node-opcua-crypto 4.10.0 → 4.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -4
- package/dist/{chunk-GNEWUC7X.mjs → chunk-AXAFLVME.mjs} +9 -15
- package/dist/chunk-AXAFLVME.mjs.map +1 -0
- package/dist/{chunk-46EEAYVO.mjs → chunk-LHUQUHQQ.mjs} +845 -829
- package/dist/chunk-LHUQUHQQ.mjs.map +1 -0
- package/dist/chunk-RQA4DO2Z.mjs +1 -0
- package/dist/index.d.mts +2 -3
- package/dist/index.d.ts +2 -3
- package/dist/index.js +658 -701
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +9 -56
- package/dist/source/index.d.mts +1 -5
- package/dist/source/index.d.ts +1 -5
- package/dist/source/index.js +622 -658
- package/dist/source/index.js.map +1 -1
- package/dist/source/index.mjs +9 -54
- package/dist/source/index_web.d.mts +224 -234
- package/dist/source/index_web.d.ts +224 -234
- package/dist/source/index_web.js +650 -657
- package/dist/source/index_web.js.map +1 -1
- package/dist/source/index_web.mjs +9 -51
- package/dist/source_nodejs/index.d.mts +1 -2
- package/dist/source_nodejs/index.d.ts +1 -2
- package/dist/source_nodejs/index.js +46 -50
- package/dist/source_nodejs/index.js.map +1 -1
- package/dist/source_nodejs/index.mjs +3 -5
- package/package.json +9 -4
- package/dist/chunk-46EEAYVO.mjs.map +0 -1
- package/dist/chunk-GNEWUC7X.mjs.map +0 -1
- package/dist/chunk-VI4S2NM5.mjs +0 -38
- package/dist/chunk-VI4S2NM5.mjs.map +0 -1
- package/dist/index_web.d.mts +0 -5
- package/dist/index_web.d.ts +0 -5
- package/dist/index_web.js +0 -6414
- package/dist/index_web.js.map +0 -1
- package/dist/index_web.mjs +0 -195
- package/index.mjs +0 -1
- package/index_web.ts +0 -1
- package/web.d.ts +0 -1
- package/web.mjs +0 -1
- /package/dist/{index_web.mjs.map → chunk-RQA4DO2Z.mjs.map} +0 -0
package/dist/index.js
CHANGED
|
@@ -35,28 +35,8 @@ __export(node_opcua_crypto_exports, {
|
|
|
35
35
|
RSA_PKCS1_OAEP_PADDING: () => RSA_PKCS1_OAEP_PADDING,
|
|
36
36
|
RSA_PKCS1_PADDING: () => RSA_PKCS1_PADDING,
|
|
37
37
|
Subject: () => Subject,
|
|
38
|
-
TagType: () => TagType,
|
|
39
38
|
_coercePrivateKey: () => _coercePrivateKey,
|
|
40
|
-
|
|
41
|
-
_getBlock: () => _getBlock,
|
|
42
|
-
_readAlgorithmIdentifier: () => _readAlgorithmIdentifier,
|
|
43
|
-
_readBitString: () => _readBitString,
|
|
44
|
-
_readBooleanValue: () => _readBooleanValue,
|
|
45
|
-
_readDirectoryName: () => _readDirectoryName,
|
|
46
|
-
_readECCAlgorithmIdentifier: () => _readECCAlgorithmIdentifier,
|
|
47
|
-
_readExtension: () => _readExtension,
|
|
48
|
-
_readIntegerAsByteString: () => _readIntegerAsByteString,
|
|
49
|
-
_readIntegerValue: () => _readIntegerValue,
|
|
50
|
-
_readListOfInteger: () => _readListOfInteger,
|
|
51
|
-
_readLongIntegerValue: () => _readLongIntegerValue,
|
|
52
|
-
_readObjectIdentifier: () => _readObjectIdentifier,
|
|
53
|
-
_readOctetString: () => _readOctetString,
|
|
54
|
-
_readSignatureValue: () => _readSignatureValue,
|
|
55
|
-
_readSignatureValueBin: () => _readSignatureValueBin,
|
|
56
|
-
_readStruct: () => _readStruct,
|
|
57
|
-
_readTime: () => _readTime,
|
|
58
|
-
_readValue: () => _readValue,
|
|
59
|
-
_readVersionValue: () => _readVersionValue,
|
|
39
|
+
asn1: () => asn1,
|
|
60
40
|
certificateMatchesPrivateKey: () => certificateMatchesPrivateKey,
|
|
61
41
|
coerceCertificate: () => coerceCertificate,
|
|
62
42
|
coerceCertificatePem: () => coerceCertificatePem,
|
|
@@ -65,7 +45,6 @@ __export(node_opcua_crypto_exports, {
|
|
|
65
45
|
coercePublicKeyPem: () => coercePublicKeyPem,
|
|
66
46
|
coerceRsaPublicKeyPem: () => coerceRsaPublicKeyPem,
|
|
67
47
|
combine_der: () => combine_der,
|
|
68
|
-
compactDirectoryName: () => compactDirectoryName,
|
|
69
48
|
computeDerivedKeys: () => computeDerivedKeys,
|
|
70
49
|
computePaddingFooter: () => computePaddingFooter,
|
|
71
50
|
convertPEMtoDER: () => convertPEMtoDER,
|
|
@@ -83,7 +62,6 @@ __export(node_opcua_crypto_exports, {
|
|
|
83
62
|
explorePrivateKey: () => explorePrivateKey,
|
|
84
63
|
extractPublicKeyFromCertificate: () => extractPublicKeyFromCertificate,
|
|
85
64
|
extractPublicKeyFromCertificateSync: () => extractPublicKeyFromCertificateSync,
|
|
86
|
-
formatBuffer2DigitHexWithColum: () => formatBuffer2DigitHexWithColum,
|
|
87
65
|
generateKeyPair: () => generateKeyPair,
|
|
88
66
|
generatePrivateKey: () => generatePrivateKey,
|
|
89
67
|
generatePrivateKeyFile: () => generatePrivateKeyFile,
|
|
@@ -98,7 +76,6 @@ __export(node_opcua_crypto_exports, {
|
|
|
98
76
|
makePrivateKeyThumbPrint: () => makePrivateKeyThumbPrint,
|
|
99
77
|
makePseudoRandomBuffer: () => makePseudoRandomBuffer,
|
|
100
78
|
makeSHA1Thumbprint: () => makeSHA1Thumbprint,
|
|
101
|
-
parseBitString: () => parseBitString,
|
|
102
79
|
pemToPrivateKey: () => pemToPrivateKey,
|
|
103
80
|
privateDecrypt: () => privateDecrypt,
|
|
104
81
|
privateDecrypt_long: () => privateDecrypt_long,
|
|
@@ -113,6 +90,7 @@ __export(node_opcua_crypto_exports, {
|
|
|
113
90
|
readCertificateRevocationList: () => readCertificateRevocationList,
|
|
114
91
|
readCertificateSigningRequest: () => readCertificateSigningRequest,
|
|
115
92
|
readCertificationRequestInfo: () => readCertificationRequestInfo,
|
|
93
|
+
readExtension: () => readExtension,
|
|
116
94
|
readNameForCrl: () => readNameForCrl,
|
|
117
95
|
readPrivateKey: () => readPrivateKey,
|
|
118
96
|
readPrivateKeyPEM: () => readPrivateKeyPEM,
|
|
@@ -120,7 +98,6 @@ __export(node_opcua_crypto_exports, {
|
|
|
120
98
|
readPublicKey: () => readPublicKey,
|
|
121
99
|
readPublicKeyPEM: () => readPublicKeyPEM,
|
|
122
100
|
readPublicRsaKey: () => readPublicRsaKey,
|
|
123
|
-
readTag: () => readTag,
|
|
124
101
|
readTbsCertificate: () => readTbsCertificate,
|
|
125
102
|
reduceLength: () => reduceLength,
|
|
126
103
|
removePadding: () => removePadding,
|
|
@@ -142,42 +119,6 @@ __export(node_opcua_crypto_exports, {
|
|
|
142
119
|
});
|
|
143
120
|
module.exports = __toCommonJS(node_opcua_crypto_exports);
|
|
144
121
|
|
|
145
|
-
// source/common.ts
|
|
146
|
-
var import_crypto = __toESM(require("crypto"));
|
|
147
|
-
var KeyObjectOrig = import_crypto.default.KeyObject;
|
|
148
|
-
var { createPrivateKey: createPrivateKeyFromNodeJSCrypto } = import_crypto.default;
|
|
149
|
-
function isKeyObject(mayBeKeyObject) {
|
|
150
|
-
if (KeyObjectOrig) {
|
|
151
|
-
return mayBeKeyObject instanceof KeyObjectOrig;
|
|
152
|
-
}
|
|
153
|
-
return typeof mayBeKeyObject === "object" && typeof mayBeKeyObject.type === "string";
|
|
154
|
-
}
|
|
155
|
-
var CertificatePurpose = /* @__PURE__ */ ((CertificatePurpose2) => {
|
|
156
|
-
CertificatePurpose2[CertificatePurpose2["NotSpecified"] = 0] = "NotSpecified";
|
|
157
|
-
CertificatePurpose2[CertificatePurpose2["ForCertificateAuthority"] = 1] = "ForCertificateAuthority";
|
|
158
|
-
CertificatePurpose2[CertificatePurpose2["ForApplication"] = 2] = "ForApplication";
|
|
159
|
-
CertificatePurpose2[CertificatePurpose2["ForUserAuthentication"] = 3] = "ForUserAuthentication";
|
|
160
|
-
return CertificatePurpose2;
|
|
161
|
-
})(CertificatePurpose || {});
|
|
162
|
-
|
|
163
|
-
// source/derived_keys.ts
|
|
164
|
-
var import_assert5 = __toESM(require("assert"));
|
|
165
|
-
var import_crypto3 = require("crypto");
|
|
166
|
-
|
|
167
|
-
// source/buffer_utils.ts
|
|
168
|
-
var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (size) => {
|
|
169
|
-
return new Buffer(size);
|
|
170
|
-
};
|
|
171
|
-
|
|
172
|
-
// source/crypto_utils.ts
|
|
173
|
-
var import_constants = __toESM(require("constants"));
|
|
174
|
-
var import_assert3 = __toESM(require("assert"));
|
|
175
|
-
var import_crypto2 = require("crypto");
|
|
176
|
-
var import_hexy = __toESM(require("hexy"));
|
|
177
|
-
|
|
178
|
-
// source/crypto_explore_certificate.ts
|
|
179
|
-
var import_assert2 = __toESM(require("assert"));
|
|
180
|
-
|
|
181
122
|
// source/asn1.ts
|
|
182
123
|
var import_assert = __toESM(require("assert"));
|
|
183
124
|
|
|
@@ -484,33 +425,33 @@ var oid_map = {
|
|
|
484
425
|
};
|
|
485
426
|
|
|
486
427
|
// source/asn1.ts
|
|
487
|
-
var TagType = /* @__PURE__ */ ((
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
507
|
-
|
|
508
|
-
|
|
509
|
-
|
|
510
|
-
|
|
511
|
-
|
|
512
|
-
|
|
513
|
-
return
|
|
428
|
+
var TagType = /* @__PURE__ */ ((TagType2) => {
|
|
429
|
+
TagType2[TagType2["BOOLEAN"] = 1] = "BOOLEAN";
|
|
430
|
+
TagType2[TagType2["INTEGER"] = 2] = "INTEGER";
|
|
431
|
+
TagType2[TagType2["BIT_STRING"] = 3] = "BIT_STRING";
|
|
432
|
+
TagType2[TagType2["OCTET_STRING"] = 4] = "OCTET_STRING";
|
|
433
|
+
TagType2[TagType2["NULL"] = 5] = "NULL";
|
|
434
|
+
TagType2[TagType2["OBJECT_IDENTIFIER"] = 6] = "OBJECT_IDENTIFIER";
|
|
435
|
+
TagType2[TagType2["UTF8String"] = 12] = "UTF8String";
|
|
436
|
+
TagType2[TagType2["NumericString"] = 18] = "NumericString";
|
|
437
|
+
TagType2[TagType2["PrintableString"] = 19] = "PrintableString";
|
|
438
|
+
TagType2[TagType2["TeletexString"] = 20] = "TeletexString";
|
|
439
|
+
TagType2[TagType2["IA5String"] = 22] = "IA5String";
|
|
440
|
+
TagType2[TagType2["UTCTime"] = 23] = "UTCTime";
|
|
441
|
+
TagType2[TagType2["GeneralizedTime"] = 24] = "GeneralizedTime";
|
|
442
|
+
TagType2[TagType2["GraphicString"] = 25] = "GraphicString";
|
|
443
|
+
TagType2[TagType2["VisibleString"] = 26] = "VisibleString";
|
|
444
|
+
TagType2[TagType2["GeneralString"] = 27] = "GeneralString";
|
|
445
|
+
TagType2[TagType2["UniversalString"] = 28] = "UniversalString";
|
|
446
|
+
TagType2[TagType2["BMPString"] = 30] = "BMPString";
|
|
447
|
+
TagType2[TagType2["SEQUENCE"] = 48] = "SEQUENCE";
|
|
448
|
+
TagType2[TagType2["SET"] = 49] = "SET";
|
|
449
|
+
TagType2[TagType2["CONTEXT_SPECIFIC0"] = 160] = "CONTEXT_SPECIFIC0";
|
|
450
|
+
TagType2[TagType2["CONTEXT_SPECIFIC1"] = 161] = "CONTEXT_SPECIFIC1";
|
|
451
|
+
TagType2[TagType2["CONTEXT_SPECIFIC2"] = 162] = "CONTEXT_SPECIFIC2";
|
|
452
|
+
TagType2[TagType2["CONTEXT_SPECIFIC3"] = 163] = "CONTEXT_SPECIFIC3";
|
|
453
|
+
TagType2[TagType2["A4"] = 164] = "A4";
|
|
454
|
+
return TagType2;
|
|
514
455
|
})(TagType || {});
|
|
515
456
|
function readTag(buf, pos) {
|
|
516
457
|
const start = pos;
|
|
@@ -531,7 +472,7 @@ function readTag(buf, pos) {
|
|
|
531
472
|
}
|
|
532
473
|
return { start, tag, position: pos, length };
|
|
533
474
|
}
|
|
534
|
-
function
|
|
475
|
+
function readStruct(buf, blockInfo) {
|
|
535
476
|
const length = blockInfo.length;
|
|
536
477
|
let cursor = blockInfo.position;
|
|
537
478
|
const end = blockInfo.position + length;
|
|
@@ -556,9 +497,9 @@ function parseBitString(buffer, start, end, maxLength) {
|
|
|
556
497
|
}
|
|
557
498
|
return intro + s;
|
|
558
499
|
}
|
|
559
|
-
function
|
|
500
|
+
function readBitString(buffer, block) {
|
|
560
501
|
(0, import_assert.default)(block.tag === 3 /* BIT_STRING */);
|
|
561
|
-
const data =
|
|
502
|
+
const data = getBlock(buffer, block);
|
|
562
503
|
const ignore_bits = data.readUInt8(0);
|
|
563
504
|
return {
|
|
564
505
|
lengthInBits: data.length * 8 - ignore_bits,
|
|
@@ -574,7 +515,7 @@ function formatBuffer2DigitHexWithColum(buffer) {
|
|
|
574
515
|
}
|
|
575
516
|
return value.join(":").toUpperCase().replace(/^(00:)*/, "");
|
|
576
517
|
}
|
|
577
|
-
function
|
|
518
|
+
function readOctetString(buffer, block) {
|
|
578
519
|
(0, import_assert.default)(block.tag === 4 /* OCTET_STRING */);
|
|
579
520
|
const tag = readTag(buffer, block.position);
|
|
580
521
|
(0, import_assert.default)(tag.tag === 4 /* OCTET_STRING */);
|
|
@@ -583,19 +524,19 @@ function _readOctetString(buffer, block) {
|
|
|
583
524
|
const b = buffer.subarray(pos, pos + nbBytes);
|
|
584
525
|
return b;
|
|
585
526
|
}
|
|
586
|
-
function
|
|
527
|
+
function getBlock(buffer, block) {
|
|
587
528
|
const start = block.position;
|
|
588
529
|
const end = block.position + block.length;
|
|
589
530
|
return buffer.subarray(start, end);
|
|
590
531
|
}
|
|
591
|
-
function
|
|
592
|
-
return
|
|
532
|
+
function readIntegerAsByteString(buffer, block) {
|
|
533
|
+
return getBlock(buffer, block);
|
|
593
534
|
}
|
|
594
|
-
function
|
|
535
|
+
function readListOfInteger(buffer) {
