node-opcua-crypto 2.2.0 → 3.0.0-beta.1

package/source/explore_certificate.ts

@@ -1,66 +0,0 @@
-/**
- * @module node_opcua_crypto
- */
-
-import { Certificate, CertificatePEM } from "./common";
-import { exploreCertificate, SubjectPublicKey } from "./crypto_explore_certificate";
-import { DirectoryName } from "./asn1";
-import { convertPEMtoDER } from "./crypto_utils";
-import * as assert from "assert";
-
-export type PublicKeyLength = 64 | 96 | 128 | 256 | 384 | 512;
-
-/**
- * A structure exposing useful information about a certificate
- */
-export interface CertificateInfo {
-    /** the public key length in bits */
-    publicKeyLength: PublicKeyLength;
-    /** the date at which the certificate starts to be valid */
-    notBefore: Date;
-    /** the date after which the certificate is not valid any more */
-    notAfter: Date;
-    /** info about certificate owner */
-    subject: DirectoryName;
-    /** public key */
-    publicKey: SubjectPublicKey;
-}
-
-export function coerceCertificate(certificate: Certificate | CertificatePEM): Certificate {
-    if (typeof certificate === "string") {
-        certificate = convertPEMtoDER(certificate);
-    }
-    assert(certificate instanceof Buffer);
-    return certificate;
-}
-
-/**
- * @method exploreCertificateInfo
- * returns useful information about the certificate such as public key length, start date and end of validity date,
- * and CN
- * @param certificate the certificate to explore
- */
-export function exploreCertificateInfo(certificate: Certificate | CertificatePEM): CertificateInfo {
-    certificate = coerceCertificate(certificate);
-
-    const certInfo = exploreCertificate(certificate);
-    const data: CertificateInfo = {
-        publicKeyLength: certInfo.tbsCertificate.subjectPublicKeyInfo.keyLength,
-        notBefore: certInfo.tbsCertificate.validity.notBefore,
-        notAfter: certInfo.tbsCertificate.validity.notAfter,
-        publicKey: certInfo.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey,
-        subject: certInfo.tbsCertificate.subject,
-    };
-    // istanbul ignore next
-    if (
-        !(
-            data.publicKeyLength === 512 ||
-            data.publicKeyLength === 384 ||
-            data.publicKeyLength === 256 ||
-            data.publicKeyLength === 128
-        )
-    ) {
-        throw new Error("Invalid public key length (expecting 128,256,384 or 512)" + data.publicKeyLength);
-    }
-    return data;
-}

