node-opcua-crypto 1.11.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/.fossa.yml +18 -18
  2. package/.github/FUNDING.yml +12 -12
  3. package/.github/workflows/main.yml +32 -32
  4. package/.prettierrc.js +6 -6
  5. package/LICENSE +23 -22
  6. package/README.md +14 -14
  7. package/dist/source/asn1.d.ts +73 -73
  8. package/dist/source/asn1.js +359 -359
  9. package/dist/source/buffer_utils.d.ts +6 -6
  10. package/dist/source/buffer_utils.js +21 -21
  11. package/dist/source/certificate_matches_private_key.d.ts +2 -0
  12. package/dist/source/certificate_matches_private_key.js +22 -0
  13. package/dist/source/certificate_matches_private_key.js.map +1 -0
  14. package/dist/source/common.d.ts +12 -12
  15. package/dist/source/common.js +2 -2
  16. package/dist/source/crypto_explore_certificate.d.ts +107 -107
  17. package/dist/source/crypto_explore_certificate.js +601 -600
  18. package/dist/source/crypto_explore_certificate.js.map +1 -1
  19. package/dist/source/crypto_utils.d.ts +80 -78
  20. package/dist/source/crypto_utils.js +312 -280
  21. package/dist/source/crypto_utils.js.map +1 -1
  22. package/dist/source/derived_keys.d.ts +72 -72
  23. package/dist/source/derived_keys.js +248 -248
  24. package/dist/source/explore_certificate.d.ts +30 -30
  25. package/dist/source/explore_certificate.js +43 -43
  26. package/dist/source/explore_certificate_revocation_list.d.ts +28 -28
  27. package/dist/source/explore_certificate_revocation_list.js +69 -69
  28. package/dist/source/explore_certificate_signing_request.d.ts +13 -13
  29. package/dist/source/explore_certificate_signing_request.js +44 -44
  30. package/dist/source/explore_private_key.d.ts +29 -29
  31. package/dist/source/explore_private_key.js +96 -96
  32. package/dist/source/explore_private_key.js.map +1 -1
  33. package/dist/source/index.d.ts +13 -13
  34. package/dist/source/index.js +29 -29
  35. package/dist/source/oid_map.d.ts +7 -7
  36. package/dist/source/oid_map.js +303 -303
  37. package/dist/source/public_private_match.d.ts +3 -3
  38. package/dist/source/public_private_match.js +37 -16
  39. package/dist/source/public_private_match.js.map +1 -1
  40. package/dist/source/verify_certificate_signature.d.ts +10 -10
  41. package/dist/source/verify_certificate_signature.js +101 -101
  42. package/dist/source_nodejs/index.d.ts +3 -3
  43. package/dist/source_nodejs/index.js +19 -19
  44. package/dist/source_nodejs/read.d.ts +29 -29
  45. package/dist/source_nodejs/read.js +94 -94
  46. package/dist/source_nodejs/read.js.map +1 -1
  47. package/dist/source_nodejs/read_certificate_revocation_list.d.ts +2 -2
  48. package/dist/source_nodejs/read_certificate_revocation_list.js +27 -27
  49. package/dist/source_nodejs/read_certificate_signing_request.d.ts +3 -3
  50. package/dist/source_nodejs/read_certificate_signing_request.js +27 -27
  51. package/index.d.ts +2 -2
  52. package/index.js +4 -4
  53. package/index_web.js +3 -3
  54. package/package.json +12 -12
  55. package/source/asn1.ts +404 -404
  56. package/source/buffer_utils.ts +18 -18
  57. package/source/common.ts +13 -13
  58. package/source/crypto_explore_certificate.ts +764 -763
  59. package/source/crypto_utils.ts +359 -321
  60. package/source/derived_keys.ts +287 -287
  61. package/source/explore_certificate.ts +66 -66
  62. package/source/explore_certificate_revocation_list.ts +122 -122
  63. package/source/explore_certificate_signing_request.ts +58 -58