|
|
595
536
|
const block = readTag(buffer, 0);
|
|
596
|
-
const inner_blocks =
|
|
537
|
+
const inner_blocks = readStruct(buffer, block);
|
|
597
538
|
return inner_blocks.map((innerBlock) => {
|
|
598
|
-
return
|
|
539
|
+
return readIntegerAsByteString(buffer, innerBlock);
|
|
599
540
|
});
|
|
600
541
|
}
|
|
601
542
|
function parseOID(buffer, start, end) {
|
|
@@ -618,7 +559,7 @@ function parseOID(buffer, start, end) {
|
|
|
618
559
|
(0, import_assert.default)(bits === 0);
|
|
619
560
|
return s;
|
|
620
561
|
}
|
|
621
|
-
function
|
|
562
|
+
function readObjectIdentifier(buffer, block) {
|
|
622
563
|
(0, import_assert.default)(block.tag === 6 /* OBJECT_IDENTIFIER */);
|
|
623
564
|
const b = buffer.subarray(block.position, block.position + block.length);
|
|
624
565
|
const oid = parseOID(b, 0, block.length);
|
|
@@ -627,33 +568,33 @@ function _readObjectIdentifier(buffer, block) {
|
|
|
627
568
|
name: oid_map[oid] ? oid_map[oid].d : oid
|
|
628
569
|
};
|
|
629
570
|
}
|
|
630
|
-
function
|
|
631
|
-
const inner_blocks =
|
|
571
|
+
function readAlgorithmIdentifier(buffer, block) {
|
|
572
|
+
const inner_blocks = readStruct(buffer, block);
|
|
632
573
|
return {
|
|
633
|
-
identifier:
|
|
574
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name
|
|
634
575
|
};
|
|
635
576
|
}
|
|
636
|
-
function
|
|
637
|
-
const inner_blocks =
|
|
577
|
+
function readECCAlgorithmIdentifier(buffer, block) {
|
|
578
|
+
const inner_blocks = readStruct(buffer, block);
|
|
638
579
|
return {
|
|
639
|
-
identifier:
|
|
580
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[1]).name
|
|
640
581
|
// difference with RSA as algorithm is second element of nested block
|
|
641
582
|
};
|
|
642
583
|
}
|
|
643
|
-
function
|
|
644
|
-
return
|
|
584
|
+
function readSignatureValueBin(buffer, block) {
|
|
585
|
+
return readBitString(buffer, block).data;
|
|
645
586
|
}
|
|
646
|
-
function
|
|
647
|
-
return
|
|
587
|
+
function readSignatureValue(buffer, block) {
|
|
588
|
+
return readSignatureValueBin(buffer, block).toString("hex");
|
|
648
589
|
}
|
|
649
|
-
function
|
|
590
|
+
function readLongIntegerValue(buffer, block) {
|
|
650
591
|
(0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
651
592
|
const pos = block.position;
|
|
652
593
|
const nbBytes = block.length;
|
|
653
594
|
const buf = buffer.subarray(pos, pos + nbBytes);
|
|
654
595
|
return buf;
|
|
655
596
|
}
|
|
656
|
-
function
|
|
597
|
+
function readIntegerValue(buffer, block) {
|
|
657
598
|
(0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
658
599
|
let pos = block.position;
|
|
659
600
|
const nbBytes = block.length;
|
|
@@ -665,7 +606,7 @@ function _readIntegerValue(buffer, block) {
|
|
|
665
606
|
}
|
|
666
607
|
return value;
|
|
667
608
|
}
|
|
668
|
-
function
|
|
609
|
+
function readBooleanValue(buffer, block) {
|
|
669
610
|
(0, import_assert.default)(block.tag === 1 /* BOOLEAN */, "expecting a BOOLEAN tag. got " + TagType[block.tag]);
|
|
670
611
|
const pos = block.position;
|
|
671
612
|
const nbBytes = block.length;
|
|
@@ -673,9 +614,9 @@ function _readBooleanValue(buffer, block) {
|
|
|
673
614
|
const value = buffer.readUInt8(pos) ? true : false;
|
|
674
615
|
return value;
|
|
675
616
|
}
|
|
676
|
-
function
|
|
617
|
+
function readVersionValue(buffer, block) {
|
|
677
618
|
block = readTag(buffer, block.position);
|
|
678
|
-
return
|
|
619
|
+
return readIntegerValue(buffer, block);
|
|
679
620
|
}
|
|
680
621
|
function convertGeneralizedTime(str) {
|
|
681
622
|
const year = parseInt(str.substr(0, 4), 10);
|
|
@@ -687,7 +628,7 @@ function convertGeneralizedTime(str) {
|
|
|
687
628
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
688
629
|
}
|
|
689
630
|
function _readBMPString(buffer, block) {
|
|
690
|
-
const strBuff =
|
|
631
|
+
const strBuff = getBlock(buffer, block);
|
|
691
632
|
let str = "";
|
|
692
633
|
for (let i = 0; i < strBuff.length; i += 2) {
|
|
693
634
|
const word = strBuff.readUInt16BE(i);
|
|
@@ -705,10 +646,10 @@ function convertUTCTime(str) {
|
|
|
705
646
|
year += year >= 50 ? 1900 : 2e3;
|
|
706
647
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
707
648
|
}
|
|
708
|
-
function
|
|
649
|
+
function readValue(buffer, block) {
|
|
709
650
|
switch (block.tag) {
|
|
710
651
|
case 1 /* BOOLEAN */:
|
|
711
|
-
return
|
|
652
|
+
return readBooleanValue(buffer, block);
|
|
712
653
|
case 30 /* BMPString */:
|
|
713
654
|
return _readBMPString(buffer, block);
|
|
714
655
|
case 19 /* PrintableString */:
|
|
@@ -716,52 +657,66 @@ function _readValue(buffer, block) {
|
|
|
716
657
|
case 12 /* UTF8String */:
|
|
717
658
|
case 18 /* NumericString */:
|
|
718
659
|
case 22 /* IA5String */:
|
|
719
|
-
return
|
|
660
|
+
return getBlock(buffer, block).toString("ascii");
|
|
720
661
|
case 23 /* UTCTime */:
|
|
721
|
-
return convertUTCTime(
|
|
662
|
+
return convertUTCTime(getBlock(buffer, block).toString("ascii"));
|
|
722
663
|
case 24 /* GeneralizedTime */:
|
|
723
|
-
return convertGeneralizedTime(
|
|
664
|
+
return convertGeneralizedTime(getBlock(buffer, block).toString("ascii"));
|
|
724
665
|
default:
|
|
725
666
|
throw new Error("Invalid tag 0x" + block.tag.toString(16));
|
|
726
667
|
}
|
|
727
668
|
}
|
|
728
|
-
function
|
|
729
|
-
return JSON.stringify(d);
|
|
730
|
-
}
|
|
731
|
-
function _readDirectoryName(buffer, block) {
|
|
732
|
-
const set_blocks = _readStruct(buffer, block);
|
|
733
|
-
const names = {};
|
|
734
|
-
for (const set_block of set_blocks) {
|
|
735
|
-
(0, import_assert.default)(set_block.tag === 49);
|
|
736
|
-
const blocks = _readStruct(buffer, set_block);
|
|
737
|
-
(0, import_assert.default)(blocks.length === 1);
|
|
738
|
-
(0, import_assert.default)(blocks[0].tag === 48);
|
|
739
|
-
const sequenceBlock = _readStruct(buffer, blocks[0]);
|
|
740
|
-
(0, import_assert.default)(sequenceBlock.length === 2);
|
|
741
|
-
const type = _readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
742
|
-
names[type.name] = _readValue(buffer, sequenceBlock[1]);
|
|
743
|
-
}
|
|
744
|
-
return names;
|
|
745
|
-
}
|
|
746
|
-
function _findBlockAtIndex(blocks, index) {
|
|
669
|
+
function findBlockAtIndex(blocks, index) {
|
|
747
670
|
const tmp = blocks.filter((b) => b.tag === 160 + index || b.tag === 128 + index);
|
|
748
671
|
if (tmp.length === 0) {
|
|
749
672
|
return null;
|
|
750
673
|
}
|
|
751
674
|
return tmp[0];
|
|
752
675
|
}
|
|
753
|
-
function
|
|
754
|
-
return
|
|
676
|
+
function readTime(buffer, block) {
|
|
677
|
+
return readValue(buffer, block);
|
|
678
|
+
}
|
|
679
|
+
|
|
680
|
+
// source/crypto_utils.ts
|
|
681
|
+
var import_constants = __toESM(require("constants"));
|
|
682
|
+
var import_assert4 = __toESM(require("assert"));
|
|
683
|
+
var import_crypto = require("crypto");
|
|
684
|
+
var import_hexy = __toESM(require("hexy"));
|
|
685
|
+
|
|
686
|
+
// source/buffer_utils.ts
|
|
687
|
+
var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (size) => {
|
|
688
|
+
return new Buffer(size);
|
|
689
|
+
};
|
|
690
|
+
|
|
691
|
+
// source/crypto_explore_certificate.ts
|
|
692
|
+
var import_assert3 = __toESM(require("assert"));
|
|
693
|
+
|
|
694
|
+
// source/directory_name.ts
|
|
695
|
+
var import_assert2 = __toESM(require("assert"));
|
|
696
|
+
function readDirectoryName(buffer, block) {
|
|
697
|
+
const set_blocks = readStruct(buffer, block);
|
|
698
|
+
const names = {};
|
|
699
|
+
for (const set_block of set_blocks) {
|
|
700
|
+
(0, import_assert2.default)(set_block.tag === 49);
|
|
701
|
+
const blocks = readStruct(buffer, set_block);
|
|
702
|
+
(0, import_assert2.default)(blocks.length === 1);
|
|
703
|
+
(0, import_assert2.default)(blocks[0].tag === 48);
|
|
704
|
+
const sequenceBlock = readStruct(buffer, blocks[0]);
|
|
705
|
+
(0, import_assert2.default)(sequenceBlock.length === 2);
|
|
706
|
+
const type = readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
707
|
+
names[type.name] = readValue(buffer, sequenceBlock[1]);
|
|
708
|
+
}
|
|
709
|
+
return names;
|
|
755
710
|
}
|
|
756
711
|
|
|
757
712
|
// source/crypto_explore_certificate.ts
|
|
758
713
|
var doDebug = false;
|
|
759
714
|
function _readAttributeTypeAndValue(buffer, block) {
|
|
760
|
-
let inner_blocks =
|
|
761
|
-
inner_blocks =
|
|
715
|
+
let inner_blocks = readStruct(buffer, block);
|
|
716
|
+
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
762
717
|
const data = {
|
|
763
|
-
identifier:
|
|
764
|
-
value:
|
|
718
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name,
|
|
719
|
+
value: readValue(buffer, inner_blocks[1])
|
|
765
720
|
};
|
|
766
721
|
const result = {};
|
|
767
722
|
for (const [key, value] of Object.entries(data)) {
|
|
@@ -770,7 +725,7 @@ function _readAttributeTypeAndValue(buffer, block) {
|
|
|
770
725
|
return result;
|
|
771
726
|
}
|
|
772
727
|
function _readRelativeDistinguishedName(buffer, block) {
|
|
773
|
-
const inner_blocks =
|
|
728
|
+
const inner_blocks = readStruct(buffer, block);
|
|
774
729
|
const data = inner_blocks.map((block2) => _readAttributeTypeAndValue(buffer, block2));
|
|
775
730
|
const result = {};
|
|
776
731
|
for (const e of data) {
|
|
@@ -782,64 +737,64 @@ function _readName(buffer, block) {
|
|
|
782
737
|
return _readRelativeDistinguishedName(buffer, block);
|
|
783
738
|
}
|
|
784
739
|
function _readValidity(buffer, block) {
|
|
785
|
-
const inner_blocks =
|
|
740
|
+
const inner_blocks = readStruct(buffer, block);
|
|
786
741
|
return {
|
|
787
|
-
notBefore:
|
|
788
|
-
notAfter:
|
|
742
|
+
notBefore: readTime(buffer, inner_blocks[0]),
|
|
743
|
+
notAfter: readTime(buffer, inner_blocks[1])
|
|
789
744
|
};
|
|
790
745
|
}
|
|
791
746
|
function _readAuthorityKeyIdentifier(buffer) {
|
|
792
747
|
const block_info = readTag(buffer, 0);
|
|
793
|
-
const blocks =
|
|
794
|
-
const keyIdentifier_block =
|
|
795
|
-
const authorityCertIssuer_block =
|
|
796
|
-
const authorityCertSerialNumber_block =
|
|
748
|
+
const blocks = readStruct(buffer, block_info);
|
|
749
|
+
const keyIdentifier_block = findBlockAtIndex(blocks, 0);
|
|
750
|
+
const authorityCertIssuer_block = findBlockAtIndex(blocks, 1);
|
|
751
|
+
const authorityCertSerialNumber_block = findBlockAtIndex(blocks, 2);
|
|
797
752
|
function _readAuthorityCertIssuer(block) {
|
|
798
|
-
const inner_blocks =
|
|
799
|
-
const directoryName_block =
|
|
753
|
+
const inner_blocks = readStruct(buffer, block);
|
|
754
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
800
755
|
if (directoryName_block) {
|
|
801
|
-
const a =
|
|
802
|
-
return
|
|
756
|
+
const a = readStruct(buffer, directoryName_block);
|
|
757
|
+
return readDirectoryName(buffer, a[0]);
|
|
803
758
|
} else {
|
|
804
759
|
throw new Error("Invalid _readAuthorityCertIssuer");
|
|
805
760
|
}
|
|
806
761
|
}
|
|
807
762
|
function _readAuthorityCertIssuerFingerPrint(block) {
|
|
808
|
-
const inner_blocks =
|
|
809
|
-
const directoryName_block =
|
|
763
|
+
const inner_blocks = readStruct(buffer, block);
|
|
764
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
810
765
|
if (!directoryName_block) {
|
|
811
766
|
return "";
|
|
812
767
|
}
|
|
813
|
-
const a =
|
|
768
|
+
const a = readStruct(buffer, directoryName_block);
|
|
814
769
|
if (a.length < 1) {
|
|
815
770
|
return "";
|
|
816
771
|
}
|
|
817
|
-
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
772
|
+
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, a[0]))) : "";
|
|
818
773
|
}
|
|
819
774
|
const authorityCertIssuer = authorityCertIssuer_block ? _readAuthorityCertIssuer(authorityCertIssuer_block) : null;
|
|
820
775
|
const authorityCertIssuerFingerPrint = authorityCertIssuer_block ? _readAuthorityCertIssuerFingerPrint(authorityCertIssuer_block) : "";
|
|
821
776
|
return {
|
|
822
777
|
authorityCertIssuer,
|
|
823
778
|
authorityCertIssuerFingerPrint,
|
|
824
|
-
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(
|
|
779
|
+
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, authorityCertSerialNumber_block)) : null,
|
|
825
780
|
// can be null for self-signed cert
