node-forge 0.9.2 → 1.2.0

package/lib/x509.js

@@ -689,6 +689,101 @@ var _readSignatureParameters = function(oid, obj, fillDefaults) {
   return params;
 };
 
+/**
+ * Create signature digest for OID.
+ *
+ * @param options
+ *   signatureOid: the OID specifying the signature algorithm.
+ *   type: a human readable type for error messages
+ * @return a created md instance. throws if unknown oid.
+ */
+var _createSignatureDigest = function(options) {
+  switch(oids[options.signatureOid]) {
+    case 'sha1WithRSAEncryption':
+    // deprecated alias
+    case 'sha1WithRSASignature':
+      return forge.md.sha1.create();
+    case 'md5WithRSAEncryption':
+      return forge.md.md5.create();
+    case 'sha256WithRSAEncryption':
+      return forge.md.sha256.create();
+    case 'sha384WithRSAEncryption':
+      return forge.md.sha384.create();
+    case 'sha512WithRSAEncryption':
+      return forge.md.sha512.create();
+    case 'RSASSA-PSS':
+      return forge.md.sha256.create();
+    default:
+      var error = new Error(
+        'Could not compute ' + options.type + ' digest. ' +
+        'Unknown signature OID.');
+      error.signatureOid = options.signatureOid;
+      throw error;
+  }
+};
+
+/**
+ * Verify signature on certificate or CSR.
+ *
+ * @param options:
+ *   certificate the certificate or CSR to verify.
+ *   md the signature digest.
+ *   signature the signature
+ * @return a created md instance. throws if unknown oid.
+ */
+var _verifySignature = function(options) {
+  var cert = options.certificate;
+  var scheme;
+
+  switch(cert.signatureOid) {
+    case oids.sha1WithRSAEncryption:
+    // deprecated alias
+    case oids.sha1WithRSASignature:
+      /* use PKCS#1 v1.5 padding scheme */
+      break;
+    case oids['RSASSA-PSS']:
+      var hash, mgf;
+
+      /* initialize mgf */
+      hash = oids[cert.signatureParameters.mgf.hash.algorithmOid];
+      if(hash === undefined || forge.md[hash] === undefined) {
+        var error = new Error('Unsupported MGF hash function.');
+        error.oid = cert.signatureParameters.mgf.hash.algorithmOid;
+        error.name = hash;
+        throw error;
+      }
+
+      mgf = oids[cert.signatureParameters.mgf.algorithmOid];
+      if(mgf === undefined || forge.mgf[mgf] === undefined) {
+        var error = new Error('Unsupported MGF function.');
+        error.oid = cert.signatureParameters.mgf.algorithmOid;
+        error.name = mgf;
+        throw error;
+      }
+
+      mgf = forge.mgf[mgf].create(forge.md[hash].create());
+
+      /* initialize hash function */
+      hash = oids[cert.signatureParameters.hash.algorithmOid];
+      if(hash === undefined || forge.md[hash] === undefined) {
+        var error = new Error('Unsupported RSASSA-PSS hash function.');
+        error.oid = cert.signatureParameters.hash.algorithmOid;
+        error.name = hash;
+        throw error;
+      }
+
+      scheme = forge.pss.create(
+        forge.md[hash].create(), mgf, cert.signatureParameters.saltLength
+      );
+      break;
+  }
+
+  // verify signature on cert using public key
+  return cert.publicKey.verify(
+    options.md.digest().getBytes(), options.signature, scheme
+  );
+};
+
 /**
  * Converts an X.509 certificate from PEM format.
  *
@@ -1069,43 +1164,18 @@ pki.createCertificate = function() {
         'The parent certificate did not issue the given child ' +
         'certificate; the child certificate\'s issuer does not match the ' +
         'parent\'s subject.');
-      error.expectedIssuer = issuer.attributes;
-      error.actualIssuer = subject.attributes;
+      error.expectedIssuer = subject.attributes;
+      error.actualIssuer = issuer.attributes;
       throw error;
     }
 
     var md = child.md;
     if(md === null) {
-      // check signature OID for supported signature types
-      if(child.signatureOid in oids) {
-        var oid = oids[child.signatureOid];
-        switch(oid) {
-          case 'sha1WithRSAEncryption':
-            md = forge.md.sha1.create();
-            break;
-          case 'md5WithRSAEncryption':
-            md = forge.md.md5.create();
-            break;
-          case 'sha256WithRSAEncryption':
-            md = forge.md.sha256.create();
-            break;
-          case 'sha384WithRSAEncryption':
-            md = forge.md.sha384.create();
-            break;
-          case 'sha512WithRSAEncryption':
-            md = forge.md.sha512.create();
-            break;
-          case 'RSASSA-PSS':
-            md = forge.md.sha256.create();
-            break;
-        }
-      }
-      if(md === null) {
-        var error = new Error('Could not compute certificate digest. ' +
-          'Unknown signature OID.');
-        error.signatureOid = child.signatureOid;
-        throw error;
-      }
+      // create digest for OID signature types
+      md = _createSignatureDigest({
+        signatureOid: child.signatureOid,
+        type: 'certificate'
+      });
 