  64. package/source/explore_private_key.ts +121 -121
  65. package/source/index.ts +13 -13
  66. package/source/oid_map.ts +310 -310
  67. package/source/public_private_match.ts +41 -18
  68. package/source/verify_certificate_signature.ts +105 -105
  69. package/source_nodejs/index.ts +2 -2
  70. package/source_nodejs/read.ts +95 -95
  71. package/source_nodejs/read_certificate_revocation_list.ts +14 -14
  72. package/source_nodejs/read_certificate_signing_request.ts +17 -17
  73. package/test_certificate.ts +34 -34
  74. package/tsconfig.json +18 -18
  75. package/tslint.json +34 -34
  76. package/dist/asn1.d.ts +0 -69
  77. package/dist/asn1.js +0 -349
  78. package/dist/asn1.js.map +0 -1
  79. package/dist/buffer_utils.d.ts +0 -6
  80. package/dist/buffer_utils.js +0 -22
  81. package/dist/buffer_utils.js.map +0 -1
  82. package/dist/common.d.ts +0 -11
  83. package/dist/common.js +0 -3
  84. package/dist/common.js.map +0 -1
  85. package/dist/crypto_explore_certificate.d.ts +0 -95
  86. package/dist/crypto_explore_certificate.js +0 -547
  87. package/dist/crypto_explore_certificate.js.map +0 -1
  88. package/dist/crypto_utils.d.ts +0 -106
  89. package/dist/crypto_utils.js +0 -370
  90. package/dist/crypto_utils.js.map +0 -1
  91. package/dist/derived_keys.d.ts +0 -72
  92. package/dist/derived_keys.js +0 -247
  93. package/dist/derived_keys.js.map +0 -1
  94. package/dist/explore_certificate.d.ts +0 -30
  95. package/dist/explore_certificate.js +0 -44
  96. package/dist/explore_certificate.js.map +0 -1
  97. package/dist/explore_certificate_revocation_list.d.ts +0 -30
  98. package/dist/explore_certificate_revocation_list.js +0 -67
  99. package/dist/explore_certificate_revocation_list.js.map +0 -1
  100. package/dist/index.d.ts +0 -10
  101. package/dist/index.js +0 -23
  102. package/dist/index.js.map +0 -1
  103. package/dist/oid_map.d.ts +0 -7
  104. package/dist/oid_map.js +0 -262
  105. package/dist/oid_map.js.map +0 -1
  106. package/dist/verify_cerficate_signature.d.ts +0 -10
  107. package/dist/verify_cerficate_signature.js +0 -102
  108. package/dist/verify_cerficate_signature.js.map +0 -1
package/source/explore_certificate.ts CHANGED
@@ -1,66 +1,66 @@
1
- /**
2
- * @module node_opcua_crypto
3
- */
4
-
5
- import { Certificate, CertificatePEM } from "./common";
6
- import { exploreCertificate, SubjectPublicKey } from "./crypto_explore_certificate";
7
- import { DirectoryName } from "./asn1";
8
- import { convertPEMtoDER } from "./crypto_utils";
9
- import * as assert from "assert";
10
-
11
- export type PublicKeyLength = 64 | 96 | 128 | 256 | 384 | 512;
12
-
13
- /**
14
- * A structure exposing useful information about a certificate
15
- */
16
- export interface CertificateInfo {
17
- /** the public key length in bits */
18
- publicKeyLength: PublicKeyLength;
19
- /** the date at which the certificate starts to be valid */
20
- notBefore: Date;
21
- /** the date after which the certificate is not valid any more */
22
- notAfter: Date;
23
- /** info about certificate owner */
24
- subject: DirectoryName;
25
- /** public key */
26
- publicKey: SubjectPublicKey;
27
- }
28
-
29
- export function coerceCertificate(certificate: Certificate | CertificatePEM): Certificate {
30
- if (typeof certificate === "string") {
31
- certificate = convertPEMtoDER(certificate);
32
- }
33
- assert(certificate instanceof Buffer);
34
- return certificate;
35
- }
36
