node-opcua-crypto 4.11.0 → 4.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-UH5AT3JE.mjs → chunk-AXAFLVME.mjs} +2 -2
- package/dist/{chunk-2RCYFHGG.mjs → chunk-LHUQUHQQ.mjs} +183 -178
- package/dist/chunk-LHUQUHQQ.mjs.map +1 -0
- package/dist/chunk-RQA4DO2Z.mjs +1 -0
- package/dist/chunk-RQA4DO2Z.mjs.map +1 -0
- package/dist/index.d.mts +1 -2
- package/dist/index.d.ts +1 -2
- package/dist/index.js +175 -170
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +6 -7
- package/dist/source/index.d.mts +1 -15
- package/dist/source/index.d.ts +1 -15
- package/dist/source/index.js +172 -167
- package/dist/source/index.js.map +1 -1
- package/dist/source/index.mjs +5 -6
- package/dist/source/index_web.d.mts +518 -4
- package/dist/source/index_web.d.ts +518 -4
- package/dist/source/index_web.js +183 -173
- package/dist/source/index_web.js.map +1 -1
- package/dist/source/index_web.mjs +5 -3
- package/dist/source_nodejs/index.js +18 -15
- package/dist/source_nodejs/index.js.map +1 -1
- package/dist/source_nodejs/index.mjs +3 -3
- package/package.json +2 -2
- package/dist/chunk-2RCYFHGG.mjs.map +0 -1
- package/dist/chunk-C7PROBPE.mjs +0 -14
- package/dist/chunk-C7PROBPE.mjs.map +0 -1
- package/dist/index_web-C5Oeu9mq.d.mts +0 -503
- package/dist/index_web-D1qc4UN2.d.ts +0 -503
- /package/dist/{chunk-UH5AT3JE.mjs.map → chunk-AXAFLVME.mjs.map} +0 -0
|
@@ -323,33 +323,33 @@ var oid_map = {
|
|
|
323
323
|
};
|
|
324
324
|
|
|
325
325
|
// source/asn1.ts
|
|
326
|
-
var TagType = /* @__PURE__ */ ((
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
return
|
|
326
|
+
var TagType = /* @__PURE__ */ ((TagType2) => {
|
|
327
|
+
TagType2[TagType2["BOOLEAN"] = 1] = "BOOLEAN";
|
|
328
|
+
TagType2[TagType2["INTEGER"] = 2] = "INTEGER";
|
|
329
|
+
TagType2[TagType2["BIT_STRING"] = 3] = "BIT_STRING";
|
|
330
|
+
TagType2[TagType2["OCTET_STRING"] = 4] = "OCTET_STRING";
|
|
331
|
+
TagType2[TagType2["NULL"] = 5] = "NULL";
|
|
332
|
+
TagType2[TagType2["OBJECT_IDENTIFIER"] = 6] = "OBJECT_IDENTIFIER";
|
|
333
|
+
TagType2[TagType2["UTF8String"] = 12] = "UTF8String";
|
|
334
|
+
TagType2[TagType2["NumericString"] = 18] = "NumericString";
|
|
335
|
+
TagType2[TagType2["PrintableString"] = 19] = "PrintableString";
|
|
336
|
+
TagType2[TagType2["TeletexString"] = 20] = "TeletexString";
|
|
337
|
+
TagType2[TagType2["IA5String"] = 22] = "IA5String";
|
|
338
|
+
TagType2[TagType2["UTCTime"] = 23] = "UTCTime";
|
|
339
|
+
TagType2[TagType2["GeneralizedTime"] = 24] = "GeneralizedTime";
|
|
340
|
+
TagType2[TagType2["GraphicString"] = 25] = "GraphicString";
|
|
341
|
+
TagType2[TagType2["VisibleString"] = 26] = "VisibleString";
|
|
342
|
+
TagType2[TagType2["GeneralString"] = 27] = "GeneralString";
|
|
343
|
+
TagType2[TagType2["UniversalString"] = 28] = "UniversalString";
|
|
344
|
+
TagType2[TagType2["BMPString"] = 30] = "BMPString";
|
|
345
|
+
TagType2[TagType2["SEQUENCE"] = 48] = "SEQUENCE";