       // produce DER formatted TBSCertificate and digest it
       var tbsCertificate = child.tbsCertificate || pki.getTBSCertificate(child);
@@ -1114,52 +1184,9 @@ pki.createCertificate = function() {
     }
 
     if(md !== null) {
-      var scheme;
-
-      switch(child.signatureOid) {
-        case oids.sha1WithRSAEncryption:
-          scheme = undefined; /* use PKCS#1 v1.5 padding scheme */
-          break;
-        case oids['RSASSA-PSS']:
-          var hash, mgf;
-
-          /* initialize mgf */
-          hash = oids[child.signatureParameters.mgf.hash.algorithmOid];
-          if(hash === undefined || forge.md[hash] === undefined) {
-            var error = new Error('Unsupported MGF hash function.');
-            error.oid = child.signatureParameters.mgf.hash.algorithmOid;
-            error.name = hash;
-            throw error;
-          }
-
-          mgf = oids[child.signatureParameters.mgf.algorithmOid];
-          if(mgf === undefined || forge.mgf[mgf] === undefined) {
-            var error = new Error('Unsupported MGF function.');
-            error.oid = child.signatureParameters.mgf.algorithmOid;
-            error.name = mgf;
-            throw error;
-          }
-
-          mgf = forge.mgf[mgf].create(forge.md[hash].create());
-
-          /* initialize hash function */
-          hash = oids[child.signatureParameters.hash.algorithmOid];
-          if(hash === undefined || forge.md[hash] === undefined) {
-            throw {
-              message: 'Unsupported RSASSA-PSS hash function.',
-              oid: child.signatureParameters.hash.algorithmOid,
-              name: hash
-            };
-          }
-
-          scheme = forge.pss.create(forge.md[hash].create(), mgf,
-            child.signatureParameters.saltLength);
-          break;
-      }
-
-      // verify signature on cert using public key
-      rval = cert.publicKey.verify(
-        md.digest().getBytes(), child.signature, scheme);
+      rval = _verifySignature({
+        certificate: cert, md: md, signature: child.signature
+      });
     }
 
     return rval;
@@ -1333,37 +1360,11 @@ pki.certificateFromAsn1 = function(obj, computeHash) {
   cert.tbsCertificate = capture.tbsCertificate;
 
   if(computeHash) {
-    // check signature OID for supported signature types
-    cert.md = null;
-    if(cert.signatureOid in oids) {
-      var oid = oids[cert.signatureOid];
-      switch(oid) {
-        case 'sha1WithRSAEncryption':
-          cert.md = forge.md.sha1.create();
-          break;
-        case 'md5WithRSAEncryption':
-          cert.md = forge.md.md5.create();
-          break;
-        case 'sha256WithRSAEncryption':
-          cert.md = forge.md.sha256.create();
-          break;
-        case 'sha384WithRSAEncryption':
-          cert.md = forge.md.sha384.create();
-          break;
-        case 'sha512WithRSAEncryption':
-          cert.md = forge.md.sha512.create();
-          break;
-        case 'RSASSA-PSS':
-          cert.md = forge.md.sha256.create();
-          break;
-      }
-    }
-    if(cert.md === null) {
-      var error = new Error('Could not compute certificate digest. ' +
-        'Unknown signature OID.');
-      error.signatureOid = cert.signatureOid;
-      throw error;
-    }
+    // create digest for OID signature type
+    cert.md = _createSignatureDigest({
+      signatureOid: cert.signatureOid,
+      type: 'certificate'
+    });
 
     // produce DER formatted TBSCertificate and digest it
     var bytes = asn1.toDer(cert.tbsCertificate);
@@ -1372,6 +1373,8 @@ pki.certificateFromAsn1 = function(obj, computeHash) {
 