|
|
826
|
-
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(
|
|
781
|
+
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, keyIdentifier_block)) : null
|
|
827
782
|
// can be null for self-signed certf
|
|
828
783
|
};
|
|
829
784
|
}
|
|
830
785
|
function readBasicConstraint2_5_29_19(buffer, block) {
|
|
831
786
|
const block_info = readTag(buffer, 0);
|
|
832
|
-
const inner_blocks =
|
|
787
|
+
const inner_blocks = readStruct(buffer, block_info).slice(0, 2);
|
|
833
788
|
let cA = false;
|
|
834
789
|
let pathLengthConstraint = 0;
|
|
835
790
|
let breakControl = 0;
|
|
836
791
|
for (const inner_block of inner_blocks) {
|
|
837
792
|
switch (inner_block.tag) {
|
|
838
793
|
case 1 /* BOOLEAN */:
|
|
839
|
-
cA =
|
|
794
|
+
cA = readBooleanValue(buffer, inner_block);
|
|
840
795
|
break;
|
|
841
796
|
case 2 /* INTEGER */:
|
|
842
|
-
pathLengthConstraint =
|
|
797
|
+
pathLengthConstraint = readIntegerValue(buffer, inner_block);
|
|
843
798
|
breakControl = 1;
|
|
844
799
|
break;
|
|
845
800
|
}
|
|
@@ -861,7 +816,7 @@ function _readGeneralNames(buffer, block) {
|
|
|
861
816
|
8: { name: "registeredID", type: "OBJECT_IDENTIFIER" },
|
|
862
817
|
32: { name: "otherName", type: "AnotherName" }
|
|
863
818
|
};
|
|
864
|
-
const blocks =
|
|
819
|
+
const blocks = readStruct(buffer, block);
|
|
865
820
|
function _readFromType(buffer2, block2, type) {
|
|
866
821
|
switch (type) {
|
|
867
822
|
case "IA5String":
|
|
@@ -872,7 +827,7 @@ function _readGeneralNames(buffer, block) {
|
|
|
872
827
|
}
|
|
873
828
|
const n = {};
|
|
874
829
|
for (const block2 of blocks) {
|
|
875
|
-
(0,
|
|
830
|
+
(0, import_assert3.default)((block2.tag & 128) === 128);
|
|
876
831
|
const t2 = block2.tag & 127;
|
|
877
832
|
const type = _data[t2];
|
|
878
833
|
if (!type) {
|
|
@@ -881,11 +836,11 @@ function _readGeneralNames(buffer, block) {
|
|
|
881
836
|
}
|
|
882
837
|
if (t2 == 32) {
|
|
883
838
|
n[type.name] = n[type.name] || [];
|
|
884
|
-
const blocks2 =
|
|
885
|
-
const name =
|
|
886
|
-
const buf =
|
|
839
|
+
const blocks2 = readStruct(buffer, block2);
|
|
840
|
+
const name = readObjectIdentifier(buffer, blocks2[0]).name;
|
|
841
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
887
842
|
const b = readTag(buf, 0);
|
|
888
|
-
const nn =
|
|
843
|
+
const nn = readValue(buf, b);
|
|
889
844
|
const data = {
|
|
890
845
|
identifier: name,
|
|
891
846
|
value: nn
|
|
@@ -932,9 +887,9 @@ function readKeyUsage(oid, buffer) {
|
|
|
932
887
|
};
|
|
933
888
|
}
|
|
934
889
|
function readExtKeyUsage(oid, buffer) {
|
|
935
|
-
(0,
|
|
890
|
+
(0, import_assert3.default)(oid === "2.5.29.37");
|
|
936
891
|
const block_info = readTag(buffer, 0);
|
|
937
|
-
const inner_blocks =
|
|
892
|
+
const inner_blocks = readStruct(buffer, block_info);
|
|
938
893
|
const extKeyUsage = {
|
|
939
894
|
serverAuth: false,
|
|
940
895
|
clientAuth: false,
|
|
@@ -947,30 +902,30 @@ function readExtKeyUsage(oid, buffer) {
|
|
|
947
902
|
ocspSigning: false
|
|
948
903
|
};
|
|
949
904
|
for (const block of inner_blocks) {
|
|
950
|
-
const identifier =
|
|
905
|
+
const identifier = readObjectIdentifier(buffer, block);
|
|
951
906
|
extKeyUsage[identifier.name] = true;
|
|
952
907
|
}
|
|
953
908
|
return extKeyUsage;
|
|
954
909
|
}
|
|
955
910
|
function _readSubjectPublicKey(buffer) {
|
|
956
911
|
const block_info = readTag(buffer, 0);
|
|
957
|
-
const blocks =
|
|
912
|
+
const blocks = readStruct(buffer, block_info);
|
|
958
913
|
return {
|
|
959
914
|
modulus: buffer.subarray(blocks[0].position + 1, blocks[0].position + blocks[0].length)
|
|
960
915
|
};
|
|
961
916
|
}
|
|
962
|
-
function
|
|
963
|
-
const inner_blocks =
|
|
917
|
+
function readExtension(buffer, block) {
|
|
918
|
+
const inner_blocks = readStruct(buffer, block);
|
|
964
919
|
if (inner_blocks.length === 3) {
|
|
965
|
-
(0,
|
|
920
|
+
(0, import_assert3.default)(inner_blocks[1].tag === 1 /* BOOLEAN */);
|
|
966
921
|
inner_blocks[1] = inner_blocks[2];
|
|
967
922
|
}
|
|
968
|
-
const identifier =
|
|
969
|
-
const buf =
|
|
923
|
+
const identifier = readObjectIdentifier(buffer, inner_blocks[0]);
|
|
924
|
+
const buf = getBlock(buffer, inner_blocks[1]);
|
|
970
925
|
let value = null;
|
|
971
926
|
switch (identifier.name) {
|
|
972
927
|
case "subjectKeyIdentifier":
|
|
973
|
-
value = formatBuffer2DigitHexWithColum(
|
|
928
|
+
value = formatBuffer2DigitHexWithColum(readOctetString(buffer, inner_blocks[1]));
|
|
974
929
|
break;
|
|
975
930
|
case "subjectAltName":
|
|
976
931
|
value = _readSubjectAltNames(buf);
|
|
@@ -999,10 +954,10 @@ function _readExtension(buffer, block) {
|
|
|
999
954
|
};
|
|
1000
955
|
}
|
|
1001
956
|
function _readExtensions(buffer, block) {
|
|
1002
|
-
(0,
|
|
1003
|
-
let inner_blocks =
|
|
1004
|
-
inner_blocks =
|
|
1005
|
-
const extensions = inner_blocks.map((block2) =>
|
|
957
|
+
(0, import_assert3.default)(block.tag === 163);
|
|
958
|
+
let inner_blocks = readStruct(buffer, block);
|
|
959
|
+
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
960
|
+
const extensions = inner_blocks.map((block2) => readExtension(buffer, block2));
|
|
1006
961
|
const result = {};
|
|
1007
962
|
for (const e of extensions) {
|
|
1008
963
|
result[e.identifier.name] = e.value;
|
|
@@ -1010,11 +965,11 @@ function _readExtensions(buffer, block) {
|
|
|
1010
965
|
return result;
|
|
1011
966
|
}
|
|
1012
967
|
function _readSubjectPublicKeyInfo(buffer, block) {
|
|
1013
|
-
const inner_blocks =
|
|
1014
|
-
const algorithm =
|
|
1015
|
-
const subjectPublicKey =
|
|
968
|
+
const inner_blocks = readStruct(buffer, block);
|
|
969
|
+
const algorithm = readAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
970
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
1016
971
|
const data = subjectPublicKey.data;
|
|
1017
|
-
const values =
|
|
972
|
+
const values = readListOfInteger(data);
|
|
1018
973
|
return {
|
|
1019
974
|
algorithm: algorithm.identifier,
|
|
1020
975
|
keyLength: values[0].length - 1,
|
|
@@ -1024,9 +979,9 @@ function _readSubjectPublicKeyInfo(buffer, block) {
|
|
|
1024
979
|
};
|
|
1025
980
|
}
|
|
1026
981
|
function _readSubjectECCPublicKeyInfo(buffer, block) {
|
|
1027
|
-
const inner_blocks =
|
|
1028
|
-
const algorithm =
|
|
1029
|
-
const subjectPublicKey =
|
|
982
|
+
const inner_blocks = readStruct(buffer, block);
|
|
983
|
+
const algorithm = readECCAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
984
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
1030
985
|
const data = subjectPublicKey.data;
|
|
1031
986
|
return {
|
|
1032
987
|
algorithm: algorithm.identifier,
|
|
@@ -1037,33 +992,33 @@ function _readSubjectECCPublicKeyInfo(buffer, block) {
|
|
|
1037
992
|
};
|
|
1038
993
|
}
|
|
1039
994
|
function readTbsCertificate(buffer, block) {
|
|
1040
|
-
const blocks =
|
|
995
|
+
const blocks = readStruct(buffer, block);
|
|
1041
996
|
let version, serialNumber, signature, issuer, validity, subject, subjectFingerPrint, extensions;
|
|
1042
997
|
let subjectPublicKeyInfo;
|
|
1043
998
|
if (blocks.length === 6) {
|
|
1044
999
|
version = 1;
|
|
1045
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
1046
|
-
signature =
|
|
1000
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[0]));
|
|
1001
|
+
signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
1047
1002
|
issuer = _readName(buffer, blocks[2]);
|
|
1048
1003
|
validity = _readValidity(buffer, blocks[3]);
|
|
1049
1004
|
subject = _readName(buffer, blocks[4]);
|
|
1050
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1005
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[4])));
|
|
1051
1006
|
subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[5]);
|
|
1052
1007
|
extensions = null;
|
|
1053
1008
|
} else {
|
|
1054
|
-
const version_block =
|
|
1009
|
+
const version_block = findBlockAtIndex(blocks, 0);
|
|
1055
1010
|
if (!version_block) {
|
|
1056
1011
|
throw new Error("cannot find version block");
|
|
1057
1012
|
}
|
|
1058
|
-
version =
|
|
1059
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
1060
|
-
signature =
|
|
1013
|
+
version = readVersionValue(buffer, version_block) + 1;
|
|
1014
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[1]));
|
|
1015
|
+
signature = readAlgorithmIdentifier(buffer, blocks[2]);
|
|
1061
1016
|
issuer = _readName(buffer, blocks[3]);
|
|
1062
1017
|
validity = _readValidity(buffer, blocks[4]);
|
|
1063
1018
|
subject = _readName(buffer, blocks[5]);
|
|
1064
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1065
|
-
const inner_block =
|
|
1066
|
-
const what_type =
|
|
1019
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[5])));
|
|
1020
|
+
const inner_block = readStruct(buffer, blocks[6]);
|
|
1021
|
+
const what_type = readAlgorithmIdentifier(buffer, inner_block[0]).identifier;
|
|
1067
1022
|
switch (what_type) {
|
|
1068
1023
|
case "rsaEncryption": {
|
|
1069
1024
|
subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[6]);
|
|
@@ -1075,7 +1030,7 @@ function readTbsCertificate(buffer, block) {
|
|
|
1075
1030
|
break;
|
|
1076
1031
|
}
|
|
1077
1032
|
}
|
|
1078
|
-
const extensionBlock =
|
|
1033
|
+
const extensionBlock = findBlockAtIndex(blocks, 3);
|
|
1079
1034
|
if (!extensionBlock) {
|
|
1080
1035
|
doDebug && console.log("X509 certificate is invalid : cannot find extension block version =" + version_block);
|
|
1081
1036
|
extensions = null;
|
|
@@ -1096,14 +1051,14 @@ function readTbsCertificate(buffer, block) {
|
|
|
1096
1051
|
};
|
|
1097
1052
|
}
|
|
1098
1053
|
function exploreCertificate(certificate) {
|
|
1099
|
-
(0,
|
|
1054
|
+
(0, import_assert3.default)(certificate instanceof Buffer);
|
|
1100
1055
|
if (!certificate._exploreCertificate_cache) {
|
|
1101
1056
|
const block_info = readTag(certificate, 0);
|
|
1102
|
-
const blocks =
|
|
1057
|
+
const blocks = readStruct(certificate, block_info);
|
|
1103
1058
|
certificate._exploreCertificate_cache = {
|
|
1104
1059
|
tbsCertificate: readTbsCertificate(certificate, blocks[0]),
|
|
1105
|
-
signatureAlgorithm:
|
|
1106
|
-
signatureValue:
|
|
1060
|
+
signatureAlgorithm: readAlgorithmIdentifier(certificate, blocks[1]),
|
|
1061
|
+
signatureValue: readSignatureValue(certificate, blocks[2])
|
|
1107
1062
|
};
|
|
1108
1063
|
}
|
|
1109
1064
|
return certificate._exploreCertificate_cache;
|
|
@@ -1125,10 +1080,10 @@ function combine_der(certificates) {
|
|
|
1125
1080
|
let sum = 0;
|
|
1126
1081
|
b.forEach((block) => {
|
|
1127
1082
|
const block_info = readTag(block, 0);
|
|
1128
|
-
(0,
|
|
1083
|
+
(0, import_assert3.default)(block_info.position + block_info.length === block.length);
|
|
1129
1084
|
sum += block.length;
|
|
1130
1085
|
});
|
|
1131
|
-
(0,
|
|
1086
|
+
(0, import_assert3.default)(sum === cert.length);
|
|
1132
1087
|
}
|
|
1133
1088
|
return Buffer.concat(certificates);
|
|
1134
1089
|
}
|
|
@@ -1150,14 +1105,14 @@ function removeTrailingLF(str) {
|
|
|
1150
1105
|
return tmp;
|
|
1151
1106
|
}
|
|
1152
1107
|
function toPem(raw_key, pem) {
|
|
1153
|
-
(0,
|
|
1154
|
-
(0,
|
|
1108
|
+
(0, import_assert4.default)(raw_key, "expecting a key");
|
|
1109
|
+
(0, import_assert4.default)(typeof pem === "string");
|
|
1155
1110
|
let pemType = identifyPemType(raw_key);
|
|
1156
1111
|
if (pemType) {
|
|
1157
1112
|
return raw_key instanceof Buffer ? removeTrailingLF(raw_key.toString("utf8")) : removeTrailingLF(raw_key);
|
|
1158
1113
|
} else {
|
|
1159
1114
|
pemType = pem;
|
|
1160
|
-
(0,
|
|
1115
|
+
(0, import_assert4.default)(["CERTIFICATE REQUEST", "CERTIFICATE", "RSA PRIVATE KEY", "PUBLIC KEY", "X509 CRL"].indexOf(pemType) >= 0);
|
|
1161
1116
|
let b = raw_key.toString("base64");
|
|
1162
1117
|
let str = "-----BEGIN " + pemType + "-----\n";
|
|
1163
1118
|
while (b.length) {
|
|
@@ -1194,19 +1149,19 @@ function hexDump(buffer, width) {
|
|
|
1194
1149
|
}
|
|
1195
1150
|
}
|
|
1196
1151
|
function makeMessageChunkSignature(chunk, options) {
|
|
1197
|
-
const signer = (0,
|
|
1152
|
+
const signer = (0, import_crypto.createSign)(options.algorithm);
|
|
1198
1153
|