package/source/explore_certificate_revocation_list.ts

@@ -1,122 +0,0 @@
-import {
-    _readStruct,
-    readTag,
-    _readBitString,
-    AlgorithmIdentifier,
-    _readAlgorithmIdentifier,
-    _readSignatureValue,
-    _readSignatureValueBin,
-    BlockInfo,
-    _readObjectIdentifier,
-    DirectoryName,
-    _readValue,
-    _readTime,
-    _readLongIntegerValue,
-    formatBuffer2DigitHexWithColum,
-    _getBlock,
-    _readDirectoryName,
-    _findBlockAtIndex,
-    _readIntegerValue,
-    TagType,
-} from "./asn1";
-import { CertificateRevocationList } from "./common";
-import { makeSHA1Thumbprint, convertPEMtoDER } from "./crypto_utils";
-
-export type Version = string;
-export type Name = string;
-export type CertificateSerialNumber = string;
-export type Extensions = Record<string, unknown>;
-export interface RevokedCertificate {
-    userCertificate: CertificateSerialNumber;
-    revocationDate: Date;
-    crlEntryExtensions?: Extensions;
-}
-export interface TBSCertList {
-    version?: Version; //OPTIONAL; // must be 2
-    signature: AlgorithmIdentifier;
-    issuer: Name;
-    issuerFingerprint: string; // 00:AA:BB:etc ...
-    thisUpdate: Date;
-    nextUpdate?: Date; //             Time OPTIONAL,
-    revokedCertificates: RevokedCertificate[];
-    //    crlExtensions[0]  EXPLICIT Extensions OPTIONAL
-}
-export interface CertificateRevocationListInfo {
-    tbsCertList: TBSCertList;
-    signatureAlgorithm: AlgorithmIdentifier;
-    signatureValue: Buffer;
-}
-
-export function readNameForCrl(buffer: Buffer, block: BlockInfo): DirectoryName {
-    return _readDirectoryName(buffer, block);
-}
-
-function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList {
-    const blocks = _readStruct(buffer, blockInfo);
-
-    const hasOptionalVersion = blocks[0].tag === TagType.INTEGER;
-
-    if (hasOptionalVersion) {
-        const version = _readIntegerValue(buffer, blocks[0]);
-        const signature = _readAlgorithmIdentifier(buffer, blocks[1]);
-        const issuer = readNameForCrl(buffer, blocks[2]);
-        const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[2])));
-
-        const thisUpdate = _readTime(buffer, blocks[3]);
-        const nextUpdate = _readTime(buffer, blocks[4]);
-
-        const revokedCertificates: RevokedCertificate[] = [];
-
-        if (blocks[5] && blocks[5].tag < 0x80) {
-            const list = _readStruct(buffer, blocks[5]);
-            for (const r of list) {
-                // sometime blocks[5] doesn't exits .. in this case
-                const rr = _readStruct(buffer, r);
-                const userCertificate = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, rr[0]));
-                const revocationDate = _readTime(buffer, rr[1]);
-                revokedCertificates.push({
-                    revocationDate,
-                    userCertificate,
-                });
-            }
-        }
-
-        const ext0 = _findBlockAtIndex(blocks, 0);
-        return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates } as TBSCertList;
-    } else {
-
-        const signature = _readAlgorithmIdentifier(buffer, blocks[0]);
-        const issuer = readNameForCrl(buffer, blocks[1]);
-        const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[1])));
-
-        const thisUpdate = _readTime(buffer, blocks[2]);
-        const nextUpdate = _readTime(buffer, blocks[3]);
-
-        const revokedCertificates: RevokedCertificate[] = [];
-
-        if (blocks[4] && blocks[4].tag < 0x80) {
-            const list = _readStruct(buffer, blocks[4]);
-            for (const r of list) {
-                // sometime blocks[5] doesn't exits .. in this case
-                const rr = _readStruct(buffer, r);
-                const userCertificate = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, rr[0]));
-                const revocationDate = _readTime(buffer, rr[1]);
-                revokedCertificates.push({
-                    revocationDate,
-                    userCertificate,
-                });
-            }
-        }
-        return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates } as TBSCertList;
-    }
-}
-// see https://tools.ietf.org/html/rfc5280
-
-export function exploreCertificateRevocationList(crl: CertificateRevocationList): CertificateRevocationListInfo {
-    const blockInfo = readTag(crl, 0);
-    const blocks = _readStruct(crl, blockInfo);
-    const tbsCertList = _readTbsCertList(crl, blocks[0]);
-    const signatureAlgorithm = _readAlgorithmIdentifier(crl, blocks[1]);
-    const signatureValue = _readSignatureValueBin(crl, blocks[2]);
-    return { tbsCertList, signatureAlgorithm, signatureValue };
-}

package/source/explore_certificate_signing_request.ts

@@ -1,58 +0,0 @@
-import * as assert from "assert";
-import { BlockInfo, readTag, _findBlockAtIndex, _getBlock, _readObjectIdentifier, _readStruct, _readVersionValue } from "./asn1";
-
-import { BasicConstraints, X509KeyUsage, _readExtension } from "./crypto_explore_certificate";
-
-export interface ExtensionRequest {
-    basicConstraints: BasicConstraints;
-    keyUsage: X509KeyUsage;
-    subjectAltName: any;
-}
-export interface CertificateSigningRequestInfo {
-    extensionRequest: ExtensionRequest;
-}
-
-function _readExtensionRequest(buffer: Buffer): ExtensionRequest {
-    const block = readTag(buffer, 0);
-
-    const inner_blocks = _readStruct(buffer, block);
-    const extensions = inner_blocks.map((block1) => _readExtension(buffer, block1));
-
-    const result: any = {};
-    for (const e of extensions) {
-        result[e.identifier.name] = e.value;
-    }
-    const { basicConstraints, keyUsage, subjectAltName } = result;
-    return { basicConstraints, keyUsage, subjectAltName };
-}
-
-export function readCertificationRequestInfo(buffer: Buffer, block: BlockInfo): CertificateSigningRequestInfo {
-    const blocks = _readStruct(buffer, block);
-    if (blocks.length === 4) {
-        const extensionRequestBlock = _findBlockAtIndex(blocks, 0);
-        if (!extensionRequestBlock) {
-            throw new Error("cannot find extensionRequest block");
-        }
-        const blocks1 = _readStruct(buffer, extensionRequestBlock);
-        const blocks2 = _readStruct(buffer, blocks1[0]);
-        const identifier = _readObjectIdentifier(buffer, blocks2[0]);
-        if (identifier.name !== "extensionRequest") {
-            throw new Error(" Cannot find extension Request in ASN1 block");
-        }
-        const buf = _getBlock(buffer, blocks2[1]);
-
-        const extensionRequest = _readExtensionRequest(buf);
-
-        return { extensionRequest };
-    }
-    throw new Error("Invalid CSR or ");
-}
-
-// see https://tools.ietf.org/html/rfc2986 : Certification Request Syntax Specification Version 1.7
-
-export function exploreCertificateSigningRequest(crl: Buffer): CertificateSigningRequestInfo {
-    const blockInfo = readTag(crl, 0);
-    const blocks = _readStruct(crl, blockInfo);
-    const csrInfo = readCertificationRequestInfo(crl, blocks[0]);
-    return csrInfo;
-}

