node-opcua-crypto 4.10.0 → 4.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -4
- package/dist/{chunk-GNEWUC7X.mjs → chunk-AXAFLVME.mjs} +9 -15
- package/dist/chunk-AXAFLVME.mjs.map +1 -0
- package/dist/{chunk-46EEAYVO.mjs → chunk-LHUQUHQQ.mjs} +845 -829
- package/dist/chunk-LHUQUHQQ.mjs.map +1 -0
- package/dist/chunk-RQA4DO2Z.mjs +1 -0
- package/dist/index.d.mts +2 -3
- package/dist/index.d.ts +2 -3
- package/dist/index.js +658 -701
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +9 -56
- package/dist/source/index.d.mts +1 -5
- package/dist/source/index.d.ts +1 -5
- package/dist/source/index.js +622 -658
- package/dist/source/index.js.map +1 -1
- package/dist/source/index.mjs +9 -54
- package/dist/source/index_web.d.mts +224 -234
- package/dist/source/index_web.d.ts +224 -234
- package/dist/source/index_web.js +650 -657
- package/dist/source/index_web.js.map +1 -1
- package/dist/source/index_web.mjs +9 -51
- package/dist/source_nodejs/index.d.mts +1 -2
- package/dist/source_nodejs/index.d.ts +1 -2
- package/dist/source_nodejs/index.js +46 -50
- package/dist/source_nodejs/index.js.map +1 -1
- package/dist/source_nodejs/index.mjs +3 -5
- package/package.json +9 -4
- package/dist/chunk-46EEAYVO.mjs.map +0 -1
- package/dist/chunk-GNEWUC7X.mjs.map +0 -1
- package/dist/chunk-VI4S2NM5.mjs +0 -38
- package/dist/chunk-VI4S2NM5.mjs.map +0 -1
- package/dist/index_web.d.mts +0 -5
- package/dist/index_web.d.ts +0 -5
- package/dist/index_web.js +0 -6414
- package/dist/index_web.js.map +0 -1
- package/dist/index_web.mjs +0 -195
- package/index.mjs +0 -1
- package/index_web.ts +0 -1
- package/web.d.ts +0 -1
- package/web.mjs +0 -1
- /package/dist/{index_web.mjs.map → chunk-RQA4DO2Z.mjs.map} +0 -0
package/dist/source/index_web.js
CHANGED
|
@@ -35,28 +35,8 @@ __export(index_web_exports, {
|
|
|
35
35
|
RSA_PKCS1_OAEP_PADDING: () => RSA_PKCS1_OAEP_PADDING,
|
|
36
36
|
RSA_PKCS1_PADDING: () => RSA_PKCS1_PADDING,
|
|
37
37
|
Subject: () => Subject,
|
|
38
|
-
TagType: () => TagType,
|
|
39
38
|
_coercePrivateKey: () => _coercePrivateKey,
|
|
40
|
-
|
|
41
|
-
_getBlock: () => _getBlock,
|
|
42
|
-
_readAlgorithmIdentifier: () => _readAlgorithmIdentifier,
|
|
43
|
-
_readBitString: () => _readBitString,
|
|
44
|
-
_readBooleanValue: () => _readBooleanValue,
|
|
45
|
-
_readDirectoryName: () => _readDirectoryName,
|
|
46
|
-
_readECCAlgorithmIdentifier: () => _readECCAlgorithmIdentifier,
|
|
47
|
-
_readExtension: () => _readExtension,
|
|
48
|
-
_readIntegerAsByteString: () => _readIntegerAsByteString,
|
|
49
|
-
_readIntegerValue: () => _readIntegerValue,
|
|
50
|
-
_readListOfInteger: () => _readListOfInteger,
|
|
51
|
-
_readLongIntegerValue: () => _readLongIntegerValue,
|
|
52
|
-
_readObjectIdentifier: () => _readObjectIdentifier,
|
|
53
|
-
_readOctetString: () => _readOctetString,
|
|
54
|
-
_readSignatureValue: () => _readSignatureValue,
|
|
55
|
-
_readSignatureValueBin: () => _readSignatureValueBin,
|
|
56
|
-
_readStruct: () => _readStruct,
|
|
57
|
-
_readTime: () => _readTime,
|
|
58
|
-
_readValue: () => _readValue,
|
|
59
|
-
_readVersionValue: () => _readVersionValue,
|
|
39
|
+
asn1: () => asn1,
|
|
60
40
|
certificateMatchesPrivateKey: () => certificateMatchesPrivateKey,
|
|
61
41
|
coerceCertificate: () => coerceCertificate,
|
|
62
42
|
coerceCertificatePem: () => coerceCertificatePem,
|
|
@@ -65,7 +45,6 @@ __export(index_web_exports, {
|
|
|
65
45
|
coercePublicKeyPem: () => coercePublicKeyPem,
|
|
66
46
|
coerceRsaPublicKeyPem: () => coerceRsaPublicKeyPem,
|
|
67
47
|
combine_der: () => combine_der,
|
|
68
|
-
compactDirectoryName: () => compactDirectoryName,
|
|
69
48
|
computeDerivedKeys: () => computeDerivedKeys,
|
|
70
49
|
computePaddingFooter: () => computePaddingFooter,
|
|
71
50
|
convertPEMtoDER: () => convertPEMtoDER,
|
|
@@ -75,6 +54,7 @@ __export(index_web_exports, {
|
|
|
75
54
|
decryptBufferWithDerivedKeys: () => decryptBufferWithDerivedKeys,
|
|
76
55
|
derToPrivateKey: () => derToPrivateKey,
|
|
77
56
|
encryptBufferWithDerivedKeys: () => encryptBufferWithDerivedKeys,
|
|
57
|
+
exploreAsn1: () => exploreAsn1,
|
|
78
58
|
exploreCertificate: () => exploreCertificate,
|
|
79
59
|
exploreCertificateInfo: () => exploreCertificateInfo,
|
|
80
60
|
exploreCertificateRevocationList: () => exploreCertificateRevocationList,
|
|
@@ -82,7 +62,6 @@ __export(index_web_exports, {
|
|
|
82
62
|
explorePrivateKey: () => explorePrivateKey,
|
|
83
63
|
extractPublicKeyFromCertificate: () => extractPublicKeyFromCertificate,
|
|
84
64
|
extractPublicKeyFromCertificateSync: () => extractPublicKeyFromCertificateSync,
|
|
85
|
-
formatBuffer2DigitHexWithColum: () => formatBuffer2DigitHexWithColum,
|
|
86
65
|
generateKeyPair: () => generateKeyPair,
|
|
87
66
|
generatePrivateKey: () => generatePrivateKey,
|
|
88
67
|
hexDump: () => hexDump,
|
|
@@ -91,9 +70,9 @@ __export(index_web_exports, {
|
|
|
91
70
|
makeMessageChunkSignature: () => makeMessageChunkSignature,
|
|
92
71
|
makeMessageChunkSignatureWithDerivedKeys: () => makeMessageChunkSignatureWithDerivedKeys,
|
|
93
72
|
makePrivateKeyFromPem: () => makePrivateKeyFromPem,
|
|
73
|
+
makePrivateKeyThumbPrint: () => makePrivateKeyThumbPrint,
|
|
94
74
|
makePseudoRandomBuffer: () => makePseudoRandomBuffer,
|
|
95
75
|
makeSHA1Thumbprint: () => makeSHA1Thumbprint,
|
|
96
|
-
parseBitString: () => parseBitString,
|
|
97
76
|
pemToPrivateKey: () => pemToPrivateKey,
|
|
98
77
|
privateDecrypt: () => privateDecrypt,
|
|
99
78
|
privateDecrypt_long: () => privateDecrypt_long,
|
|
@@ -104,8 +83,8 @@ __export(index_web_exports, {
|
|
|
104
83
|
publicEncrypt_native: () => publicEncrypt_native,
|
|
105
84
|
publicKeyAndPrivateKeyMatches: () => publicKeyAndPrivateKeyMatches,
|
|
106
85
|
readCertificationRequestInfo: () => readCertificationRequestInfo,
|
|
86
|
+
readExtension: () => readExtension,
|
|
107
87
|
readNameForCrl: () => readNameForCrl,
|
|
108
|
-
readTag: () => readTag,
|
|
109
88
|
readTbsCertificate: () => readTbsCertificate,
|
|
110
89
|
reduceLength: () => reduceLength,
|
|
111
90
|
removePadding: () => removePadding,
|
|
@@ -126,42 +105,6 @@ __export(index_web_exports, {
|
|
|
126
105
|
});
|
|
127
106
|
module.exports = __toCommonJS(index_web_exports);
|
|
128
107
|
|
|
129
|
-
// source/common.ts
|
|
130
|
-
var import_crypto = __toESM(require("crypto"));
|
|
131
|
-
var KeyObjectOrig = import_crypto.default.KeyObject;
|
|
132
|
-
var { createPrivateKey: createPrivateKeyFromNodeJSCrypto } = import_crypto.default;
|
|
133
|
-
function isKeyObject(mayBeKeyObject) {
|
|
134
|
-
if (KeyObjectOrig) {
|
|
135
|
-
return mayBeKeyObject instanceof KeyObjectOrig;
|
|
136
|
-
}
|
|
137
|
-
return typeof mayBeKeyObject === "object" && typeof mayBeKeyObject.type === "string";
|
|
138
|
-
}
|
|
139
|
-
var CertificatePurpose = /* @__PURE__ */ ((CertificatePurpose2) => {
|
|
140
|
-
CertificatePurpose2[CertificatePurpose2["NotSpecified"] = 0] = "NotSpecified";
|
|
141
|
-
CertificatePurpose2[CertificatePurpose2["ForCertificateAuthority"] = 1] = "ForCertificateAuthority";
|
|
142
|
-
CertificatePurpose2[CertificatePurpose2["ForApplication"] = 2] = "ForApplication";
|
|
143
|
-
CertificatePurpose2[CertificatePurpose2["ForUserAuthentication"] = 3] = "ForUserAuthentication";
|
|
144
|
-
return CertificatePurpose2;
|
|
145
|
-
})(CertificatePurpose || {});
|
|
146
|
-
|
|
147
|
-
// source/derived_keys.ts
|
|
148
|
-
var import_assert5 = __toESM(require("assert"));
|
|
149
|
-
var import_crypto3 = require("crypto");
|
|
150
|
-
|
|
151
|
-
// source/buffer_utils.ts
|
|
152
|
-
var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (size) => {
|
|
153
|
-
return new Buffer(size);
|
|
154
|
-
};
|
|
155
|
-
|
|
156
|
-
// source/crypto_utils.ts
|
|
157
|
-
var import_constants = __toESM(require("constants"));
|
|
158
|
-
var import_assert3 = __toESM(require("assert"));
|
|
159
|
-
var import_crypto2 = require("crypto");
|
|
160
|
-
var import_hexy = __toESM(require("hexy"));
|
|
161
|
-
|
|
162
|
-
// source/crypto_explore_certificate.ts
|
|
163
|
-
var import_assert2 = __toESM(require("assert"));
|
|
164
|
-
|
|
165
108
|
// source/asn1.ts
|
|
166
109
|
var import_assert = __toESM(require("assert"));
|
|
167
110
|
|
|
@@ -468,33 +411,33 @@ var oid_map = {
|
|
|
468
411
|
};
|
|
469
412
|
|
|
470
413
|
// source/asn1.ts
|
|
471
|
-
var TagType = /* @__PURE__ */ ((
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
return
|
|
414
|
+
var TagType = /* @__PURE__ */ ((TagType2) => {
|
|
415
|
+
TagType2[TagType2["BOOLEAN"] = 1] = "BOOLEAN";
|
|
416
|
+
TagType2[TagType2["INTEGER"] = 2] = "INTEGER";
|
|
417
|
+
TagType2[TagType2["BIT_STRING"] = 3] = "BIT_STRING";
|
|
418
|
+
TagType2[TagType2["OCTET_STRING"] = 4] = "OCTET_STRING";
|
|
419
|
+
TagType2[TagType2["NULL"] = 5] = "NULL";
|
|
420
|
+
TagType2[TagType2["OBJECT_IDENTIFIER"] = 6] = "OBJECT_IDENTIFIER";
|
|
421
|
+
TagType2[TagType2["UTF8String"] = 12] = "UTF8String";
|
|
422
|
+
TagType2[TagType2["NumericString"] = 18] = "NumericString";
|
|
423
|
+
TagType2[TagType2["PrintableString"] = 19] = "PrintableString";
|
|
424
|
+
TagType2[TagType2["TeletexString"] = 20] = "TeletexString";
|
|
425
|
+
TagType2[TagType2["IA5String"] = 22] = "IA5String";
|
|
426
|
+
TagType2[TagType2["UTCTime"] = 23] = "UTCTime";
|
|
427
|
+
TagType2[TagType2["GeneralizedTime"] = 24] = "GeneralizedTime";
|
|
428
|
+
TagType2[TagType2["GraphicString"] = 25] = "GraphicString";
|
|
429
|
+
TagType2[TagType2["VisibleString"] = 26] = "VisibleString";
|
|
430
|
+
TagType2[TagType2["GeneralString"] = 27] = "GeneralString";
|
|
431
|
+
TagType2[TagType2["UniversalString"] = 28] = "UniversalString";
|
|
432
|
+
TagType2[TagType2["BMPString"] = 30] = "BMPString";
|
|
433
|
+
TagType2[TagType2["SEQUENCE"] = 48] = "SEQUENCE";
|
|
434
|
+
TagType2[TagType2["SET"] = 49] = "SET";
|
|
435
|
+
TagType2[TagType2["CONTEXT_SPECIFIC0"] = 160] = "CONTEXT_SPECIFIC0";
|
|
436
|
+
TagType2[TagType2["CONTEXT_SPECIFIC1"] = 161] = "CONTEXT_SPECIFIC1";
|
|
437
|
+
TagType2[TagType2["CONTEXT_SPECIFIC2"] = 162] = "CONTEXT_SPECIFIC2";
|
|
438
|
+
TagType2[TagType2["CONTEXT_SPECIFIC3"] = 163] = "CONTEXT_SPECIFIC3";
|
|
439
|
+
TagType2[TagType2["A4"] = 164] = "A4";
|
|
440
|
+
return TagType2;
|
|
498
441
|
})(TagType || {});
|
|
499
442
|
function readTag(buf, pos) {
|
|
500
443
|
const start = pos;
|
|
@@ -515,7 +458,7 @@ function readTag(buf, pos) {
|
|
|
515
458
|
}
|
|
516
459
|
return { start, tag, position: pos, length };
|
|
517
460
|
}
|
|
518
|
-
function
|
|
461
|
+
function readStruct(buf, blockInfo) {
|
|
519
462
|
const length = blockInfo.length;
|
|
520
463
|
let cursor = blockInfo.position;
|
|
521
464
|
const end = blockInfo.position + length;
|
|
@@ -540,9 +483,9 @@ function parseBitString(buffer, start, end, maxLength) {
|
|
|
540
483
|
}
|
|
541
484
|
return intro + s;
|
|
542
485
|
}
|
|
543
|
-
function
|
|
486
|
+
function readBitString(buffer, block) {
|
|
544
487
|
(0, import_assert.default)(block.tag === 3 /* BIT_STRING */);
|
|
545
|
-
const data =
|
|
488
|
+
const data = getBlock(buffer, block);
|
|
546
489
|
const ignore_bits = data.readUInt8(0);