signer.update(chunk);
|
|
1199
1154
|
const signature = signer.sign(options.privateKey.hidden);
|
|
1200
|
-
(0,
|
|
1155
|
+
(0, import_assert4.default)(!options.signatureLength || signature.length === options.signatureLength);
|
|
1201
1156
|
return signature;
|
|
1202
1157
|
}
|
|
1203
1158
|
function verifyMessageChunkSignature(blockToVerify, signature, options) {
|
|
1204
|
-
const verify = (0,
|
|
1159
|
+
const verify = (0, import_crypto.createVerify)(options.algorithm);
|
|
1205
1160
|
verify.update(blockToVerify);
|
|
1206
1161
|
return verify.verify(options.publicKey, signature);
|
|
1207
1162
|
}
|
|
1208
1163
|
function makeSHA1Thumbprint(buffer) {
|
|
1209
|
-
return (0,
|
|
1164
|
+
return (0, import_crypto.createHash)("sha1").update(buffer).digest();
|
|
1210
1165
|
}
|
|
1211
1166
|
var RSA_PKCS1_OAEP_PADDING = import_constants.default.RSA_PKCS1_OAEP_PADDING;
|
|
1212
1167
|
var RSA_PKCS1_PADDING = import_constants.default.RSA_PKCS1_PADDING;
|
|
@@ -1215,13 +1170,13 @@ var PaddingAlgorithm = /* @__PURE__ */ ((PaddingAlgorithm2) => {
|
|
|
1215
1170
|
PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_PADDING"] = 1] = "RSA_PKCS1_PADDING";
|
|
1216
1171
|
return PaddingAlgorithm2;
|
|
1217
1172
|
})(PaddingAlgorithm || {});
|
|
1218
|
-
(0,
|
|
1219
|
-
(0,
|
|
1173
|
+
(0, import_assert4.default)(4 /* RSA_PKCS1_OAEP_PADDING */ === import_constants.default.RSA_PKCS1_OAEP_PADDING);
|
|
1174
|
+
(0, import_assert4.default)(1 /* RSA_PKCS1_PADDING */ === import_constants.default.RSA_PKCS1_PADDING);
|
|
1220
1175
|
function publicEncrypt_native(buffer, publicKey, algorithm) {
|
|
1221
1176
|
if (algorithm === void 0) {
|
|
1222
1177
|
algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
|
|
1223
1178
|
}
|
|
1224
|
-
return (0,
|
|
1179
|
+
return (0, import_crypto.publicEncrypt)(
|
|
1225
1180
|
{
|
|
1226
1181
|
key: publicKey,
|
|
1227
1182
|
padding: algorithm
|
|
@@ -1234,7 +1189,7 @@ function privateDecrypt_native(buffer, privateKey, algorithm) {
|
|
|
1234
1189
|
algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
|
|
1235
1190
|
}
|
|
1236
1191
|
try {
|
|
1237
|
-
return (0,
|
|
1192
|
+
return (0, import_crypto.privateDecrypt)(
|
|
1238
1193
|
{
|
|
1239
1194
|
key: privateKey.hidden,
|
|
1240
1195
|
padding: algorithm
|
|
@@ -1293,14 +1248,14 @@ function coerceCertificatePem(certificate) {
|
|
|
1293
1248
|
if (certificate instanceof Buffer) {
|
|
1294
1249
|
certificate = toPem(certificate, "CERTIFICATE");
|
|
1295
1250
|
}
|
|
1296
|
-
(0,
|
|
1251
|
+
(0, import_assert4.default)(typeof certificate === "string");
|
|
1297
1252
|
return certificate;
|
|
1298
1253
|
}
|
|
1299
1254
|
function extractPublicKeyFromCertificateSync(certificate) {
|
|
1300
1255
|
certificate = coerceCertificatePem(certificate);
|
|
1301
1256
|
const key = import_jsrsasign.default.KEYUTIL.getKey(certificate);
|
|
1302
1257
|
const publicKeyAsPem = import_jsrsasign.default.KEYUTIL.getPEM(key);
|
|
1303
|
-
(0,
|
|
1258
|
+
(0, import_assert4.default)(typeof publicKeyAsPem === "string");
|
|
1304
1259
|
return publicKeyAsPem;
|
|
1305
1260
|
}
|
|
1306
1261
|
function extractPublicKeyFromCertificate(certificate, callback) {
|
|
@@ -1316,13 +1271,192 @@ function extractPublicKeyFromCertificate(certificate, callback) {
|
|
|
1316
1271
|
});
|
|
1317
1272
|
}
|
|
1318
1273
|
|
|
1274
|
+
// source/explore_private_key.ts
|
|
1275
|
+
function f(buffer, b) {
|
|
1276
|
+
return buffer.subarray(b.position + 1, b.position + b.length);
|
|
1277
|
+
}
|
|
1278
|
+
var doDebug2 = !!process.env.DEBUG;
|
|
1279
|
+
function explorePrivateKey(privateKey2) {
|
|
1280
|
+
const privateKey1 = privateKey2.hidden;
|
|
1281
|
+
const privateKey = typeof privateKey1 === "string" ? convertPEMtoDER(privateKey1) : privateKey1.export({ format: "der", type: "pkcs1" });
|
|
1282
|
+
const block_info = readTag(privateKey, 0);
|
|
1283
|
+
const blocks = readStruct(privateKey, block_info);
|
|
1284
|
+
if (blocks.length === 9) {
|
|
1285
|
+
const version2 = f(privateKey, blocks[0]);
|
|
1286
|
+
const modulus2 = f(privateKey, blocks[1]);
|
|
1287
|
+
const publicExponent2 = f(privateKey, blocks[2]);
|
|
1288
|
+
const privateExponent2 = f(privateKey, blocks[3]);
|
|
1289
|
+
const prime12 = f(privateKey, blocks[4]);
|
|
1290
|
+
const prime22 = f(privateKey, blocks[5]);
|
|
1291
|
+
const exponent12 = f(privateKey, blocks[6]);
|
|
1292
|
+
const exponent22 = f(privateKey, blocks[7]);
|
|
1293
|
+
return {
|
|
1294
|
+
version: version2,
|
|
1295
|
+
modulus: modulus2,
|
|
1296
|
+
publicExponent: publicExponent2,
|
|
1297
|
+
privateExponent: privateExponent2,
|
|
1298
|
+
prime1: prime12,
|
|
1299
|
+
prime2: prime22,
|
|
1300
|
+
exponent1: exponent12,
|
|
1301
|
+
exponent2: exponent22
|
|
1302
|
+
};
|
|
1303
|
+
}
|
|
1304
|
+
if (doDebug2) {
|
|
1305
|
+
console.log("-------------------- private key:");
|
|
1306
|
+
console.log(block_info);
|
|
1307
|
+
console.log(
|
|
1308
|
+
blocks.map((b2) => ({
|
|
1309
|
+
tag: TagType[b2.tag] + " 0x" + b2.tag.toString(16),
|
|
1310
|
+
l: b2.length,
|
|
1311
|
+
p: b2.position,
|
|
1312
|
+
buff: privateKey.subarray(b2.position, b2.position + b2.length).toString("hex")
|
|
1313
|
+
}))
|
|
1314
|
+
);
|
|
1315
|
+
}
|
|
1316
|
+
const b = blocks[2];
|
|
1317
|
+
const bb = privateKey.subarray(b.position, b.position + b.length);
|
|
1318
|
+
const block_info1 = readTag(bb, 0);
|
|
1319
|
+
const blocks1 = readStruct(bb, block_info1);
|
|
1320
|
+
if (doDebug2) {
|
|
1321
|
+
console.log(
|
|
1322
|
+
blocks1.map((b2) => ({
|
|
1323
|
+
tag: TagType[b2.tag] + " 0x" + b2.tag.toString(16),
|
|
1324
|
+
l: b2.length,
|
|
1325
|
+
p: b2.position,
|
|
1326
|
+
buff: bb.subarray(b2.position, b2.position + b2.length).toString("hex")
|
|
1327
|
+
}))
|
|
1328
|
+
);
|
|
1329
|
+
}
|
|
1330
|
+
const version = f(bb, blocks1[0]);
|
|
1331
|
+
const modulus = f(bb, blocks1[1]);
|
|
1332
|
+
const publicExponent = f(bb, blocks1[2]);
|
|
1333
|
+
const privateExponent = f(bb, blocks1[3]);
|
|
1334
|
+
const prime1 = f(bb, blocks1[4]);
|
|
1335
|
+
const prime2 = f(bb, blocks1[5]);
|
|
1336
|
+
const exponent1 = f(bb, blocks1[6]);
|
|
1337
|
+
const exponent2 = f(bb, blocks1[7]);
|
|
1338
|
+
return {
|
|
1339
|
+
version,
|
|
1340
|
+
modulus,
|
|
1341
|
+
publicExponent,
|
|
1342
|
+
privateExponent,
|
|
1343
|
+
prime1,
|
|
1344
|
+
prime2,
|
|
1345
|
+
exponent1,
|
|
1346
|
+
exponent2
|
|
1347
|
+
};
|
|
1348
|
+
}
|
|
1349
|
+
|
|
1350
|
+
// source/public_private_match.ts
|
|
1351
|
+
function publicKeyAndPrivateKeyMatches(certificate, privateKey) {
|
|
1352
|
+
const i = exploreCertificate(certificate);
|
|
1353
|
+
const j = explorePrivateKey(privateKey);
|
|
1354
|
+
const modulus1 = i.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.modulus;
|
|
1355
|
+
const modulus2 = j.modulus;
|
|
1356
|
+
if (modulus1.length != modulus2.length) {
|
|
1357
|
+
return false;
|
|
1358
|
+
}
|
|
1359
|
+
return modulus1.toString("hex") === modulus2.toString("hex");
|
|
1360
|
+
}
|
|
1361
|
+
function certificateMatchesPrivateKeyPEM(certificate, privateKey, blockSize) {
|
|
1362
|
+
const initialBuffer = Buffer.from("Lorem Ipsum");
|
|
1363
|
+
const encryptedBuffer = publicEncrypt_long(initialBuffer, certificate, blockSize);
|
|
1364
|
+
const decryptedBuffer = privateDecrypt_long(encryptedBuffer, privateKey, blockSize);
|
|
1365
|
+
const finalString = decryptedBuffer.toString("utf-8");
|
|
1366
|
+
return initialBuffer.toString("utf-8") === finalString;
|
|
1367
|
+
}
|
|
1368
|
+
function certificateMatchesPrivateKey(certificate, privateKey) {
|
|
1369
|
+
const e = explorePrivateKey(privateKey);
|
|
1370
|
+
const blockSize = e.modulus.length;
|
|
1371
|
+
const certificatePEM = toPem(certificate, "CERTIFICATE");
|
|
1372
|
+
return certificateMatchesPrivateKeyPEM(certificatePEM, privateKey, blockSize);
|
|
1373
|
+
}
|
|
1374
|
+
|
|
1375
|
+
// source/common.ts
|
|
1376
|
+
var import_crypto2 = __toESM(require("crypto"));
|
|
1377
|
+
var KeyObjectOrig = import_crypto2.default.KeyObject;
|
|
1378
|
+
var { createPrivateKey: createPrivateKeyFromNodeJSCrypto } = import_crypto2.default;
|
|
1379
|
+
function isKeyObject(mayBeKeyObject) {
|
|
1380
|
+
if (KeyObjectOrig) {
|
|
1381
|
+
return mayBeKeyObject instanceof KeyObjectOrig;
|
|
1382
|
+
}
|
|
1383
|
+
return typeof mayBeKeyObject === "object" && typeof mayBeKeyObject.type === "string";
|
|
1384
|
+
}
|
|
1385
|
+
var CertificatePurpose = /* @__PURE__ */ ((CertificatePurpose2) => {
|
|
1386
|
+
CertificatePurpose2[CertificatePurpose2["NotSpecified"] = 0] = "NotSpecified";
|
|
1387
|
+
CertificatePurpose2[CertificatePurpose2["ForCertificateAuthority"] = 1] = "ForCertificateAuthority";
|
|
1388
|
+
CertificatePurpose2[CertificatePurpose2["ForApplication"] = 2] = "ForApplication";
|
|
1389
|
+
CertificatePurpose2[CertificatePurpose2["ForUserAuthentication"] = 3] = "ForUserAuthentication";
|
|
1390
|
+
return CertificatePurpose2;
|
|
1391
|
+
})(CertificatePurpose || {});
|
|
1392
|
+
|
|
1393
|
+
// source/crypto_utils2.ts
|
|
1394
|
+
var import_assert5 = __toESM(require("assert"));
|
|
1395
|
+
var import_jsrsasign2 = __toESM(require("jsrsasign"));
|
|
1396
|
+
function rsaLengthPrivateKey(key) {
|
|
1397
|
+
const keyPem = typeof key.hidden === "string" ? key.hidden : key.hidden.export({ type: "pkcs1", format: "pem" }).toString();
|
|
1398
|
+
const a = import_jsrsasign2.default.KEYUTIL.getKey(keyPem);
|
|
1399
|
+
return a.n.toString(16).length / 2;
|
|
1400
|
+
}
|
|
1401
|
+
function toPem2(raw_key, pem) {
|
|
1402
|
+
if (raw_key.hidden) {
|
|
1403
|
+
return toPem2(raw_key.hidden, pem);
|
|
1404
|
+
}
|
|
1405
|
+
(0, import_assert5.default)(raw_key, "expecting a key");
|
|
1406
|
+
(0, import_assert5.default)(typeof pem === "string");
|
|
1407
|
+
if (isKeyObject(raw_key)) {
|
|
1408
|
+
const _raw_key = raw_key;
|
|
1409
|
+
if (pem === "RSA PRIVATE KEY") {
|
|
1410
|
+
return removeTrailingLF(_raw_key.export({ format: "pem", type: "pkcs1" }).toString());
|
|
1411
|
+
} else if (pem === "PRIVATE KEY") {
|
|
1412
|
+
return removeTrailingLF(_raw_key.export({ format: "pem", type: "pkcs8" }).toString());
|
|
1413
|
+
} else {
|
|
1414
|
+
throw new Error("Unsupported case!");
|
|
1415
|
+
}
|
|
1416
|
+
}
|
|
1417
|
+
return toPem(raw_key, pem);
|
|
1418
|
+
}
|
|
1419
|
+
function coercePrivateKeyPem(privateKey) {
|
|
1420
|
+
return toPem2(privateKey, "PRIVATE KEY");
|
|
1421
|
+
}
|
|
1422
|
+
function coercePublicKeyPem(publicKey) {
|
|
1423
|
+
if (isKeyObject(publicKey)) {
|
|
1424
|
+
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1425
|
+
}
|
|
1426
|
+
(0, import_assert5.default)(typeof publicKey === "string");
|
|
1427
|
+
return publicKey;
|
|
1428
|
+
}
|
|
1429
|
+
function coerceRsaPublicKeyPem(publicKey) {
|
|
1430
|
+
if (isKeyObject(publicKey)) {
|
|
1431
|
+
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1432
|
+
}
|
|
1433
|
+
(0, import_assert5.default)(typeof publicKey === "string");
|
|
1434
|
+
return publicKey;
|
|
1435
|
+
}
|
|
1436
|
+
function rsaLengthPublicKey(key) {
|
|
1437
|
+
key = coercePublicKeyPem(key);
|
|
1438
|
+
(0, import_assert5.default)(typeof key === "string");
|
|
1439
|
+
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1440
|
+
return a.n.toString(16).length / 2;
|
|
1441
|
+
}
|
|
1442
|
+
function rsaLengthRsaPublicKey(key) {
|
|
1443
|
+
key = coerceRsaPublicKeyPem(key);
|
|
1444
|
+
(0, import_assert5.default)(typeof key === "string");
|
|
1445
|
+
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1446
|
+
return a.n.toString(16).length / 2;
|
|
1447
|
+
}
|
|
1448
|
+
|
|
1449
|
+
// source/derived_keys.ts
|
|
1450
|
+
var import_assert7 = __toESM(require("assert"));
|
|
1451
|
+
var import_crypto3 = require("crypto");
|
|
1452
|
+
|
|
1319
1453
|
// source/explore_certificate.ts
|
|
1320
|
-
var
|
|
1454
|
+
var import_assert6 = __toESM(require("assert"));
|
|
1321
1455
|
function coerceCertificate(certificate) {
|
|
1322
1456
|
if (typeof certificate === "string") {
|
|
1323
1457
|
certificate = convertPEMtoDER(certificate);
