node-opcua-crypto 1.7.1 → 1.7.5

package/source/buffer_utils.ts

@@ -1,18 +1,18 @@
-//
-// note: new Buffer(size)#  is deprecated since: v6.0. and is replaced with Buffer.allocUnsafe
-//       to ensure backward compatibility we have to replace
-//       new Buffer(size) with createFastUninitializedBuffer(size)
-//
-//       Buffer.alloc and Buffer.allocUnsafe have been introduced in nodejs 5.1.0
-//  in node 0.11 new Buffer
-//
-/**
- * @internal
- * @private
- */
-export const createFastUninitializedBuffer = Buffer.allocUnsafe
-    ? Buffer.allocUnsafe
-    : (size: number): Buffer => {
-          // istanbul ignore next
-          return new Buffer(size);
-      };
+//
+// note: new Buffer(size)#  is deprecated since: v6.0. and is replaced with Buffer.allocUnsafe
+//       to ensure backward compatibility we have to replace
+//       new Buffer(size) with createFastUninitializedBuffer(size)
+//
+//       Buffer.alloc and Buffer.allocUnsafe have been introduced in nodejs 5.1.0
+//  in node 0.11 new Buffer
+//
+/**
+ * @internal
+ * @private
+ */
+export const createFastUninitializedBuffer = Buffer.allocUnsafe
+    ? Buffer.allocUnsafe
+    : (size: number): Buffer => {
+          // istanbul ignore next
+          return new Buffer(size);
+      };

package/source/common.ts

@@ -1,13 +1,13 @@
-export type Nonce = Buffer;
-
-export type PEM = string;
-export type DER = Buffer;
-export type Certificate = DER;
-export type CertificatePEM = PEM; // certificate as a PEM string
-export type PrivateKey = DER;
-export type PrivateKeyPEM = PEM;
-export type PublicKey = DER;
-export type PublicKeyPEM = PEM;
-
-export type Signature = Buffer;
-export type CertificateRevocationList = Buffer;
+export type Nonce = Buffer;
+
+export type PEM = string;
+export type DER = Buffer;
+export type Certificate = DER;
+export type CertificatePEM = PEM; // certificate as a PEM string
+export type PrivateKey = DER;
+export type PrivateKeyPEM = PEM;
+export type PublicKey = DER;
+export type PublicKeyPEM = PEM;
+
+export type Signature = Buffer;
+export type CertificateRevocationList = Buffer;

package/source/crypto_explore_certificate.ts

@@ -67,6 +67,7 @@ import {
     _readListOfInteger,
     _readObjectIdentifier,
     _readAlgorithmIdentifier,
+    _readECCAlgorithmIdentifier,
     _readBooleanValue,
     _readIntegerValue,
     _readLongIntegerValue,
@@ -506,7 +507,6 @@ export function _readExtension(buffer: Buffer, block: BlockInfo): { identifier:
 // Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
 function _readExtensions(buffer: Buffer, block: BlockInfo): CertificateExtension {
     assert(block.tag === 0xa3);
-
     let inner_blocks = _readStruct(buffer, block);
     inner_blocks = _readStruct(buffer, inner_blocks[0]);
 
@@ -565,6 +565,26 @@ function _readSubjectPublicKeyInfo(buffer: Buffer, block: BlockInfo): SubjectPub
     };
 }
 
+function _readSubjectECCPublicKeyInfo(buffer: Buffer, block: BlockInfo): SubjectPublicKeyInfo {
+    const inner_blocks = _readStruct(buffer, block);
+
+    // first parameter is the second element of the first block, which is why we have another algorithm
+    const algorithm = _readECCAlgorithmIdentifier(buffer, inner_blocks[0]);
+
+    // the public key is already in bit format, we just need to read it
+    const subjectPublicKey = _readBitString(buffer, inner_blocks[1]);
+
+    // take out the data which is the entirity of our public key 
+    const data = subjectPublicKey.data;
+    return {
+        algorithm: algorithm.identifier,
+        keyLength: (data.length - 1) as PublicKeyLength,
+        subjectPublicKey: {
+            modulus: data
+        }
+    };
+}
+
 export interface SubjectPublicKeyInfo {
     algorithm: string;
     keyLength: PublicKeyLength;
@@ -608,7 +628,8 @@ export interface TbsCertificate {
 export function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertificate {
     const blocks = _readStruct(buffer, block);
 
-    let version, serialNumber, signature, issuer, validity, subject, subjectFingerPrint, subjectPublicKeyInfo, extensions;
+    let version, serialNumber, signature, issuer, validity, subject, subjectFingerPrint, extensions;
+    let subjectPublicKeyInfo: SubjectPublicKeyInfo;
 
     if (blocks.length === 6) {
         // X509 Version 1:
@@ -625,7 +646,6 @@ export function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertifi
         extensions = null;
     } else {
         // X509 Version 3:
-
         const version_block = _findBlockAtIndex(blocks, 0);
         if (!version_block) {
             throw new Error("cannot find version block");
@@ -637,7 +657,21 @@ export function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertifi
         validity = _readValidity(buffer, blocks[4]);
         subject = _readName(buffer, blocks[5]);
         subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[5])));
-        subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[6]);
+
+        const inner_block = _readStruct(buffer, blocks[6])
+        const what_type = _readAlgorithmIdentifier(buffer, inner_block[0]).identifier
+
+        switch (what_type) {
+            case "rsaEncryption": {
+                subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[6]);
+                break;
+            }
+            case "ecPublicKey":
+            default: {
+                subjectPublicKeyInfo = _readSubjectECCPublicKeyInfo(buffer, blocks[6]);
+                break;
+            }
+        }
 
         const extensionBlock = _findBlockAtIndex(blocks, 3);
         if (!extensionBlock) {

package/source/crypto_utils.ts

@@ -12,7 +12,7 @@ import { hexy } from "hexy";
 
 const jsrsasign = require("jsrsasign");
 
-const PEM_REGEX = /^(-----BEGIN (.*)-----\r?\n([\/+=a-zA-Z0-9\r\n]*)\r?\n-----END \2-----\r?\n)/gm;
+const PEM_REGEX = /^(-----BEGIN (.*)-----\r?\n([/+=a-zA-Z0-9\r\n]*)\r?\n-----END \2-----\r?\n)/gm;
 
 const PEM_TYPE_REGEX = /^(-----BEGIN (.*)-----)/m;
 // Copyright 2012 The Obvious Corporation.
@@ -106,7 +106,7 @@ interface MakeMessageChunkSignatureOptions {
  * @return - the signature
  */
 export function makeMessageChunkSignature(chunk: Buffer, options: MakeMessageChunkSignatureOptions): Buffer {
-    assert(options.hasOwnProperty("algorithm"));
+    assert(Object.prototype.hasOwnProperty.call(options,"algorithm"));
     assert(chunk instanceof Buffer);
     assert(["RSA PRIVATE KEY", "PRIVATE KEY"].indexOf(identifyPemType(options.privateKey) as string) >= 0);
     // signature length = 128 bytes
@@ -114,7 +114,7 @@ export function makeMessageChunkSignature(chunk: Buffer, options: MakeMessageChu
     signer.update(chunk);
     const signature = signer.sign(options.privateKey);
     assert(!options.signatureLength || signature.length === options.signatureLength);
-    return signature as Buffer; // Buffer
+    return signature;
 }
 
 export interface VerifyMessageChunkSignatureOptions {