|
|
547
490
|
return {
|
|
548
491
|
lengthInBits: data.length * 8 - ignore_bits,
|
|
@@ -558,7 +501,7 @@ function formatBuffer2DigitHexWithColum(buffer) {
|
|
|
558
501
|
}
|
|
559
502
|
return value.join(":").toUpperCase().replace(/^(00:)*/, "");
|
|
560
503
|
}
|
|
561
|
-
function
|
|
504
|
+
function readOctetString(buffer, block) {
|
|
562
505
|
(0, import_assert.default)(block.tag === 4 /* OCTET_STRING */);
|
|
563
506
|
const tag = readTag(buffer, block.position);
|
|
564
507
|
(0, import_assert.default)(tag.tag === 4 /* OCTET_STRING */);
|
|
@@ -567,19 +510,19 @@ function _readOctetString(buffer, block) {
|
|
|
567
510
|
const b = buffer.subarray(pos, pos + nbBytes);
|
|
568
511
|
return b;
|
|
569
512
|
}
|
|
570
|
-
function
|
|
513
|
+
function getBlock(buffer, block) {
|
|
571
514
|
const start = block.position;
|
|
572
515
|
const end = block.position + block.length;
|
|
573
516
|
return buffer.subarray(start, end);
|
|
574
517
|
}
|
|
575
|
-
function
|
|
576
|
-
return
|
|
518
|
+
function readIntegerAsByteString(buffer, block) {
|
|
519
|
+
return getBlock(buffer, block);
|
|
577
520
|
}
|
|
578
|
-
function
|
|
521
|
+
function readListOfInteger(buffer) {
|
|
579
522
|
const block = readTag(buffer, 0);
|
|
580
|
-
const inner_blocks =
|
|
523
|
+
const inner_blocks = readStruct(buffer, block);
|
|
581
524
|
return inner_blocks.map((innerBlock) => {
|
|
582
|
-
return
|
|
525
|
+
return readIntegerAsByteString(buffer, innerBlock);
|
|
583
526
|
});
|
|
584
527
|
}
|
|
585
528
|
function parseOID(buffer, start, end) {
|
|
@@ -602,7 +545,7 @@ function parseOID(buffer, start, end) {
|
|
|
602
545
|
(0, import_assert.default)(bits === 0);
|
|
603
546
|
return s;
|
|
604
547
|
}
|
|
605
|
-
function
|
|
548
|
+
function readObjectIdentifier(buffer, block) {
|
|
606
549
|
(0, import_assert.default)(block.tag === 6 /* OBJECT_IDENTIFIER */);
|
|
607
550
|
const b = buffer.subarray(block.position, block.position + block.length);
|
|
608
551
|
const oid = parseOID(b, 0, block.length);
|
|
@@ -611,33 +554,33 @@ function _readObjectIdentifier(buffer, block) {
|
|
|
611
554
|
name: oid_map[oid] ? oid_map[oid].d : oid
|
|
612
555
|
};
|
|
613
556
|
}
|
|
614
|
-
function
|
|
615
|
-
const inner_blocks =
|
|
557
|
+
function readAlgorithmIdentifier(buffer, block) {
|
|
558
|
+
const inner_blocks = readStruct(buffer, block);
|
|
616
559
|
return {
|
|
617
|
-
identifier:
|
|
560
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name
|
|
618
561
|
};
|
|
619
562
|
}
|
|
620
|
-
function
|
|
621
|
-
const inner_blocks =
|
|
563
|
+
function readECCAlgorithmIdentifier(buffer, block) {
|
|
564
|
+
const inner_blocks = readStruct(buffer, block);
|
|
622
565
|
return {
|
|
623
|
-
identifier:
|
|
566
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[1]).name
|
|
624
567
|
// difference with RSA as algorithm is second element of nested block
|
|
625
568
|
};
|
|
626
569
|
}
|
|
627
|
-
function
|
|
628
|
-
return
|
|
570
|
+
function readSignatureValueBin(buffer, block) {
|
|
571
|
+
return readBitString(buffer, block).data;
|
|
629
572
|
}
|
|
630
|
-
function
|
|
631
|
-
return
|
|
573
|
+
function readSignatureValue(buffer, block) {
|
|
574
|
+
return readSignatureValueBin(buffer, block).toString("hex");
|
|
632
575
|
}
|
|
633
|
-
function
|
|
576
|
+
function readLongIntegerValue(buffer, block) {
|
|
634
577
|
(0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
635
578
|
const pos = block.position;
|
|
636
579
|
const nbBytes = block.length;
|
|
637
580
|
const buf = buffer.subarray(pos, pos + nbBytes);
|
|
638
581
|
return buf;
|
|
639
582
|
}
|
|
640
|
-
function
|
|
583
|
+
function readIntegerValue(buffer, block) {
|
|
641
584
|
(0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
642
585
|
let pos = block.position;
|
|
643
586
|
const nbBytes = block.length;
|
|
@@ -649,7 +592,7 @@ function _readIntegerValue(buffer, block) {
|
|
|
649
592
|
}
|
|
650
593
|
return value;
|
|
651
594
|
}
|
|
652
|
-
function
|
|
595
|
+
function readBooleanValue(buffer, block) {
|
|
653
596
|
(0, import_assert.default)(block.tag === 1 /* BOOLEAN */, "expecting a BOOLEAN tag. got " + TagType[block.tag]);
|
|
654
597
|
const pos = block.position;
|
|
655
598
|
const nbBytes = block.length;
|
|
@@ -657,9 +600,9 @@ function _readBooleanValue(buffer, block) {
|
|
|
657
600
|
const value = buffer.readUInt8(pos) ? true : false;
|
|
658
601
|
return value;
|
|
659
602
|
}
|
|
660
|
-
function
|
|
603
|
+
function readVersionValue(buffer, block) {
|
|
661
604
|
block = readTag(buffer, block.position);
|
|
662
|
-
return
|
|
605
|
+
return readIntegerValue(buffer, block);
|
|
663
606
|
}
|
|
664
607
|
function convertGeneralizedTime(str) {
|
|
665
608
|
const year = parseInt(str.substr(0, 4), 10);
|
|
@@ -671,7 +614,7 @@ function convertGeneralizedTime(str) {
|
|
|
671
614
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
672
615
|
}
|
|
673
616
|
function _readBMPString(buffer, block) {
|
|
674
|
-
const strBuff =
|
|
617
|
+
const strBuff = getBlock(buffer, block);
|
|
675
618
|
let str = "";
|
|
676
619
|
for (let i = 0; i < strBuff.length; i += 2) {
|
|
677
620
|
const word = strBuff.readUInt16BE(i);
|
|
@@ -689,10 +632,10 @@ function convertUTCTime(str) {
|
|
|
689
632
|
year += year >= 50 ? 1900 : 2e3;
|
|
690
633
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
691
634
|
}
|
|
692
|
-
function
|
|
635
|
+
function readValue(buffer, block) {
|
|
693
636
|
switch (block.tag) {
|
|
694
637
|
case 1 /* BOOLEAN */:
|
|
695
|
-
return
|
|
638
|
+
return readBooleanValue(buffer, block);
|
|
696
639
|
case 30 /* BMPString */:
|
|
697
640
|
return _readBMPString(buffer, block);
|
|
698
641
|
case 19 /* PrintableString */:
|
|
@@ -700,52 +643,66 @@ function _readValue(buffer, block) {
|
|
|
700
643
|
case 12 /* UTF8String */:
|
|
701
644
|
case 18 /* NumericString */:
|
|
702
645
|
case 22 /* IA5String */:
|
|
703
|
-
return
|
|
646
|
+
return getBlock(buffer, block).toString("ascii");
|
|
704
647
|
case 23 /* UTCTime */:
|
|
705
|
-
return convertUTCTime(
|
|
648
|
+
return convertUTCTime(getBlock(buffer, block).toString("ascii"));
|
|
706
649
|
case 24 /* GeneralizedTime */:
|
|
707
|
-
return convertGeneralizedTime(
|
|
650
|
+
return convertGeneralizedTime(getBlock(buffer, block).toString("ascii"));
|
|
708
651
|
default:
|
|
709
652
|
throw new Error("Invalid tag 0x" + block.tag.toString(16));
|
|
710
653
|
}
|
|
711
654
|
}
|
|
712
|
-
function
|
|
713
|
-
return JSON.stringify(d);
|
|
714
|
-
}
|
|
715
|
-
function _readDirectoryName(buffer, block) {
|
|
716
|
-
const set_blocks = _readStruct(buffer, block);
|
|
717
|
-
const names = {};
|
|
718
|
-
for (const set_block of set_blocks) {
|
|
719
|
-
(0, import_assert.default)(set_block.tag === 49);
|
|
720
|
-
const blocks = _readStruct(buffer, set_block);
|
|
721
|
-
(0, import_assert.default)(blocks.length === 1);
|
|
722
|
-
(0, import_assert.default)(blocks[0].tag === 48);
|
|
723
|
-
const sequenceBlock = _readStruct(buffer, blocks[0]);
|
|
724
|
-
(0, import_assert.default)(sequenceBlock.length === 2);
|
|
725
|
-
const type = _readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
726
|
-
names[type.name] = _readValue(buffer, sequenceBlock[1]);
|
|
727
|
-
}
|
|
728
|
-
return names;
|
|
729
|
-
}
|
|
730
|
-
function _findBlockAtIndex(blocks, index) {
|
|
655
|
+
function findBlockAtIndex(blocks, index) {
|
|
731
656
|
const tmp = blocks.filter((b) => b.tag === 160 + index || b.tag === 128 + index);
|
|
732
657
|
if (tmp.length === 0) {
|
|
733
658
|
return null;
|
|
734
659
|
}
|
|
735
660
|
return tmp[0];
|
|
736
661
|
}
|
|
737
|
-
function
|
|
738
|
-
return
|
|
662
|
+
function readTime(buffer, block) {
|
|
663
|
+
return readValue(buffer, block);
|
|
664
|
+
}
|
|
665
|
+
|
|
666
|
+
// source/crypto_utils.ts
|
|
667
|
+
var import_constants = __toESM(require("constants"));
|
|
668
|
+
var import_assert4 = __toESM(require("assert"));
|
|
669
|
+
var import_crypto = require("crypto");
|
|
670
|
+
var import_hexy = __toESM(require("hexy"));
|
|
671
|
+
|
|
672
|
+
// source/buffer_utils.ts
|
|
673
|
+
var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (size) => {
|
|
674
|
+
return new Buffer(size);
|
|
675
|
+
};
|
|
676
|
+
|
|
677
|
+
// source/crypto_explore_certificate.ts
|
|
678
|
+
var import_assert3 = __toESM(require("assert"));
|
|
679
|
+
|
|
680
|
+
// source/directory_name.ts
|
|
681
|
+
var import_assert2 = __toESM(require("assert"));
|
|
682
|
+
function readDirectoryName(buffer, block) {
|
|
683
|
+
const set_blocks = readStruct(buffer, block);
|
|
684
|
+
const names = {};
|
|
685
|
+
for (const set_block of set_blocks) {
|
|
686
|
+
(0, import_assert2.default)(set_block.tag === 49);
|
|
687
|
+
const blocks = readStruct(buffer, set_block);
|
|
688
|
+
(0, import_assert2.default)(blocks.length === 1);
|
|
689
|
+
(0, import_assert2.default)(blocks[0].tag === 48);
|
|
690
|
+
const sequenceBlock = readStruct(buffer, blocks[0]);
|
|
691
|
+
(0, import_assert2.default)(sequenceBlock.length === 2);
|
|
692
|
+
const type = readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
693
|
+
names[type.name] = readValue(buffer, sequenceBlock[1]);
|
|
694
|
+
}
|
|
695
|
+
return names;
|
|
739
696
|
}
|
|
740
697
|
|
|
741
698
|
// source/crypto_explore_certificate.ts
|
|
742
699
|
var doDebug = false;
|
|
743
700
|
function _readAttributeTypeAndValue(buffer, block) {
|
|
744
|
-
let inner_blocks =
|
|
745
|
-
inner_blocks =
|
|
701
|
+
let inner_blocks = readStruct(buffer, block);
|
|
702
|
+
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
746
703
|
const data = {
|
|
747
|
-
identifier:
|
|
748
|
-
value:
|
|
704
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name,
|
|
705
|
+
value: readValue(buffer, inner_blocks[1])
|
|
749
706
|
};
|
|
750
707
|
const result = {};
|
|
751
708
|
for (const [key, value] of Object.entries(data)) {
|
|
@@ -754,7 +711,7 @@ function _readAttributeTypeAndValue(buffer, block) {
|
|
|
754
711
|
return result;
|
|
755
712
|
}
|
|
756
713
|
function _readRelativeDistinguishedName(buffer, block) {
|
|
757
|
-
const inner_blocks =
|
|
714
|
+
const inner_blocks = readStruct(buffer, block);
|
|
758
715
|
const data = inner_blocks.map((block2) => _readAttributeTypeAndValue(buffer, block2));
|
|
759
716
|
const result = {};
|
|
760
717
|
for (const e of data) {
|
|
@@ -766,64 +723,64 @@ function _readName(buffer, block) {
|
|
|
766
723
|
return _readRelativeDistinguishedName(buffer, block);
|
|
767
724
|
}
|
|
768
725
|
function _readValidity(buffer, block) {
|
|
769
|
-
const inner_blocks =
|
|
726
|
+
const inner_blocks = readStruct(buffer, block);
|
|
770
727
|
return {
|
|
771
|
-
notBefore:
|
|
772
|
-
notAfter:
|
|
728
|
+
notBefore: readTime(buffer, inner_blocks[0]),
|
|
729
|
+
notAfter: readTime(buffer, inner_blocks[1])
|
|
773
730
|
};
|
|
774
731
|
}
|
|
775
732
|
function _readAuthorityKeyIdentifier(buffer) {
|
|
776
733
|
const block_info = readTag(buffer, 0);
|
|
777
|
-
const blocks =
|
|
778
|
-
const keyIdentifier_block =
|
|
779
|
-
const authorityCertIssuer_block =
|
|
780
|
-