|
|
346
|
+
TagType2[TagType2["SET"] = 49] = "SET";
|
|
347
|
+
TagType2[TagType2["CONTEXT_SPECIFIC0"] = 160] = "CONTEXT_SPECIFIC0";
|
|
348
|
+
TagType2[TagType2["CONTEXT_SPECIFIC1"] = 161] = "CONTEXT_SPECIFIC1";
|
|
349
|
+
TagType2[TagType2["CONTEXT_SPECIFIC2"] = 162] = "CONTEXT_SPECIFIC2";
|
|
350
|
+
TagType2[TagType2["CONTEXT_SPECIFIC3"] = 163] = "CONTEXT_SPECIFIC3";
|
|
351
|
+
TagType2[TagType2["A4"] = 164] = "A4";
|
|
352
|
+
return TagType2;
|
|
353
353
|
})(TagType || {});
|
|
354
354
|
function readTag(buf, pos) {
|
|
355
355
|
const start = pos;
|
|
@@ -395,9 +395,9 @@ function parseBitString(buffer, start, end, maxLength) {
|
|
|
395
395
|
}
|
|
396
396
|
return intro + s;
|
|
397
397
|
}
|
|
398
|
-
function
|
|
398
|
+
function readBitString(buffer, block) {
|
|
399
399
|
assert(block.tag === 3 /* BIT_STRING */);
|
|
400
|
-
const data =
|
|
400
|
+
const data = getBlock(buffer, block);
|
|
401
401
|
const ignore_bits = data.readUInt8(0);
|
|
402
402
|
return {
|
|
403
403
|
lengthInBits: data.length * 8 - ignore_bits,
|
|
@@ -413,7 +413,7 @@ function formatBuffer2DigitHexWithColum(buffer) {
|
|
|
413
413
|
}
|
|
414
414
|
return value.join(":").toUpperCase().replace(/^(00:)*/, "");
|
|
415
415
|
}
|
|
416
|
-
function
|
|
416
|
+
function readOctetString(buffer, block) {
|
|
417
417
|
assert(block.tag === 4 /* OCTET_STRING */);
|
|
418
418
|
const tag = readTag(buffer, block.position);
|
|
419
419
|
assert(tag.tag === 4 /* OCTET_STRING */);
|
|
@@ -422,19 +422,19 @@ function _readOctetString(buffer, block) {
|
|
|
422
422
|
const b = buffer.subarray(pos, pos + nbBytes);
|
|
423
423
|
return b;
|
|
424
424
|
}
|
|
425
|
-
function
|
|
425
|
+
function getBlock(buffer, block) {
|
|
426
426
|
const start = block.position;
|
|
427
427
|
const end = block.position + block.length;
|
|
428
428
|
return buffer.subarray(start, end);
|
|
429
429
|
}
|
|
430
|
-
function
|
|
431
|
-
return
|
|
430
|
+
function readIntegerAsByteString(buffer, block) {
|
|
431
|
+
return getBlock(buffer, block);
|
|
432
432
|
}
|
|
433
|
-
function
|
|
433
|
+
function readListOfInteger(buffer) {
|
|
434
434
|
const block = readTag(buffer, 0);
|
|
435
435
|
const inner_blocks = readStruct(buffer, block);
|
|
436
436
|
return inner_blocks.map((innerBlock) => {
|
|
437
|
-
return
|
|
437
|
+
return readIntegerAsByteString(buffer, innerBlock);
|
|
438
438
|
});
|
|
439
439
|
}
|
|
440
440
|
function parseOID(buffer, start, end) {
|
|
@@ -457,7 +457,7 @@ function parseOID(buffer, start, end) {
|
|
|
457
457
|
assert(bits === 0);
|
|
458
458
|
return s;
|
|
459
459
|
}
|
|
460
|
-
function
|
|
460
|
+
function readObjectIdentifier(buffer, block) {
|
|
461
461
|
assert(block.tag === 6 /* OBJECT_IDENTIFIER */);
|
|
462
462
|
const b = buffer.subarray(block.position, block.position + block.length);
|
|
463
463
|
const oid = parseOID(b, 0, block.length);
|
|