-
37
- /**
38
- * @method exploreCertificateInfo
39
- * returns useful information about the certificate such as public key length, start date and end of validity date,
40
- * and CN
41
- * @param certificate the certificate to explore
42
- */
43
- export function exploreCertificateInfo(certificate: Certificate | CertificatePEM): CertificateInfo {
44
- certificate = coerceCertificate(certificate);
45
-
46
- const certInfo = exploreCertificate(certificate);
47
- const data: CertificateInfo = {
48
- publicKeyLength: certInfo.tbsCertificate.subjectPublicKeyInfo.keyLength,
49
- notBefore: certInfo.tbsCertificate.validity.notBefore,
50
- notAfter: certInfo.tbsCertificate.validity.notAfter,
51
- publicKey: certInfo.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey,
52
- subject: certInfo.tbsCertificate.subject,
53
- };
54
- // istanbul ignore next
55
- if (
56
- !(
57
- data.publicKeyLength === 512 ||
58
- data.publicKeyLength === 384 ||
59
- data.publicKeyLength === 256 ||
60
- data.publicKeyLength === 128
61
- )
62
- ) {
63
- throw new Error("Invalid public key length (expecting 128,256,384 or 512)" + data.publicKeyLength);
64
- }
65
- return data;
66
- }
1
+ /**
2
+ * @module node_opcua_crypto
3
+ */
4
+
5
+ import { Certificate, CertificatePEM } from "./common";
6
+ import { exploreCertificate, SubjectPublicKey } from "./crypto_explore_certificate";
7
+ import { DirectoryName } from "./asn1";
8
+ import { convertPEMtoDER } from "./crypto_utils";
9
+ import * as assert from "assert";
10
+
11
+ export type PublicKeyLength = 64 | 96 | 128 | 256 | 384 | 512;
12
+
13
+ /**
14
+ * A structure exposing useful information about a certificate
15
+ */
16
+ export interface CertificateInfo {
17
+ /** the public key length in bits */
18
+ publicKeyLength: PublicKeyLength;
19
+ /** the date at which the certificate starts to be valid */
20
+ notBefore: Date;
21
+ /** the date after which the certificate is not valid any more */
22
+ notAfter: Date;
23
+ /** info about certificate owner */
24
+ subject: DirectoryName;
25
+ /** public key */
26
+ publicKey: SubjectPublicKey;
27
+ }
28
+
29
+ export function coerceCertificate(certificate: Certificate | CertificatePEM): Certificate {
30
+ if (typeof certificate === "string") {
31
+ certificate = convertPEMtoDER(certificate);
32
+ }
33
+ assert(certificate instanceof Buffer);
34
+ return certificate;
35
+ }
36
+
37
+ /**
38
+ * @method exploreCertificateInfo
39
+ * returns useful information about the certificate such as public key length, start date and end of validity date,
40
+ * and CN
41
+ * @param certificate the certificate to explore
42
+ */
43
+ export function exploreCertificateInfo(certificate: Certificate | CertificatePEM): CertificateInfo {
44
+ certificate = coerceCertificate(certificate);
45
+
46
+ const certInfo = exploreCertificate(certificate);
47
+ const data: CertificateInfo = {
48
+ publicKeyLength: certInfo.tbsCertificate.subjectPublicKeyInfo.keyLength,
49
+ notBefore: certInfo.tbsCertificate.validity.notBefore,
50
+ notAfter: certInfo.tbsCertificate.validity.notAfter,
51
+ publicKey: certInfo.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey,
52
+ subject: certInfo.tbsCertificate.subject,
53
+ };
54
+ // istanbul ignore next
55
+ if (
56
+ !(
57
+ data.publicKeyLength === 512 ||
58
+ data.publicKeyLength === 384 ||
59
+ data.publicKeyLength === 256 ||
60
+ data.publicKeyLength === 128
61
+ )
62
+ ) {
63