|
|
1324
1458
|
}
|
|
1325
|
-
(0,
|
|
1459
|
+
(0, import_assert6.default)(certificate instanceof Buffer);
|
|
1326
1460
|
return certificate;
|
|
1327
1461
|
}
|
|
1328
1462
|
function exploreCertificateInfo(certificate) {
|
|
@@ -1349,8 +1483,8 @@ function plus(buf1, buf2) {
|
|
|
1349
1483
|
return Buffer.concat([buf1, buf2]);
|
|
1350
1484
|
}
|
|
1351
1485
|
function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
1352
|
-
(0,
|
|
1353
|
-
(0,
|
|
1486
|
+
(0, import_assert7.default)(seed instanceof Buffer);
|
|
1487
|
+
(0, import_assert7.default)(sha1or256 === "SHA1" || sha1or256 === "SHA256");
|
|
1354
1488
|
const a = [];
|
|
1355
1489
|
a[0] = seed;
|
|
1356
1490
|
let index = 1;
|
|
@@ -1363,12 +1497,12 @@ function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
|
1363
1497
|
return p_hash.subarray(0, minLength);
|
|
1364
1498
|
}
|
|
1365
1499
|
function computeDerivedKeys(secret, seed, options) {
|
|
1366
|
-
(0,
|
|
1367
|
-
(0,
|
|
1368
|
-
(0,
|
|
1369
|
-
(0,
|
|
1500
|
+
(0, import_assert7.default)(Number.isFinite(options.signatureLength));
|
|
1501
|
+
(0, import_assert7.default)(Number.isFinite(options.encryptingKeyLength));
|
|
1502
|
+
(0, import_assert7.default)(Number.isFinite(options.encryptingBlockSize));
|
|
1503
|
+
(0, import_assert7.default)(typeof options.algorithm === "string");
|
|
1370
1504
|
options.sha1or256 = options.sha1or256 || "SHA1";
|
|
1371
|
-
(0,
|
|
1505
|
+
(0, import_assert7.default)(typeof options.sha1or256 === "string");
|
|
1372
1506
|
const offset1 = options.signingKeyLength;
|
|
1373
1507
|
const offset2 = offset1 + options.encryptingKeyLength;
|
|
1374
1508
|
const minLength = offset2 + options.encryptingBlockSize;
|
|
@@ -1393,7 +1527,7 @@ function removePadding(buffer) {
|
|
|
1393
1527
|
return reduceLength(buffer, nbPaddingBytes);
|
|
1394
1528
|
}
|
|
1395
1529
|
function verifyChunkSignature(chunk, options) {
|
|
1396
|
-
(0,
|
|
1530
|
+
(0, import_assert7.default)(chunk instanceof Buffer);
|
|
1397
1531
|
let signatureLength = options.signatureLength || 0;
|
|
1398
1532
|
if (signatureLength === 0) {
|
|
1399
1533
|
const cert = exploreCertificateInfo(options.publicKey);
|
|
@@ -1404,16 +1538,16 @@ function verifyChunkSignature(chunk, options) {
|
|
|
1404
1538
|
return verifyMessageChunkSignature(block_to_verify, signature, options);
|
|
1405
1539
|
}
|
|
1406
1540
|
function computePaddingFooter(buffer, derivedKeys) {
|
|
1407
|
-
(0,
|
|
1541
|
+
(0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "encryptingBlockSize"));
|
|
1408
1542
|
const paddingSize = derivedKeys.encryptingBlockSize - (buffer.length + 1) % derivedKeys.encryptingBlockSize;
|
|
1409
1543
|
const padding = createFastUninitializedBuffer(paddingSize + 1);
|
|
1410
1544
|
padding.fill(paddingSize);
|
|
1411
1545
|
return padding;
|
|
1412
1546
|
}
|
|
1413
1547
|
function derivedKeys_algorithm(derivedKeys) {
|
|
1414
|
-
(0,
|
|
1548
|
+
(0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "algorithm"));
|
|
1415
1549
|
const algorithm = derivedKeys.algorithm || "aes-128-cbc";
|
|
1416
|
-
(0,
|
|
1550
|
+
(0, import_assert7.default)(algorithm === "aes-128-cbc" || algorithm === "aes-256-cbc");
|
|
1417
1551
|
return algorithm;
|
|
1418
1552
|
}
|
|
1419
1553
|
function encryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
@@ -1439,12 +1573,12 @@ function decryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
|
1439
1573
|
return Buffer.concat(decrypted_chunks);
|
|
1440
1574
|
}
|
|
1441
1575
|
function makeMessageChunkSignatureWithDerivedKeys(message, derivedKeys) {
|
|
1442
|
-
(0,
|
|
1443
|
-
(0,
|
|
1444
|
-
(0,
|
|
1445
|
-
(0,
|
|
1576
|
+
(0, import_assert7.default)(message instanceof Buffer);
|
|
1577
|
+
(0, import_assert7.default)(derivedKeys.signingKey instanceof Buffer);
|
|
1578
|
+
(0, import_assert7.default)(typeof derivedKeys.sha1or256 === "string");
|
|
1579
|
+
(0, import_assert7.default)(derivedKeys.sha1or256 === "SHA1" || derivedKeys.sha1or256 === "SHA256");
|
|
1446
1580
|
const signature = (0, import_crypto3.createHmac)(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
|
|
1447
|
-
(0,
|
|
1581
|
+
(0, import_assert7.default)(signature.length === derivedKeys.signatureLength);
|
|
1448
1582
|
return signature;
|
|
1449
1583
|
}
|
|
1450
1584
|
function verifyChunkSignatureWithDerivedKeys(chunk, derivedKeys) {
|
|
@@ -1454,170 +1588,75 @@ function verifyChunkSignatureWithDerivedKeys(chunk, derivedKeys) {
|
|
|
1454
1588
|
return computedSignature.toString("hex") === expectedSignature.toString("hex");
|
|
1455
1589
|
}
|
|
1456
1590
|
|
|
1457
|
-
// source/
|
|
1458
|
-
|
|
1459
|
-
|
|
1460
|
-
function rsaLengthPrivateKey(key) {
|
|
1461
|
-
const keyPem = typeof key.hidden === "string" ? key.hidden : key.hidden.export({ type: "pkcs1", format: "pem" }).toString();
|
|
1462
|
-
const a = import_jsrsasign2.default.KEYUTIL.getKey(keyPem);
|
|
1463
|
-
return a.n.toString(16).length / 2;
|
|
1464
|
-
}
|
|
1465
|
-
function toPem2(raw_key, pem) {
|
|
1466
|
-
if (raw_key.hidden) {
|
|
1467
|
-
return toPem2(raw_key.hidden, pem);
|
|
1468
|
-
}
|
|
1469
|
-
(0, import_assert6.default)(raw_key, "expecting a key");
|
|
1470
|
-
(0, import_assert6.default)(typeof pem === "string");
|
|
1471
|
-
if (isKeyObject(raw_key)) {
|
|
1472
|
-
const _raw_key = raw_key;
|
|
1473
|
-
if (pem === "RSA PRIVATE KEY") {
|
|
1474
|
-
return removeTrailingLF(_raw_key.export({ format: "pem", type: "pkcs1" }).toString());
|
|
1475
|
-
} else if (pem === "PRIVATE KEY") {
|
|
1476
|
-
return removeTrailingLF(_raw_key.export({ format: "pem", type: "pkcs8" }).toString());
|
|
1477
|
-
} else {
|
|
1478
|
-
throw new Error("Unsupported case!");
|
|
1479
|
-
}
|
|
1480
|
-
}
|
|
1481
|
-
return toPem(raw_key, pem);
|
|
1591
|
+
// source/explore_asn1.ts
|
|
1592
|
+
function t(tag) {
|
|
1593
|
+
return TagType[tag];
|
|
1482
1594
|
}
|
|
1483
|
-
function
|
|
1484
|
-
|
|
1485
|
-
|
|
1486
|
-
|
|
1487
|
-
if (isKeyObject(publicKey)) {
|
|
1488
|
-
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1489
|
-
}
|
|
1490
|
-
(0, import_assert6.default)(typeof publicKey === "string");
|
|
1491
|
-
return publicKey;
|
|
1492
|
-
}
|
|
1493
|
-
function coerceRsaPublicKeyPem(publicKey) {
|
|
1494
|
-
if (isKeyObject(publicKey)) {
|
|
1495
|
-
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1496
|
-
}
|
|
1497
|
-
(0, import_assert6.default)(typeof publicKey === "string");
|
|
1498
|
-
return publicKey;
|
|
1499
|
-
}
|
|
1500
|
-
function rsaLengthPublicKey(key) {
|
|
1501
|
-
key = coercePublicKeyPem(key);
|
|
1502
|
-
(0, import_assert6.default)(typeof key === "string");
|
|
1503
|
-
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1504
|
-
return a.n.toString(16).length / 2;
|
|
1505
|
-
}
|
|
1506
|
-
function rsaLengthRsaPublicKey(key) {
|
|
1507
|
-
key = coerceRsaPublicKeyPem(key);
|
|
1508
|
-
(0, import_assert6.default)(typeof key === "string");
|
|
1509
|
-
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1510
|
-
return a.n.toString(16).length / 2;
|
|
1511
|
-
}
|
|
1512
|
-
|
|
1513
|
-
// source/verify_certificate_signature.ts
|
|
1514
|
-
var import_crypto4 = require("crypto");
|
|
1515
|
-
function verifyCertificateOrClrSignature(certificateOrCrl, parentCertificate) {
|
|
1516
|
-
const block_info = readTag(certificateOrCrl, 0);
|
|
1517
|
-
const blocks = _readStruct(certificateOrCrl, block_info);
|
|
1518
|
-
const bufferToBeSigned = certificateOrCrl.subarray(block_info.position, blocks[1].position - 2);
|
|
1519
|
-
const signatureAlgorithm = _readAlgorithmIdentifier(certificateOrCrl, blocks[1]);
|
|
1520
|
-
const signatureValue = _readSignatureValueBin(certificateOrCrl, blocks[2]);
|
|
1521
|
-
const p = split_der(parentCertificate)[0];
|
|
1522
|
-
const certPem = toPem(p, "CERTIFICATE");
|
|
1523
|
-
const verify = (0, import_crypto4.createVerify)(signatureAlgorithm.identifier);
|
|
1524
|
-
verify.update(bufferToBeSigned);
|
|
1525
|
-
verify.end();
|
|
1526
|
-
return verify.verify(certPem, signatureValue);
|
|
1527
|
-
}
|
|
1528
|
-
function verifyCertificateSignature(certificate, parentCertificate) {
|
|
1529
|
-
return verifyCertificateOrClrSignature(certificate, parentCertificate);
|
|
1530
|
-
}
|
|
1531
|
-
function verifyCertificateRevocationListSignature(certificateRevocationList, parentCertificate) {
|
|
1532
|
-
return verifyCertificateOrClrSignature(certificateRevocationList, parentCertificate);
|
|
1595
|
+
function bi(blockInfo, depth) {
|
|
1596
|
+
const indent = " ".repeat(depth);
|
|
1597
|
+
const hl = blockInfo.position - blockInfo.start;
|
|
1598
|
+
return `${blockInfo.start.toString().padStart(5, " ")}:d=${depth} hl=${hl.toString().padEnd(3, " ")} l=${blockInfo.length.toString().padStart(6, " ")} ${blockInfo.tag.toString(16).padEnd(2, " ")} ${indent} ${t(blockInfo.tag)}`;
|
|
1533
1599
|
}
|
|
1534
|
-
|
|
1535
|
-
|
|
1536
|
-
|
|
1537
|
-
const
|
|
1538
|
-
|
|
1539
|
-
|
|
1540
|
-
|
|
1541
|
-
|
|
1542
|
-
|
|
1543
|
-
|
|
1544
|
-
|
|
1545
|
-
|
|
1546
|
-
|
|
1547
|
-
if (!parentSignChild) {
|
|
1548
|
-
return {
|
|
1549
|
-
status: "BadCertificateInvalid",
|
|
1550
|
-
reason: "One of the certificate in the chain is not signing the previous certificate"
|
|
1551
|
-
};
|
|
1552
|
-
}
|
|
1553
|
-
const certInfo = exploreCertificate(cert);
|
|
1554
|
-
if (!certInfo.tbsCertificate.extensions) {
|
|
1555
|
-
return {
|
|
1556
|
-
status: "BadCertificateInvalid",
|
|
1557
|
-
reason: "Cannot find X409 Extension 3 in certificate"
|
|
1558
|
-
};
|
|
1559
|
-
}
|
|
1560
|
-
if (!certParentInfo.tbsCertificate.extensions || !certInfo.tbsCertificate.extensions.authorityKeyIdentifier) {
|
|
1561
|
-
return {
|
|
1562
|
-
status: "BadCertificateInvalid",
|
|
1563
|
-
reason: "Cannot find X409 Extension 3 in certificate (parent)"
|
|
1564
|
-
};
|
|
1565
|
-
}
|
|
1566
|
-
if (certParentInfo.tbsCertificate.extensions.subjectKeyIdentifier !== certInfo.tbsCertificate.extensions.authorityKeyIdentifier.keyIdentifier) {
|
|
1567
|
-
return {
|
|
1568
|
-
status: "BadCertificateInvalid",
|
|
1569
|
-
reason: "subjectKeyIdentifier authorityKeyIdentifier in child certificate do not match subjectKeyIdentifier of parent certificate"
|
|
1570
|
-
};
|
|
1600
|
+
function exploreAsn1(buffer) {
|
|
1601
|
+
console.log(hexDump(buffer));
|
|
1602
|
+
function dump(offset, depth) {
|
|
1603
|
+
const blockInfo = readTag(buffer, offset);
|
|
1604
|
+
dumpBlock(blockInfo, depth);
|
|
1605
|
+
function dumpBlock(blockInfo2, depth2) {
|
|
1606
|
+
console.log(bi(blockInfo2, depth2));
|
|
1607
|
+
if (blockInfo2.tag === 48 /* SEQUENCE */ || blockInfo2.tag === 49 /* SET */ || blockInfo2.tag >= 160 /* CONTEXT_SPECIFIC0 */) {
|
|
1608
|
+
const blocks = readStruct(buffer, blockInfo2);
|
|
1609
|
+
for (const block of blocks) {
|
|
1610
|
+
dumpBlock(block, depth2 + 1);
|
|
1611
|
+
}
|
|
1612
|
+
}
|
|
1571
1613
|
}
|
|
1572
1614
|
}
|
|
1573
|
-
|
|
1574
|
-
status: "Good",
|
|
1575
|
-
reason: `certificate chain is valid(length = ${certificateChain.length})`
|
|
1576
|
-
};
|
|
1615
|
+
dump(0, 0);
|
|
1577
1616
|
}
|
|
1578
1617
|
|
|
1579
1618
|
// source/explore_certificate_revocation_list.ts
|
|
1580
1619
|
function readNameForCrl(buffer, block) {
|
|
1581
|
-
return
|
|
1620
|
+
return readDirectoryName(buffer, block);
|
|
1582
1621
|
}
|
|
1583
1622
|
function _readTbsCertList(buffer, blockInfo) {
|
|
1584
|
-
const blocks =
|
|
1623
|
+
const blocks = readStruct(buffer, blockInfo);
|
|
1585
1624
|
const hasOptionalVersion = blocks[0].tag === 2 /* INTEGER */;
|
|
1586
1625
|
if (hasOptionalVersion) {
|
|
1587
|
-
const version =
|
|
1588
|
-
const signature =
|
|
1626
|
+
const version = readIntegerValue(buffer, blocks[0]);
|
|
1627
|
+
const signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
1589
1628
|
const issuer = readNameForCrl(buffer, blocks[2]);
|
|
1590
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1591
|
-
const thisUpdate =
|
|
1592
|
-
const nextUpdate =
|
|
1629
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[2])));