package/source/explore_private_key.ts

@@ -1,119 +0,0 @@
-import * as assert from "assert";
-import { BlockInfo, readTag, TagType, _readIntegerAsByteString, _readStruct } from "./asn1";
-import { PrivateKey } from "./common";
-
-// tslint:disable:no-empty-interface
-export interface PrivateKeyInternals {
-    /***/
-    version: Buffer;
-    modulus: Buffer;
-    publicExponent: Buffer;
-    privateExponent: Buffer;
-    prime1: Buffer;
-    prime2: Buffer;
-    exponent1: Buffer;
-    exponent2: Buffer;
-}
-
-function f(buffer: Buffer, b: BlockInfo) {
-    return buffer.subarray(b.position + 1, b.position + b.length);
-}
-const doDebug = !!process.env.DEBUG;
-/**
- * 
- * @param privateKey RSAPrivateKey ::= SEQUENCE {
- *  version           Version,
- *  modulus           INTEGER,  -- n
- *  publicExponent    INTEGER,  -- e
- *  privateExponent   INTEGER,  -- d
- *  prime1            INTEGER,  -- p
- *  prime2            INTEGER,  -- q
- *  exponent1         INTEGER,  -- d mod (p-1)
- *  exponent2         INTEGER,  -- d mod (q-1)
- *  coefficient       INTEGER,  -- (inverse of q) mod p
- *  otherPrimeInfos   OtherPrimeInfos OPTIONAL
-}
- */
-export function explorePrivateKey(privateKey1: PrivateKey): PrivateKeyInternals {
-    const privateKey = privateKey1.export({ format: "der", type: "pkcs1" }) as Buffer;
-    assert(privateKey instanceof Buffer);
-    const block_info = readTag(privateKey, 0);
-    const blocks = _readStruct(privateKey, block_info);
-
-    if (blocks.length === 9) {
-        // alice_rsa
-        const version = f(privateKey, blocks[0]); // _readIntegerAsByteString(privateKey, blocks1[0]);
-        const modulus = f(privateKey, blocks[1]);
-        const publicExponent = f(privateKey, blocks[2]);
-        const privateExponent = f(privateKey, blocks[3]);
-        const prime1 = f(privateKey, blocks[4]);
-        const prime2 = f(privateKey, blocks[5]);
-        const exponent1 = f(privateKey, blocks[6]);
-        const exponent2 = f(privateKey, blocks[7]);
-
-        return {
-            version,
-            modulus,
-            publicExponent,
-            privateExponent,
-            prime1,
-            prime2,
-            exponent1,
-            exponent2,
-        };
-    }
-    /* istanbul ignore next */
-    if (doDebug) {
-        // tslint:disable:no-console
-        console.log("-------------------- private key:");
-        console.log(block_info);
-
-        // tslint:disable:no-console
-        console.log(
-            blocks.map((b) => ({
-                tag: TagType[b.tag] + " 0x" + b.tag.toString(16),
-                l: b.length,
-                p: b.position,
-                buff: privateKey.subarray(b.position, b.position + b.length).toString("hex"),
-            }))
-        );
-    }
-
-    const b = blocks[2];
-    const bb = privateKey.subarray(b.position, b.position + b.length);
-    const block_info1 = readTag(bb, 0);
-    const blocks1 = _readStruct(bb, block_info1);
-
-    /* istanbul ignore next */
-    if (doDebug) {
-        // tslint:disable:no-console
-        console.log(
-            blocks1.map((b) => ({
-                tag: TagType[b.tag] + " 0x" + b.tag.toString(16),
-                l: b.length,
-                p: b.position,
-                buff: bb.subarray(b.position, b.position + b.length).toString("hex"),
-            }))
-        );
-    }
-
-    const version = f(bb, blocks1[0]);
-    const modulus = f(bb, blocks1[1]);
-    const publicExponent = f(bb, blocks1[2]);
-    const privateExponent = f(bb, blocks1[3]);
-    const prime1 = f(bb, blocks1[4]);
-    const prime2 = f(bb, blocks1[5]);
-    const exponent1 = f(bb, blocks1[6]);
-    const exponent2 = f(bb, blocks1[7]);
-
-    return {
-        version,
-        modulus,
-        publicExponent,
-        privateExponent,
-        prime1,
-        prime2,
-        exponent1,
-        exponent2,
-    };
-}

