node-forge 0.10.0 → 1.2.1

package/lib/http.js

@@ -6,7 +6,6 @@
  * Copyright (c) 2010-2014 Digital Bazaar, Inc. All rights reserved.
  */
 var forge = require('./forge');
-require('./debug');
 require('./tls');
 require('./util');
 
@@ -16,11 +15,6 @@ var http = module.exports = forge.http = forge.http || {};
 // logging category
 var cat = 'forge.http';
 
-// add array of clients to debug storage
-if(forge.debug) {
-  forge.debug.set('forge.http', 'clients', []);
-}
-
 // normalizes an http header field name
 var _normalize = function(name) {
   return name.toLowerCase().replace(/(^.)|(-.)/g,
@@ -39,8 +33,8 @@ var _getStorageId = function(client) {
   // browsers (if this is undesirable)
   // navigator.userAgent
   return 'forge.http.' +
-    client.url.scheme + '.' +
-    client.url.host + '.' +
+    client.url.protocol.slice(0, -1) + '.' +
+    client.url.hostname + '.' +
     client.url.port;
 };
 
@@ -127,7 +121,7 @@ var _doRequest = function(client, socket) {
     // connect
     socket.options.request.connectTime = +new Date();
     socket.connect({
-      host: client.url.host,
+      host: client.url.hostname,
       port: client.url.port,
       policyPort: client.policyPort,
       policyUrl: client.policyUrl
@@ -316,7 +310,7 @@ var _initSocket = function(client, socket, tlsOptions) {
       // prime socket by connecting and caching TLS session, will do
       // next request from there
       socket.connect({
-        host: client.url.host,
+        host: client.url.hostname,
         port: client.url.port,
         policyPort: client.policyPort,
         policyUrl: client.policyUrl
@@ -411,7 +405,7 @@ var _readCookies = function(client, response) {
  *
  * @param options:
  *   url: the url to connect to (scheme://host:port).
- *     socketPool: the flash socket pool to use.
+ *   socketPool: the flash socket pool to use.
  *   policyPort: the flash policy port to use (if other than the
  *     socket pool default), use 0 for flash default.
  *   policyUrl: the flash policy file URL to use (if provided will
@@ -447,8 +441,10 @@ http.createClient = function(options) {
   // get scheme, host, and port from url
   options.url = (options.url ||
     window.location.protocol + '//' + window.location.host);
-  var url = http.parseUrl(options.url);
-  if(!url) {
+  var url;
+  try {
+    url = new URL(options.url);
+  } catch(e) {
     var error = new Error('Invalid url.');
     error.details = {url: options.url};
     throw error;
@@ -475,7 +471,7 @@ http.createClient = function(options) {
     // idle sockets
     idle: [],
     // whether or not the connections are secure
-    secure: (url.scheme === 'https'),
+    secure: (url.protocol === 'https:'),
     // cookie jar (key'd off of name and then path, there is only 1 domain
     // and one setting for secure per client so name+path is unique)
     cookies: {},
@@ -484,11 +480,6 @@ http.createClient = function(options) {
       true : options.persistCookies
   };
 
-  // add client to debug storage
-  if(forge.debug) {
-    forge.debug.get('forge.http', 'clients').push(client);
-  }
-
   // load cookies from disk
   _loadCookies(client);
 
@@ -508,7 +499,7 @@ http.createClient = function(options) {
     if(depth === 0 && verified === true) {
       // compare common name to url host
       var cn = certs[depth].subject.getField('CN');
-      if(cn === null || client.url.host !== cn.value) {
+      if(cn === null || client.url.hostname !== cn.value) {
         verified = {
           message: 'Certificate common name does not match url host.'
         };
@@ -523,7 +514,7 @@ http.createClient = function(options) {
     tlsOptions = {
       caStore: caStore,
       cipherSuites: options.cipherSuites || null,
-      virtualHost: options.virtualHost || url.host,
+      virtualHost: options.virtualHost || url.hostname,
       verify: options.verify || _defaultCertificateVerify,
       getCertificate: options.getCertificate || null,
       getPrivateKey: options.getPrivateKey || null,
@@ -563,7 +554,7 @@ http.createClient = function(options) {
   client.send = function(options) {
     // add host header if not set
     if(options.request.getField('Host') === null) {
-      options.request.setField('Host', client.url.fullHost);
+      options.request.setField('Host', client.url.origin);
     }
 
     // set default dummy handlers
@@ -1318,15 +1309,6 @@ http.createResponse = function() {
   return response;
 };
 