|
|
1630
|
+
const thisUpdate = readTime(buffer, blocks[3]);
|
|
1631
|
+
const nextUpdate = readTime(buffer, blocks[4]);
|
|
1593
1632
|
const revokedCertificates = [];
|
|
1594
1633
|
if (blocks[5] && blocks[5].tag < 128) {
|
|
1595
|
-
const list =
|
|
1634
|
+
const list = readStruct(buffer, blocks[5]);
|
|
1596
1635
|
for (const r of list) {
|
|
1597
|
-
const rr =
|
|
1598
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1599
|
-
const revocationDate =
|
|
1636
|
+
const rr = readStruct(buffer, r);
|
|
1637
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1638
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1600
1639
|
revokedCertificates.push({
|
|
1601
1640
|
revocationDate,
|
|
1602
1641
|
userCertificate
|
|
1603
1642
|
});
|
|
1604
1643
|
}
|
|
1605
1644
|
}
|
|
1606
|
-
const ext0 =
|
|
1645
|
+
const ext0 = findBlockAtIndex(blocks, 0);
|
|
1607
1646
|
return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
|
|
1608
1647
|
} else {
|
|
1609
|
-
const signature =
|
|
1648
|
+
const signature = readAlgorithmIdentifier(buffer, blocks[0]);
|
|
1610
1649
|
const issuer = readNameForCrl(buffer, blocks[1]);
|
|
1611
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1612
|
-
const thisUpdate =
|
|
1613
|
-
const nextUpdate =
|
|
1650
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[1])));
|
|
1651
|
+
const thisUpdate = readTime(buffer, blocks[2]);
|
|
1652
|
+
const nextUpdate = readTime(buffer, blocks[3]);
|
|
1614
1653
|
const revokedCertificates = [];
|
|
1615
1654
|
if (blocks[4] && blocks[4].tag < 128) {
|
|
1616
|
-
const list =
|
|
1655
|
+
const list = readStruct(buffer, blocks[4]);
|
|
1617
1656
|
for (const r of list) {
|
|
1618
|
-
const rr =
|
|
1619
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1620
|
-
const revocationDate =
|
|
1657
|
+
const rr = readStruct(buffer, r);
|
|
1658
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1659
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1621
1660
|
revokedCertificates.push({
|
|
1622
1661
|
revocationDate,
|
|
1623
1662
|
userCertificate
|
|
@@ -1629,18 +1668,18 @@ function _readTbsCertList(buffer, blockInfo) {
|
|
|
1629
1668
|
}
|
|
1630
1669
|
function exploreCertificateRevocationList(crl) {
|
|
1631
1670
|
const blockInfo = readTag(crl, 0);
|
|
1632
|
-
const blocks =
|
|
1671
|
+
const blocks = readStruct(crl, blockInfo);
|
|
1633
1672
|
const tbsCertList = _readTbsCertList(crl, blocks[0]);
|
|
1634
|
-
const signatureAlgorithm =
|
|
1635
|
-
const signatureValue =
|
|
1673
|
+
const signatureAlgorithm = readAlgorithmIdentifier(crl, blocks[1]);
|
|
1674
|
+
const signatureValue = readSignatureValueBin(crl, blocks[2]);
|
|
1636
1675
|
return { tbsCertList, signatureAlgorithm, signatureValue };
|
|
1637
1676
|
}
|
|
1638
1677
|
|
|
1639
1678
|
// source/explore_certificate_signing_request.ts
|
|
1640
1679
|
function _readExtensionRequest(buffer) {
|
|
1641
1680
|
const block = readTag(buffer, 0);
|
|
1642
|
-
const inner_blocks =
|
|
1643
|
-
const extensions = inner_blocks.map((block1) =>
|
|
1681
|
+
const inner_blocks = readStruct(buffer, block);
|
|
1682
|
+
const extensions = inner_blocks.map((block1) => readExtension(buffer, block1));
|
|
1644
1683
|
const result = {};
|
|
1645
1684
|
for (const e of extensions) {
|
|
1646
1685
|
result[e.identifier.name] = e.value;
|
|
@@ -1649,204 +1688,39 @@ function _readExtensionRequest(buffer) {
|
|
|
1649
1688
|
return { basicConstraints, keyUsage, subjectAltName };
|
|
1650
1689
|
}
|
|
1651
1690
|
function readCertificationRequestInfo(buffer, block) {
|
|
1652
|
-
const blocks =
|
|
1653
|
-
if (blocks.length === 4) {
|
|
1654
|
-
const extensionRequestBlock =
|
|
1655
|
-
if (!extensionRequestBlock) {
|
|
1656
|
-
throw new Error("cannot find extensionRequest block");
|
|
1657
|
-
}
|
|
1658
|
-
const blocks1 =
|
|
1659
|
-
const blocks2 =
|
|
1660
|
-
const identifier =
|
|
1661
|
-
if (identifier.name !== "extensionRequest") {
|
|
1662
|
-
throw new Error(" Cannot find extension Request in ASN1 block");
|
|
1663
|
-
}
|
|
1664
|
-
const buf =
|
|
1665
|
-
const extensionRequest = _readExtensionRequest(buf);
|
|
1666
|
-
return { extensionRequest };
|
|
1667
|
-
}
|
|
1668
|
-
throw new Error("Invalid CSR or ");
|
|
1669
|
-
}
|
|
1670
|
-
function exploreCertificateSigningRequest(crl) {
|
|
1671
|
-
const blockInfo = readTag(crl, 0);
|
|
1672
|
-
const blocks = _readStruct(crl, blockInfo);
|
|
1673
|
-
const csrInfo = readCertificationRequestInfo(crl, blocks[0]);
|
|
1674
|
-
return csrInfo;
|
|
1675
|
-
}
|
|
1676
|
-
|
|
1677
|
-
// source/explore_private_key.ts
|
|
1678
|
-
function f(buffer, b) {
|
|
1679
|
-
return buffer.subarray(b.position + 1, b.position + b.length);
|
|
1680
|
-
}
|
|
1681
|
-
var doDebug2 = !!process.env.DEBUG;
|
|
1682
|
-
function explorePrivateKey(privateKey2) {
|
|
1683
|
-
const privateKey1 = privateKey2.hidden;
|
|
1684
|
-
const privateKey = typeof privateKey1 === "string" ? convertPEMtoDER(privateKey1) : privateKey1.export({ format: "der", type: "pkcs1" });
|
|
1685
|
-
const block_info = readTag(privateKey, 0);
|
|
1686
|
-
const blocks = _readStruct(privateKey, block_info);
|
|
1687
|
-
if (blocks.length === 9) {
|
|
1688
|
-
const version2 = f(privateKey, blocks[0]);
|
|
1689
|
-
const modulus2 = f(privateKey, blocks[1]);
|
|
1690
|
-
const publicExponent2 = f(privateKey, blocks[2]);
|
|
1691
|
-
const privateExponent2 = f(privateKey, blocks[3]);
|
|
1692
|
-
const prime12 = f(privateKey, blocks[4]);
|
|
1693
|
-
const prime22 = f(privateKey, blocks[5]);
|
|
1694
|
-
const exponent12 = f(privateKey, blocks[6]);
|
|
1695
|
-
const exponent22 = f(privateKey, blocks[7]);
|
|
1696
|
-
return {
|
|
1697
|
-
version: version2,
|
|
1698
|
-
modulus: modulus2,
|
|
1699
|
-
publicExponent: publicExponent2,
|
|
1700
|
-
privateExponent: privateExponent2,
|
|
1701
|
-
prime1: prime12,
|
|
1702
|
-
prime2: prime22,
|
|
1703
|
-
exponent1: exponent12,
|
|
1704
|
-
exponent2: exponent22
|
|
1705
|
-
};
|
|
1706
|
-
}
|
|
1707
|
-
if (doDebug2) {
|
|
1708
|
-
console.log("-------------------- private key:");
|
|
1709
|
-
console.log(block_info);
|
|
1710
|
-
console.log(
|
|
1711
|
-
blocks.map((b2) => ({
|
|
1712
|
-
tag: TagType[b2.tag] + " 0x" + b2.tag.toString(16),
|
|
1713
|
-
l: b2.length,
|
|
1714
|
-
p: b2.position,
|
|
1715
|
-
buff: privateKey.subarray(b2.position, b2.position + b2.length).toString("hex")
|
|
1716
|
-
}))
|
|
1717
|
-
);
|
|
1718
|
-
}
|
|
1719
|
-
const b = blocks[2];
|
|
1720
|
-
const bb = privateKey.subarray(b.position, b.position + b.length);
|
|
1721
|
-
const block_info1 = readTag(bb, 0);
|
|
1722
|
-
const blocks1 = _readStruct(bb, block_info1);
|
|
1723
|
-
if (doDebug2) {
|
|
1724
|
-
console.log(
|
|
1725
|
-
blocks1.map((b2) => ({
|
|
1726
|
-
tag: TagType[b2.tag] + " 0x" + b2.tag.toString(16),
|
|
1727
|
-
l: b2.length,
|
|
1728
|
-
p: b2.position,
|
|
1729
|
-
buff: bb.subarray(b2.position, b2.position + b2.length).toString("hex")
|
|
1730
|
-
}))
|
|
1731
|
-
);
|
|
1732
|
-
}
|
|
1733
|
-
const version = f(bb, blocks1[0]);
|
|
1734
|
-
const modulus = f(bb, blocks1[1]);
|
|
1735
|
-
const publicExponent = f(bb, blocks1[2]);
|
|
1736
|
-
const privateExponent = f(bb, blocks1[3]);
|
|
1737
|
-
const prime1 = f(bb, blocks1[4]);
|
|
1738
|
-
const prime2 = f(bb, blocks1[5]);
|
|
1739
|
-
const exponent1 = f(bb, blocks1[6]);
|
|
1740
|
-
const exponent2 = f(bb, blocks1[7]);
|
|
1741
|
-
return {
|
|
1742
|
-
version,
|
|
1743
|
-
modulus,
|
|
1744
|
-
publicExponent,
|
|
1745
|
-
privateExponent,
|
|
1746
|
-
prime1,
|
|
1747
|
-
prime2,
|
|
1748
|
-
exponent1,
|
|
1749
|
-
exponent2
|
|
1750
|
-
};
|
|
1751
|
-
}
|
|
1752
|
-
|
|
1753
|
-
// source/public_private_match.ts
|
|
1754
|
-
function publicKeyAndPrivateKeyMatches(certificate, privateKey) {
|
|
1755
|
-
const i = exploreCertificate(certificate);
|
|
1756
|
-
const j = explorePrivateKey(privateKey);
|
|
1757
|
-
const modulus1 = i.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.modulus;
|
|
1758
|
-
const modulus2 = j.modulus;
|
|
1759
|
-
if (modulus1.length != modulus2.length) {
|
|
1760
|
-
return false;
|
|
1761
|
-
}
|
|
1762
|
-
return modulus1.toString("hex") === modulus2.toString("hex");
|
|
1763
|
-
}
|
|
1764
|
-
function certificateMatchesPrivateKeyPEM(certificate, privateKey, blockSize) {
|
|
1765
|
-
const initialBuffer = Buffer.from("Lorem Ipsum");
|
|
1766
|
-
const encryptedBuffer = publicEncrypt_long(initialBuffer, certificate, blockSize);
|
|
1767
|
-
const decryptedBuffer = privateDecrypt_long(encryptedBuffer, privateKey, blockSize);
|
|
1768
|
-
const finalString = decryptedBuffer.toString("utf-8");
|
|
1769
|
-
return initialBuffer.toString("utf-8") === finalString;
|
|
1770
|
-
}
|
|
1771
|
-
function certificateMatchesPrivateKey(certificate, privateKey) {
|
|
1772
|
-
const e = explorePrivateKey(privateKey);
|
|
1773
|
-
const blockSize = e.modulus.length;
|
|
1774
|
-
const certificatePEM = toPem(certificate, "CERTIFICATE");
|
|
1775
|
-
return certificateMatchesPrivateKeyPEM(certificatePEM, privateKey, blockSize);
|
|
1776
|
-
}
|
|
1777
|
-
|
|
1778
|
-
// source/x509/_crypto.ts
|
|
1779
|
-
var x509 = __toESM(require("@peculiar/x509"));
|
|
1780
|
-
var import_webcrypto = require("@peculiar/webcrypto");
|
|
1781
|
-
var import_crypto5 = __toESM(require("crypto"));
|
|
1782
|
-
var x5092 = __toESM(require("@peculiar/x509"));
|
|
1783
|
-
var doDebug3 = false;
|
|
1784
|
-
var _crypto;
|
|
1785
|
-
var ignoreCrypto = process.env.IGNORE_SUBTLE_FROM_CRYPTO;
|
|
1786
|
-
if (typeof window === "undefined") {
|
|
1787
|
-
_crypto = import_crypto5.default;
|
|
1788
|
-
if (!_crypto?.subtle || ignoreCrypto) {
|
|
1789
|
-
_crypto = new import_webcrypto.Crypto();
|
|
1790
|
-
doDebug3 && console.warn("using @peculiar/webcrypto");
|
|
1791
|
-
} else {
|
|
1792
|
-
doDebug3 && console.warn("using nodejs crypto (native)");
|
|
1793
|
-
}
|
|
1794
|
-
x509.cryptoProvider.set(_crypto);
|
|
1795
|
-
} else {
|
|
1796
|
-
doDebug3 && console.warn("using browser crypto (native)");
|
|
1797
|
-
_crypto = crypto;
|
|
1798
|
-
x509.cryptoProvider.set(crypto);
|
|
1799
|
-
}
|
|
1800
|
-
function getCrypto() {
|
|
1801
|
-
return _crypto || crypto || require("crypto");
|
|
1802
|
-
}
|
|
1803
|
-
|
|
1804
|
-
// source/x509/create_key_pair.ts
|
|
1805
|
-
async function generateKeyPair(modulusLength = 2048) {
|
|
1806
|
-
const crypto3 = getCrypto();
|
|
1807
|
-
const alg = {
|
|
1808
|
-
name: "RSASSA-PKCS1-v1_5",
|
|
1809
|
-
hash: { name: "SHA-256" },
|
|
1810
|
-
publicExponent: new Uint8Array([1, 0, 1]),
|
|
1811
|
-
modulusLength
|
|
1812
|
-
};
|
|
1813
|
-
const keys = await crypto3.subtle.generateKey(alg, true, ["sign", "verify"]);
|
|
1814
|
-
return keys;
|
|
1815
|
-
}
|
|
1816
|
-
async function generatePrivateKey(modulusLength = 2048) {
|
|
1817
|
-
return (await generateKeyPair(modulusLength)).privateKey;
|
|
1818
|
-
}
|
|
1819
|
-
async function privateKeyToPEM(privateKey) {
|
|
1820
|
-
const crypto3 = getCrypto();
|
|
1821
|
-
const privDer = await crypto3.subtle.exportKey("pkcs8", privateKey);
|
|
1822
|
-
const privPem = x5092.PemConverter.encode(privDer, "PRIVATE KEY");
|
|
1823
|
-
return { privPem, privDer };
|
|
1824
|
-
}
|
|
1825
|
-
async function derToPrivateKey(privDer) {
|
|
1826
|
-
const crypto3 = getCrypto();
|
|
1827
|
-
return await crypto3.subtle.importKey(
|
|
1828
|
-
"pkcs8",
|
|
1829
|
-
privDer,
|
|
1830
|
-
{
|
|
1831
|
-
name: "RSASSA-PKCS1-v1_5",
|
|
1832
|
-
hash: { name: "SHA-256" }
|
|
1833
|
-
},
|
|
1834
|
-
true,
|
|
1835
|
-
[
|
|
1836
|
-
"sign"
|
|
1837
|
-
// "encrypt",
|
|
1838
|
-
// "decrypt",
|
|
1839
|
-
// "verify",
|
|
1840
|
-
// "wrapKey",
|
|
1841
|
-
// "unwrapKey",
|
|
1842
|
-
// "deriveKey",
|
|
1843
|
-
// "deriveBits"
|
|
1844
|
-
]
|
|
1845
|
-
);
|
|
1691
|
+
const blocks = readStruct(buffer, block);
|
|
1692
|
+
if (blocks.length === 4) {
|
|
1693
|
+
const extensionRequestBlock = findBlockAtIndex(blocks, 0);
|
|
1694
|
+
if (!extensionRequestBlock) {
|
|
1695
|
+
throw new Error("cannot find extensionRequest block");