package/source/index.ts

@@ -1,13 +0,0 @@
-/**
- * @module node_opcua_crypto
- */
-export * from "./common";
-export * from "./derived_keys";
-export * from "./explore_certificate";
-export * from "./crypto_utils";
-export * from "./crypto_explore_certificate";
-export * from "./verify_certificate_signature";
-export * from "./explore_certificate_revocation_list";
-export * from "./explore_certificate_signing_request";
-export * from "./explore_private_key";
-export * from "./public_private_match";

package/source/public_private_match.ts

@@ -1,37 +0,0 @@
-import { explorePrivateKey } from "./explore_private_key";
-import { Certificate, CertificatePEM, PrivateKey, PrivateKeyPEM } from "./common";
-import { privateDecrypt_long, publicEncrypt_long, toPem } from "./crypto_utils";
-import { exploreCertificate } from "./crypto_explore_certificate";
-
-export function publicKeyAndPrivateKeyMatches(certificate: Certificate, privateKey: PrivateKey): boolean {
-    const i = exploreCertificate(certificate);
-    const j = explorePrivateKey(privateKey);
-
-    const modulus1 = i.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.modulus;
-    const modulus2 = j.modulus;
-
-    if (modulus1.length != modulus2.length) {
-        return false;
-    }
-    return modulus1.toString("hex") === modulus2.toString("hex");
-}
-
-/**
- * check that the given certificate matches the given private key
- * @param certificate
- * @param privateKey
- */
-function certificateMatchesPrivateKeyPEM(certificate: CertificatePEM, privateKey: PrivateKey, blockSize: number): boolean {
-    const initialBuffer = Buffer.from("Lorem Ipsum");
-    const encryptedBuffer = publicEncrypt_long(initialBuffer, certificate, blockSize, 11);
-    const decryptedBuffer = privateDecrypt_long(encryptedBuffer, privateKey, blockSize);
-    const finalString = decryptedBuffer.toString("utf-8");
-    return initialBuffer.toString("utf-8") === finalString;
-}
-
-export function certificateMatchesPrivateKey(certificate: Certificate, privateKey: PrivateKey): boolean {
-    const e = explorePrivateKey(privateKey);
-    const blockSize = e.modulus.length;
-    const certificatePEM = toPem(certificate, "CERTIFICATE");
-    return certificateMatchesPrivateKeyPEM(certificatePEM, privateKey, blockSize);
-}