-/**
- * Parses the scheme, host, and port from an http(s) url.
- *
- * @param str the url string.
- *
- * @return the parsed url object or null if the url is invalid.
- */
-http.parseUrl = forge.util.parseUrl;
-
 /**
  * Returns true if the given url is within the given cookie's domain.
  *
@@ -1347,11 +1329,11 @@ http.withinCookieDomain = function(url, cookie) {
     // ensure domain starts with a '.'
     // parse URL as necessary
     if(typeof url === 'string') {
-      url = http.parseUrl(url);
+      url = new URL(url);
     }
 
-    // add '.' to front of URL host to match against domain
-    var host = '.' + url.host;
+    // add '.' to front of URL hostname to match against domain
+    var host = '.' + url.hostname;
 
     // if the host ends with domain then it falls within it
     var idx = host.lastIndexOf(domain);

package/lib/index.js

@@ -10,7 +10,6 @@ require('./aes');
 require('./aesCipherSuites');
 require('./asn1');
 require('./cipher');
-require('./debug');
 require('./des');
 require('./ed25519');
 require('./hmac');
@@ -30,6 +29,5 @@ require('./pss');
 require('./random');
 require('./rc2');
 require('./ssh');
-require('./task');
 require('./tls');
 require('./util');

package/lib/log.js

@@ -286,7 +286,7 @@ if(typeof(console) !== 'undefined' && 'log' in console) {
 }
 
 /*
- * Check for logging control query vars.
+ * Check for logging control query vars in current URL.
  *
  * console.level=<level-name>
  * Set's the console log level by name.  Useful to override defaults and
@@ -297,16 +297,18 @@ if(typeof(console) !== 'undefined' && 'log' in console) {
  * after console.level is processed.  Useful to force a level of verbosity
  * that could otherwise be limited by a user config.
  */
-if(sConsoleLogger !== null) {
-  var query = forge.util.getQueryVariables();
-  if('console.level' in query) {
+if(sConsoleLogger !== null &&
+  typeof window !== 'undefined' && window.location
+) {
+  var query = new URL(window.location.href).searchParams;
+  if(query.has('console.level')) {
     // set with last value
     forge.log.setLevel(
-      sConsoleLogger, query['console.level'].slice(-1)[0]);
+      sConsoleLogger, query.get('console.level').slice(-1)[0]);
   }
-  if('console.lock' in query) {
+  if(query.has('console.lock')) {
     // set with last value
-    var lock = query['console.lock'].slice(-1)[0];
+    var lock = query.get('console.lock').slice(-1)[0];
     if(lock == 'true') {
       forge.log.lock(sConsoleLogger);
     }

package/lib/oids.js

@@ -42,6 +42,8 @@ _IN('1.2.840.10040.4.3', 'dsa-with-sha1');
 _IN('1.3.14.3.2.7', 'desCBC');
 
 _IN('1.3.14.3.2.26', 'sha1');
+// Deprecated equivalent of sha1WithRSAEncryption
+_IN('1.3.14.3.2.29', 'sha1WithRSASignature');
 _IN('2.16.840.1.101.3.4.2.1', 'sha256');
 _IN('2.16.840.1.101.3.4.2.2', 'sha384');
 _IN('2.16.840.1.101.3.4.2.3', 'sha512');
@@ -104,16 +106,19 @@ _IN('2.16.840.1.101.3.4.1.42', 'aes256-CBC');
 
 // certificate issuer/subject OIDs
 _IN('2.5.4.3', 'commonName');
-_IN('2.5.4.5', 'serialName');
+_IN('2.5.4.4', 'surname');
+_IN('2.5.4.5', 'serialNumber');
 _IN('2.5.4.6', 'countryName');
 _IN('2.5.4.7', 'localityName');
 _IN('2.5.4.8', 'stateOrProvinceName');
 _IN('2.5.4.9', 'streetAddress');
 _IN('2.5.4.10', 'organizationName');
 _IN('2.5.4.11', 'organizationalUnitName');
+_IN('2.5.4.12', 'title');
 _IN('2.5.4.13', 'description');
 _IN('2.5.4.15', 'businessCategory');
 _IN('2.5.4.17', 'postalCode');
+_IN('2.5.4.42', 'givenName');
 _IN('1.3.6.1.4.1.311.60.2.1.2', 'jurisdictionOfIncorporationStateOrProvinceName');
 _IN('1.3.6.1.4.1.311.60.2.1.3', 'jurisdictionOfIncorporationCountryName');
 

package/lib/pem.js

@@ -106,8 +106,15 @@ pem.decode = function(str) {
       break;
     }
 
+    // accept "NEW CERTIFICATE REQUEST" as "CERTIFICATE REQUEST"
+    // https://datatracker.ietf.org/doc/html/rfc7468#section-7
+    var type = match[1];
+    if(type === 'NEW CERTIFICATE REQUEST') {
+      type = 'CERTIFICATE REQUEST';
+    }
+
     var msg = {
-      type: match[1],
+      type: type,
       procType: null,
       contentDomain: null,
       dekInfo: null,