+ throw new Error("Invalid public key length (expecting 128,256,384 or 512)" + data.publicKeyLength);
64
+ }
65
+ return data;
66
+ }
package/source/explore_certificate_revocation_list.ts CHANGED
@@ -1,122 +1,122 @@
1
- import {
2
- _readStruct,
3
- readTag,
4
- _readBitString,
5
- AlgorithmIdentifier,
6
- _readAlgorithmIdentifier,
7
- _readSignatureValue,
8
- _readSignatureValueBin,
9
- BlockInfo,
10
- _readObjectIdentifier,
11
- DirectoryName,
12
- _readValue,
13
- _readTime,
14
- _readLongIntegerValue,
15
- formatBuffer2DigitHexWithColum,
16
- _getBlock,
17
- _readDirectoryName,
18
- _findBlockAtIndex,
19
- _readIntegerValue,
20
- TagType,
21
- } from "./asn1";
22
- import { CertificateRevocationList } from "./common";
23
- import { makeSHA1Thumbprint, convertPEMtoDER } from "./crypto_utils";
24
-
25
- export type Version = string;
26
- export type Name = string;
27
- export type CertificateSerialNumber = string;
28
- export type Extensions = Record<string, unknown>;
29
- export interface RevokedCertificate {
30
- userCertificate: CertificateSerialNumber;
31
- revocationDate: Date;
32
- crlEntryExtensions?: Extensions;
33
- }
34
- export interface TBSCertList {
35
- version?: Version; //OPTIONAL; // must be 2
36
- signature: AlgorithmIdentifier;
37
- issuer: Name;
38
- issuerFingerprint: string; // 00:AA:BB:etc ...
39
- thisUpdate: Date;
40
- nextUpdate?: Date; // Time OPTIONAL,
41
- revokedCertificates: RevokedCertificate[];
42
- // crlExtensions[0] EXPLICIT Extensions OPTIONAL
43
- }
44
- export interface CertificateRevocationListInfo {
45
- tbsCertList: TBSCertList;
46
- signatureAlgorithm: AlgorithmIdentifier;
47
- signatureValue: Buffer;
48
- }
49
-
50
- export function readNameForCrl(buffer: Buffer, block: BlockInfo): DirectoryName {
51
- return _readDirectoryName(buffer, block);
52
- }
53
-
54
- function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList {
55
- const blocks = _readStruct(buffer, blockInfo);
56
-
57
- const hasOptionalVersion = blocks[0].tag === TagType.INTEGER;
58
-
59
- if (hasOptionalVersion) {
60
- const version = _readIntegerValue(buffer, blocks[0]);
61
- const signature = _readAlgorithmIdentifier(buffer, blocks[1]);
62
- const issuer = readNameForCrl(buffer, blocks[2]);
63
- const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[2])));
64
-
65
- const thisUpdate = _readTime(buffer, blocks[3]);
66
- const nextUpdate = _readTime(buffer, blocks[4]);
67
-
68
- const revokedCertificates: RevokedCertificate[] = [];
69
-
70
- if (blocks[5] && blocks[5].tag < 0x80) {
71
- const list = _readStruct(buffer, blocks[5]);
72
- for (const r of list) {
73
- // sometime blocks[5] doesn't exits .. in this case
74
- const rr = _readStruct(buffer, r);
75
- const userCertificate = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, rr[0]));
76
- const revocationDate = _readTime(buffer, rr[1]);
77
- revokedCertificates.push({
78
- revocationDate,
79
- userCertificate,
80
- });
81
- }
82
- }
83
-
84
- const ext0 = _findBlockAtIndex(blocks, 0);
85
- return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates } as TBSCertList;
86
- } else {
87
-
88
- const signature = _readAlgorithmIdentifier(buffer, blocks[0]);
89
- const issuer = readNameForCrl(buffer, blocks[1]);
90
- const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[1])));
91
-
92
- const thisUpdate = _readTime(buffer, blocks[2]);
93
- const nextUpdate = _readTime(buffer, blocks[3]);
94
-
95