|
|
1696
|
+
}
|
|
1697
|
+
const blocks1 = readStruct(buffer, extensionRequestBlock);
|
|
1698
|
+
const blocks2 = readStruct(buffer, blocks1[0]);
|
|
1699
|
+
const identifier = readObjectIdentifier(buffer, blocks2[0]);
|
|
1700
|
+
if (identifier.name !== "extensionRequest") {
|
|
1701
|
+
throw new Error(" Cannot find extension Request in ASN1 block");
|
|
1702
|
+
}
|
|
1703
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
1704
|
+
const extensionRequest = _readExtensionRequest(buf);
|
|
1705
|
+
return { extensionRequest };
|
|
1706
|
+
}
|
|
1707
|
+
throw new Error("Invalid CSR or ");
|
|
1846
1708
|
}
|
|
1847
|
-
|
|
1848
|
-
const
|
|
1849
|
-
|
|
1709
|
+
function exploreCertificateSigningRequest(crl) {
|
|
1710
|
+
const blockInfo = readTag(crl, 0);
|
|
1711
|
+
const blocks = readStruct(crl, blockInfo);
|
|
1712
|
+
const csrInfo = readCertificationRequestInfo(crl, blocks[0]);
|
|
1713
|
+
return csrInfo;
|
|
1714
|
+
}
|
|
1715
|
+
|
|
1716
|
+
// source/make_private_key_from_pem.ts
|
|
1717
|
+
function makePrivateKeyFromPem(privateKeyInPem) {
|
|
1718
|
+
return { hidden: privateKeyInPem };
|
|
1719
|
+
}
|
|
1720
|
+
|
|
1721
|
+
// source/make_private_key_thumbprint.ts
|
|
1722
|
+
function makePrivateKeyThumbPrint(privateKey) {
|
|
1723
|
+
return Buffer.alloc(0);
|
|
1850
1724
|
}
|
|
1851
1725
|
|
|
1852
1726
|
// source/subject.ts
|
|
@@ -1936,6 +1810,175 @@ var Subject = class _Subject {
|
|
|
1936
1810
|
}
|
|
1937
1811
|
};
|
|
1938
1812
|
|
|
1813
|
+
// source/verify_certificate_signature.ts
|
|
1814
|
+
var import_crypto4 = require("crypto");
|
|
1815
|
+
function verifyCertificateOrClrSignature(certificateOrCrl, parentCertificate) {
|
|
1816
|
+
const block_info = readTag(certificateOrCrl, 0);
|
|
1817
|
+
const blocks = readStruct(certificateOrCrl, block_info);
|
|
1818
|
+
const bufferToBeSigned = certificateOrCrl.subarray(block_info.position, blocks[1].position - 2);
|
|
1819
|
+
const signatureAlgorithm = readAlgorithmIdentifier(certificateOrCrl, blocks[1]);
|
|
1820
|
+
const signatureValue = readSignatureValueBin(certificateOrCrl, blocks[2]);
|
|
1821
|
+
const p = split_der(parentCertificate)[0];
|
|
1822
|
+
const certPem = toPem(p, "CERTIFICATE");
|
|
1823
|
+
const verify = (0, import_crypto4.createVerify)(signatureAlgorithm.identifier);
|
|
1824
|
+
verify.update(bufferToBeSigned);
|
|
1825
|
+
verify.end();
|
|
1826
|
+
return verify.verify(certPem, signatureValue);
|
|
1827
|
+
}
|
|
1828
|
+
function verifyCertificateSignature(certificate, parentCertificate) {
|
|
1829
|
+
return verifyCertificateOrClrSignature(certificate, parentCertificate);
|
|
1830
|
+
}
|
|
1831
|
+
function verifyCertificateRevocationListSignature(certificateRevocationList, parentCertificate) {
|
|
1832
|
+
return verifyCertificateOrClrSignature(certificateRevocationList, parentCertificate);
|
|
1833
|
+
}
|
|
1834
|
+
async function verifyCertificateChain(certificateChain) {
|
|
1835
|
+
for (let index = 1; index < certificateChain.length; index++) {
|
|
1836
|
+
const cert = certificateChain[index - 1];
|
|
1837
|
+
const certParent = certificateChain[index];
|
|
1838
|
+
const certParentInfo = exploreCertificate(certParent);
|
|
1839
|
+
const keyUsage = certParentInfo.tbsCertificate.extensions.keyUsage;
|
|
1840
|
+
if (!keyUsage.keyCertSign) {
|
|
1841
|
+
return {
|
|
1842
|
+
status: "BadCertificateIssuerUseNotAllowed",
|
|
1843
|
+
reason: "One of the certificate in the chain has not keyUsage set for Certificate Signing"
|
|
1844
|
+
};
|
|
1845
|
+
}
|
|
1846
|
+
const parentSignChild = verifyCertificateSignature(cert, certParent);
|
|
1847
|
+
if (!parentSignChild) {
|
|
1848
|
+
return {
|
|
1849
|
+
status: "BadCertificateInvalid",
|
|
1850
|
+
reason: "One of the certificate in the chain is not signing the previous certificate"
|
|
1851
|
+
};
|
|
1852
|
+
}
|
|
1853
|
+
const certInfo = exploreCertificate(cert);
|
|
1854
|
+
if (!certInfo.tbsCertificate.extensions) {
|
|
1855
|
+
return {
|
|
1856
|
+
status: "BadCertificateInvalid",
|
|
1857
|
+
reason: "Cannot find X409 Extension 3 in certificate"
|
|
1858
|
+
};
|
|
1859
|
+
}
|
|
1860
|
+
if (!certParentInfo.tbsCertificate.extensions || !certInfo.tbsCertificate.extensions.authorityKeyIdentifier) {
|
|
1861
|
+
return {
|
|
1862
|
+
status: "BadCertificateInvalid",
|
|
1863
|
+
reason: "Cannot find X409 Extension 3 in certificate (parent)"
|
|
1864
|
+
};
|
|
1865
|
+
}
|
|
1866
|
+
if (certParentInfo.tbsCertificate.extensions.subjectKeyIdentifier !== certInfo.tbsCertificate.extensions.authorityKeyIdentifier.keyIdentifier) {
|
|
1867
|
+
return {
|
|
1868
|
+
status: "BadCertificateInvalid",
|
|
1869
|
+
reason: "subjectKeyIdentifier authorityKeyIdentifier in child certificate do not match subjectKeyIdentifier of parent certificate"
|
|
1870
|
+
};
|
|
1871
|
+
}
|
|
1872
|
+
}
|
|
1873
|
+
return {
|
|
1874
|
+
status: "Good",
|
|
1875
|
+
reason: `certificate chain is valid(length = ${certificateChain.length})`
|
|
1876
|
+
};
|
|
1877
|
+
}
|
|
1878
|
+
|
|
1879
|
+
// source/x509/_crypto.ts
|
|
1880
|
+
var x509 = __toESM(require("@peculiar/x509"));
|
|
1881
|
+
var import_webcrypto = require("@peculiar/webcrypto");
|
|
1882
|
+
var import_crypto5 = __toESM(require("crypto"));
|
|
1883
|
+
var x5092 = __toESM(require("@peculiar/x509"));
|
|
1884
|
+
var doDebug3 = false;
|
|
1885
|
+
var _crypto;
|
|
1886
|
+
var ignoreCrypto = process.env.IGNORE_SUBTLE_FROM_CRYPTO;
|
|
1887
|
+
if (typeof window === "undefined") {
|
|
1888
|
+
_crypto = import_crypto5.default;
|
|
1889
|
+
if (!_crypto?.subtle || ignoreCrypto) {
|
|
1890
|
+
_crypto = new import_webcrypto.Crypto();
|
|
1891
|
+
doDebug3 && console.warn("using @peculiar/webcrypto");
|
|
1892
|
+
} else {
|
|
1893
|
+
doDebug3 && console.warn("using nodejs crypto (native)");
|
|
1894
|
+
}
|
|
1895
|
+
x509.cryptoProvider.set(_crypto);
|
|
1896
|
+
} else {
|
|
1897
|
+
doDebug3 && console.warn("using browser crypto (native)");
|
|
1898
|
+
_crypto = crypto;
|
|
1899
|
+
x509.cryptoProvider.set(crypto);
|
|
1900
|
+
}
|
|
1901
|
+
function getCrypto() {
|
|
1902
|
+
return _crypto || crypto || require("crypto");
|
|
1903
|
+
}
|
|
1904
|
+
|
|
1905
|
+
// source/x509/create_key_pair.ts
|
|
1906
|
+
async function generateKeyPair(modulusLength = 2048) {
|
|
1907
|
+
const crypto3 = getCrypto();
|
|
1908
|
+
const alg = {
|
|
1909
|
+
name: "RSASSA-PKCS1-v1_5",
|
|
1910
|
+
hash: { name: "SHA-256" },
|
|
1911
|
+
publicExponent: new Uint8Array([1, 0, 1]),
|
|
1912
|
+
modulusLength
|
|
1913
|
+
};
|
|
1914
|
+
const keys = await crypto3.subtle.generateKey(alg, true, ["sign", "verify"]);
|
|
1915
|
+
return keys;
|
|
1916
|
+
}
|
|
1917
|
+
async function generatePrivateKey(modulusLength = 2048) {
|
|
1918
|
+
return (await generateKeyPair(modulusLength)).privateKey;
|
|
1919
|
+
}
|
|
1920
|
+
async function privateKeyToPEM(privateKey) {
|
|
1921
|
+
const crypto3 = getCrypto();
|
|
1922
|
+
const privDer = await crypto3.subtle.exportKey("pkcs8", privateKey);
|
|
1923
|
+
const privPem = x5092.PemConverter.encode(privDer, "PRIVATE KEY");
|
|
1924
|
+
return { privPem, privDer };
|
|
1925
|
+
}
|
|
1926
|
+
async function derToPrivateKey(privDer) {
|
|
1927
|
+
const crypto3 = getCrypto();
|
|
1928
|
+
return await crypto3.subtle.importKey(
|
|
1929
|
+
"pkcs8",
|
|
1930
|
+
privDer,
|
|
1931
|
+
{
|
|
1932
|
+
name: "RSASSA-PKCS1-v1_5",
|
|
1933
|
+
hash: { name: "SHA-256" }
|
|
1934
|
+
},
|
|
1935
|
+
true,
|
|
1936
|
+
[
|
|
1937
|
+
"sign"
|
|
1938
|
+
// "encrypt",
|
|
1939
|
+
// "decrypt",
|
|
1940
|
+
// "verify",
|
|
1941
|
+
// "wrapKey",
|
|
1942
|
+
// "unwrapKey",
|
|
1943
|
+
// "deriveKey",
|
|
1944
|
+
// "deriveBits"
|
|
1945
|
+
]
|
|
1946
|
+
);
|
|
1947
|
+
}
|
|
1948
|
+
async function pemToPrivateKey(pem) {
|
|
1949
|
+
const privDer = x5092.PemConverter.decode(pem);
|
|
1950
|
+
return derToPrivateKey(privDer[0]);
|
|
1951
|
+
}
|
|
1952
|
+
|
|
1953
|
+
// source/x509/coerce_private_key.ts
|
|
1954
|
+
var crypto2 = getCrypto();
|
|
1955
|
+
var doDebug4 = false;
|
|
1956
|
+
function coercePEMorDerToPrivateKey(privateKeyInDerOrPem) {
|
|
1957
|
+
if (typeof privateKeyInDerOrPem === "string") {
|
|
1958
|
+
const hidden = createPrivateKeyFromNodeJSCrypto(privateKeyInDerOrPem);
|
|
1959
|
+
return { hidden };
|
|
1960
|
+
}
|
|
1961
|
+
throw new Error("not implemented");
|
|
1962
|
+
}
|
|
1963
|
+
async function _coercePrivateKey(privateKey) {
|
|
1964
|
+
const KeyObject4 = crypto2.KeyObject;
|
|
1965
|
+
if (privateKey instanceof Buffer) {
|
|
1966
|
+
const privateKey1 = await derToPrivateKey(privateKey);
|
|
1967
|
+
return KeyObject4.from(privateKey1);
|
|
1968
|
+
} else if (typeof privateKey === "string") {
|
|
1969
|
+
try {
|
|
1970
|
+
const privateKey1 = await pemToPrivateKey(privateKey);
|
|
1971
|
+
return KeyObject4.from(privateKey1);
|
|
1972
|
+
} catch (err) {
|
|
1973
|
+
doDebug4 && console.log(privateKey);
|
|
1974
|
+
throw err;
|
|
1975
|
+
}
|
|
1976
|
+
} else if (privateKey instanceof KeyObject4) {
|
|
1977
|
+
return privateKey;
|
|
1978
|
+
}
|
|
1979
|
+
throw new Error("Invalid privateKey");
|
|
1980
|
+
}
|
|
1981
|
+
|
|
1939
1982
|
// source/x509/_get_attributes.ts
|
|
1940
1983
|
var keyUsageApplication = x5092.KeyUsageFlags.keyEncipherment | x5092.KeyUsageFlags.nonRepudiation | x5092.KeyUsageFlags.dataEncipherment | x5092.KeyUsageFlags.keyCertSign | x5092.KeyUsageFlags.digitalSignature;
|
|
1941
1984
|
var keyUsageCA = x5092.KeyUsageFlags.keyCertSign | x5092.KeyUsageFlags.cRLSign;
|
|
@@ -5477,11 +5520,11 @@ function compareSchema(root, inputData, inputSchema) {
|
|
|
5477
5520
|
};
|
|
5478
5521
|
}
|
|
5479
5522
|
if (inputSchema.primitiveSchema && VALUE_HEX_VIEW in inputData.valueBlock) {
|
|
5480
|
-
const
|
|
5481
|
-
if (
|
|
5523
|
+
const asn12 = localFromBER(inputData.valueBlock.valueHexView);
|
|
5524
|
+
if (asn12.offset === -1) {
|
|
5482
5525
|
const _result = {
|
|
5483
5526
|
verified: false,
|
|
5484
|
-
result:
|
|
5527
|
+
result: asn12.result
|
|
5485
5528
|
};
|
|
5486
5529
|
if (inputSchema.name) {
|
|
5487
5530
|
inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING);
|
|
@@ -5492,7 +5535,7 @@ function compareSchema(root, inputData, inputSchema) {
|
|
|
5492
5535
|
}
|
|
5493
5536
|
return _result;
|
|
5494
5537
|
}
|
|
5495
|
-
return compareSchema(root,
|
|
5538
|
+
return compareSchema(root, asn12.result, inputSchema.primitiveSchema);
|
|
5496
5539
|
}
|
|
5497
5540
|
return {
|
|
5498
5541
|
verified: true,
|
|
@@ -5506,14 +5549,14 @@ function verifySchema(inputBuffer, inputSchema) {
|
|
|
5506
5549
|
result: { error: "Wrong ASN.1 schema type" }
|
|
5507
5550
|
};
|
|
5508
5551
|
}
|
|
5509
|
-
const
|
|
5510
|
-
if (
|
|
5552
|
+
const asn12 = localFromBER(BufferSourceConverter.toUint8Array(inputBuffer));
|
|
5553
|
+
if (asn12.offset === -1) {
|
|
5511
5554
|
return {
|
|
5512
5555
|
verified: false,
|
|
5513
|
-
result:
|
|
5556
|
+
result: asn12.result
|
|
5514
5557
|
};
|
|
5515
5558
|
}
|
|
5516
|
-
return compareSchema(
|
|
5559
|
+
return compareSchema(asn12.result, asn12.result, inputSchema);
|
|
5517
5560
|
}
|
|
5518
5561
|
|
|
5519
5562
|
// ../../node_modules/@peculiar/asn1-schema/build/es2015/enums.js
|
|
@@ -6201,80 +6244,22 @@ async function createSelfSignedCertificate({
|
|
|
6201
6244
|
return { cert: cert.toString("pem"), der: cert };
|
|
6202
6245
|
}
|
|
6203
6246
|
|
|
6204
|
-
// source/
|
|
6205
|
-
var
|
|
6206
|
-
var doDebug4 = false;
|
|
6207
|
-
function coercePEMorDerToPrivateKey(privateKeyInDerOrPem) {
|
|
6208
|
-
if (typeof privateKeyInDerOrPem === "string") {
|
|
6209
|
-
const hidden = createPrivateKeyFromNodeJSCrypto(privateKeyInDerOrPem);
|
|
6210
|
-
return { hidden };
|
|
6211
|
-
}
|
|
6212
|
-
throw new Error("not implemented");
|
|
6213
|
-
}
|
|
6214
|
-
async function _coercePrivateKey(privateKey) {
|
|
6215
|
-
const KeyObject4 = crypto2.KeyObject;
|
|
6216
|
-
if (privateKey instanceof Buffer) {
|
|
6217
|
-
const privateKey1 = await derToPrivateKey(privateKey);