package/lib/pkcs7.js

@@ -837,7 +837,7 @@ function _recipientFromAsn1(obj) {
     serialNumber: forge.util.createBuffer(capture.serial).toHex(),
     encryptedContent: {
       algorithm: asn1.derToOid(capture.encAlgorithm),
-      parameter: capture.encParameter.value,
+      parameter: capture.encParameter ? capture.encParameter.value : undefined,
       content: capture.encKey
     }
   };
@@ -1124,8 +1124,11 @@ function _encryptedContentToAsn1(ec) {
       asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
         asn1.oidToDer(ec.algorithm).getBytes()),
       // Parameters (IV)
-      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
-        ec.parameter.getBytes())
+      !ec.parameter ?
+        undefined :
+        asn1.create(
+          asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
+          ec.parameter.getBytes())
     ]),
     // [0] EncryptedContent
     asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [

package/lib/pkcs7asn1.js

@@ -397,7 +397,8 @@ p7v.recipientInfoValidator = {
       name: 'RecipientInfo.keyEncryptionAlgorithm.parameter',
       tagClass: asn1.Class.UNIVERSAL,
       constructed: false,
-      captureAsn1: 'encParameter'
+      captureAsn1: 'encParameter',
+      optional: true
     }]
   }, {
     name: 'RecipientInfo.encryptedKey',

package/lib/prng.js

@@ -317,7 +317,7 @@ prng.create = function(plugin) {
           // throw in more pseudo random
           next = seed >>> (i << 3);
           next ^= Math.floor(Math.random() * 0x0100);
-          b.putByte(String.fromCharCode(next & 0xFF));
+          b.putByte(next & 0xFF);
         }
       }
     }

package/lib/util.js

@@ -2258,261 +2258,6 @@ util.clearItems = function(api, id, location) {
   _callStorageFunction(_clearItems, arguments, location);
 };
 