const authorityCertSerialNumber_block =
|
|
734
|
+
const blocks = readStruct(buffer, block_info);
|
|
735
|
+
const keyIdentifier_block = findBlockAtIndex(blocks, 0);
|
|
736
|
+
const authorityCertIssuer_block = findBlockAtIndex(blocks, 1);
|
|
737
|
+
const authorityCertSerialNumber_block = findBlockAtIndex(blocks, 2);
|
|
781
738
|
function _readAuthorityCertIssuer(block) {
|
|
782
|
-
const inner_blocks =
|
|
783
|
-
const directoryName_block =
|
|
739
|
+
const inner_blocks = readStruct(buffer, block);
|
|
740
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
784
741
|
if (directoryName_block) {
|
|
785
|
-
const a =
|
|
786
|
-
return
|
|
742
|
+
const a = readStruct(buffer, directoryName_block);
|
|
743
|
+
return readDirectoryName(buffer, a[0]);
|
|
787
744
|
} else {
|
|
788
745
|
throw new Error("Invalid _readAuthorityCertIssuer");
|
|
789
746
|
}
|
|
790
747
|
}
|
|
791
748
|
function _readAuthorityCertIssuerFingerPrint(block) {
|
|
792
|
-
const inner_blocks =
|
|
793
|
-
const directoryName_block =
|
|
749
|
+
const inner_blocks = readStruct(buffer, block);
|
|
750
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
794
751
|
if (!directoryName_block) {
|
|
795
752
|
return "";
|
|
796
753
|
}
|
|
797
|
-
const a =
|
|
754
|
+
const a = readStruct(buffer, directoryName_block);
|
|
798
755
|
if (a.length < 1) {
|
|
799
756
|
return "";
|
|
800
757
|
}
|
|
801
|
-
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
758
|
+
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, a[0]))) : "";
|
|
802
759
|
}
|
|
803
760
|
const authorityCertIssuer = authorityCertIssuer_block ? _readAuthorityCertIssuer(authorityCertIssuer_block) : null;
|
|
804
761
|
const authorityCertIssuerFingerPrint = authorityCertIssuer_block ? _readAuthorityCertIssuerFingerPrint(authorityCertIssuer_block) : "";
|
|
805
762
|
return {
|
|
806
763
|
authorityCertIssuer,
|
|
807
764
|
authorityCertIssuerFingerPrint,
|
|
808
|
-
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(
|
|
765
|
+
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, authorityCertSerialNumber_block)) : null,
|
|
809
766
|
// can be null for self-signed cert
|
|
810
|
-
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(
|
|
767
|
+
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, keyIdentifier_block)) : null
|
|
811
768
|
// can be null for self-signed certf
|
|
812
769
|
};
|
|
813
770
|
}
|
|
814
771
|
function readBasicConstraint2_5_29_19(buffer, block) {
|
|
815
772
|
const block_info = readTag(buffer, 0);
|
|
816
|
-
const inner_blocks =
|
|
773
|
+
const inner_blocks = readStruct(buffer, block_info).slice(0, 2);
|
|
817
774
|
let cA = false;
|
|
818
775
|
let pathLengthConstraint = 0;
|
|
819
776
|
let breakControl = 0;
|
|
820
777
|
for (const inner_block of inner_blocks) {
|
|
821
778
|
switch (inner_block.tag) {
|
|
822
779
|
case 1 /* BOOLEAN */:
|
|
823
|
-
cA =
|
|
780
|
+
cA = readBooleanValue(buffer, inner_block);
|
|
824
781
|
break;
|
|
825
782
|
case 2 /* INTEGER */:
|
|
826
|
-
pathLengthConstraint =
|
|
783
|
+
pathLengthConstraint = readIntegerValue(buffer, inner_block);
|
|
827
784
|
breakControl = 1;
|
|
828
785
|
break;
|
|
829
786
|
}
|
|
@@ -845,7 +802,7 @@ function _readGeneralNames(buffer, block) {
|
|
|
845
802
|
8: { name: "registeredID", type: "OBJECT_IDENTIFIER" },
|
|
846
803
|
32: { name: "otherName", type: "AnotherName" }
|
|
847
804
|
};
|
|
848
|
-
const blocks =
|
|
805
|
+
const blocks = readStruct(buffer, block);
|
|
849
806
|
function _readFromType(buffer2, block2, type) {
|
|
850
807
|
switch (type) {
|
|
851
808
|
case "IA5String":
|
|
@@ -856,20 +813,20 @@ function _readGeneralNames(buffer, block) {
|
|
|
856
813
|
}
|
|
857
814
|
const n = {};
|
|
858
815
|
for (const block2 of blocks) {
|
|
859
|
-
(0,
|
|
860
|
-
const
|
|
861
|
-
const type = _data[
|
|
816
|
+
(0, import_assert3.default)((block2.tag & 128) === 128);
|
|
817
|
+
const t2 = block2.tag & 127;
|
|
818
|
+
const type = _data[t2];
|
|
862
819
|
if (!type) {
|
|
863
|
-
console.log("_readGeneralNames: INVALID TYPE => " +
|
|
820
|
+
console.log("_readGeneralNames: INVALID TYPE => " + t2 + " 0x" + t2.toString(16));
|
|
864
821
|
continue;
|
|
865
822
|
}
|
|
866
|
-
if (
|
|
823
|
+
if (t2 == 32) {
|
|
867
824
|
n[type.name] = n[type.name] || [];
|
|
868
|
-
const blocks2 =
|
|
869
|
-
const name =
|
|
870
|
-
const buf =
|
|
825
|
+
const blocks2 = readStruct(buffer, block2);
|
|
826
|
+
const name = readObjectIdentifier(buffer, blocks2[0]).name;
|
|
827
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
871
828
|
const b = readTag(buf, 0);
|
|
872
|
-
const nn =
|
|
829
|
+
const nn = readValue(buf, b);
|
|
873
830
|
const data = {
|
|
874
831
|
identifier: name,
|
|
875
832
|
value: nn
|
|
@@ -916,9 +873,9 @@ function readKeyUsage(oid, buffer) {
|
|
|
916
873
|
};
|
|
917
874
|
}
|
|
918
875
|
function readExtKeyUsage(oid, buffer) {
|
|
919
|
-
(0,
|
|
876
|
+
(0, import_assert3.default)(oid === "2.5.29.37");
|
|
920
877
|
const block_info = readTag(buffer, 0);
|
|
921
|
-
const inner_blocks =
|
|
878
|
+
const inner_blocks = readStruct(buffer, block_info);
|
|
922
879
|
const extKeyUsage = {
|
|
923
880
|
serverAuth: false,
|
|
924
881
|
clientAuth: false,
|
|
@@ -931,30 +888,30 @@ function readExtKeyUsage(oid, buffer) {
|
|
|
931
888
|
ocspSigning: false
|
|
932
889
|
};
|
|
933
890
|
for (const block of inner_blocks) {
|
|
934
|
-
const identifier =
|
|
891
|
+
const identifier = readObjectIdentifier(buffer, block);
|
|
935
892
|
extKeyUsage[identifier.name] = true;
|
|
936
893
|
}
|
|
937
894
|
return extKeyUsage;
|
|
938
895
|
}
|
|
939
896
|
function _readSubjectPublicKey(buffer) {
|
|
940
897
|
const block_info = readTag(buffer, 0);
|
|
941
|
-
const blocks =
|
|
898
|
+
const blocks = readStruct(buffer, block_info);
|
|
942
899
|
return {
|
|
943
900
|
modulus: buffer.subarray(blocks[0].position + 1, blocks[0].position + blocks[0].length)
|
|
944
901
|
};
|
|
945
902
|
}
|
|
946
|
-
function
|
|
947
|
-
const inner_blocks =
|
|
903
|
+
function readExtension(buffer, block) {
|
|
904
|
+
const inner_blocks = readStruct(buffer, block);
|
|
948
905
|
if (inner_blocks.length === 3) {
|
|
949
|
-
(0,
|
|
906
|
+
(0, import_assert3.default)(inner_blocks[1].tag === 1 /* BOOLEAN */);
|
|
950
907
|
inner_blocks[1] = inner_blocks[2];
|
|
951
908
|
}
|
|
952
|
-
const identifier =
|
|
953
|
-
const buf =
|
|
909
|
+
const identifier = readObjectIdentifier(buffer, inner_blocks[0]);
|
|
910
|
+
const buf = getBlock(buffer, inner_blocks[1]);
|
|
954
911
|
let value = null;
|
|
955
912
|
switch (identifier.name) {
|
|
956
913
|
case "subjectKeyIdentifier":
|
|
957
|
-
value = formatBuffer2DigitHexWithColum(
|
|
914
|
+
value = formatBuffer2DigitHexWithColum(readOctetString(buffer, inner_blocks[1]));
|
|
958
915
|
break;
|
|
959
916
|
case "subjectAltName":
|
|
960
917
|
value = _readSubjectAltNames(buf);
|
|
@@ -983,10 +940,10 @@ function _readExtension(buffer, block) {
|
|
|
983
940
|
};
|
|
984
941
|
}
|
|
985
942
|
function _readExtensions(buffer, block) {
|
|
986
|
-
(0,
|
|
987
|
-
let inner_blocks =
|
|
988
|
-
inner_blocks =
|
|
989
|
-
const extensions = inner_blocks.map((block2) =>
|
|
943
|
+
(0, import_assert3.default)(block.tag === 163);
|
|
944
|
+
let inner_blocks = readStruct(buffer, block);
|
|
945
|
+
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
946
|
+
const extensions = inner_blocks.map((block2) => readExtension(buffer, block2));
|
|
990
947
|
const result = {};
|
|
991
948
|
for (const e of extensions) {
|
|
992
949
|
result[e.identifier.name] = e.value;
|
|
@@ -994,11 +951,11 @@ function _readExtensions(buffer, block) {
|
|
|
994
951
|
return result;
|
|
995
952
|
}
|
|
996
953
|
function _readSubjectPublicKeyInfo(buffer, block) {
|
|
997
|
-
const inner_blocks =
|
|
998
|
-
const algorithm =
|
|
999
|
-
const subjectPublicKey =
|
|
954
|
+
const inner_blocks = readStruct(buffer, block);
|
|
955
|
+
const algorithm = readAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
956
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
1000
957
|
const data = subjectPublicKey.data;
|
|
1001
|
-
const values =
|
|
958
|
+
const values = readListOfInteger(data);
|
|
1002
959
|
return {
|
|
1003
960
|
algorithm: algorithm.identifier,
|
|
1004
961
|
keyLength: values[0].length - 1,
|
|
@@ -1008,9 +965,9 @@ function _readSubjectPublicKeyInfo(buffer, block) {
|
|
|
1008
965
|
};
|
|
1009
966
|
}
|
|
1010
967
|
function _readSubjectECCPublicKeyInfo(buffer, block) {
|
|
1011
|
-
const inner_blocks =
|
|
1012
|
-
const algorithm =
|
|
1013
|
-
const subjectPublicKey =
|
|
968
|
+
const inner_blocks = readStruct(buffer, block);
|
|
969
|
+
const algorithm = readECCAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
970
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
1014
971
|
const data = subjectPublicKey.data;
|
|
1015
972
|
return {
|
|
1016
973
|
algorithm: algorithm.identifier,
|
|
@@ -1021,33 +978,33 @@ function _readSubjectECCPublicKeyInfo(buffer, block) {
|
|
|
1021
978
|
};
|
|
1022
979
|
}
|
|
1023
980
|
function readTbsCertificate(buffer, block) {
|
|
1024
|
-
const blocks =
|
|
981
|
+
const blocks = readStruct(buffer, block);
|
|
1025
982
|
let version, serialNumber, signature, issuer, validity, subject, subjectFingerPrint, extensions;
|
|
1026
983
|
let subjectPublicKeyInfo;
|
|
1027
984
|
if (blocks.length === 6) {
|
|
1028
985
|
version = 1;
|
|
1029
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
1030
|
-
signature =
|
|
986
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[0]));
|
|
987
|
+
signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
1031
988
|
issuer = _readName(buffer, blocks[2]);
|
|
1032
989
|
validity = _readValidity(buffer, blocks[3]);
|
|
1033
990
|
subject = _readName(buffer, blocks[4]);
|
|
1034
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
991
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[4])));
|
|
1035
992
|
subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[5]);
|
|
1036
993
|
extensions = null;
|
|
1037
994
|
} else {
|
|
1038
|
-
const version_block =
|
|
995
|
+
const version_block = findBlockAtIndex(blocks, 0);
|
|
1039
996
|
if (!version_block) {
|
|
1040
997
|
throw new Error("cannot find version block");
|
|
1041
998
|
}
|
|
1042
|
-
version =
|
|
1043
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
1044
|
-
signature =
|
|
999
|
+
version = readVersionValue(buffer, version_block) + 1;
|
|
1000
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[1]));
|
|
1001
|
+
signature = readAlgorithmIdentifier(buffer, blocks[2]);
|
|
1045
1002
|
issuer = _readName(buffer, blocks[3]);
|
|
1046
1003
|
validity = _readValidity(buffer, blocks[4]);
|
|
1047
1004
|
subject = _readName(buffer, blocks[5]);
|
|
1048
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1049
|
-
const inner_block =
|
|
1050
|
-
const what_type =
|
|
1005
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[5])));
|
|
1006
|
+
const inner_block = readStruct(buffer, blocks[6]);
|
|
1007
|
+
const what_type = readAlgorithmIdentifier(buffer, inner_block[0]).identifier;
|
|
1051