- const revokedCertificates: RevokedCertificate[] = [];
96
-
97
- if (blocks[4] && blocks[4].tag < 0x80) {
98
- const list = _readStruct(buffer, blocks[4]);
99
- for (const r of list) {
100
- // sometime blocks[5] doesn't exits .. in this case
101
- const rr = _readStruct(buffer, r);
102
- const userCertificate = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, rr[0]));
103
- const revocationDate = _readTime(buffer, rr[1]);
104
- revokedCertificates.push({
105
- revocationDate,
106
- userCertificate,
107
- });
108
- }
109
- }
110
- return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates } as TBSCertList;
111
- }
112
- }
113
- // see https://tools.ietf.org/html/rfc5280
114
-
115
- export function exploreCertificateRevocationList(crl: CertificateRevocationList): CertificateRevocationListInfo {
116
- const blockInfo = readTag(crl, 0);
117
- const blocks = _readStruct(crl, blockInfo);
118
- const tbsCertList = _readTbsCertList(crl, blocks[0]);
119
- const signatureAlgorithm = _readAlgorithmIdentifier(crl, blocks[1]);
120
- const signatureValue = _readSignatureValueBin(crl, blocks[2]);
121
- return { tbsCertList, signatureAlgorithm, signatureValue };
122
- }
1
+ import {
2
+ _readStruct,
3
+ readTag,
4
+ _readBitString,
5
+ AlgorithmIdentifier,
6
+ _readAlgorithmIdentifier,
7
+ _readSignatureValue,
8
+ _readSignatureValueBin,
9
+ BlockInfo,
10
+ _readObjectIdentifier,
11
+ DirectoryName,
12
+ _readValue,
13
+ _readTime,
14
+ _readLongIntegerValue,
15
+ formatBuffer2DigitHexWithColum,
16
+ _getBlock,
17
+ _readDirectoryName,
18
+ _findBlockAtIndex,
19
+ _readIntegerValue,
20
+ TagType,
21
+ } from "./asn1";
22
+ import { CertificateRevocationList } from "./common";
23
+ import { makeSHA1Thumbprint, convertPEMtoDER } from "./crypto_utils";
24
+
25
+ export type Version = string;
26
+ export type Name = string;
27
+ export type CertificateSerialNumber = string;
28
+ export type Extensions = Record<string, unknown>;
29
+ export interface RevokedCertificate {
30
+ userCertificate: CertificateSerialNumber;
31
+ revocationDate: Date;
32
+ crlEntryExtensions?: Extensions;
33
+ }
34
+ export interface TBSCertList {
35
+ version?: Version; //OPTIONAL; // must be 2
36
+ signature: AlgorithmIdentifier;
37
+ issuer: Name;
38
+ issuerFingerprint: string; // 00:AA:BB:etc ...
39
+ thisUpdate: Date;
40
+ nextUpdate?: Date; // Time OPTIONAL,
41
+ revokedCertificates: RevokedCertificate[];
42
+ // crlExtensions[0] EXPLICIT Extensions OPTIONAL
43
+ }
44
+ export interface CertificateRevocationListInfo {
45
+ tbsCertList: TBSCertList;
46
+ signatureAlgorithm: AlgorithmIdentifier;
47
+ signatureValue: Buffer;
48
+ }
49
+
50
+ export function readNameForCrl(buffer: Buffer, block: BlockInfo): DirectoryName {
51
+ return _readDirectoryName(buffer, block);
52
+ }
53
+
54
+ function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList {
55
+ const blocks = _readStruct(buffer, blockInfo);
56
+
57
+ const hasOptionalVersion = blocks[0].tag === TagType.INTEGER;
58
+
59
+ if (hasOptionalVersion) {
60
+ const version = _readIntegerValue(buffer, blocks[0]);
61
+ const signature = _readAlgorithmIdentifier(buffer, blocks[1]);
62
+ const issuer = readNameForCrl(buffer, blocks[2]);
63
+ const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[2])));
64
+
65
+ const thisUpdate = _readTime(buffer, blocks[3]);
66
+ const nextUpdate = _readTime(buffer, blocks[4]);
67
+
68
+ const revokedCertificates: RevokedCertificate[] = [];