   // handle issuer, build issuer message digest
   var imd = forge.md.sha1.create();
+  var ibytes = asn1.toDer(capture.certIssuer);
+  imd.update(ibytes.getBytes());
   cert.issuer.getField = function(sn) {
     return _getAttribute(cert.issuer, sn);
   };
@@ -1379,7 +1382,7 @@ pki.certificateFromAsn1 = function(obj, computeHash) {
     _fillMissingFields([attr]);
     cert.issuer.attributes.push(attr);
   };
-  cert.issuer.attributes = pki.RDNAttributesAsArray(capture.certIssuer, imd);
+  cert.issuer.attributes = pki.RDNAttributesAsArray(capture.certIssuer);
   if(capture.certIssuerUniqueId) {
     cert.issuer.uniqueId = capture.certIssuerUniqueId;
   }
@@ -1387,6 +1390,8 @@ pki.certificateFromAsn1 = function(obj, computeHash) {
 
   // handle subject, build subject message digest
   var smd = forge.md.sha1.create();
+  var sbytes = asn1.toDer(capture.certSubject);
+  smd.update(sbytes.getBytes());
   cert.subject.getField = function(sn) {
     return _getAttribute(cert.subject, sn);
   };
@@ -1394,7 +1399,7 @@ pki.certificateFromAsn1 = function(obj, computeHash) {
     _fillMissingFields([attr]);
     cert.subject.attributes.push(attr);
   };
-  cert.subject.attributes = pki.RDNAttributesAsArray(capture.certSubject, smd);
+  cert.subject.attributes = pki.RDNAttributesAsArray(capture.certSubject);
   if(capture.certSubjectUniqueId) {
     cert.subject.uniqueId = capture.certSubjectUniqueId;
   }
@@ -1677,37 +1682,11 @@ pki.certificationRequestFromAsn1 = function(obj, computeHash) {
   csr.certificationRequestInfo = capture.certificationRequestInfo;
 
   if(computeHash) {
-    // check signature OID for supported signature types
-    csr.md = null;
-    if(csr.signatureOid in oids) {
-      var oid = oids[csr.signatureOid];
-      switch(oid) {
-        case 'sha1WithRSAEncryption':
-          csr.md = forge.md.sha1.create();
-          break;
-        case 'md5WithRSAEncryption':
-          csr.md = forge.md.md5.create();
-          break;
-        case 'sha256WithRSAEncryption':
-          csr.md = forge.md.sha256.create();
-          break;
-        case 'sha384WithRSAEncryption':
-          csr.md = forge.md.sha384.create();
-          break;
-        case 'sha512WithRSAEncryption':
-          csr.md = forge.md.sha512.create();
-          break;
-        case 'RSASSA-PSS':
-          csr.md = forge.md.sha256.create();
-          break;
-      }
-    }
-    if(csr.md === null) {
-      var error = new Error('Could not compute certification request digest. ' +
-        'Unknown signature OID.');
-      error.signatureOid = csr.signatureOid;
-      throw error;
-    }
+    // create digest for OID signature type
+    csr.md = _createSignatureDigest({
+      signatureOid: csr.signatureOid,
+      type: 'certification request'
+    });
 
     // produce DER formatted CertificationRequestInfo and digest it
     var bytes = asn1.toDer(csr.certificationRequestInfo);
@@ -1847,38 +1826,10 @@ pki.createCertificationRequest = function() {
 
     var md = csr.md;
     if(md === null) {
-      // check signature OID for supported signature types
-      if(csr.signatureOid in oids) {
-        // TODO: create DRY `OID to md` function
-        var oid = oids[csr.signatureOid];
-        switch(oid) {
-          case 'sha1WithRSAEncryption':
-            md = forge.md.sha1.create();
-            break;
-          case 'md5WithRSAEncryption':
-            md = forge.md.md5.create();
-            break;
-          case 'sha256WithRSAEncryption':
-            md = forge.md.sha256.create();
-            break;
-          case 'sha384WithRSAEncryption':
-            md = forge.md.sha384.create();
-            break;
-          case 'sha512WithRSAEncryption':
-            md = forge.md.sha512.create();
-            break;
-          case 'RSASSA-PSS':
-            md = forge.md.sha256.create();
-            break;
-        }
-      }
-      if(md === null) {
-        var error = new Error(
-          'Could not compute certification request digest. ' +
-          'Unknown signature OID.');
-        error.signatureOid = csr.signatureOid;
-        throw error;
-      }
+      md = _createSignatureDigest({
+        signatureOid: csr.signatureOid,
+        type: 'certification request'
+      });
 