1008
|
switch (what_type) {
|
|
1052
1009
|
case "rsaEncryption": {
|
|
1053
1010
|
subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[6]);
|
|
@@ -1059,7 +1016,7 @@ function readTbsCertificate(buffer, block) {
|
|
|
1059
1016
|
break;
|
|
1060
1017
|
}
|
|
1061
1018
|
}
|
|
1062
|
-
const extensionBlock =
|
|
1019
|
+
const extensionBlock = findBlockAtIndex(blocks, 3);
|
|
1063
1020
|
if (!extensionBlock) {
|
|
1064
1021
|
doDebug && console.log("X509 certificate is invalid : cannot find extension block version =" + version_block);
|
|
1065
1022
|
extensions = null;
|
|
@@ -1080,14 +1037,14 @@ function readTbsCertificate(buffer, block) {
|
|
|
1080
1037
|
};
|
|
1081
1038
|
}
|
|
1082
1039
|
function exploreCertificate(certificate) {
|
|
1083
|
-
(0,
|
|
1040
|
+
(0, import_assert3.default)(certificate instanceof Buffer);
|
|
1084
1041
|
if (!certificate._exploreCertificate_cache) {
|
|
1085
1042
|
const block_info = readTag(certificate, 0);
|
|
1086
|
-
const blocks =
|
|
1043
|
+
const blocks = readStruct(certificate, block_info);
|
|
1087
1044
|
certificate._exploreCertificate_cache = {
|
|
1088
1045
|
tbsCertificate: readTbsCertificate(certificate, blocks[0]),
|
|
1089
|
-
signatureAlgorithm:
|
|
1090
|
-
signatureValue:
|
|
1046
|
+
signatureAlgorithm: readAlgorithmIdentifier(certificate, blocks[1]),
|
|
1047
|
+
signatureValue: readSignatureValue(certificate, blocks[2])
|
|
1091
1048
|
};
|
|
1092
1049
|
}
|
|
1093
1050
|
return certificate._exploreCertificate_cache;
|
|
@@ -1109,10 +1066,10 @@ function combine_der(certificates) {
|
|
|
1109
1066
|
let sum = 0;
|
|
1110
1067
|
b.forEach((block) => {
|
|
1111
1068
|
const block_info = readTag(block, 0);
|
|
1112
|
-
(0,
|
|
1069
|
+
(0, import_assert3.default)(block_info.position + block_info.length === block.length);
|
|
1113
1070
|
sum += block.length;
|
|
1114
1071
|
});
|
|
1115
|
-
(0,
|
|
1072
|
+
(0, import_assert3.default)(sum === cert.length);
|
|
1116
1073
|
}
|
|
1117
1074
|
return Buffer.concat(certificates);
|
|
1118
1075
|
}
|
|
@@ -1134,14 +1091,14 @@ function removeTrailingLF(str) {
|
|
|
1134
1091
|
return tmp;
|
|
1135
1092
|
}
|
|
1136
1093
|
function toPem(raw_key, pem) {
|
|
1137
|
-
(0,
|
|
1138
|
-
(0,
|
|
1094
|
+
(0, import_assert4.default)(raw_key, "expecting a key");
|
|
1095
|
+
(0, import_assert4.default)(typeof pem === "string");
|
|
1139
1096
|
let pemType = identifyPemType(raw_key);
|
|
1140
1097
|
if (pemType) {
|
|
1141
1098
|
return raw_key instanceof Buffer ? removeTrailingLF(raw_key.toString("utf8")) : removeTrailingLF(raw_key);
|
|
1142
1099
|
} else {
|
|
1143
1100
|
pemType = pem;
|
|
1144
|
-
(0,
|
|
1101
|
+
(0, import_assert4.default)(["CERTIFICATE REQUEST", "CERTIFICATE", "RSA PRIVATE KEY", "PUBLIC KEY", "X509 CRL"].indexOf(pemType) >= 0);
|
|
1145
1102
|
let b = raw_key.toString("base64");
|
|
1146
1103
|
let str = "-----BEGIN " + pemType + "-----\n";
|
|
1147
1104
|
while (b.length) {
|
|
@@ -1178,19 +1135,19 @@ function hexDump(buffer, width) {
|
|
|
1178
1135
|
}
|
|
1179
1136
|
}
|
|
1180
1137
|
function makeMessageChunkSignature(chunk, options) {
|
|
1181
|
-
const signer = (0,
|
|
1138
|
+
const signer = (0, import_crypto.createSign)(options.algorithm);
|
|
1182
1139
|
signer.update(chunk);
|
|
1183
1140
|
const signature = signer.sign(options.privateKey.hidden);
|
|
1184
|
-
(0,
|
|
1141
|
+
(0, import_assert4.default)(!options.signatureLength || signature.length === options.signatureLength);
|
|
1185
1142
|
return signature;
|
|
1186
1143
|
}
|
|
1187
1144
|
function verifyMessageChunkSignature(blockToVerify, signature, options) {
|
|
1188
|
-
const verify = (0,
|
|
1145
|
+
const verify = (0, import_crypto.createVerify)(options.algorithm);
|
|
1189
1146
|
verify.update(blockToVerify);
|
|
1190
1147
|
return verify.verify(options.publicKey, signature);
|
|
1191
1148
|
}
|
|
1192
1149
|
function makeSHA1Thumbprint(buffer) {
|
|
1193
|
-
return (0,
|
|
1150
|
+
return (0, import_crypto.createHash)("sha1").update(buffer).digest();
|
|
1194
1151
|
}
|
|
1195
1152
|
var RSA_PKCS1_OAEP_PADDING = import_constants.default.RSA_PKCS1_OAEP_PADDING;
|
|
1196
1153
|
var RSA_PKCS1_PADDING = import_constants.default.RSA_PKCS1_PADDING;
|
|
@@ -1199,13 +1156,13 @@ var PaddingAlgorithm = /* @__PURE__ */ ((PaddingAlgorithm2) => {
|
|
|
1199
1156
|
PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_PADDING"] = 1] = "RSA_PKCS1_PADDING";
|
|
1200
1157
|
return PaddingAlgorithm2;
|
|
1201
1158
|
})(PaddingAlgorithm || {});
|
|
1202
|
-
(0,
|
|
1203
|
-
(0,
|
|
1159
|
+
(0, import_assert4.default)(4 /* RSA_PKCS1_OAEP_PADDING */ === import_constants.default.RSA_PKCS1_OAEP_PADDING);
|
|
1160
|
+
(0, import_assert4.default)(1 /* RSA_PKCS1_PADDING */ === import_constants.default.RSA_PKCS1_PADDING);
|
|
1204
1161
|
function publicEncrypt_native(buffer, publicKey, algorithm) {
|
|
1205
1162
|
if (algorithm === void 0) {
|
|
1206
1163
|
algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
|
|
1207
1164
|
}
|
|
1208
|
-
return (0,
|
|
1165
|
+
return (0, import_crypto.publicEncrypt)(
|
|
1209
1166
|
{
|
|
1210
1167
|
key: publicKey,
|
|
1211
1168
|
padding: algorithm
|
|
@@ -1218,7 +1175,7 @@ function privateDecrypt_native(buffer, privateKey, algorithm) {
|
|
|
1218
1175
|
algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
|
|
1219
1176
|
}
|
|
1220
1177
|
try {
|
|
1221
|
-
return (0,
|
|
1178
|
+
return (0, import_crypto.privateDecrypt)(
|
|
1222
1179
|
{
|
|
1223
1180
|
key: privateKey.hidden,
|
|
1224
1181
|
padding: algorithm
|
|
@@ -1277,14 +1234,14 @@ function coerceCertificatePem(certificate) {
|
|
|
1277
1234
|
if (certificate instanceof Buffer) {
|
|
1278
1235
|
certificate = toPem(certificate, "CERTIFICATE");
|
|
1279
1236
|
}
|
|
1280
|
-
(0,
|
|
1237
|
+
(0, import_assert4.default)(typeof certificate === "string");
|
|
1281
1238
|
return certificate;
|
|
1282
1239
|
}
|
|
1283
1240
|
function extractPublicKeyFromCertificateSync(certificate) {
|
|
1284
1241
|
certificate = coerceCertificatePem(certificate);
|
|
1285
1242
|
const key = import_jsrsasign.default.KEYUTIL.getKey(certificate);
|
|
1286
1243
|
const publicKeyAsPem = import_jsrsasign.default.KEYUTIL.getPEM(key);
|
|
1287
|
-
(0,
|
|
1244
|
+
(0, import_assert4.default)(typeof publicKeyAsPem === "string");
|
|
1288
1245
|
return publicKeyAsPem;
|
|
1289
1246
|
}
|
|
1290
1247
|
function extractPublicKeyFromCertificate(certificate, callback) {
|
|
@@ -1300,13 +1257,192 @@ function extractPublicKeyFromCertificate(certificate, callback) {
|
|
|
1300
1257
|
});
|
|
1301
1258
|
}
|
|
1302
1259
|
|
|
1260
|
+
// source/explore_private_key.ts
|
|
1261
|
+
function f(buffer, b) {
|
|
1262
|
+
return buffer.subarray(b.position + 1, b.position + b.length);
|
|
1263
|
+
}
|
|
1264
|
+
var doDebug2 = !!process.env.DEBUG;
|
|
1265
|
+
function explorePrivateKey(privateKey2) {
|
|
1266
|
+
const privateKey1 = privateKey2.hidden;
|
|
1267
|
+
const privateKey = typeof privateKey1 === "string" ? convertPEMtoDER(privateKey1) : privateKey1.export({ format: "der", type: "pkcs1" });
|
|
1268
|
+
const block_info = readTag(privateKey, 0);
|
|
1269
|
+
const blocks = readStruct(privateKey, block_info);
|
|
1270
|
+
if (blocks.length === 9) {
|
|
1271
|
+
const version2 = f(privateKey, blocks[0]);
|
|
1272
|
+
const modulus2 = f(privateKey, blocks[1]);
|
|
1273
|
+
const publicExponent2 = f(privateKey, blocks[2]);
|
|
1274
|
+
const privateExponent2 = f(privateKey, blocks[3]);
|
|
1275
|
+
const prime12 = f(privateKey, blocks[4]);
|
|
1276
|
+
const prime22 = f(privateKey, blocks[5]);
|
|
1277
|
+
const exponent12 = f(privateKey, blocks[6]);
|
|
1278
|
+
const exponent22 = f(privateKey, blocks[7]);
|
|
1279
|
+
return {
|
|
1280
|
+
version: version2,
|
|
1281
|
+
modulus: modulus2,
|
|
1282
|
+
publicExponent: publicExponent2,
|
|
1283
|
+
privateExponent: privateExponent2,
|
|
1284
|
+
prime1: prime12,
|
|
1285
|
+
prime2: prime22,
|
|
1286
|
+
exponent1: exponent12,
|
|
1287
|
+
exponent2: exponent22
|
|
1288
|
+
};
|
|
1289
|
+
}
|
|
1290
|
+
if (doDebug2) {
|
|
1291
|
+
console.log("-------------------- private key:");
|
|
1292
|
+
console.log(block_info);
|
|
1293
|
+
console.log(
|
|
1294
|
+
blocks.map((b2) => ({
|
|
1295
|
+
tag: TagType[b2.tag] + " 0x" + b2.tag.toString(16),
|
|
1296
|
+
l: b2.length,
|
|
1297
|
+
p: b2.position,
|
|
1298
|
+
buff: privateKey.subarray(b2.position, b2.position + b2.length).toString("hex")
|
|
1299
|
+
}))
|
|
1300
|
+
);
|
|
1301
|
+
}
|
|
1302
|
+
const b = blocks[2];
|
|
1303
|
+
const bb = privateKey.subarray(b.position, b.position + b.length);
|
|
1304
|
+
const block_info1 = readTag(bb, 0);
|
|
1305
|
+
const blocks1 = readStruct(bb, block_info1);
|
|
1306
|
+
if (doDebug2) {
|
|
1307
|
+
console.log(
|
|
1308
|
+
blocks1.map((b2) => ({
|
|
1309
|
+
tag: TagType[b2.tag] + " 0x" + b2.tag.toString(16),
|
|
1310
|
+
l: b2.length,
|
|
1311
|
+
p: b2.position,
|
|
1312
|
+
buff: bb.subarray(b2.position, b2.position + b2.length).toString("hex")
|
|
1313
|
+
}))
|
|
1314
|
+
);
|
|
1315
|
+
}
|
|
1316
|
+
const version = f(bb, blocks1[0]);
|
|
1317
|
+
const modulus = f(bb, blocks1[1]);
|
|
1318
|
+
const publicExponent = f(bb, blocks1[2]);
|
|
1319
|
+
const privateExponent = f(bb, blocks1[3]);
|
|
1320
|
+
const prime1 = f(bb, blocks1[4]);
|
|
1321
|
+
const prime2 = f(bb, blocks1[5]);
|
|
1322
|
+
const exponent1 = f(bb, blocks1[6]);
|
|
1323
|
+
const exponent2 = f(bb, blocks1[7]);
|
|
1324
|
+
return {
|
|
1325
|
+
version,
|
|
1326
|
+
modulus,
|
|
1327
|
+
publicExponent,
|
|
1328
|
+
privateExponent,
|
|
1329
|
+
prime1,
|
|
1330
|
+
prime2,
|
|
1331
|
+
exponent1,
|
|
1332
|
+
exponent2
|
|
1333
|
+
};
|
|
1334
|
+
}
|
|
1335
|
+
|
|
1336
|
+
// source/public_private_match.ts
|
|
1337
|
+
function publicKeyAndPrivateKeyMatches(certificate, privateKey) {
|
|
1338
|
+
const i = exploreCertificate(certificate);
|
|
1339
|
+
const j = explorePrivateKey(privateKey);
|
|
1340
|
+
const modulus1 = i.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.modulus;
|
|
1341
|
+
const modulus2 = j.modulus;
|
|
1342
|
+
if (modulus1.length != modulus2.length) {
|
|
1343
|
+
return false;
|
|
1344
|
+
}
|
|
1345
|
+
return modulus1.toString("hex") === modulus2.toString("hex");
|
|
1346
|
+
}
|
|
1347
|
+
function certificateMatchesPrivateKeyPEM(certificate, privateKey, blockSize) {
|
|
1348
|
+
const initialBuffer = Buffer.from("Lorem Ipsum");
|
|
1349
|
+
const encryptedBuffer = publicEncrypt_long(initialBuffer, certificate, blockSize);
|
|
1350
|
+
const decryptedBuffer = privateDecrypt_long(encryptedBuffer, privateKey, blockSize);
|
|
1351
|
+
const finalString = decryptedBuffer.toString("utf-8");
|
|
1352
|
+
return initialBuffer.toString("utf-8") === finalString;
|
|
1353
|
+
}
|
|
1354
|
+
function certificateMatchesPrivateKey(certificate, privateKey) {
|
|
1355
|
+
const e = explorePrivateKey(privateKey);
|
|
1356
|
+
const blockSize = e.modulus.length;
|
|
1357
|
+
const certificatePEM = toPem(certificate, "CERTIFICATE");
|
|
1358
|
+
return certificateMatchesPrivateKeyPEM(certificatePEM, privateKey, blockSize);
|
|
1359
|
+
}
|
|