-/**
- * Parses the scheme, host, and port from an http(s) url.
- *
- * @param str the url string.
- *
- * @return the parsed url object or null if the url is invalid.
- */
-util.parseUrl = function(str) {
-  // FIXME: this regex looks a bit broken
-  var regex = /^(https?):\/\/([^:&^\/]*):?(\d*)(.*)$/g;
-  regex.lastIndex = 0;
-  var m = regex.exec(str);
-  var url = (m === null) ? null : {
-    full: str,
-    scheme: m[1],
-    host: m[2],
-    port: m[3],
-    path: m[4]
-  };
-  if(url) {
-    url.fullHost = url.host;
-    if(url.port) {
-      if(url.port !== 80 && url.scheme === 'http') {
-        url.fullHost += ':' + url.port;
-      } else if(url.port !== 443 && url.scheme === 'https') {
-        url.fullHost += ':' + url.port;
-      }
-    } else if(url.scheme === 'http') {
-      url.port = 80;
-    } else if(url.scheme === 'https') {
-      url.port = 443;
-    }
-    url.full = url.scheme + '://' + url.fullHost;
-  }
-  return url;
-};
-
-/* Storage for query variables */
-var _queryVariables = null;
-
-/**
- * Returns the window location query variables. Query is parsed on the first
- * call and the same object is returned on subsequent calls. The mapping
- * is from keys to an array of values. Parameters without values will have
- * an object key set but no value added to the value array. Values are
- * unescaped.
- *
- * ...?k1=v1&k2=v2:
- * {
- *   "k1": ["v1"],
- *   "k2": ["v2"]
- * }
- *
- * ...?k1=v1&k1=v2:
- * {
- *   "k1": ["v1", "v2"]
- * }
- *
- * ...?k1=v1&k2:
- * {
- *   "k1": ["v1"],
- *   "k2": []
- * }
- *
- * ...?k1=v1&k1:
- * {
- *   "k1": ["v1"]
- * }
- *
- * ...?k1&k1:
- * {
- *   "k1": []
- * }
- *
- * @param query the query string to parse (optional, default to cached
- *          results from parsing window location search query).
- *
- * @return object mapping keys to variables.
- */
-util.getQueryVariables = function(query) {
-  var parse = function(q) {
-    var rval = {};
-    var kvpairs = q.split('&');
-    for(var i = 0; i < kvpairs.length; i++) {
-      var pos = kvpairs[i].indexOf('=');
-      var key;
-      var val;
-      if(pos > 0) {
-        key = kvpairs[i].substring(0, pos);
-        val = kvpairs[i].substring(pos + 1);
-      } else {
-        key = kvpairs[i];
-        val = null;
-      }
-      if(!(key in rval)) {
-        rval[key] = [];
-      }
-      // disallow overriding object prototype keys
-      if(!(key in Object.prototype) && val !== null) {
-        rval[key].push(unescape(val));
-      }
-    }
-    return rval;
-  };
-
-   var rval;
-   if(typeof(query) === 'undefined') {
-     // set cached variables if needed
-     if(_queryVariables === null) {
-       if(typeof(window) !== 'undefined' && window.location && window.location.search) {
-          // parse window search query
-          _queryVariables = parse(window.location.search.substring(1));
-       } else {
-          // no query variables available
-          _queryVariables = {};
-       }
-     }
-     rval = _queryVariables;
-   } else {
-     // parse given query
-     rval = parse(query);
-   }
-   return rval;
-};
-
-/**
- * Parses a fragment into a path and query. This method will take a URI
- * fragment and break it up as if it were the main URI. For example:
- *    /bar/baz?a=1&b=2
- * results in:
- *    {
- *       path: ["bar", "baz"],
- *       query: {"k1": ["v1"], "k2": ["v2"]}
- *    }
- *
- * @return object with a path array and query object.
- */
-util.parseFragment = function(fragment) {
-  // default to whole fragment
-  var fp = fragment;
-  var fq = '';
-  // split into path and query if possible at the first '?'
-  var pos = fragment.indexOf('?');
-  if(pos > 0) {
-    fp = fragment.substring(0, pos);
-    fq = fragment.substring(pos + 1);
-  }
-  // split path based on '/' and ignore first element if empty
-  var path = fp.split('/');
-  if(path.length > 0 && path[0] === '') {
-    path.shift();
-  }
-  // convert query into object
-  var query = (fq === '') ? {} : util.getQueryVariables(fq);
-
-  return {
-    pathString: fp,
-    queryString: fq,
-    path: path,
-    query: query
-  };
-};
-
-/**
- * Makes a request out of a URI-like request string. This is intended to
- * be used where a fragment id (after a URI '#') is parsed as a URI with
- * path and query parts. The string should have a path beginning and
- * delimited by '/' and optional query parameters following a '?'. The
- * query should be a standard URL set of key value pairs delimited by
- * '&'. For backwards compatibility the initial '/' on the path is not
- * required. The request object has the following API, (fully described
- * in the method code):
- *    {
- *       path: <the path string part>.
- *       query: <the query string part>,
- *       getPath(i): get part or all of the split path array,
- *       getQuery(k, i): get part or all of a query key array,
- *       getQueryLast(k, _default): get last element of a query key array.
- *    }
- *
- * @return object with request parameters.
- */
-util.makeRequest = function(reqString) {
-  var frag = util.parseFragment(reqString);
-  var req = {
-    // full path string
-    path: frag.pathString,
-    // full query string
-    query: frag.queryString,
-    /**
-     * Get path or element in path.
-     *
-     * @param i optional path index.
-     *
-     * @return path or part of path if i provided.
-     */
-    getPath: function(i) {
-      return (typeof(i) === 'undefined') ? frag.path : frag.path[i];
-    },
-    /**
-     * Get query, values for a key, or value for a key index.
-     *
-     * @param k optional query key.
-     * @param i optional query key index.
-     *
-     * @return query, values for a key, or value for a key index.
-     */
-    getQuery: function(k, i) {
-      var rval;
-      if(typeof(k) === 'undefined') {
-        rval = frag.query;
-      } else {
-        rval = frag.query[k];
-        if(rval && typeof(i) !== 'undefined') {
-           rval = rval[i];
-        }
-      }
-      return rval;
-    },
-    getQueryLast: function(k, _default) {
-      var rval;
-      var vals = req.getQuery(k);
-      if(vals) {
-        rval = vals[vals.length - 1];
-      } else {
-        rval = _default;
-      }
-      return rval;
-    }
-  };
-  return req;
-};
-
-/**
- * Makes a URI out of a path, an object with query parameters, and a
- * fragment. Uses jQuery.param() internally for query string creation.
- * If the path is an array, it will be joined with '/'.
- *
- * @param path string path or array of strings.
- * @param query object with query parameters. (optional)
- * @param fragment fragment string. (optional)
- *
- * @return string object with request parameters.
- */
-util.makeLink = function(path, query, fragment) {
-  // join path parts if needed
-  path = jQuery.isArray(path) ? path.join('/') : path;
-
-  var qstr = jQuery.param(query || {});
-  fragment = fragment || '';
-  return path +
-    ((qstr.length > 0) ? ('?' + qstr) : '') +
-    ((fragment.length > 0) ? ('#' + fragment) : '');
-};
-
 /**
  * Check if an object is empty.
  *