       // produce DER formatted CertificationRequestInfo and digest it
       var cri = csr.certificationRequestInfo ||
@@ -1888,51 +1839,9 @@ pki.createCertificationRequest = function() {
     }
 
     if(md !== null) {
-      var scheme;
-
-      switch(csr.signatureOid) {
-        case oids.sha1WithRSAEncryption:
-          /* use PKCS#1 v1.5 padding scheme */
-          break;
-        case oids['RSASSA-PSS']:
-          var hash, mgf;
-
-          /* initialize mgf */
-          hash = oids[csr.signatureParameters.mgf.hash.algorithmOid];
-          if(hash === undefined || forge.md[hash] === undefined) {
-            var error = new Error('Unsupported MGF hash function.');
-            error.oid = csr.signatureParameters.mgf.hash.algorithmOid;
-            error.name = hash;
-            throw error;
-          }
-
-          mgf = oids[csr.signatureParameters.mgf.algorithmOid];
-          if(mgf === undefined || forge.mgf[mgf] === undefined) {
-            var error = new Error('Unsupported MGF function.');
-            error.oid = csr.signatureParameters.mgf.algorithmOid;
-            error.name = mgf;
-            throw error;
-          }
-
-          mgf = forge.mgf[mgf].create(forge.md[hash].create());
-
-          /* initialize hash function */
-          hash = oids[csr.signatureParameters.hash.algorithmOid];
-          if(hash === undefined || forge.md[hash] === undefined) {
-            var error = new Error('Unsupported RSASSA-PSS hash function.');
-            error.oid = csr.signatureParameters.hash.algorithmOid;
-            error.name = hash;
-            throw error;
-          }
-
-          scheme = forge.pss.create(forge.md[hash].create(), mgf,
-            csr.signatureParameters.saltLength);
-          break;
-      }
-
-      // verify signature on csr using its public key
-      rval = csr.publicKey.verify(
-        md.digest().getBytes(), csr.signature, scheme);
+      rval = _verifySignature({
+        certificate: csr, md: md, signature: csr.signature
+      });
     }
 
     return rval;

package/lib/xhr.js

@@ -151,7 +151,7 @@ xhrApi.init = function(options) {
     getPrivateKey: options.getPrivateKey,
     getSignature: options.getSignature
   });
-  _clients[_client.url.full] = _client;
+  _clients[_client.url.origin] = _client;
 
   forge.log.debug(cat, 'ready');
 };
@@ -380,8 +380,10 @@ xhrApi.create = function(options) {
     // use default
     _state.client = _client;
   } else {
-    var url = http.parseUrl(options.url);
-    if(!url) {
+    var url;
+    try {
+      url = new URL(options.url);
+    } catch(e) {
       var error = new Error('Invalid url.');
       error.details = {
         url: options.url
@@ -389,9 +391,9 @@ xhrApi.create = function(options) {
     }
 