1360
|
+
|
|
1361
|
+
// source/common.ts
|
|
1362
|
+
var import_crypto2 = __toESM(require("crypto"));
|
|
1363
|
+
var KeyObjectOrig = import_crypto2.default.KeyObject;
|
|
1364
|
+
var { createPrivateKey: createPrivateKeyFromNodeJSCrypto } = import_crypto2.default;
|
|
1365
|
+
function isKeyObject(mayBeKeyObject) {
|
|
1366
|
+
if (KeyObjectOrig) {
|
|
1367
|
+
return mayBeKeyObject instanceof KeyObjectOrig;
|
|
1368
|
+
}
|
|
1369
|
+
return typeof mayBeKeyObject === "object" && typeof mayBeKeyObject.type === "string";
|
|
1370
|
+
}
|
|
1371
|
+
var CertificatePurpose = /* @__PURE__ */ ((CertificatePurpose2) => {
|
|
1372
|
+
CertificatePurpose2[CertificatePurpose2["NotSpecified"] = 0] = "NotSpecified";
|
|
1373
|
+
CertificatePurpose2[CertificatePurpose2["ForCertificateAuthority"] = 1] = "ForCertificateAuthority";
|
|
1374
|
+
CertificatePurpose2[CertificatePurpose2["ForApplication"] = 2] = "ForApplication";
|
|
1375
|
+
CertificatePurpose2[CertificatePurpose2["ForUserAuthentication"] = 3] = "ForUserAuthentication";
|
|
1376
|
+
return CertificatePurpose2;
|
|
1377
|
+
})(CertificatePurpose || {});
|
|
1378
|
+
|
|
1379
|
+
// source/crypto_utils2.ts
|
|
1380
|
+
var import_assert5 = __toESM(require("assert"));
|
|
1381
|
+
var import_jsrsasign2 = __toESM(require("jsrsasign"));
|
|
1382
|
+
function rsaLengthPrivateKey(key) {
|
|
1383
|
+
const keyPem = typeof key.hidden === "string" ? key.hidden : key.hidden.export({ type: "pkcs1", format: "pem" }).toString();
|
|
1384
|
+
const a = import_jsrsasign2.default.KEYUTIL.getKey(keyPem);
|
|
1385
|
+
return a.n.toString(16).length / 2;
|
|
1386
|
+
}
|
|
1387
|
+
function toPem2(raw_key, pem) {
|
|
1388
|
+
if (raw_key.hidden) {
|
|
1389
|
+
return toPem2(raw_key.hidden, pem);
|
|
1390
|
+
}
|
|
1391
|
+
(0, import_assert5.default)(raw_key, "expecting a key");
|
|
1392
|
+
(0, import_assert5.default)(typeof pem === "string");
|
|
1393
|
+
if (isKeyObject(raw_key)) {
|
|
1394
|
+
const _raw_key = raw_key;
|
|
1395
|
+
if (pem === "RSA PRIVATE KEY") {
|
|
1396
|
+
return removeTrailingLF(_raw_key.export({ format: "pem", type: "pkcs1" }).toString());
|
|
1397
|
+
} else if (pem === "PRIVATE KEY") {
|
|
1398
|
+
return removeTrailingLF(_raw_key.export({ format: "pem", type: "pkcs8" }).toString());
|
|
1399
|
+
} else {
|
|
1400
|
+
throw new Error("Unsupported case!");
|
|
1401
|
+
}
|
|
1402
|
+
}
|
|
1403
|
+
return toPem(raw_key, pem);
|
|
1404
|
+
}
|
|
1405
|
+
function coercePrivateKeyPem(privateKey) {
|
|
1406
|
+
return toPem2(privateKey, "PRIVATE KEY");
|
|
1407
|
+
}
|
|
1408
|
+
function coercePublicKeyPem(publicKey) {
|
|
1409
|
+
if (isKeyObject(publicKey)) {
|
|
1410
|
+
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1411
|
+
}
|
|
1412
|
+
(0, import_assert5.default)(typeof publicKey === "string");
|
|
1413
|
+
return publicKey;
|
|
1414
|
+
}
|
|
1415
|
+
function coerceRsaPublicKeyPem(publicKey) {
|
|
1416
|
+
if (isKeyObject(publicKey)) {
|
|
1417
|
+
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1418
|
+
}
|
|
1419
|
+
(0, import_assert5.default)(typeof publicKey === "string");
|
|
1420
|
+
return publicKey;
|
|
1421
|
+
}
|
|
1422
|
+
function rsaLengthPublicKey(key) {
|
|
1423
|
+
key = coercePublicKeyPem(key);
|
|
1424
|
+
(0, import_assert5.default)(typeof key === "string");
|
|
1425
|
+
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1426
|
+
return a.n.toString(16).length / 2;
|
|
1427
|
+
}
|
|
1428
|
+
function rsaLengthRsaPublicKey(key) {
|
|
1429
|
+
key = coerceRsaPublicKeyPem(key);
|
|
1430
|
+
(0, import_assert5.default)(typeof key === "string");
|
|
1431
|
+
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1432
|
+
return a.n.toString(16).length / 2;
|
|
1433
|
+
}
|
|
1434
|
+
|
|
1435
|
+
// source/derived_keys.ts
|
|
1436
|
+
var import_assert7 = __toESM(require("assert"));
|
|
1437
|
+
var import_crypto3 = require("crypto");
|
|
1438
|
+
|
|
1303
1439
|
// source/explore_certificate.ts
|
|
1304
|
-
var
|
|
1440
|
+
var import_assert6 = __toESM(require("assert"));
|
|
1305
1441
|
function coerceCertificate(certificate) {
|
|
1306
1442
|
if (typeof certificate === "string") {
|
|
1307
1443
|
certificate = convertPEMtoDER(certificate);
|
|
1308
1444
|
}
|
|
1309
|
-
(0,
|
|
1445
|
+
(0, import_assert6.default)(certificate instanceof Buffer);
|
|
1310
1446
|
return certificate;
|
|
1311
1447
|
}
|
|
1312
1448
|
function exploreCertificateInfo(certificate) {
|
|
@@ -1333,8 +1469,8 @@ function plus(buf1, buf2) {
|
|
|
1333
1469
|
return Buffer.concat([buf1, buf2]);
|
|
1334
1470
|
}
|
|
1335
1471
|
function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
1336
|
-
(0,
|
|
1337
|
-
(0,
|
|
1472
|
+
(0, import_assert7.default)(seed instanceof Buffer);
|
|
1473
|
+
(0, import_assert7.default)(sha1or256 === "SHA1" || sha1or256 === "SHA256");
|
|
1338
1474
|
const a = [];
|
|
1339
1475
|
a[0] = seed;
|
|
1340
1476
|
let index = 1;
|
|
@@ -1347,12 +1483,12 @@ function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
|
1347
1483
|
return p_hash.subarray(0, minLength);
|
|
1348
1484
|
}
|
|
1349
1485
|
function computeDerivedKeys(secret, seed, options) {
|
|
1350
|
-
(0,
|
|
1351
|
-
(0,
|
|
1352
|
-
(0,
|
|
1353
|
-
(0,
|
|
1486
|
+
(0, import_assert7.default)(Number.isFinite(options.signatureLength));
|
|
1487
|
+
(0, import_assert7.default)(Number.isFinite(options.encryptingKeyLength));
|
|
1488
|
+
(0, import_assert7.default)(Number.isFinite(options.encryptingBlockSize));
|
|
1489
|
+
(0, import_assert7.default)(typeof options.algorithm === "string");
|
|
1354
1490
|
options.sha1or256 = options.sha1or256 || "SHA1";
|
|
1355
|
-
(0,
|
|
1491
|
+
(0, import_assert7.default)(typeof options.sha1or256 === "string");
|
|
1356
1492
|
const offset1 = options.signingKeyLength;
|
|
1357
1493
|
const offset2 = offset1 + options.encryptingKeyLength;
|
|
1358
1494
|
const minLength = offset2 + options.encryptingBlockSize;
|
|
@@ -1377,7 +1513,7 @@ function removePadding(buffer) {
|
|
|
1377
1513
|
return reduceLength(buffer, nbPaddingBytes);
|
|
1378
1514
|
}
|
|
1379
1515
|
function verifyChunkSignature(chunk, options) {
|
|
1380
|
-
(0,
|
|
1516
|
+
(0, import_assert7.default)(chunk instanceof Buffer);
|
|
1381
1517
|
let signatureLength = options.signatureLength || 0;
|
|
1382
1518
|
if (signatureLength === 0) {
|
|
1383
1519
|
const cert = exploreCertificateInfo(options.publicKey);
|
|
@@ -1388,16 +1524,16 @@ function verifyChunkSignature(chunk, options) {
|
|
|
1388
1524
|
return verifyMessageChunkSignature(block_to_verify, signature, options);
|
|
1389
1525
|
}
|
|
1390
1526
|
function computePaddingFooter(buffer, derivedKeys) {
|
|
1391
|
-
(0,
|
|
1527
|
+
(0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "encryptingBlockSize"));
|
|
1392
1528
|
const paddingSize = derivedKeys.encryptingBlockSize - (buffer.length + 1) % derivedKeys.encryptingBlockSize;
|
|
1393
1529
|
const padding = createFastUninitializedBuffer(paddingSize + 1);
|
|
1394
1530
|
padding.fill(paddingSize);
|
|
1395
1531
|
return padding;
|
|
1396
1532
|
}
|
|
1397
1533
|
function derivedKeys_algorithm(derivedKeys) {
|
|
1398
|
-
(0,
|
|
1534
|
+
(0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "algorithm"));
|
|
1399
1535
|
const algorithm = derivedKeys.algorithm || "aes-128-cbc";
|
|
1400
|
-
(0,
|
|
1536
|
+
(0, import_assert7.default)(algorithm === "aes-128-cbc" || algorithm === "aes-256-cbc");
|
|
1401
1537
|
return algorithm;
|
|
1402
1538
|
}
|
|
1403
1539
|
function encryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
@@ -1423,12 +1559,12 @@ function decryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
|
1423
1559
|
return Buffer.concat(decrypted_chunks);
|
|
1424
1560
|
}
|
|
1425
1561
|
function makeMessageChunkSignatureWithDerivedKeys(message, derivedKeys) {
|
|
1426
|
-
(0,
|
|
1427
|
-
(0,
|
|
1428
|
-
(0,
|
|
1429
|
-
(0,
|
|
1562
|
+
(0, import_assert7.default)(message instanceof Buffer);
|
|
1563
|
+
(0, import_assert7.default)(derivedKeys.signingKey instanceof Buffer);
|
|
1564
|
+
(0, import_assert7.default)(typeof derivedKeys.sha1or256 === "string");
|
|
1565
|
+
(0, import_assert7.default)(derivedKeys.sha1or256 === "SHA1" || derivedKeys.sha1or256 === "SHA256");
|
|
1430
1566
|
const signature = (0, import_crypto3.createHmac)(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
|
|
1431
|
-
(0,
|
|
1567
|
+
(0, import_assert7.default)(signature.length === derivedKeys.signatureLength);
|
|
1432
1568
|
return signature;
|
|
1433
1569
|
}
|
|
1434
1570
|
function verifyChunkSignatureWithDerivedKeys(chunk, derivedKeys) {
|
|
@@ -1438,170 +1574,75 @@ function verifyChunkSignatureWithDerivedKeys(chunk, derivedKeys) {
|
|
|
1438
1574
|
return computedSignature.toString("hex") === expectedSignature.toString("hex");
|
|
1439
1575
|
}
|
|
1440
1576
|
|
|
1441
|
-
// source/
|
|
1442
|
-
|
|
1443
|
-
|
|
1444
|
-
|
|
1445
|
-
|
|
1446
|
-
const
|
|
1447
|
-
|
|
1448
|
-
}
|
|
1449
|
-
|
|
1450
|
-
|
|
1451
|
-
|
|
1452
|
-
|
|
1453
|
-
|
|
1454
|
-
|
|
1455
|
-
|
|
1456
|
-
|
|
1457
|
-
|
|
1458
|
-
|
|
1459
|
-
|
|
1460
|
-
|
|
1461
|
-
|
|
1462
|
-
|
|
1463
|
-
}
|
|
1464
|
-
}
|
|
1465
|
-
return toPem(raw_key, pem);
|
|
1466
|
-
}
|
|
1467
|
-
function coercePrivateKeyPem(privateKey) {
|
|
1468
|
-
return toPem2(privateKey, "PRIVATE KEY");
|
|
1469
|
-
}
|
|
1470
|
-
function coercePublicKeyPem(publicKey) {
|
|
1471
|
-
if (isKeyObject(publicKey)) {
|
|
1472
|
-
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1473
|
-
}
|
|
1474
|
-
(0, import_assert6.default)(typeof publicKey === "string");
|
|
1475
|
-
return publicKey;
|
|
1476
|
-
}
|
|
1477
|
-
function coerceRsaPublicKeyPem(publicKey) {
|
|
1478
|
-
if (isKeyObject(publicKey)) {
|
|
1479
|
-
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1480
|
-
}
|
|
1481
|
-
(0, import_assert6.default)(typeof publicKey === "string");
|
|
1482
|
-
return publicKey;
|
|
1483
|
-
}
|
|
1484
|
-
function rsaLengthPublicKey(key) {
|
|
1485
|
-
key = coercePublicKeyPem(key);
|
|
1486
|
-
(0, import_assert6.default)(typeof key === "string");
|
|
1487
|
-
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1488
|
-
return a.n.toString(16).length / 2;
|
|
1489
|
-
}
|
|
1490
|
-
function rsaLengthRsaPublicKey(key) {
|
|
1491
|
-
key = coerceRsaPublicKeyPem(key);
|
|
1492
|
-
(0, import_assert6.default)(typeof key === "string");
|
|
1493
|
-
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1494
|
-
return a.n.toString(16).length / 2;
|
|
1495
|
-
}
|
|
1496
|
-
|
|
1497
|
-
// source/verify_certificate_signature.ts
|
|
1498
|
-
var import_crypto4 = require("crypto");
|
|
1499
|
-
function verifyCertificateOrClrSignature(certificateOrCrl, parentCertificate) {
|
|
1500
|
-
const block_info = readTag(certificateOrCrl, 0);
|
|
1501
|
-
const blocks = _readStruct(certificateOrCrl, block_info);
|
|
1502
|
-
const bufferToBeSigned = certificateOrCrl.subarray(block_info.position, blocks[1].position - 2);
|
|
1503
|
-
const signatureAlgorithm = _readAlgorithmIdentifier(certificateOrCrl, blocks[1]);
|
|
1504
|
-
const signatureValue = _readSignatureValueBin(certificateOrCrl, blocks[2]);