package/source/verify_certificate_signature.ts

@@ -1,105 +0,0 @@
-// tslint:disable: no-console
-
-// Now that we got a hash of the original certificate,
-// we need to verify if we can obtain the same hash by using the same hashing function
-// (in this case SHA-384). In order to do that, we need to extract just the body of
-// the signed certificate. Which, in our case, is everything but the signature.
-// The start of the body is always the first digit of the second line of the following command:
-import * as crypto from "crypto";
-
-import { Certificate, PrivateKey } from "./common";
-import { split_der, exploreCertificate } from "./crypto_explore_certificate";
-import { toPem } from "./crypto_utils";
-import { _readAlgorithmIdentifier, _readSignatureValueBin, TagType, readTag, _readStruct, _getBlock } from "./asn1";
-
-export function verifyCertificateOrClrSignature(certificateOrCrl: Buffer, parentCertificate: Certificate): boolean {
-    const block_info = readTag(certificateOrCrl, 0);
-    const blocks = _readStruct(certificateOrCrl, block_info);
-    const bufferToBeSigned = certificateOrCrl.slice(block_info.position, blocks[1].position - 2);
-
-    //xx console.log("bufferToBeSigned  = ", bufferToBeSigned.length, bufferToBeSigned.toString("hex").substr(0, 50), bufferToBeSigned.toString("hex").substr(-10));
-    const signatureAlgorithm = _readAlgorithmIdentifier(certificateOrCrl, blocks[1]);
-    const signatureValue = _readSignatureValueBin(certificateOrCrl, blocks[2]);
-
-    const p = split_der(parentCertificate)[0];
-    //xx    const publicKey = extractPublicKeyFromCertificateSync(p);
-    const certPem = toPem(p, "CERTIFICATE");
-    const verify = crypto.createVerify(signatureAlgorithm.identifier);
-    verify.update(bufferToBeSigned);
-    verify.end();
-    return verify.verify(certPem, signatureValue);
-}
-
-export function verifyCertificateSignature(certificate: Certificate, parentCertificate: Certificate): boolean {
-    return verifyCertificateOrClrSignature(certificate, parentCertificate);
-}
-export function verifyCertificateRevocationListSignature(
-    certificateRevocationList: Certificate,
-    parentCertificate: Certificate
-): boolean {
-    return verifyCertificateOrClrSignature(certificateRevocationList, parentCertificate);
-}
-
-export type _VerifyStatus = "BadCertificateIssuerUseNotAllowed" | "BadCertificateInvalid" | "Good";
-export async function verifyCertificateChain(certificateChain: Certificate[]): Promise<{ status: _VerifyStatus; reason: string }> {
-    // verify that all the certificate
-    // second certificate must be used for CertificateSign
-
-    for (let index = 1; index < certificateChain.length; index++) {
-        const cert = certificateChain[index - 1];
-        const certParent = certificateChain[index];
-
-        // parent child must have keyCertSign
-        const certParentInfo = exploreCertificate(certParent);
-        const keyUsage = certParentInfo.tbsCertificate.extensions!.keyUsage!;
-
-        // istanbul ignore next
-        if (!keyUsage.keyCertSign) {
-            return {
-                status: "BadCertificateIssuerUseNotAllowed",
-                reason: "One of the certificate in the chain has not keyUsage set for Certificate Signing",
-            };
-        }
-
-        const parentSignChild = verifyCertificateSignature(cert, certParent);
-        if (!parentSignChild) {
-            return {
-                status: "BadCertificateInvalid",
-                reason: "One of the certificate in the chain is not signing the previous certificate",
-            };
-        }
-        const certInfo = exploreCertificate(cert);
-
-        // istanbul ignore next
-        if (!certInfo.tbsCertificate.extensions) {
-            return {
-                status: "BadCertificateInvalid",
-                reason: "Cannot find X409 Extension 3 in certificate",
-            };
-        }
-
-        // istanbul ignore next
-        if (!certParentInfo.tbsCertificate.extensions || !certInfo.tbsCertificate.extensions.authorityKeyIdentifier) {
-            return {
-                status: "BadCertificateInvalid",
-                reason: "Cannot find X409 Extension 3 in certificate (parent)",
-            };
-        }
-
-        // istanbul ignore next
-        if (
-            certParentInfo.tbsCertificate.extensions.subjectKeyIdentifier !==
-            certInfo.tbsCertificate.extensions.authorityKeyIdentifier.keyIdentifier
-        ) {
-            return {
-                status: "BadCertificateInvalid",
-                reason:
-                    "subjectKeyIdentifier authorityKeyIdentifier in child certificate do not match subjectKeyIdentifier of parent certificate",
-            };
-        }
-    }
-    return {
-        status: "Good",
-        reason: `certificate chain is valid(length = ${certificateChain.length})`,
-    };
-}

package/source_nodejs/index.ts

@@ -1,3 +0,0 @@
-export * from "./read";
-export * from "./read_certificate_revocation_list";
-export * from "./read_certificate_signing_request";