69
+
70
+ if (blocks[5] && blocks[5].tag < 0x80) {
71
+ const list = _readStruct(buffer, blocks[5]);
72
+ for (const r of list) {
73
+ // sometime blocks[5] doesn't exits .. in this case
74
+ const rr = _readStruct(buffer, r);
75
+ const userCertificate = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, rr[0]));
76
+ const revocationDate = _readTime(buffer, rr[1]);
77
+ revokedCertificates.push({
78
+ revocationDate,
79
+ userCertificate,
80
+ });
81
+ }
82
+ }
83
+
84
+ const ext0 = _findBlockAtIndex(blocks, 0);
85
+ return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates } as TBSCertList;
86
+ } else {
87
+
88
+ const signature = _readAlgorithmIdentifier(buffer, blocks[0]);
89
+ const issuer = readNameForCrl(buffer, blocks[1]);
90
+ const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[1])));
91
+
92
+ const thisUpdate = _readTime(buffer, blocks[2]);
93
+ const nextUpdate = _readTime(buffer, blocks[3]);
94
+
95
+ const revokedCertificates: RevokedCertificate[] = [];
96
+
97
+ if (blocks[4] && blocks[4].tag < 0x80) {
98
+ const list = _readStruct(buffer, blocks[4]);
99
+ for (const r of list) {
100
+ // sometime blocks[5] doesn't exits .. in this case
101
+ const rr = _readStruct(buffer, r);
102
+ const userCertificate = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, rr[0]));
103
+ const revocationDate = _readTime(buffer, rr[1]);
104
+ revokedCertificates.push({
105
+ revocationDate,
106
+ userCertificate,
107
+ });
108
+ }
109
+ }
110
+ return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates } as TBSCertList;
111
+ }
112
+ }
113
+ // see https://tools.ietf.org/html/rfc5280
114
+
115
+ export function exploreCertificateRevocationList(crl: CertificateRevocationList): CertificateRevocationListInfo {
116
+ const blockInfo = readTag(crl, 0);
117
+ const blocks = _readStruct(crl, blockInfo);
118
+ const tbsCertList = _readTbsCertList(crl, blocks[0]);
119
+ const signatureAlgorithm = _readAlgorithmIdentifier(crl, blocks[1]);
120
+ const signatureValue = _readSignatureValueBin(crl, blocks[2]);
121
+ return { tbsCertList, signatureAlgorithm, signatureValue };
122
+ }
package/source/explore_certificate_signing_request.ts CHANGED
@@ -1,58 +1,58 @@
1
- import * as assert from "assert";
2
- import { BlockInfo, readTag, _findBlockAtIndex, _getBlock, _readObjectIdentifier, _readStruct, _readVersionValue } from "./asn1";
3
-
4
- import { BasicConstraints, X509KeyUsage, _readExtension } from "./crypto_explore_certificate";
5
-
6
- export interface ExtensionRequest {
7
- basicConstraints: BasicConstraints;
8
- keyUsage: X509KeyUsage;
9
- subjectAltName: any;
10
- }
11
- export interface CertificateSigningRequestInfo {
12
- extensionRequest: ExtensionRequest;
13
- }
14
-
15
- function _readExtensionRequest(buffer: Buffer): ExtensionRequest {
16
- const block = readTag(buffer, 0);
17
-
18
- const inner_blocks = _readStruct(buffer, block);
19
- const extensions = inner_blocks.map((block1) => _readExtension(buffer, block1));
20
-
21
- const result: any = {};
22
- for (const e of extensions) {
23
- result[e.identifier.name] = e.value;
24
- }
25
- const { basicConstraints, keyUsage, subjectAltName } = result;
26
- return { basicConstraints, keyUsage, subjectAltName };
27
- }
28
-
29
- export function readCertificationRequestInfo(buffer: Buffer, block: BlockInfo): CertificateSigningRequestInfo {
30
- const blocks = _readStruct(buffer, block);