|
|
1505
|
-
const p = split_der(parentCertificate)[0];
|
|
1506
|
-
const certPem = toPem(p, "CERTIFICATE");
|
|
1507
|
-
const verify = (0, import_crypto4.createVerify)(signatureAlgorithm.identifier);
|
|
1508
|
-
verify.update(bufferToBeSigned);
|
|
1509
|
-
verify.end();
|
|
1510
|
-
return verify.verify(certPem, signatureValue);
|
|
1511
|
-
}
|
|
1512
|
-
function verifyCertificateSignature(certificate, parentCertificate) {
|
|
1513
|
-
return verifyCertificateOrClrSignature(certificate, parentCertificate);
|
|
1514
|
-
}
|
|
1515
|
-
function verifyCertificateRevocationListSignature(certificateRevocationList, parentCertificate) {
|
|
1516
|
-
return verifyCertificateOrClrSignature(certificateRevocationList, parentCertificate);
|
|
1517
|
-
}
|
|
1518
|
-
async function verifyCertificateChain(certificateChain) {
|
|
1519
|
-
for (let index = 1; index < certificateChain.length; index++) {
|
|
1520
|
-
const cert = certificateChain[index - 1];
|
|
1521
|
-
const certParent = certificateChain[index];
|
|
1522
|
-
const certParentInfo = exploreCertificate(certParent);
|
|
1523
|
-
const keyUsage = certParentInfo.tbsCertificate.extensions.keyUsage;
|
|
1524
|
-
if (!keyUsage.keyCertSign) {
|
|
1525
|
-
return {
|
|
1526
|
-
status: "BadCertificateIssuerUseNotAllowed",
|
|
1527
|
-
reason: "One of the certificate in the chain has not keyUsage set for Certificate Signing"
|
|
1528
|
-
};
|
|
1529
|
-
}
|
|
1530
|
-
const parentSignChild = verifyCertificateSignature(cert, certParent);
|
|
1531
|
-
if (!parentSignChild) {
|
|
1532
|
-
return {
|
|
1533
|
-
status: "BadCertificateInvalid",
|
|
1534
|
-
reason: "One of the certificate in the chain is not signing the previous certificate"
|
|
1535
|
-
};
|
|
1536
|
-
}
|
|
1537
|
-
const certInfo = exploreCertificate(cert);
|
|
1538
|
-
if (!certInfo.tbsCertificate.extensions) {
|
|
1539
|
-
return {
|
|
1540
|
-
status: "BadCertificateInvalid",
|
|
1541
|
-
reason: "Cannot find X409 Extension 3 in certificate"
|
|
1542
|
-
};
|
|
1543
|
-
}
|
|
1544
|
-
if (!certParentInfo.tbsCertificate.extensions || !certInfo.tbsCertificate.extensions.authorityKeyIdentifier) {
|
|
1545
|
-
return {
|
|
1546
|
-
status: "BadCertificateInvalid",
|
|
1547
|
-
reason: "Cannot find X409 Extension 3 in certificate (parent)"
|
|
1548
|
-
};
|
|
1549
|
-
}
|
|
1550
|
-
if (certParentInfo.tbsCertificate.extensions.subjectKeyIdentifier !== certInfo.tbsCertificate.extensions.authorityKeyIdentifier.keyIdentifier) {
|
|
1551
|
-
return {
|
|
1552
|
-
status: "BadCertificateInvalid",
|
|
1553
|
-
reason: "subjectKeyIdentifier authorityKeyIdentifier in child certificate do not match subjectKeyIdentifier of parent certificate"
|
|
1554
|
-
};
|
|
1577
|
+
// source/explore_asn1.ts
|
|
1578
|
+
function t(tag) {
|
|
1579
|
+
return TagType[tag];
|
|
1580
|
+
}
|
|
1581
|
+
function bi(blockInfo, depth) {
|
|
1582
|
+
const indent = " ".repeat(depth);
|
|
1583
|
+
const hl = blockInfo.position - blockInfo.start;
|
|
1584
|
+
return `${blockInfo.start.toString().padStart(5, " ")}:d=${depth} hl=${hl.toString().padEnd(3, " ")} l=${blockInfo.length.toString().padStart(6, " ")} ${blockInfo.tag.toString(16).padEnd(2, " ")} ${indent} ${t(blockInfo.tag)}`;
|
|
1585
|
+
}
|
|
1586
|
+
function exploreAsn1(buffer) {
|
|
1587
|
+
console.log(hexDump(buffer));
|
|
1588
|
+
function dump(offset, depth) {
|
|
1589
|
+
const blockInfo = readTag(buffer, offset);
|
|
1590
|
+
dumpBlock(blockInfo, depth);
|
|
1591
|
+
function dumpBlock(blockInfo2, depth2) {
|
|
1592
|
+
console.log(bi(blockInfo2, depth2));
|
|
1593
|
+
if (blockInfo2.tag === 48 /* SEQUENCE */ || blockInfo2.tag === 49 /* SET */ || blockInfo2.tag >= 160 /* CONTEXT_SPECIFIC0 */) {
|
|
1594
|
+
const blocks = readStruct(buffer, blockInfo2);
|
|
1595
|
+
for (const block of blocks) {
|
|
1596
|
+
dumpBlock(block, depth2 + 1);
|
|
1597
|
+
}
|
|
1598
|
+
}
|
|
1555
1599
|
}
|
|
1556
1600
|
}
|
|
1557
|
-
|
|
1558
|
-
status: "Good",
|
|
1559
|
-
reason: `certificate chain is valid(length = ${certificateChain.length})`
|
|
1560
|
-
};
|
|
1601
|
+
dump(0, 0);
|
|
1561
1602
|
}
|
|
1562
1603
|
|
|
1563
1604
|
// source/explore_certificate_revocation_list.ts
|
|
1564
1605
|
function readNameForCrl(buffer, block) {
|
|
1565
|
-
return
|
|
1606
|
+
return readDirectoryName(buffer, block);
|
|
1566
1607
|
}
|
|
1567
1608
|
function _readTbsCertList(buffer, blockInfo) {
|
|
1568
|
-
const blocks =
|
|
1609
|
+
const blocks = readStruct(buffer, blockInfo);
|
|
1569
1610
|
const hasOptionalVersion = blocks[0].tag === 2 /* INTEGER */;
|
|
1570
1611
|
if (hasOptionalVersion) {
|
|
1571
|
-
const version =
|
|
1572
|
-
const signature =
|
|
1612
|
+
const version = readIntegerValue(buffer, blocks[0]);
|
|
1613
|
+
const signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
1573
1614
|
const issuer = readNameForCrl(buffer, blocks[2]);
|
|
1574
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1575
|
-
const thisUpdate =
|
|
1576
|
-
const nextUpdate =
|
|
1615
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[2])));
|
|
1616
|
+
const thisUpdate = readTime(buffer, blocks[3]);
|
|
1617
|
+
const nextUpdate = readTime(buffer, blocks[4]);
|
|
1577
1618
|
const revokedCertificates = [];
|
|
1578
1619
|
if (blocks[5] && blocks[5].tag < 128) {
|
|
1579
|
-
const list =
|
|
1620
|
+
const list = readStruct(buffer, blocks[5]);
|
|
1580
1621
|
for (const r of list) {
|
|
1581
|
-
const rr =
|
|
1582
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1583
|
-
const revocationDate =
|
|
1622
|
+
const rr = readStruct(buffer, r);
|
|
1623
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1624
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1584
1625
|
revokedCertificates.push({
|
|
1585
1626
|
revocationDate,
|
|
1586
1627
|
userCertificate
|
|
1587
1628
|
});
|
|
1588
1629
|
}
|
|
1589
1630
|
}
|
|
1590
|
-
const ext0 =
|
|
1631
|
+
const ext0 = findBlockAtIndex(blocks, 0);
|
|
1591
1632
|
return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
|
|
1592
1633
|
} else {
|
|
1593
|
-
const signature =
|
|
1634
|
+
const signature = readAlgorithmIdentifier(buffer, blocks[0]);
|
|
1594
1635
|
const issuer = readNameForCrl(buffer, blocks[1]);
|
|
1595
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1596
|
-
const thisUpdate =
|
|
1597
|
-
const nextUpdate =
|
|
1636
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[1])));
|
|
1637
|
+
const thisUpdate = readTime(buffer, blocks[2]);
|
|
1638
|
+
const nextUpdate = readTime(buffer, blocks[3]);
|
|
1598
1639
|
const revokedCertificates = [];
|
|
1599
1640
|
if (blocks[4] && blocks[4].tag < 128) {
|
|
1600
|
-
const list =
|
|
1641
|
+
const list = readStruct(buffer, blocks[4]);
|
|
1601
1642
|
for (const r of list) {
|
|
1602
|
-
const rr =
|
|
1603
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1604
|
-
const revocationDate =
|
|
1643
|
+
const rr = readStruct(buffer, r);
|
|
1644
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1645
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1605
1646
|
revokedCertificates.push({
|
|
1606
1647
|
revocationDate,
|
|
1607
1648
|
userCertificate
|
|
@@ -1613,224 +1654,59 @@ function _readTbsCertList(buffer, blockInfo) {
|
|
|
1613
1654
|
}
|
|
1614
1655
|
function exploreCertificateRevocationList(crl) {
|
|
1615
1656
|
const blockInfo = readTag(crl, 0);
|
|
1616
|
-
const blocks =
|
|
1657
|
+
const blocks = readStruct(crl, blockInfo);
|
|
1617
1658
|
const tbsCertList = _readTbsCertList(crl, blocks[0]);
|
|
1618
|
-
const signatureAlgorithm =
|
|
1619
|
-
const signatureValue =
|
|
1659
|
+
const signatureAlgorithm = readAlgorithmIdentifier(crl, blocks[1]);
|
|
1660
|
+
const signatureValue = readSignatureValueBin(crl, blocks[2]);
|
|
1620
1661
|
return { tbsCertList, signatureAlgorithm, signatureValue };
|
|
1621
1662
|
}
|
|
1622
1663
|
|
|
1623
1664
|
// source/explore_certificate_signing_request.ts
|
|
1624
1665
|
function _readExtensionRequest(buffer) {
|
|
1625
1666
|
const block = readTag(buffer, 0);
|
|
1626
|
-
const inner_blocks =
|
|
1627
|
-
const extensions = inner_blocks.map((block1) =>
|
|
1667
|
+
const inner_blocks = readStruct(buffer, block);
|
|
1668
|
+
const extensions = inner_blocks.map((block1) => readExtension(buffer, block1));
|
|
1628
1669
|
const result = {};
|
|
1629
1670
|
for (const e of extensions) {
|
|
1630
|
-
result[e.identifier.name] = e.value;
|
|
1631
|
-
}
|
|
1632
|
-
const { basicConstraints, keyUsage, subjectAltName } = result;
|
|
1633
|
-
return { basicConstraints, keyUsage, subjectAltName };
|
|
1634
|
-
}
|
|
1635
|
-
function readCertificationRequestInfo(buffer, block) {
|
|
1636
|
-
const blocks = _readStruct(buffer, block);
|
|
1637
|
-
if (blocks.length === 4) {
|
|
1638
|
-
const extensionRequestBlock = _findBlockAtIndex(blocks, 0);
|
|
1639
|
-
if (!extensionRequestBlock) {
|
|
1640
|
-
throw new Error("cannot find extensionRequest block");
|
|
1641
|
-
}
|
|
1642
|
-
const blocks1 = _readStruct(buffer, extensionRequestBlock);
|
|
1643
|
-
const blocks2 = _readStruct(buffer, blocks1[0]);
|
|
1644
|
-
const identifier = _readObjectIdentifier(buffer, blocks2[0]);
|
|
1645
|
-
if (identifier.name !== "extensionRequest") {
|
|
1646
|
-
throw new Error(" Cannot find extension Request in ASN1 block");
|
|
1647
|
-
}
|
|
1648
|
-
const buf = _getBlock(buffer, blocks2[1]);
|
|
1649
|
-
const extensionRequest = _readExtensionRequest(buf);
|
|
1650
|
-
return { extensionRequest };
|
|
1651
|
-
}
|
|
1652
|
-
throw new Error("Invalid CSR or ");
|
|
1653
|
-
}
|
|
1654
|
-
function exploreCertificateSigningRequest(crl) {
|
|
1655
|
-
const blockInfo = readTag(crl, 0);
|
|
1656
|
-
const blocks = _readStruct(crl, blockInfo);
|
|
1657
|
-
const csrInfo = readCertificationRequestInfo(crl, blocks[0]);
|
|
1658
|
-
return csrInfo;
|
|
1659
|
-
}
|
|
1660
|
-
|
|
1661
|
-
// source/explore_private_key.ts
|
|
1662
|
-
function f(buffer, b) {
|
|
1663
|
-
return buffer.subarray(b.position + 1, b.position + b.length);
|
|
1664
|
-
}
|
|
1665
|
-
var doDebug2 = !!process.env.DEBUG;
|
|
1666
|
-
function explorePrivateKey(privateKey2) {
|
|
1667
|
-
const privateKey1 = privateKey2.hidden;
|
|
1668
|
-
const privateKey = typeof privateKey1 === "string" ? convertPEMtoDER(privateKey1) : privateKey1.export({ format: "der", type: "pkcs1" });
|
|
1669
|
-
const block_info = readTag(privateKey, 0);
|
|
1670
|
-
const blocks = _readStruct(privateKey, block_info);
|
|
1671
|
-
if (blocks.length === 9) {
|
|
1672
|
-
const version2 = f(privateKey, blocks[0]);
|
|
1673
|
-
const modulus2 = f(privateKey, blocks[1]);
|
|
1674
|
-
const publicExponent2 = f(privateKey, blocks[2]);
|
|
1675
|
-
const privateExponent2 = f(privateKey, blocks[3]);
|
|
1676
|
-
const prime12 = f(privateKey, blocks[4]);
|
|
1677
|
-
const prime22 = f(privateKey, blocks[5]);
|
|
1678
|
-
const exponent12 = f(privateKey, blocks[6]);
|
|
1679
|
-
const exponent22 = f(privateKey, blocks[7]);
|
|
1680
|
-
return {
|
|
1681
|
-
version: version2,
|
|
1682
|
-
modulus: modulus2,
|
|
1683
|
-
publicExponent: publicExponent2,
|
|
1684
|
-
privateExponent: privateExponent2,