package/source_nodejs/read.ts

@@ -1,105 +0,0 @@
-import * as assert from "assert";
-import * as fs from "fs";
-import * as path from "path";
-import { createPrivateKey, createPublicKey } from "crypto";
-import { Certificate, CertificatePEM, DER, PEM, PrivateKey, PrivateKeyPEM, PublicKey, PublicKeyPEM } from "../source/common";
-import { convertPEMtoDER, identifyPemType } from "../source/crypto_utils";
-
-const sshpk = require("sshpk");
-
-function _readPemFile(filename: string): PEM {
-    assert(typeof filename === "string");
-    return fs.readFileSync(filename, "ascii");
-}
-
-function _readPemOrDerFileAsDER(filename: string): DER {
-    if (filename.match(/.*\.der/)) {
-        return fs.readFileSync(filename) as Buffer;
-    }
-    const raw_key: string = _readPemFile(filename);
-    return convertPEMtoDER(raw_key);
-}
-
-/**
- * read a DER or PEM certificate from file
- */
-export function readCertificate(filename: string): Certificate {
-    return _readPemOrDerFileAsDER(filename) as Certificate;
-}
-
-/**
- * read a DER or PEM certificate from file
- */
-export function readPublicKey(filename: string): PublicKey {
-    if (filename.match(/.*\.der/)) {
-        const der = fs.readFileSync(filename) as Buffer;
-        return createPublicKey(der);
-    } else {
-        const raw_key: string = _readPemFile(filename);
-        return createPublicKey(raw_key);
-    }
-}
-
-function myCreatePrivateKey(rawKey: string | Buffer) {
-    // see https://askubuntu.com/questions/1409458/openssl-config-cuases-error-in-node-js-crypto-how-should-the-config-be-updated
-    const backup = process.env.OPENSSL_CONF;
-    process.env.OPENSSL_CONF = "/dev/null";
-    const retValue = createPrivateKey(rawKey);
-    process.env.OPENSSL_CONF = backup;
-    return retValue;
-}
-/**
- * read a DER or PEM certificate from file
- */
-export function readPrivateKey(filename: string): PrivateKey {
-    if (filename.match(/.*\.der/)) {
-        const der = fs.readFileSync(filename) as Buffer;
-        return myCreatePrivateKey(der);
-    } else {
-        const raw_key: string = _readPemFile(filename);
-        return myCreatePrivateKey(raw_key);
-    }
-}
-
-export function readCertificatePEM(filename: string): CertificatePEM {
-    return _readPemFile(filename);
-}
-
-export function readPublicKeyPEM(filename: string): PublicKeyPEM {
-    return _readPemFile(filename);
-}
-
-export function readPrivateKeyPEM(filename: string): PrivateKeyPEM {
-    return _readPemFile(filename);
-}
-let __certificate_store = path.join(__dirname, "../../certificates/");
-
-export function setCertificateStore(store: string): string {
-    const old_store = __certificate_store;
-    __certificate_store = store;
-    return old_store;
-}
-
-/**
- *
- * @param filename
- */
-export function readPrivateRsaKey(filename: string): PrivateKey {
-    if (filename.substring(0, 1) !== "." && !fs.existsSync(filename)) {
-        filename = __certificate_store + filename;
-    }
-    const content = fs.readFileSync(filename, "ascii");
-    const sshKey = sshpk.parsePrivateKey(content, "auto");
-    const key = sshKey.toString("pkcs1") as PEM;
-    return createPrivateKey({ format: "pem", type: "pkcs1", key });
-}
-
-export function readPublicRsaKey(filename: string): PublicKey {
-    if (filename.substring(0, 1) !== "." && !fs.existsSync(filename)) {
-        filename = __certificate_store + filename;
-    }
-    const content = fs.readFileSync(filename, "ascii");
-    const sshKey = sshpk.parseKey(content, "ssh");
-    const key = sshKey.toString("pkcs1") as PEM;
-    return createPublicKey({ format: "pem", type: "pkcs1", key });
-}

package/source_nodejs/read_certificate_revocation_list.ts

@@ -1,14 +0,0 @@
-import * as fs from "fs";
-import { promisify } from "util";
-import { convertPEMtoDER } from "../source/crypto_utils";
-import { CertificateRevocationList } from "../source/common";
-
-export async function readCertificateRevocationList(filename: string): Promise<CertificateRevocationList> {
-    const crl = await promisify(fs.readFile)(filename);
-    if (crl[0] === 0x30 && crl[1] === 0x82) {
-        // der format
-        return crl as CertificateRevocationList;
-    }
-    const raw_crl = crl.toString();
-    return convertPEMtoDER(raw_crl);
-}

package/source_nodejs/read_certificate_signing_request.ts

@@ -1,17 +0,0 @@
-import * as fs from "fs";
-import { promisify } from "util";
-import { convertPEMtoDER } from "../source/crypto_utils";
-import { CertificateRevocationList } from "../source/common";
-import { assert } from "console";
-
-export type CertificateSigningRequest = Buffer;
-
-export async function readCertificateSigningRequest(filename: string): Promise<CertificateSigningRequest> {
-    const csr = await promisify(fs.readFile)(filename);
-    if (csr[0] === 0x30 && csr[1] === 0x82) {
-        // der format
-        return csr as CertificateRevocationList;
-    }
-    const raw_crl = csr.toString();
-    return convertPEMtoDER(raw_crl);
-}