
name: CertificateGenerator.getPrincipalInfo(params.subject),
|
|
114
|
+
keys,
|
|
115
|
+
signingAlgorithm,
|
|
116
|
+
extensions,
|
|
117
|
+
};
|
|
118
|
+
const csr = await x509_1.Pkcs10CertificateRequestGenerator.create(createCsrParams);
|
|
119
|
+
return csr.toString('pem');
|
|
120
|
+
}
|
|
121
|
+
/**
|
|
122
|
+
* Checks and parses a certificate in PEM format.
|
|
123
|
+
* @param certPem - The certificate in PEM format.
|
|
124
|
+
* @returns An object containing the parsed certificate details.
|
|
125
|
+
*/
|
|
126
|
+
static async checkAndParseCert(certPem) {
|
|
127
|
+
const cert = new x509_1.X509Certificate(certPem);
|
|
128
|
+
if (cert.issuer === cert.subject) {
|
|
129
|
+
const isValid = await cert.verify();
|
|
130
|
+
if (!isValid) {
|
|
131
|
+
throw new Error('Self-signed certificate signature verification failed');
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
const publicKey = await setup_crypto_js_1.cryptoProvider.subtle.importKey('spki', cert.publicKey.rawData, Object.assign(cert.signatureAlgorithm, cert.publicKey.algorithm), true, ['verify']);
|
|
135
|
+
return {
|
|
136
|
+
serialNumber: cert.serialNumber,
|
|
137
|
+
publicKey,
|
|
138
|
+
subject: cert.subject,
|
|
139
|
+
issuer: cert.issuer,
|
|
140
|
+
notBefore: cert.notBefore,
|
|
141
|
+
notAfter: cert.notAfter,
|
|
142
|
+
dnsNames: CertificateGenerator.extractDnsNamesFromExtensions(cert.extensions),
|
|
143
|
+
extensions: cert.extensions
|
|
144
|
+
.filter((ext) => ext.type !== node_forge_1.default.pki.oids['subjectAltName'])
|
|
145
|
+
.map((ext) => ({
|
|
146
|
+
oid: ext.type,
|
|
147
|
+
value: Buffer.from(ext.value),
|
|
148
|
+
})),
|
|
149
|
+
};
|
|
150
|
+
}
|
|
151
|
+
/**
|
|
152
|
+
* Checks and parses a Certificate Signing Request (CSR) in PEM format.
|
|
153
|
+
* @param csrPem - The CSR in PEM format.
|
|
154
|
+
* @returns An object containing the parsed CSR details.
|
|
155
|
+
*/
|
|
156
|
+
static async checkAndParseCsr(csrPem) {
|
|
157
|
+
const csr = new x509_1.Pkcs10CertificateRequest(csrPem);
|
|
158
|
+
const isValid = await csr.verify();
|
|
159
|
+
if (!isValid) {
|
|
160
|
+
throw new Error('CSR signature verification failed');
|
|
161
|
+
}
|
|
162
|
+
const publicKey = await setup_crypto_js_1.cryptoProvider.subtle.importKey('spki', csr.publicKey.rawData, Object.assign(csr.signatureAlgorithm, csr.publicKey.algorithm), true, ['verify']);
|
|
163
|
+
const parsedCsr = {
|
|
164
|
+
subject: csr.subject,
|
|
165
|
+
publicKey,
|
|
166
|
+
dnsNames: CertificateGenerator.extractDnsNamesFromExtensions(csr.extensions),
|
|
167
|
+
extensions: csr.extensions
|
|
168
|
+
.filter((ext) => ext.type !== node_forge_1.default.pki.oids['subjectAltName'])
|
|
169
|
+
.map((ext) => ({
|
|
170
|
+
oid: ext.type,
|
|
171
|
+
value: Buffer.from(ext.value),
|
|
172
|
+
})),
|
|
173
|
+
};
|
|
174
|
+
return parsedCsr;
|
|
175
|
+
}
|
|
176
|
+
static async getCryptoKeys({ privateKey, publicKey }) {
|
|
177
|
+
const [pubKey, privKey] = await Promise.all([
|
|
178
|
+
typeof publicKey === 'string'