|
|
1685
|
-
prime1: prime12,
|
|
1686
|
-
prime2: prime22,
|
|
1687
|
-
exponent1: exponent12,
|
|
1688
|
-
exponent2: exponent22
|
|
1689
|
-
};
|
|
1690
|
-
}
|
|
1691
|
-
if (doDebug2) {
|
|
1692
|
-
console.log("-------------------- private key:");
|
|
1693
|
-
console.log(block_info);
|
|
1694
|
-
console.log(
|
|
1695
|
-
blocks.map((b2) => ({
|
|
1696
|
-
tag: TagType[b2.tag] + " 0x" + b2.tag.toString(16),
|
|
1697
|
-
l: b2.length,
|
|
1698
|
-
p: b2.position,
|
|
1699
|
-
buff: privateKey.subarray(b2.position, b2.position + b2.length).toString("hex")
|
|
1700
|
-
}))
|
|
1701
|
-
);
|
|
1702
|
-
}
|
|
1703
|
-
const b = blocks[2];
|
|
1704
|
-
const bb = privateKey.subarray(b.position, b.position + b.length);
|
|
1705
|
-
const block_info1 = readTag(bb, 0);
|
|
1706
|
-
const blocks1 = _readStruct(bb, block_info1);
|
|
1707
|
-
if (doDebug2) {
|
|
1708
|
-
console.log(
|
|
1709
|
-
blocks1.map((b2) => ({
|
|
1710
|
-
tag: TagType[b2.tag] + " 0x" + b2.tag.toString(16),
|
|
1711
|
-
l: b2.length,
|
|
1712
|
-
p: b2.position,
|
|
1713
|
-
buff: bb.subarray(b2.position, b2.position + b2.length).toString("hex")
|
|
1714
|
-
}))
|
|
1715
|
-
);
|
|
1716
|
-
}
|
|
1717
|
-
const version = f(bb, blocks1[0]);
|
|
1718
|
-
const modulus = f(bb, blocks1[1]);
|
|
1719
|
-
const publicExponent = f(bb, blocks1[2]);
|
|
1720
|
-
const privateExponent = f(bb, blocks1[3]);
|
|
1721
|
-
const prime1 = f(bb, blocks1[4]);
|
|
1722
|
-
const prime2 = f(bb, blocks1[5]);
|
|
1723
|
-
const exponent1 = f(bb, blocks1[6]);
|
|
1724
|
-
const exponent2 = f(bb, blocks1[7]);
|
|
1725
|
-
return {
|
|
1726
|
-
version,
|
|
1727
|
-
modulus,
|
|
1728
|
-
publicExponent,
|
|
1729
|
-
privateExponent,
|
|
1730
|
-
prime1,
|
|
1731
|
-
prime2,
|
|
1732
|
-
exponent1,
|
|
1733
|
-
exponent2
|
|
1734
|
-
};
|
|
1735
|
-
}
|
|
1736
|
-
|
|
1737
|
-
// source/public_private_match.ts
|
|
1738
|
-
function publicKeyAndPrivateKeyMatches(certificate, privateKey) {
|
|
1739
|
-
const i = exploreCertificate(certificate);
|
|
1740
|
-
const j = explorePrivateKey(privateKey);
|
|
1741
|
-
const modulus1 = i.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.modulus;
|
|
1742
|
-
const modulus2 = j.modulus;
|
|
1743
|
-
if (modulus1.length != modulus2.length) {
|
|
1744
|
-
return false;
|
|
1745
|
-
}
|
|
1746
|
-
return modulus1.toString("hex") === modulus2.toString("hex");
|
|
1747
|
-
}
|
|
1748
|
-
function certificateMatchesPrivateKeyPEM(certificate, privateKey, blockSize) {
|
|
1749
|
-
const initialBuffer = Buffer.from("Lorem Ipsum");
|
|
1750
|
-
const encryptedBuffer = publicEncrypt_long(initialBuffer, certificate, blockSize);
|
|
1751
|
-
const decryptedBuffer = privateDecrypt_long(encryptedBuffer, privateKey, blockSize);
|
|
1752
|
-
const finalString = decryptedBuffer.toString("utf-8");
|
|
1753
|
-
return initialBuffer.toString("utf-8") === finalString;
|
|
1754
|
-
}
|
|
1755
|
-
function certificateMatchesPrivateKey(certificate, privateKey) {
|
|
1756
|
-
const e = explorePrivateKey(privateKey);
|
|
1757
|
-
const blockSize = e.modulus.length;
|
|
1758
|
-
const certificatePEM = toPem(certificate, "CERTIFICATE");
|
|
1759
|
-
return certificateMatchesPrivateKeyPEM(certificatePEM, privateKey, blockSize);
|
|
1760
|
-
}
|
|
1761
|
-
|
|
1762
|
-
// source/x509/_crypto.ts
|
|
1763
|
-
var x509 = __toESM(require("@peculiar/x509"));
|
|
1764
|
-
var import_webcrypto = require("@peculiar/webcrypto");
|
|
1765
|
-
var import_crypto5 = __toESM(require("crypto"));
|
|
1766
|
-
var x5092 = __toESM(require("@peculiar/x509"));
|
|
1767
|
-
var doDebug3 = false;
|
|
1768
|
-
var _crypto;
|
|
1769
|
-
var ignoreCrypto = process.env.IGNORE_SUBTLE_FROM_CRYPTO;
|
|
1770
|
-
if (typeof window === "undefined") {
|
|
1771
|
-
_crypto = import_crypto5.default;
|
|
1772
|
-
if (!_crypto?.subtle || ignoreCrypto) {
|
|
1773
|
-
_crypto = new import_webcrypto.Crypto();
|
|
1774
|
-
doDebug3 && console.warn("using @peculiar/webcrypto");
|
|
1775
|
-
} else {
|
|
1776
|
-
doDebug3 && console.warn("using nodejs crypto (native)");
|
|
1777
|
-
}
|
|
1778
|
-
x509.cryptoProvider.set(_crypto);
|
|
1779
|
-
} else {
|
|
1780
|
-
doDebug3 && console.warn("using browser crypto (native)");
|
|
1781
|
-
_crypto = crypto;
|
|
1782
|
-
x509.cryptoProvider.set(crypto);
|
|
1783
|
-
}
|
|
1784
|
-
function getCrypto() {
|
|
1785
|
-
return _crypto || crypto || require("crypto");
|
|
1786
|
-
}
|
|
1787
|
-
|
|
1788
|
-
// source/x509/create_key_pair.ts
|
|
1789
|
-
async function generateKeyPair(modulusLength = 2048) {
|
|
1790
|
-
const crypto3 = getCrypto();
|
|
1791
|
-
const alg = {
|
|
1792
|
-
name: "RSASSA-PKCS1-v1_5",
|
|
1793
|
-
hash: { name: "SHA-256" },
|
|
1794
|
-
publicExponent: new Uint8Array([1, 0, 1]),
|
|
1795
|
-
modulusLength
|
|
1796
|
-
};
|
|
1797
|
-
const keys = await crypto3.subtle.generateKey(alg, true, ["sign", "verify"]);
|
|
1798
|
-
return keys;
|
|
1671
|
+
result[e.identifier.name] = e.value;
|
|
1672
|
+
}
|
|
1673
|
+
const { basicConstraints, keyUsage, subjectAltName } = result;
|
|
1674
|
+
return { basicConstraints, keyUsage, subjectAltName };
|
|
1799
1675
|
}
|
|
1800
|
-
|
|
1801
|
-
|
|
1676
|
+
function readCertificationRequestInfo(buffer, block) {
|
|
1677
|
+
const blocks = readStruct(buffer, block);
|
|
1678
|
+
if (blocks.length === 4) {
|
|
1679
|
+
const extensionRequestBlock = findBlockAtIndex(blocks, 0);
|
|
1680
|
+
if (!extensionRequestBlock) {
|
|
1681
|
+
throw new Error("cannot find extensionRequest block");
|
|
1682
|
+
}
|
|
1683
|
+
const blocks1 = readStruct(buffer, extensionRequestBlock);
|
|
1684
|
+
const blocks2 = readStruct(buffer, blocks1[0]);
|
|
1685
|
+
const identifier = readObjectIdentifier(buffer, blocks2[0]);
|
|
1686
|
+
if (identifier.name !== "extensionRequest") {
|
|
1687
|
+
throw new Error(" Cannot find extension Request in ASN1 block");
|
|
1688
|
+
}
|
|
1689
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
1690
|
+
const extensionRequest = _readExtensionRequest(buf);
|
|
1691
|
+
return { extensionRequest };
|
|
1692
|
+
}
|
|
1693
|
+
throw new Error("Invalid CSR or ");
|
|
1802
1694
|
}
|
|
1803
|
-
|
|
1804
|
-
const
|
|
1805
|
-
const
|
|
1806
|
-
const
|
|
1807
|
-
return
|
|
1695
|
+
function exploreCertificateSigningRequest(crl) {
|
|
1696
|
+
const blockInfo = readTag(crl, 0);
|
|
1697
|
+
const blocks = readStruct(crl, blockInfo);
|
|
1698
|
+
const csrInfo = readCertificationRequestInfo(crl, blocks[0]);
|
|
1699
|
+
return csrInfo;
|
|
1808
1700
|
}
|
|
1809
|
-
|
|
1810
|
-
|
|
1811
|
-
|
|
1812
|
-
|
|
1813
|
-
privDer,
|
|
1814
|
-
{
|
|
1815
|
-
name: "RSASSA-PKCS1-v1_5",
|
|
1816
|
-
hash: { name: "SHA-256" }
|
|
1817
|
-
},
|
|
1818
|
-
true,
|
|
1819
|
-
[
|
|
1820
|
-
"sign"
|
|
1821
|
-
// "encrypt",
|
|
1822
|
-
// "decrypt",
|
|
1823
|
-
// "verify",
|
|
1824
|
-
// "wrapKey",
|
|
1825
|
-
// "unwrapKey",
|
|
1826
|
-
// "deriveKey",
|
|
1827
|
-
// "deriveBits"
|
|
1828
|
-
]
|
|
1829
|
-
);
|
|
1701
|
+
|
|
1702
|
+
// source/make_private_key_from_pem.ts
|
|
1703
|
+
function makePrivateKeyFromPem(privateKeyInPem) {
|
|
1704
|
+
return { hidden: privateKeyInPem };
|
|
1830
1705
|
}
|
|
1831
|
-
|
|
1832
|
-
|
|
1833
|
-
|
|
1706
|
+
|
|
1707
|
+
// source/make_private_key_thumbprint.ts
|
|
1708
|
+
function makePrivateKeyThumbPrint(privateKey) {
|
|
1709
|
+
return Buffer.alloc(0);
|
|
1834
1710
|
}
|
|
1835
1711
|
|
|
1836
1712
|
// source/subject.ts
|
|
@@ -1915,11 +1791,180 @@ var Subject = class _Subject {
|
|
|
1915
1791
|
return this.toStringInternal("/");
|
|
1916
1792
|
}
|
|
1917
1793
|
toString() {
|
|
1918
|
-
const
|
|
1919
|
-
return
|
|
1794
|
+
const t2 = this.toStringForOPCUA();
|
|
1795
|
+
return t2 ? "/" + t2 : t2;
|
|
1920
1796
|
}
|
|
1921
1797
|
};
|
|
1922
1798
|
|
|
1799
|
+
// source/verify_certificate_signature.ts
|
|
1800
|
+
var import_crypto4 = require("crypto");
|
|
1801
|
+
function verifyCertificateOrClrSignature(certificateOrCrl, parentCertificate) {
|
|
1802
|
+
const block_info = readTag(certificateOrCrl, 0);
|
|
1803
|
+
const blocks = readStruct(certificateOrCrl, block_info);
|
|
1804
|
+
const bufferToBeSigned = certificateOrCrl.subarray(block_info.position, blocks[1].position - 2);
|
|
1805
|
+
const signatureAlgorithm = readAlgorithmIdentifier(certificateOrCrl, blocks[1]);
|
|
1806
|
+
const signatureValue = readSignatureValueBin(certificateOrCrl, blocks[2]);
|
|
1807
|
+
const p = split_der(parentCertificate)[0];
|
|
1808
|
+
const certPem = toPem(p, "CERTIFICATE");
|
|
1809
|
+
const verify = (0, import_crypto4.createVerify)(signatureAlgorithm.identifier);
|
|
1810
|
+
verify.update(bufferToBeSigned);
|
|
1811
|
+
verify.end();
|
|
1812
|
+
return verify.verify(certPem, signatureValue);
|
|
1813
|
+
}
|
|
1814
|
+
function verifyCertificateSignature(certificate, parentCertificate) {
|
|
1815
|
+
return verifyCertificateOrClrSignature(certificate, parentCertificate);
|
|
1816
|
+
}
|
|
1817
|
+
function verifyCertificateRevocationListSignature(certificateRevocationList, parentCertificate) {
|
|
1818
|
+
return verifyCertificateOrClrSignature(certificateRevocationList, parentCertificate);
|
|
1819
|
+
}
|
|
1820
|
+
async function verifyCertificateChain(certificateChain) {
|
|
1821
|
+
for (let index = 1; index < certificateChain.length; index++) {
|
|
1822
|
+
const cert = certificateChain[index - 1];
|
|
1823
|
+
const certParent = certificateChain[index];
|
|
1824
|
+
const certParentInfo = exploreCertificate(certParent);
|
|
1825
|
+
const keyUsage = certParentInfo.tbsCertificate.extensions.keyUsage;
|
|
1826
|
+
if (!keyUsage.keyCertSign) {
|
|
1827
|
+
return {
|
|
1828
|
+
status: "BadCertificateIssuerUseNotAllowed",
|
|
1829
|
+
reason: "One of the certificate in the chain has not keyUsage set for Certificate Signing"
|
|
1830
|
+
};
|
|
1831
|
+
}
|
|
1832
|
+
const parentSignChild = verifyCertificateSignature(cert, certParent);
|
|
1833
|
+
if (!parentSignChild) {
|
|
1834
|
+
return {
|
|
1835
|
+
status: "BadCertificateInvalid",
|
|
1836
|
+
reason: "One of the certificate in the chain is not signing the previous certificate"
|
|
1837
|
+
};
|
|
1838
|
+
}
|
|
1839
|
+
const certInfo = exploreCertificate(cert);
|
|
1840
|
+
if (!certInfo.tbsCertificate.extensions) {
|
|
1841
|
+
return {
|
|
1842
|
+
status: "BadCertificateInvalid",
|
|
1843
|
+
reason: "Cannot find X409 Extension 3 in certificate"
|
|
1844
|
+
};
|
|
1845
|
+
}
|
|
1846
|
+
if (!certParentInfo.tbsCertificate.extensions || !certInfo.tbsCertificate.extensions.authorityKeyIdentifier) {
|
|
1847
|
+
return {
|
|
1848
|
+
status: "BadCertificateInvalid",
|
|
1849
|
+
reason: "Cannot find X409 Extension 3 in certificate (parent)"
|
|
1850
|
+
};
|
|
1851
|
+
}
|
|
1852
|
+
if (certParentInfo.tbsCertificate.extensions.subjectKeyIdentifier !== certInfo.tbsCertificate.extensions.authorityKeyIdentifier.keyIdentifier) {
|
|
1853
|
+
return {
|
|
1854
|
+
status: "BadCertificateInvalid",
|
|
1855
|
+
reason: "subjectKeyIdentifier authorityKeyIdentifier in child certificate do not match subjectKeyIdentifier of parent certificate"
|
|
1856
|
+
};
|
|
1857
|
+
}
|
|