|
|
6218
|
-
return KeyObject4.from(privateKey1);
|
|
6219
|
-
} else if (typeof privateKey === "string") {
|
|
6220
|
-
try {
|
|
6221
|
-
const privateKey1 = await pemToPrivateKey(privateKey);
|
|
6222
|
-
return KeyObject4.from(privateKey1);
|
|
6223
|
-
} catch (err) {
|
|
6224
|
-
doDebug4 && console.log(privateKey);
|
|
6225
|
-
throw err;
|
|
6226
|
-
}
|
|
6227
|
-
} else if (privateKey instanceof KeyObject4) {
|
|
6228
|
-
return privateKey;
|
|
6229
|
-
}
|
|
6230
|
-
throw new Error("Invalid privateKey");
|
|
6231
|
-
}
|
|
6232
|
-
|
|
6233
|
-
// source/explore_asn1.ts
|
|
6234
|
-
function t(tag) {
|
|
6235
|
-
return TagType[tag];
|
|
6236
|
-
}
|
|
6237
|
-
function bi(blockInfo, depth) {
|
|
6238
|
-
const indent = " ".repeat(depth);
|
|
6239
|
-
const hl = blockInfo.position - blockInfo.start;
|
|
6240
|
-
return `${blockInfo.start.toString().padStart(5, " ")}:d=${depth} hl=${hl.toString().padEnd(3, " ")} l=${blockInfo.length.toString().padStart(6, " ")} ${blockInfo.tag.toString(16).padEnd(2, " ")} ${indent} ${t(blockInfo.tag)}`;
|
|
6241
|
-
}
|
|
6242
|
-
function exploreAsn1(buffer) {
|
|
6243
|
-
console.log(hexDump(buffer));
|
|
6244
|
-
function dump(offset, depth) {
|
|
6245
|
-
const blockInfo = readTag(buffer, offset);
|
|
6246
|
-
dumpBlock(blockInfo, depth);
|
|
6247
|
-
function dumpBlock(blockInfo2, depth2) {
|
|
6248
|
-
console.log(bi(blockInfo2, depth2));
|
|
6249
|
-
if (blockInfo2.tag === 48 /* SEQUENCE */ || blockInfo2.tag === 49 /* SET */ || blockInfo2.tag >= 160 /* CONTEXT_SPECIFIC0 */) {
|
|
6250
|
-
const blocks = _readStruct(buffer, blockInfo2);
|
|
6251
|
-
for (const block of blocks) {
|
|
6252
|
-
dumpBlock(block, depth2 + 1);
|
|
6253
|
-
}
|
|
6254
|
-
}
|
|
6255
|
-
}
|
|
6256
|
-
}
|
|
6257
|
-
dump(0, 0);
|
|
6258
|
-
}
|
|
6259
|
-
|
|
6260
|
-
// source/make_private_key_from_pem.ts
|
|
6261
|
-
function makePrivateKeyFromPem(privateKeyInPem) {
|
|
6262
|
-
return { hidden: privateKeyInPem };
|
|
6263
|
-
}
|
|
6247
|
+
// source/index_web.ts
|
|
6248
|
+
var asn1 = { readDirectoryName, readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin };
|
|
6264
6249
|
|
|
6265
6250
|
// source_nodejs/read.ts
|
|
6266
|
-
var
|
|
6267
|
-
var
|
|
6268
|
-
var
|
|
6251
|
+
var import_assert8 = __toESM(require("assert"));
|
|
6252
|
+
var import_node_fs = __toESM(require("fs"));
|
|
6253
|
+
var import_node_path = __toESM(require("path"));
|
|
6269
6254
|
var import_crypto13 = require("crypto");
|
|
6270
6255
|
var import_sshpk = __toESM(require("sshpk"));
|
|
6271
6256
|
function _readPemFile(filename) {
|
|
6272
|
-
(0,
|
|
6273
|
-
return removeTrailingLF(
|
|
6257
|
+
(0, import_assert8.default)(typeof filename === "string");
|
|
6258
|
+
return removeTrailingLF(import_node_fs.default.readFileSync(filename, "utf-8"));
|
|
6274
6259
|
}
|
|
6275
6260
|
function _readPemOrDerFileAsDER(filename) {
|
|
6276
6261
|
if (filename.match(/.*\.der/)) {
|
|
6277
|
-
return
|
|
6262
|
+
return import_node_fs.default.readFileSync(filename);
|
|
6278
6263
|
}
|
|
6279
6264
|
const raw_key = _readPemFile(filename);
|
|
6280
6265
|
return convertPEMtoDER(raw_key);
|
|
@@ -6284,7 +6269,7 @@ function readCertificate(filename) {
|
|
|
6284
6269
|
}
|
|
6285
6270
|
function readPublicKey(filename) {
|
|
6286
6271
|
if (filename.match(/.*\.der/)) {
|
|
6287
|
-
const der =
|
|
6272
|
+
const der = import_node_fs.default.readFileSync(filename);
|
|
6288
6273
|
return (0, import_crypto13.createPublicKey)(der);
|
|
6289
6274
|
} else {
|
|
6290
6275
|
const raw_key = _readPemFile(filename);
|
|
@@ -6295,7 +6280,7 @@ function myCreatePrivateKey(rawKey) {
|
|
|
6295
6280
|
if (!import_crypto13.createPrivateKey || process.env.NO_CREATE_PRIVATEKEY) {
|
|
6296
6281
|
if (rawKey instanceof Buffer) {
|
|
6297
6282
|
const pemKey = toPem(rawKey, "PRIVATE KEY");
|
|
6298
|
-
(0,
|
|
6283
|
+
(0, import_assert8.default)(["RSA PRIVATE KEY", "PRIVATE KEY"].indexOf(identifyPemType(pemKey)) >= 0);
|
|
6299
6284
|
return { hidden: pemKey };
|
|
6300
6285
|
}
|
|
6301
6286
|
return { hidden: ensureTrailingLF(rawKey) };
|
|
@@ -6306,15 +6291,12 @@ function myCreatePrivateKey(rawKey) {
|
|
|
6306
6291
|
process.env.OPENSSL_CONF = backup;
|
|
6307
6292
|
return { hidden: retValue };
|
|
6308
6293
|
}
|
|
6309
|
-
function makePrivateKeyThumbPrint(privateKey) {
|
|
6310
|
-
return Buffer.alloc(0);
|
|
6311
|
-
}
|
|
6312
6294
|
function ensureTrailingLF(str) {
|
|
6313
6295
|
return str.match(/\n$/) ? str : str + "\n";
|
|
6314
6296
|
}
|
|
6315
6297
|
function readPrivateKey(filename) {
|
|
6316
6298
|
if (filename.match(/.*\.der/)) {
|
|
6317
|
-
const der =
|
|
6299
|
+
const der = import_node_fs.default.readFileSync(filename);
|
|
6318
6300
|
return myCreatePrivateKey(der);
|
|
6319
6301
|
} else {
|
|
6320
6302
|
const raw_key = _readPemFile(filename);
|
|
@@ -6338,7 +6320,7 @@ function setCertificateStore(store) {
|
|
|
6338
6320
|
}
|
|
6339
6321
|
function getCertificateStore() {
|
|
6340
6322
|
if (!_g_certificate_store) {
|
|
6341
|
-
_g_certificate_store =
|
|
6323
|
+
_g_certificate_store = import_node_path.default.join(__dirname, "../../certificates/");
|
|
6342
6324
|
}
|
|
6343
6325
|
return _g_certificate_store;
|
|
6344
6326
|
}
|
|
@@ -6346,30 +6328,29 @@ function readPrivateRsaKey(filename) {
|
|
|
6346
6328
|
if (!import_crypto13.createPrivateKey) {
|
|
6347
6329
|
throw new Error("createPrivateKey is not supported in this environment");
|
|
6348
6330
|
}
|
|
6349
|
-
if (filename.substring(0, 1) !== "." && !
|
|
6350
|
-
filename =
|
|
6331
|
+
if (filename.substring(0, 1) !== "." && !import_node_fs.default.existsSync(filename)) {
|
|
6332
|
+
filename = import_node_path.default.join(getCertificateStore(), filename);
|
|
6351
6333
|
}
|
|
6352
|
-
const content =
|
|
6334
|
+
const content = import_node_fs.default.readFileSync(filename, "utf8");
|
|
6353
6335
|
const sshKey = import_sshpk.default.parsePrivateKey(content, "auto");
|
|
6354
6336
|
const key = sshKey.toString("pkcs1");
|
|
6355
6337
|
const hidden = (0, import_crypto13.createPrivateKey)({ format: "pem", type: "pkcs1", key });
|
|
6356
6338
|
return { hidden };
|
|
6357
6339
|
}
|
|
6358
6340
|
function readPublicRsaKey(filename) {
|
|
6359
|
-
if (filename.substring(0, 1) !== "." && !
|
|
6360
|
-
filename =
|
|
6341
|
+
if (filename.substring(0, 1) !== "." && !import_node_fs.default.existsSync(filename)) {
|
|
6342
|
+
filename = import_node_path.default.join(getCertificateStore(), filename);
|
|
6361
6343
|
}
|
|
6362
|
-
const content =
|
|
6344
|
+
const content = import_node_fs.default.readFileSync(filename, "utf-8");
|
|
6363
6345
|
const sshKey = import_sshpk.default.parseKey(content, "ssh");
|
|
6364
6346
|
const key = sshKey.toString("pkcs1");
|
|
6365
6347
|
return (0, import_crypto13.createPublicKey)({ format: "pem", type: "pkcs1", key });
|
|
6366
6348
|
}
|
|
6367
6349
|
|
|
6368
6350
|
// source_nodejs/read_certificate_revocation_list.ts
|
|
6369
|
-
var
|
|
6370
|
-
var import_util = require("util");
|
|
6351
|
+
var import_node_fs2 = __toESM(require("fs"));
|
|
6371
6352
|
async function readCertificateRevocationList(filename) {
|
|
6372
|
-
const crl = await
|
|
6353
|
+
const crl = await import_node_fs2.default.promises.readFile(filename);
|
|
6373
6354
|
if (crl[0] === 48 && crl[1] === 130) {
|
|
6374
6355
|
return crl;
|
|
6375
6356
|
}
|
|
@@ -6378,10 +6359,9 @@ async function readCertificateRevocationList(filename) {
|
|
|
6378
6359
|
}
|
|
6379
6360
|
|
|
6380
6361
|
// source_nodejs/read_certificate_signing_request.ts
|
|
6381
|
-
var
|
|
6382
|
-
var import_util2 = require("util");
|
|
6362
|
+
var import_node_fs3 = __toESM(require("fs"));
|
|
6383
6363
|
async function readCertificateSigningRequest(filename) {
|
|
6384
|
-
const csr = await
|
|
6364
|
+
const csr = await import_node_fs3.default.promises.readFile(filename);
|
|
6385
6365
|
if (csr[0] === 48 && csr[1] === 130) {
|
|
6386
6366
|
return csr;
|
|
6387
6367
|
}
|
|
@@ -6390,12 +6370,12 @@ async function readCertificateSigningRequest(filename) {
|
|
|
6390
6370
|
}
|
|
6391
6371
|
|
|
6392
6372
|
// source_nodejs/generate_private_key_filename.ts
|
|
6393
|
-
var
|
|
6373
|
+
var import_node_fs4 = __toESM(require("fs"));
|
|
6394
6374
|
var import_jsrsasign3 = __toESM(require("jsrsasign"));
|
|
6395
6375
|
async function generatePrivateKeyFile(privateKeyFilename, modulusLength) {
|
|
6396
6376
|
const keys = await generateKeyPair(modulusLength);
|
|
6397
6377
|
const privateKeyPem = await privateKeyToPEM(keys.privateKey);
|
|
6398
|
-
await
|
|
6378
|
+
await import_node_fs4.default.promises.writeFile(privateKeyFilename, privateKeyPem.privPem, "utf-8");
|
|
6399
6379
|
privateKeyPem.privPem = "";
|
|
6400
6380
|
privateKeyPem.privDer = new Uint8Array(0);
|
|
6401
6381
|
}
|
|
@@ -6404,7 +6384,7 @@ async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength
|
|
|
6404
6384
|
const prv = kp.prvKeyObj;
|
|
6405
6385
|
const pub = kp.pubKeyObj;
|
|
6406
6386
|
const prvpem = import_jsrsasign3.default.KEYUTIL.getPEM(prv, "PKCS8PRV");
|
|
6407
|
-
await
|
|
6387
|
+
await import_node_fs4.default.promises.writeFile(privateKeyFilename, prvpem, "utf-8");
|
|
6408
6388
|
}
|
|
6409
6389
|
// Annotate the CommonJS export names for ESM import in node:
|
|
6410
6390
|
0 && (module.exports = {
|
|
@@ -6413,28 +6393,8 @@ async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength
|
|
|
6413
6393
|
RSA_PKCS1_OAEP_PADDING,
|
|
6414
6394
|
RSA_PKCS1_PADDING,
|
|
6415
6395
|
Subject,
|
|
6416
|
-
TagType,
|
|
6417
6396
|
_coercePrivateKey,
|
|
6418
|
-
|
|
6419
|
-
_getBlock,
|
|
6420
|
-
_readAlgorithmIdentifier,
|
|
6421
|
-
_readBitString,
|
|
6422
|
-
_readBooleanValue,
|
|
6423
|
-
_readDirectoryName,
|
|
6424
|
-
_readECCAlgorithmIdentifier,
|
|
6425
|
-
_readExtension,
|
|
6426
|
-
_readIntegerAsByteString,
|
|
6427
|
-
_readIntegerValue,
|
|
6428
|
-
_readListOfInteger,
|
|
6429
|
-
_readLongIntegerValue,
|
|
6430
|
-
_readObjectIdentifier,
|
|
6431
|
-
_readOctetString,
|
|
6432
|
-
_readSignatureValue,
|
|
6433
|
-
_readSignatureValueBin,
|
|
6434
|
-
_readStruct,
|
|
6435
|
-
_readTime,
|
|
6436
|
-
_readValue,
|
|
6437
|
-
_readVersionValue,
|
|
6397
|
+
asn1,
|
|
6438
6398
|
certificateMatchesPrivateKey,
|
|
6439
6399
|
coerceCertificate,
|
|
6440
6400
|
coerceCertificatePem,
|
|
@@ -6443,7 +6403,6 @@ async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength
|
|
|
6443
6403
|
coercePublicKeyPem,
|
|
6444
6404
|
coerceRsaPublicKeyPem,
|
|
6445
6405
|
combine_der,
|
|
6446
|
-
compactDirectoryName,
|
|
6447
6406
|
computeDerivedKeys,
|
|
6448
6407
|
computePaddingFooter,
|
|
6449
6408
|
convertPEMtoDER,
|
|
@@ -6461,7 +6420,6 @@ async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength
|
|
|
6461
6420
|
explorePrivateKey,
|
|
6462
6421
|
extractPublicKeyFromCertificate,
|
|
6463
6422
|
extractPublicKeyFromCertificateSync,
|
|
6464
|
-
formatBuffer2DigitHexWithColum,
|
|
6465
6423
|
generateKeyPair,
|
|
6466
6424
|
generatePrivateKey,
|
|
6467
6425
|
generatePrivateKeyFile,
|
|
@@ -6476,7 +6434,6 @@ async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength
|
|
|
6476
6434
|
makePrivateKeyThumbPrint,
|
|
6477
6435
|
makePseudoRandomBuffer,
|
|
6478
6436
|
makeSHA1Thumbprint,
|
|
6479
|
-
parseBitString,
|
|
6480
6437
|
pemToPrivateKey,
|
|
6481
6438
|
privateDecrypt,
|
|
6482
6439
|
privateDecrypt_long,
|
|
@@ -6491,6 +6448,7 @@ async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength
|
|
|
6491
6448
|
readCertificateRevocationList,
|
|
6492
6449
|
readCertificateSigningRequest,
|
|
6493
6450
|
readCertificationRequestInfo,
|
|
6451
|
+
readExtension,
|
|
6494
6452
|
readNameForCrl,
|
|
6495
6453
|
readPrivateKey,
|
|
6496
6454
|
readPrivateKeyPEM,
|
|
@@ -6498,7 +6456,6 @@ async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength
|
|
|
6498
6456
|
readPublicKey,
|
|
6499
6457
|
readPublicKeyPEM,
|
|
6500
6458
|
readPublicRsaKey,
|
|
6501
|
-
readTag,
|
|
6502
6459
|
readTbsCertificate,
|
|
6503
6460
|
reduceLength,
|
|
6504
6461
|
removePadding,
|