|
|
179
|
+
? CryptoKeysTransformer_js_1.CryptoKeysTransformer.spkiPemToCryptoKey(publicKey)
|
|
180
|
+
: publicKey,
|
|
181
|
+
typeof privateKey === 'string'
|
|
182
|
+
? CryptoKeysTransformer_js_1.CryptoKeysTransformer.pkcs8PemToCryptoKey(privateKey)
|
|
183
|
+
: privateKey,
|
|
184
|
+
]);
|
|
185
|
+
assert_1.default.deepEqual(pubKey.algorithm, privKey.algorithm, 'Both keys must have same algorithm defined');
|
|
186
|
+
return { publicKey: pubKey, privateKey: privKey };
|
|
187
|
+
}
|
|
188
|
+
static generateSerialNumber() {
|
|
189
|
+
const uuid = (0, crypto_1.randomUUID)().replace(/-/g, '');
|
|
190
|
+
const serial = BigInt('0x' + uuid) % MAX_X509_SERIAL;
|
|
191
|
+
return serial.toString();
|
|
192
|
+
}
|
|
193
|
+
static getPrincipalInfo(principal) {
|
|
194
|
+
if (typeof principal === 'string') {
|
|
195
|
+
return principal;
|
|
196
|
+
}
|
|
197
|
+
if (!principal.commonName) {
|
|
198
|
+
throw new Error('Common name is required');
|
|
199
|
+
}
|
|
200
|
+
return Object.entries(principal)
|
|
201
|
+
.map(([key, value]) => `${principalAttributeMap[key] || key}=${value}`)
|
|
202
|
+
.join(',');
|
|
203
|
+
}
|
|
204
|
+
static getAlgorithm(signatureAlgorithm) {
|
|
205
|
+
switch (signatureAlgorithm) {
|
|
206
|
+
case 'RSASSA-PKCS1-SHA256':
|
|
207
|
+
return {
|
|
208
|
+
name: 'RSASSA-PKCS1-v1_5',
|
|
209
|
+
hash: 'SHA-256',
|
|
210
|
+
publicExponent: new Uint8Array([1, 0, 1]), // 65537
|
|
211
|
+
modulusLength: 2048,
|
|
212
|
+
};
|
|
213
|
+
case 'ECDSA-P-256-SHA256':
|
|
214
|
+
return {
|
|
215
|
+
name: 'ECDSA',
|
|
216
|
+
namedCurve: 'P-256',
|
|
217
|
+
};
|
|
218
|
+
case 'ECDSA-secp256k1-SHA256':
|
|
219
|
+
return {
|
|
220
|
+
name: 'ECDSA',
|
|
221
|
+
namedCurve: 'K-256',
|
|
222
|
+
};
|
|
223
|
+
default:
|
|
224
|
+
throw new Error(`Unsupported signature algorithm: ${signatureAlgorithm}`);
|
|
225
|
+
}
|
|
226
|
+
}
|
|
227
|
+
static extractDnsNamesFromExtensions(extensions) {
|
|
228
|
+
const subjectAltNameExt = extensions.find((ext) => ext.type === node_forge_1.default.pki.oids['subjectAltName']);
|
|
229
|
+
if (!subjectAltNameExt) {
|
|
230
|
+
return;
|
|
231
|
+
}
|
|
232
|
+
const dnsNames = subjectAltNameExt.names.items.map((item) => item.value);
|
|
233
|
+
return dnsNames;
|
|
234
|
+
}
|
|
235
|
+
}
|
|
236
|
+
exports.CertificateGenerator = CertificateGenerator;
|
|
237
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9nZW5lcmF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsb0RBQTRCO0FBQzVCLG1DQUFvQztBQUNwQyw0REFBK0I7QUFDL0IseUNBZ0J3QjtBQVd4Qix1REFBbUQ7QUFDbkQsZ0ZBQTBFO0FBQzFFLGtEQUFpRDtBQUVqRCxNQUFNLGVBQWUsR0FBRyxNQUFNLENBQUMsSUFBSSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztBQUV0RCxNQUFNLHFCQUFxQixHQUEyQjtJQUNwRCxVQUFVLEVBQUUsSUFBSTtJQUNoQixPQUFPLEVBQUUsR0FBRztJQUNaLFlBQVksRUFBRSxHQUFHO0lBQ2pCLFNBQVMsRUFBRSxJQUFJO0lBQ2YsWUFBWSxFQUFFLEdBQUc7SUFDakIsa0JBQWtCLEVBQUUsSUFBSTtDQUN6QixDQUFDO0FBRUYsTUFBTSxxQ0FBcUMsR0FBRyxDQUFDLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxvQkFBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