     // find client
-    if(url.full in _clients) {
+    if(url.origin in _clients) {
       // client found
-      _state.client = _clients[url.full];
+      _state.client = _clients[url.origin];
     } else {
       // create client
       _state.client = http.createClient({
@@ -409,7 +411,7 @@ xhrApi.create = function(options) {
         getPrivateKey: options.getPrivateKey,
         getSignature: options.getSignature
       });
-      _clients[url.full] = _state.client;
+      _clients[url.origin] = _state.client;
     }
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "node-forge",
-  "version": "0.9.2",
+  "version": "1.2.0",
   "description": "JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.",
   "homepage": "https://github.com/digitalbazaar/forge",
   "author": {
@@ -15,31 +15,32 @@
     "Christoph Dorn <christoph@christophdorn.com>"
   ],
   "devDependencies": {
-    "browserify": "^16.1.0",
+    "browserify": "^16.5.2",
     "commander": "^2.20.0",
-    "cross-env": "^5.1.3",
-    "eslint": "^5.16.0",
-    "eslint-config-digitalbazaar": "^2.0.0",
+    "cross-env": "^5.2.1",
+    "eslint": "^7.27.0",
+    "eslint-config-digitalbazaar": "^2.8.0",
     "express": "^4.16.2",
-    "karma": "^3.1.4",
-    "karma-browserify": "^6.0.0",
-    "karma-chrome-launcher": "^2.2.0",
+    "karma": "^4.4.1",
+    "karma-browserify": "^7.0.0",
+    "karma-chrome-launcher": "^3.1.0",
     "karma-edge-launcher": "^0.4.2",
-    "karma-firefox-launcher": "^1.1.0",
+    "karma-firefox-launcher": "^1.3.0",
     "karma-ie-launcher": "^1.0.0",
     "karma-mocha": "^1.3.0",
     "karma-mocha-reporter": "^2.2.5",
     "karma-safari-launcher": "^1.0.0",
-    "karma-sauce-launcher": "^1.2.0",
-    "karma-sourcemap-loader": "^0.3.7",
+    "karma-sauce-launcher": "^2.0.2",
+    "karma-sourcemap-loader": "^0.3.8",
     "karma-tap-reporter": "0.0.6",
-    "karma-webpack": "^3.0.5",
+    "karma-webpack": "^4.0.2",
     "mocha": "^5.2.0",
     "mocha-lcov-reporter": "^1.2.0",
     "nodejs-websocket": "^1.7.1",
-    "nyc": "^14.1.1",
-    "opts": "^1.2.2",
-    "webpack": "^3.11.0",
+    "nyc": "^15.1.0",
+    "opts": "^1.2.7",
+    "webpack": "^4.44.1",
+    "webpack-cli": "^3.3.12",
     "worker-loader": "^2.0.0"
   },
   "repository": {
@@ -59,7 +60,7 @@
     "dist/*.min.js.map"
   ],
   "engines": {
-    "node": ">= 4.5.0"
+    "node": ">= 6.13.0"
   },
   "keywords": [
     "aes",
@@ -94,13 +95,15 @@
     "prepublish": "npm run build",
     "build": "webpack",
     "test-build": "webpack --config webpack-tests.config.js",
-    "test": "cross-env NODE_ENV=test mocha -t 30000 -R ${REPORTER:-spec} tests/unit/index.js",
+    "test": "npm run test-node",
+    "test-node": "cross-env NODE_ENV=test mocha -t 30000 -R ${REPORTER:-spec} tests/unit/index.js",
     "test-karma": "karma start",
     "test-karma-sauce": "karma start karma-sauce.conf",
     "test-server": "node tests/server.js",
     "test-server-ws": "node tests/websockets/server-ws.js",
     "test-server-webid": "node tests/websockets/server-webid.js",
     "coverage": "rm -rf coverage && nyc --reporter=lcov --reporter=text-summary npm test",
+    "coverage-ci": "rm -rf coverage && nyc --reporter=lcovonly npm test",
     "coverage-report": "nyc report",
     "lint": "eslint *.js lib/*.js tests/*.js tests/**/*.js examples/*.js flash/*.js"
   },

package/lib/debug.js

@@ -1,78 +0,0 @@
-/**
- * Debugging support for web applications.
- *
- * @author David I. Lehn <dlehn@digitalbazaar.com>
- *
- * Copyright 2008-2013 Digital Bazaar, Inc.
- */
-var forge = require('./forge');
-
-/* DEBUG API */
-module.exports = forge.debug = forge.debug || {};
-
-// Private storage for debugging.
-// Useful to expose data that is otherwise unviewable behind closures.
-// NOTE: remember that this can hold references to data and cause leaks!
-// format is "forge._debug.<modulename>.<dataname> = data"
-// Example:
-// (function() {
-//   var cat = 'forge.test.Test'; // debugging category
-//   var sState = {...}; // local state
-//   forge.debug.set(cat, 'sState', sState);
-// })();
-forge.debug.storage = {};
-
-/**
- * Gets debug data. Omit name for all cat data  Omit name and cat for
- * all data.
- *
- * @param cat name of debugging category.
- * @param name name of data to get (optional).
- * @return object with requested debug data or undefined.
- */
-forge.debug.get = function(cat, name) {
-  var rval;
-  if(typeof(cat) === 'undefined') {
-    rval = forge.debug.storage;
-  } else if(cat in forge.debug.storage) {
-    if(typeof(name) === 'undefined') {
-      rval = forge.debug.storage[cat];
-    } else {
-      rval = forge.debug.storage[cat][name];
-    }
-  }
-  return rval;
-};
-
-/**
- * Sets debug data.
- *
- * @param cat name of debugging category.
- * @param name name of data to set.
- * @param data data to set.
- */
-forge.debug.set = function(cat, name, data) {
-  if(!(cat in forge.debug.storage)) {
-    forge.debug.storage[cat] = {};
-  }
-  forge.debug.storage[cat][name] = data;
-};
-
-/**
- * Clears debug data. Omit name for all cat data. Omit name and cat for
- * all data.
- *
- * @param cat name of debugging category.
- * @param name name of data to clear or omit to clear entire category.
- */
-forge.debug.clear = function(cat, name) {
-  if(typeof(cat) === 'undefined') {
-    forge.debug.storage = {};
-  } else if(cat in forge.debug.storage) {
-    if(typeof(name) === 'undefined') {
-      delete forge.debug.storage[cat];
-    } else {
-      delete forge.debug.storage[cat][name];
-    }
-  }
-};