1858
|
+
}
|
|
1859
|
+
return {
|
|
1860
|
+
status: "Good",
|
|
1861
|
+
reason: `certificate chain is valid(length = ${certificateChain.length})`
|
|
1862
|
+
};
|
|
1863
|
+
}
|
|
1864
|
+
|
|
1865
|
+
// source/x509/_crypto.ts
|
|
1866
|
+
var x509 = __toESM(require("@peculiar/x509"));
|
|
1867
|
+
var import_webcrypto = require("@peculiar/webcrypto");
|
|
1868
|
+
var import_crypto5 = __toESM(require("crypto"));
|
|
1869
|
+
var x5092 = __toESM(require("@peculiar/x509"));
|
|
1870
|
+
var doDebug3 = false;
|
|
1871
|
+
var _crypto;
|
|
1872
|
+
var ignoreCrypto = process.env.IGNORE_SUBTLE_FROM_CRYPTO;
|
|
1873
|
+
if (typeof window === "undefined") {
|
|
1874
|
+
_crypto = import_crypto5.default;
|
|
1875
|
+
if (!_crypto?.subtle || ignoreCrypto) {
|
|
1876
|
+
_crypto = new import_webcrypto.Crypto();
|
|
1877
|
+
doDebug3 && console.warn("using @peculiar/webcrypto");
|
|
1878
|
+
} else {
|
|
1879
|
+
doDebug3 && console.warn("using nodejs crypto (native)");
|
|
1880
|
+
}
|
|
1881
|
+
x509.cryptoProvider.set(_crypto);
|
|
1882
|
+
} else {
|
|
1883
|
+
doDebug3 && console.warn("using browser crypto (native)");
|
|
1884
|
+
_crypto = crypto;
|
|
1885
|
+
x509.cryptoProvider.set(crypto);
|
|
1886
|
+
}
|
|
1887
|
+
function getCrypto() {
|
|
1888
|
+
return _crypto || crypto || require("crypto");
|
|
1889
|
+
}
|
|
1890
|
+
|
|
1891
|
+
// source/x509/create_key_pair.ts
|
|
1892
|
+
async function generateKeyPair(modulusLength = 2048) {
|
|
1893
|
+
const crypto3 = getCrypto();
|
|
1894
|
+
const alg = {
|
|
1895
|
+
name: "RSASSA-PKCS1-v1_5",
|
|
1896
|
+
hash: { name: "SHA-256" },
|
|
1897
|
+
publicExponent: new Uint8Array([1, 0, 1]),
|
|
1898
|
+
modulusLength
|
|
1899
|
+
};
|
|
1900
|
+
const keys = await crypto3.subtle.generateKey(alg, true, ["sign", "verify"]);
|
|
1901
|
+
return keys;
|
|
1902
|
+
}
|
|
1903
|
+
async function generatePrivateKey(modulusLength = 2048) {
|
|
1904
|
+
return (await generateKeyPair(modulusLength)).privateKey;
|
|
1905
|
+
}
|
|
1906
|
+
async function privateKeyToPEM(privateKey) {
|
|
1907
|
+
const crypto3 = getCrypto();
|
|
1908
|
+
const privDer = await crypto3.subtle.exportKey("pkcs8", privateKey);
|
|
1909
|
+
const privPem = x5092.PemConverter.encode(privDer, "PRIVATE KEY");
|
|
1910
|
+
return { privPem, privDer };
|
|
1911
|
+
}
|
|
1912
|
+
async function derToPrivateKey(privDer) {
|
|
1913
|
+
const crypto3 = getCrypto();
|
|
1914
|
+
return await crypto3.subtle.importKey(
|
|
1915
|
+
"pkcs8",
|
|
1916
|
+
privDer,
|
|
1917
|
+
{
|
|
1918
|
+
name: "RSASSA-PKCS1-v1_5",
|
|
1919
|
+
hash: { name: "SHA-256" }
|
|
1920
|
+
},
|
|
1921
|
+
true,
|
|
1922
|
+
[
|
|
1923
|
+
"sign"
|
|
1924
|
+
// "encrypt",
|
|
1925
|
+
// "decrypt",
|
|
1926
|
+
// "verify",
|
|
1927
|
+
// "wrapKey",
|
|
1928
|
+
// "unwrapKey",
|
|
1929
|
+
// "deriveKey",
|
|
1930
|
+
// "deriveBits"
|
|
1931
|
+
]
|
|
1932
|
+
);
|
|
1933
|
+
}
|
|
1934
|
+
async function pemToPrivateKey(pem) {
|
|
1935
|
+
const privDer = x5092.PemConverter.decode(pem);
|
|
1936
|
+
return derToPrivateKey(privDer[0]);
|
|
1937
|
+
}
|
|
1938
|
+
|
|
1939
|
+
// source/x509/coerce_private_key.ts
|
|
1940
|
+
var crypto2 = getCrypto();
|
|
1941
|
+
var doDebug4 = false;
|
|
1942
|
+
function coercePEMorDerToPrivateKey(privateKeyInDerOrPem) {
|
|
1943
|
+
if (typeof privateKeyInDerOrPem === "string") {
|
|
1944
|
+
const hidden = createPrivateKeyFromNodeJSCrypto(privateKeyInDerOrPem);
|
|
1945
|
+
return { hidden };
|
|
1946
|
+
}
|
|
1947
|
+
throw new Error("not implemented");
|
|
1948
|
+
}
|
|
1949
|
+
async function _coercePrivateKey(privateKey) {
|
|
1950
|
+
const KeyObject4 = crypto2.KeyObject;
|
|
1951
|
+
if (privateKey instanceof Buffer) {
|
|
1952
|
+
const privateKey1 = await derToPrivateKey(privateKey);
|
|
1953
|
+
return KeyObject4.from(privateKey1);
|
|
1954
|
+
} else if (typeof privateKey === "string") {
|
|
1955
|
+
try {
|
|
1956
|
+
const privateKey1 = await pemToPrivateKey(privateKey);
|
|
1957
|
+
return KeyObject4.from(privateKey1);
|
|
1958
|
+
} catch (err) {
|
|
1959
|
+
doDebug4 && console.log(privateKey);
|
|
1960
|
+
throw err;
|
|
1961
|
+
}
|
|
1962
|
+
} else if (privateKey instanceof KeyObject4) {
|
|
1963
|
+
return privateKey;
|
|
1964
|
+
}
|
|
1965
|
+
throw new Error("Invalid privateKey");
|
|
1966
|
+
}
|
|
1967
|
+
|
|
1923
1968
|
// source/x509/_get_attributes.ts
|
|
1924
1969
|
var keyUsageApplication = x5092.KeyUsageFlags.keyEncipherment | x5092.KeyUsageFlags.nonRepudiation | x5092.KeyUsageFlags.dataEncipherment | x5092.KeyUsageFlags.keyCertSign | x5092.KeyUsageFlags.digitalSignature;
|
|
1925
1970
|
var keyUsageCA = x5092.KeyUsageFlags.keyCertSign | x5092.KeyUsageFlags.cRLSign;
|
|
@@ -5461,11 +5506,11 @@ function compareSchema(root, inputData, inputSchema) {
|
|
|
5461
5506
|
};
|
|
5462
5507
|
}
|
|
5463
5508
|
if (inputSchema.primitiveSchema && VALUE_HEX_VIEW in inputData.valueBlock) {
|
|
5464
|
-
const
|
|
5465
|
-
if (
|
|
5509
|
+
const asn12 = localFromBER(inputData.valueBlock.valueHexView);
|
|
5510
|
+
if (asn12.offset === -1) {
|
|
5466
5511
|
const _result = {
|
|
5467
5512
|
verified: false,
|
|
5468
|
-
result:
|
|
5513
|
+
result: asn12.result
|
|
5469
5514
|
};
|
|
5470
5515
|
if (inputSchema.name) {
|
|
5471
5516
|
inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING);
|
|
@@ -5476,7 +5521,7 @@ function compareSchema(root, inputData, inputSchema) {
|
|
|
5476
5521
|
}
|
|
5477
5522
|
return _result;
|
|
5478
5523
|
}
|
|
5479
|
-
return compareSchema(root,
|
|
5524
|
+
return compareSchema(root, asn12.result, inputSchema.primitiveSchema);
|
|
5480
5525
|
}
|
|
5481
5526
|
return {
|
|
5482
5527
|
verified: true,
|
|
@@ -5490,14 +5535,14 @@ function verifySchema(inputBuffer, inputSchema) {
|
|
|
5490
5535
|
result: { error: "Wrong ASN.1 schema type" }
|
|
5491
5536
|
};
|
|
5492
5537
|
}
|
|
5493
|
-
const
|
|
5494
|
-
if (
|
|
5538
|
+
const asn12 = localFromBER(BufferSourceConverter.toUint8Array(inputBuffer));
|
|
5539
|
+
if (asn12.offset === -1) {
|
|
5495
5540
|
return {
|
|
5496
5541
|
verified: false,
|
|
5497
|
-
result:
|
|
5542
|
+
result: asn12.result
|
|
5498
5543
|
};
|
|
5499
5544
|
}
|
|
5500
|
-
return compareSchema(
|
|
5545
|
+
return compareSchema(asn12.result, asn12.result, inputSchema);
|
|
5501
5546
|
}
|
|
5502
5547
|
|
|
5503
5548
|
// ../../node_modules/@peculiar/asn1-schema/build/es2015/enums.js
|
|
@@ -6185,39 +6230,8 @@ async function createSelfSignedCertificate({
|
|
|
6185
6230
|
return { cert: cert.toString("pem"), der: cert };
|
|
6186
6231
|
}
|
|
6187
6232
|
|
|
6188
|
-
// source/
|
|
6189
|
-
var
|
|
6190
|
-
var doDebug4 = false;
|
|
6191
|
-
function coercePEMorDerToPrivateKey(privateKeyInDerOrPem) {
|
|
6192
|
-
if (typeof privateKeyInDerOrPem === "string") {
|
|
6193
|
-
const hidden = createPrivateKeyFromNodeJSCrypto(privateKeyInDerOrPem);
|
|
6194
|
-
return { hidden };
|
|
6195
|
-
}
|
|
6196
|
-
throw new Error("not implemented");
|
|
6197
|
-
}
|
|
6198
|
-
async function _coercePrivateKey(privateKey) {
|
|
6199
|
-
const KeyObject4 = crypto2.KeyObject;
|
|
6200
|
-
if (privateKey instanceof Buffer) {
|
|
6201
|
-
const privateKey1 = await derToPrivateKey(privateKey);
|
|
6202
|
-
return KeyObject4.from(privateKey1);
|
|
6203
|
-
} else if (typeof privateKey === "string") {
|
|
6204
|
-
try {
|
|
6205
|
-
const privateKey1 = await pemToPrivateKey(privateKey);
|
|
6206
|
-
return KeyObject4.from(privateKey1);
|
|
6207
|
-
} catch (err) {
|
|
6208
|
-
doDebug4 && console.log(privateKey);
|
|
6209
|
-
throw err;
|
|
6210
|
-
}
|
|
6211
|
-
} else if (privateKey instanceof KeyObject4) {
|
|
6212
|
-
return privateKey;
|
|
6213
|
-
}
|
|
6214
|
-
throw new Error("Invalid privateKey");
|
|
6215
|
-
}
|
|
6216
|
-
|
|
6217
|
-
// source/make_private_key_from_pem.ts
|
|
6218
|
-
function makePrivateKeyFromPem(privateKeyInPem) {
|
|
6219
|
-
return { hidden: privateKeyInPem };
|
|
6220
|
-
}
|
|
6233
|
+
// source/index_web.ts
|
|
6234
|
+
var asn1 = { readDirectoryName, readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin };
|
|
6221
6235
|
// Annotate the CommonJS export names for ESM import in node:
|
|
6222
6236
|
0 && (module.exports = {
|
|
6223
6237
|
CertificatePurpose,
|
|
@@ -6225,28 +6239,8 @@ function makePrivateKeyFromPem(privateKeyInPem) {
|
|
|
6225
6239
|
RSA_PKCS1_OAEP_PADDING,
|
|
6226
6240
|
RSA_PKCS1_PADDING,
|
|
6227
6241
|
Subject,
|
|
6228
|
-
TagType,
|
|
6229
6242
|
_coercePrivateKey,
|
|
6230
|
-
|
|
6231
|
-
_getBlock,
|
|
6232
|
-
_readAlgorithmIdentifier,
|
|
6233
|
-
_readBitString,
|
|
6234
|
-
_readBooleanValue,
|
|
6235
|
-
_readDirectoryName,
|
|
6236
|
-
_readECCAlgorithmIdentifier,
|
|
6237
|
-
_readExtension,
|
|
6238
|
-
_readIntegerAsByteString,
|
|
6239
|
-
_readIntegerValue,
|
|
6240
|
-
_readListOfInteger,
|
|
6241
|
-
_readLongIntegerValue,
|
|
6242
|
-
_readObjectIdentifier,
|
|
6243
|
-
_readOctetString,
|
|
6244
|
-
_readSignatureValue,
|
|
6245
|
-
_readSignatureValueBin,
|
|
6246
|
-
_readStruct,
|
|
6247
|
-
_readTime,
|
|
6248
|
-
_readValue,
|
|
6249
|
-
_readVersionValue,
|
|
6243
|
+
asn1,
|
|
6250
6244
|
certificateMatchesPrivateKey,
|
|
6251
6245
|
coerceCertificate,
|
|
6252
6246
|
coerceCertificatePem,
|
|
@@ -6255,7 +6249,6 @@ function makePrivateKeyFromPem(privateKeyInPem) {
|
|
|
6255
6249
|
coercePublicKeyPem,
|
|
6256
6250
|
coerceRsaPublicKeyPem,
|
|
6257
6251
|
combine_der,
|
|
6258
|
-
compactDirectoryName,
|
|
6259
6252
|
computeDerivedKeys,
|
|
6260
6253
|
computePaddingFooter,
|
|
6261
6254
|
convertPEMtoDER,
|
|
@@ -6265,6 +6258,7 @@ function makePrivateKeyFromPem(privateKeyInPem) {
|
|
|
6265
6258
|
decryptBufferWithDerivedKeys,
|
|
6266
6259
|
derToPrivateKey,
|
|
6267
6260
|
encryptBufferWithDerivedKeys,
|
|
6261
|
+
exploreAsn1,
|
|
6268
6262
|
exploreCertificate,
|
|
6269
6263
|
exploreCertificateInfo,
|
|
6270
6264
|
exploreCertificateRevocationList,
|
|
@@ -6272,7 +6266,6 @@ function makePrivateKeyFromPem(privateKeyInPem) {
|
|
|
6272
6266
|
explorePrivateKey,
|
|
6273
6267
|
extractPublicKeyFromCertificate,
|
|
6274
6268
|
extractPublicKeyFromCertificateSync,
|
|
6275
|
-
formatBuffer2DigitHexWithColum,
|
|
6276
6269
|
generateKeyPair,
|
|
6277
6270
|
generatePrivateKey,
|
|
6278
6271
|
hexDump,
|
|
@@ -6281,9 +6274,9 @@ function makePrivateKeyFromPem(privateKeyInPem) {
|
|
|
6281
6274
|
makeMessageChunkSignature,
|
|
6282
6275
|
makeMessageChunkSignatureWithDerivedKeys,
|
|
6283
6276
|
makePrivateKeyFromPem,
|
|
6277
|
+
makePrivateKeyThumbPrint,
|
|
6284
6278
|
makePseudoRandomBuffer,
|
|
6285
6279
|
makeSHA1Thumbprint,
|
|
6286
|
-
parseBitString,
|
|
6287
6280
|
pemToPrivateKey,
|
|
6288
6281
|
privateDecrypt,
|
|
6289
6282
|
privateDecrypt_long,
|
|
@@ -6294,8 +6287,8 @@ function makePrivateKeyFromPem(privateKeyInPem) {
|
|
|
6294
6287
|
publicEncrypt_native,
|
|
6295
6288
|
publicKeyAndPrivateKeyMatches,
|
|
6296
6289
|
readCertificationRequestInfo,
|
|
6290
|
+
readExtension,
|
|
6297
6291
|
readNameForCrl,
|
|
6298
|
-
readTag,
|
|
6299
6292
|
readTbsCertificate,
|
|
6300
6293
|
reduceLength,
|
|
6301
6294
|
removePadding,
|