0FBRWpGLE1BQWEsb0JBQW9CO0lBQy9COzs7O09BSUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxNQUEwQjtRQUNsRCxNQUFNLEVBQUUsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBRTlCLE1BQU0sRUFBRSxTQUFTLEVBQUUsVUFBVSxFQUFFLEdBQUcsTUFBTSxvQkFBb0IsQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkYsTUFBTSxnQkFBZ0IsR0FBRyxTQUFTLENBQUMsU0FBeUIsQ0FBQztRQUU3RCxNQUFNLFVBQVUsR0FBZ0IsQ0FBQyxJQUFJLGdDQUF5QixDQUFDLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUVyRixNQUFNLHFCQUFxQixHQUF1QixFQUFFLENBQUM7UUFFckQsSUFBSSxnQkFBZ0IsQ0FBQyxVQUFVLEtBQUssT0FBTyxJQUFJLE1BQU0sQ0FBQyxRQUFRLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDdkUsTUFBTSxZQUFZLEdBQXFCLE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUN2RSxJQUFJLEVBQUUsQ0FBQyxJQUFBLHVCQUFXLEVBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFvQjtnQkFDOUQsS0FBSyxFQUFFLE9BQU87YUFDZixDQUFDLENBQUMsQ0FBQztZQUNKLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxzQ0FBK0IsQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDO1lBRW5FLHFCQUFxQixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsdUJBQWdCLENBQUMsVUFBVSxFQUFFLHVCQUFnQixDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7UUFDNUYsQ0FBQztRQUVELElBQUksTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3ZCLHFCQUFxQixDQUFDLElBQUksQ0FBQyx1QkFBZ0IsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMzRCxDQUFDO1FBRUQsSUFBSSxxQkFBcUIsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNqQyxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksZ0NBQXlCLENBQUMscUJBQXFCLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQztRQUMvRSxDQUFDO1FBRUQsSUFBSSxhQUFhLEdBQUcsb0JBQWEsQ0FBQyxnQkFBZ0IsR0FBRyxvQkFBYSxDQUFDLGVBQWUsQ0FBQztRQUNuRixJQUFJLE1BQU0sQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNkLGFBQWEsSUFBSSxvQkFBYSxDQUFDLFdBQVcsQ0FBQztRQUM3QyxDQUFDO1FBQ0QsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLHlCQUFrQixDQUFDLGFBQWEsRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBRTdELElBQUksTUFBTSxDQUFDLGdCQUFnQixFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ3BDLE1BQU0sa0JBQWtCLEdBQUcsTUFBTSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FDdkQsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLENBQUMscUNBQXFDLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FDbEUsQ0FBQztZQUNGLEtBQUssTUFBTSxlQUFlLElBQUksa0JBQWtCLEVBQUUsQ0FBQztnQkFDakQsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxFQUFFLENBQUM7b0JBQ25ELE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztnQkFDakUsQ0FBQztnQkFDRCxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksZ0JBQVMsQ0FBQyxlQUFlLENBQUMsR0FBRyxFQUFFLEtBQUssRUFBRSxlQUFlLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztZQUNwRixDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sdUJBQXVCLEdBQWdDO1lBQzNELFlBQVksRUFBRSxvQkFBb0IsQ0FBQyxvQkFBb0IsRUFBRTtZQUN6RCxNQUFNLEVBQUUsb0JBQW9CLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQztZQUM1RCxPQUFPLEVBQUUsb0JBQW9CLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQztZQUM5RCxTQUFTLEVBQUUsSUFBSSxJQUFJLEVBQUU7WUFDckIsUUFBUSxFQUFFLE1BQU0sQ0FBQyxRQUFRO1lBQ3pCLFNBQVM7WUFDVCxVQUFVLEVBQUUsVUFBVTtZQUN0QixnQkFBZ0I7WUFDaEIsVUFBVTtTQUNYLENBQUM7UUFFRixNQUFNLElBQUksR0FBRyxNQUFNLCtCQUF3QixDQUFDLE1BQU0sQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO1FBRTVFLE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUM5QixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxZQUFZLENBQUMsa0JBQXNDO1FBQ3hELE1BQU0sU0FBUyxHQUFHLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1FBQ3hFLE9BQU8sZ0NBQWMsQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQztJQUNoRixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLE1BQXlCO1FBQ2hELE1BQU0sSUFBSSxHQUFHLE1BQU0sb0JBQW9CLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzlELE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUF5QixDQUFDO1FBQ2xFLGdCQUFnQixDQUFDLElBQUksR0FBRyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsQ0FBQztRQUU1QyxNQUFNLFVBQVUsR0FBZ0IsRUFBRSxDQUFDO1FBRW5DLElBQUksZ0JBQWdCLENBQUMsVUFBVSxLQUFLLE9BQU8sSUFBSSxNQUFNLENBQUMsUUFBUSxFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ3ZFLE1BQU0sWUFBWSxHQUFxQixNQUFNLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDdkUsSUFBSSxFQUFFLENBQUMsSUFBQSx1QkFBVyxFQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBb0I7Z0JBQzlELEtBQUssRUFBRSxPQUFPO2FBQ2YsQ0FBQyxDQUFDLENBQUM7WUFDSixVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksc0NBQStCLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztRQUNyRSxDQUFDO1FBRUQsSUFBSSxNQUFNLENBQUMsZ0JBQWdCLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDcEMsS0FBSyxNQUFNLGVBQWUsSUFBSSxNQUFNLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztnQkFDdEQsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxFQUFFLENBQUM7b0JBQ25ELE1BQU0sSUFBSSxLQUFLLENBQUMsMkNBQTJDLENBQUMsQ0FBQztnQkFDL0QsQ0FBQztnQkFDRCxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksZ0JBQVMsQ0FBQyxlQUFlLENBQUMsR0FBRyxFQUFFLEtBQUssRUFBRSxlQUFlLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztZQUNwRixDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sZUFBZSxHQUF5QztZQUM1RCxJQUFJLEVBQUUsb0JBQW9CLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQztZQUMzRCxJQUFJO1lBQ0osZ0JBQWdCO1lBQ2hCLFVBQVU7U0FDWCxDQUFDO1FBRUYsTUFBTSxHQUFHLEdBQUcsTUFBTSx3Q0FBaUMsQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLENBQUM7UUFFNUUsT0FBTyxHQUFHLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQzdCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxPQUFlO1FBQzVDLE1BQU0sSUFBSSxHQUFHLElBQUksc0JBQWUsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUUxQyxJQUFJLElBQUksQ0FBQyxNQUFNLEtBQUssSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2pDLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ3BDLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDYixNQUFNLElBQUksS0FBSyxDQUFDLHVEQUF1RCxDQUFDLENBQUM7WUFDM0UsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdDQUFjLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDckQsTUFBTSxFQUNOLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUN0QixNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxFQUNoRSxJQUFJLEVBQ0osQ0FBQyxRQUFRLENBQUMsQ0FDWCxDQUFDO1FBRUYsT0FBTztZQUNMLFlBQVksRUFBRSxJQUFJLENBQUMsWUFBWTtZQUMvQixTQUFTO1lBQ1QsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ3JCLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTTtZQUNuQixTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRO1lBQ3ZCLFFBQVEsRUFBRSxvQkFBb0IsQ0FBQyw2QkFBNkIsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDO1lBQzdFLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtpQkFDeEIsTUFBTSxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLG9CQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO2lCQUM5RCxHQUFHLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQ2IsR0FBRyxFQUFFLEdBQUcsQ0FBQyxJQUFJO2dCQUNiLEtBQUssRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUM7YUFDOUIsQ0FBQyxDQUFDO1NBQ04sQ0FBQztJQUNKLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFjO1FBQzFDLE1BQU0sR0FBRyxHQUFHLElBQUksK0JBQXdCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFakQsTUFBTSxPQUFPLEdBQUcsTUFBTSxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDbkMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQ0FBbUMsQ0FBQyxDQUFDO1FBQ3ZELENBQUM7UUFFRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdDQUFjLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDckQsTUFBTSxFQUNOLEdBQUcsQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUNyQixNQUFNLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsRUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxFQUM5RCxJQUFJLEVBQ0osQ0FBQyxRQUFRLENBQUMsQ0FDWCxDQUFDO1FBRUYsTUFBTSxTQUFTLEdBQWM7WUFDM0IsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO1lBQ3BCLFNBQVM7WUFDVCxRQUFRLEVBQUUsb0JBQW9CLENBQUMsNkJBQTZCLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQztZQUM1RSxVQUFVLEVBQUUsR0FBRyxDQUFDLFVBQVU7aUJBQ3ZCLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLElBQUksS0FBSyxvQkFBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztpQkFDOUQsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUNiLEdBQUcsRUFBRSxHQUFHLENBQUMsSUFBSTtnQkFDYixLQUFLLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDO2FBQzlCLENBQUMsQ0FBQztTQUNOLENBQUM7UUFFRixPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQUMsRUFBRSxVQUFVLEVBQUUsU0FBUyxFQUFtQjtRQUkzRSxNQUFNLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQztZQUMxQyxPQUFPLFNBQVMsS0FBSyxRQUFRO2dCQUMzQixDQUFDLENBQUMsZ0RBQXFCLENBQUMsa0JBQWtCLENBQUMsU0FBUyxDQUFDO2dCQUNyRCxDQUFDLENBQUMsU0FBUztZQUNiLE9BQU8sVUFBVSxLQUFLLFFBQVE7Z0JBQzVCLENBQUMsQ0FBQyxnREFBcUIsQ0FBQyxtQkFBbUIsQ0FBQyxVQUFVLENBQUM7Z0JBQ3ZELENBQUMsQ0FBQyxVQUFVO1NBQ2YsQ0FBQyxDQUFDO1FBRUgsZ0JBQU0sQ0FBQyxTQUFTLENBQ2QsTUFBTSxDQUFDLFNBQVMsRUFDaEIsT0FBTyxDQUFDLFNBQVMsRUFDakIsNENBQTRDLENBQzdDLENBQUM7UUFFRixPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLENBQUM7SUFDcEQsQ0FBQztJQUVPLE1BQU0sQ0FBQyxvQkFBb0I7UUFDakMsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVSxHQUFFLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsQ0FBQztRQUM1QyxNQUFNLE1BQU0sR0FBRyxNQUFNLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxHQUFHLGVBQWUsQ0FBQztRQUNyRCxPQUFPLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRU8sTUFBTSxDQUFDLGdCQUFnQixDQUFDLFNBQXdDO1FBQ3RFLElBQUksT0FBTyxTQUFTLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDbEMsT0FBTyxTQUFTLENBQUM7UUFDbkIsQ0FBQztRQUVELElBQUksQ0FBQyxTQUFTLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLEtBQUssQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO1FBQzdDLENBQUM7UUFFRCxPQUFPLE1BQU0sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDO2FBQzdCLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUUsQ0FBQyxHQUFHLHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxJQUFJLEdBQUcsSUFBSSxLQUFLLEVBQUUsQ0FBQzthQUN0RSxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDZixDQUFDO0lBRU8sTUFBTSxDQUFDLFlBQVksQ0FBQyxrQkFBMEI7UUFDcEQsUUFBUSxrQkFBa0IsRUFBRSxDQUFDO1lBQzNCLEtBQUsscUJBQXFCO2dCQUN4QixPQUFPO29CQUNMLElBQUksRUFBRSxtQkFBbUI7b0JBQ3pCLElBQUksRUFBRSxTQUFTO29CQUNmLGNBQWMsRUFBRSxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxRQUFRO29CQUNuRCxhQUFhLEVBQUUsSUFBSTtpQkFDcEIsQ0FBQztZQUNKLEtBQUssb0JBQW9CO2dCQUN2QixPQUFPO29CQUNMLElBQUksRUFBRSxPQUFPO29CQUNiLFVBQVUsRUFBRSxPQUFPO2lCQUNwQixDQUFDO1lBQ0osS0FBSyx3QkFBd0I7Z0JBQzNCLE9BQU87b0JBQ0wsSUFBSSxFQUFFLE9BQU87b0JBQ2IsVUFBVSxFQUFFLE9BQU87aUJBQ3BCLENBQUM7WUFDSjtnQkFDRSxNQUFNLElBQUksS0FBSyxDQUFDLG9DQUFvQyxrQkFBa0IsRUFBRSxDQUFDLENBQUM7UUFDOUUsQ0FBQztJQUNILENBQUM7SUFFTyxNQUFNLENBQUMsNkJBQTZCLENBQUMsVUFBdUI7UUFDbEUsTUFBTSxpQkFBaUIsR0FBRyxVQUFVLENBQUMsSUFBSSxDQUN2QyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLElBQUksS0FBSyxvQkFBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FDUixDQUFDO1FBQ2pELElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1lBQ3ZCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsaUJBQWlCLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN6RSxPQUFPLFFBQVEsQ0FBQztJQUNsQixDQUFDO0NBQ0Y7QUFqUkQsb0RBaVJDIn0=
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
2
|
import * as pkijs from 'pkijs';
|
|
3
|
-
import { ValidateCertChainResult } from './types.js';
|
|
3
|
+
import { AlgorithmObj, ValidateCertChainResult } from './types.js';
|
|
4
|
+
import './setup-crypto.js';
|
|
4
5
|
export declare class CertificatesHelper {
|
|
5
6
|
private static downloadedCertificateCache;
|
|
6
|
-
static derToPem(data: ArrayBuffer): string;
|
|
7
|
+
static derToPem(data: ArrayBuffer, type?: string): string;
|
|
7
8
|
static pemToDer(certPem: string): Uint8Array;
|
|
8
9
|
static splitPemCerts(certs: string): string[];
|
|
9
10
|
static getDomain(certPem: string): string | undefined;
|
|
@@ -16,6 +17,8 @@ export declare class CertificatesHelper {
|
|
|
16
17
|
static derChainToPem(certsDer: Uint8Array[]): string;
|
|
17
18
|
static downloadCertWithCache(url: string): Promise<Buffer>;
|
|
18
19
|
static sortCertsFromLeafToRoot(certsPem: string | string[]): pkijs.Certificate[];
|
|
20
|
+
static getCertPublicKeyAlgorithm(certPem: string): AlgorithmObj;
|
|
21
|
+
static getCsrPublicKeyAlgorithm(csrPem: string): AlgorithmObj;
|
|
19
22
|
static validateCertChain(certsPem: string | string[], caPem: string | string[], options?: {
|
|
20
23
|
offline?: boolean;
|
|
21
24
|
}): Promise<ValidateCertChainResult>;
|