31
- if (blocks.length === 4) {
32
- const extensionRequestBlock = _findBlockAtIndex(blocks, 0);
33
- if (!extensionRequestBlock) {
34
- throw new Error("cannot find extensionRequest block");
35
- }
36
- const blocks1 = _readStruct(buffer, extensionRequestBlock);
37
- const blocks2 = _readStruct(buffer, blocks1[0]);
38
- const identifier = _readObjectIdentifier(buffer, blocks2[0]);
39
- if (identifier.name !== "extensionRequest") {
40
- throw new Error(" Cannot find extension Request in ASN1 block");
41
- }
42
- const buf = _getBlock(buffer, blocks2[1]);
43
-
44
- const extensionRequest = _readExtensionRequest(buf);
45
-
46
- return { extensionRequest };
47
- }
48
- throw new Error("Invalid CSR or ");
49
- }
50
-
51
- // see https://tools.ietf.org/html/rfc2986 : Certification Request Syntax Specification Version 1.7
52
-
53
- export function exploreCertificateSigningRequest(crl: Buffer): CertificateSigningRequestInfo {
54
- const blockInfo = readTag(crl, 0);
55
- const blocks = _readStruct(crl, blockInfo);
56
- const csrInfo = readCertificationRequestInfo(crl, blocks[0]);
57
- return csrInfo;
58
- }
1
+ import * as assert from "assert";
2
+ import { BlockInfo, readTag, _findBlockAtIndex, _getBlock, _readObjectIdentifier, _readStruct, _readVersionValue } from "./asn1";
3
+
4
+ import { BasicConstraints, X509KeyUsage, _readExtension } from "./crypto_explore_certificate";
5
+
6
+ export interface ExtensionRequest {
7
+ basicConstraints: BasicConstraints;
8
+ keyUsage: X509KeyUsage;
9
+ subjectAltName: any;
10
+ }
11
+ export interface CertificateSigningRequestInfo {
12
+ extensionRequest: ExtensionRequest;
13
+ }
14
+
15
+ function _readExtensionRequest(buffer: Buffer): ExtensionRequest {
16
+ const block = readTag(buffer, 0);
17
+
18
+ const inner_blocks = _readStruct(buffer, block);
19
+ const extensions = inner_blocks.map((block1) => _readExtension(buffer, block1));
20
+
21
+ const result: any = {};
22
+ for (const e of extensions) {
23
+ result[e.identifier.name] = e.value;
24
+ }
25
+ const { basicConstraints, keyUsage, subjectAltName } = result;
26
+ return { basicConstraints, keyUsage, subjectAltName };
27
+ }
28
+
29
+ export function readCertificationRequestInfo(buffer: Buffer, block: BlockInfo): CertificateSigningRequestInfo {
30
+ const blocks = _readStruct(buffer, block);
31
+ if (blocks.length === 4) {
32
+ const extensionRequestBlock = _findBlockAtIndex(blocks, 0);
33
+ if (!extensionRequestBlock) {
34
+ throw new Error("cannot find extensionRequest block");
35
+ }
36
+ const blocks1 = _readStruct(buffer, extensionRequestBlock);
37
+ const blocks2 = _readStruct(buffer, blocks1[0]);
38
+ const identifier = _readObjectIdentifier(buffer, blocks2[0]);
39
+ if (identifier.name !== "extensionRequest") {
40
+ throw new Error(" Cannot find extension Request in ASN1 block");
41
+ }
42
+ const buf = _getBlock(buffer, blocks2[1]);
43
+
44
+ const extensionRequest = _readExtensionRequest(buf);
45
+
46
+ return { extensionRequest };
47
+ }
48
+ throw new Error("Invalid CSR or ");
49
+ }
50
+
51
+ // see https://tools.ietf.org/html/rfc2986 : Certification Request Syntax Specification Version 1.7
52
+
53
+ export function exploreCertificateSigningRequest(crl: Buffer): CertificateSigningRequestInfo {
54
+ const blockInfo = readTag(crl, 0);
55
+ const blocks = _readStruct(crl, blockInfo);
56
+ const csrInfo = readCertificationRequestInfo(crl, blocks[0]);
57
+ return csrInfo;
58
+ }