@@ -469,30 +469,30 @@ function _readObjectIdentifier(buffer, block) {
|
|
|
469
469
|
function readAlgorithmIdentifier(buffer, block) {
|
|
470
470
|
const inner_blocks = readStruct(buffer, block);
|
|
471
471
|
return {
|
|
472
|
-
identifier:
|
|
472
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name
|
|
473
473
|
};
|
|
474
474
|
}
|
|
475
|
-
function
|
|
475
|
+
function readECCAlgorithmIdentifier(buffer, block) {
|
|
476
476
|
const inner_blocks = readStruct(buffer, block);
|
|
477
477
|
return {
|
|
478
|
-
identifier:
|
|
478
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[1]).name
|
|
479
479
|
// difference with RSA as algorithm is second element of nested block
|
|
480
480
|
};
|
|
481
481
|
}
|
|
482
482
|
function readSignatureValueBin(buffer, block) {
|
|
483
|
-
return
|
|
483
|
+
return readBitString(buffer, block).data;
|
|
484
484
|
}
|
|
485
485
|
function readSignatureValue(buffer, block) {
|
|
486
486
|
return readSignatureValueBin(buffer, block).toString("hex");
|
|
487
487
|
}
|
|
488
|
-
function
|
|
488
|
+
function readLongIntegerValue(buffer, block) {
|
|
489
489
|
assert(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
490
490
|
const pos = block.position;
|
|
491
491
|
const nbBytes = block.length;
|
|
492
492
|
const buf = buffer.subarray(pos, pos + nbBytes);
|
|
493
493
|
return buf;
|
|
494
494
|
}
|
|
495
|
-
function
|
|
495
|
+
function readIntegerValue(buffer, block) {
|
|
496
496
|
assert(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
497
497
|
let pos = block.position;
|
|
498
498
|
const nbBytes = block.length;
|
|
@@ -504,7 +504,7 @@ function _readIntegerValue(buffer, block) {
|
|
|
504
504
|
}
|
|
505
505
|
return value;
|
|
506
506
|
}
|
|
507
|
-
function
|
|
507
|
+
function readBooleanValue(buffer, block) {
|
|
508
508
|
assert(block.tag === 1 /* BOOLEAN */, "expecting a BOOLEAN tag. got " + TagType[block.tag]);
|
|
509
509
|
const pos = block.position;
|
|
510
510
|
const nbBytes = block.length;
|
|
@@ -512,9 +512,9 @@ function _readBooleanValue(buffer, block) {
|
|
|
512
512
|
const value = buffer.readUInt8(pos) ? true : false;
|
|
513
513
|
return value;
|
|
514
514
|
}
|
|
515
|
-
function
|
|
515
|
+
function readVersionValue(buffer, block) {
|
|
516
516
|
block = readTag(buffer, block.position);
|
|
517
|
-
return
|
|
517
|
+
return readIntegerValue(buffer, block);
|
|
518
518
|
}
|
|
519
519
|
function convertGeneralizedTime(str) {
|
|
520
520
|
const year = parseInt(str.substr(0, 4), 10);
|
|
@@ -526,7 +526,7 @@ function convertGeneralizedTime(str) {
|
|
|
526
526
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
527
527
|
}
|
|
528
528
|
function _readBMPString(buffer, block) {
|
|
529
|
-
const strBuff =
|
|
529
|
+
const strBuff = getBlock(buffer, block);
|
|
530
530
|
let str = "";
|
|
531
531
|
for (let i = 0; i < strBuff.length; i += 2) {
|
|
532
532
|
const word = strBuff.readUInt16BE(i);
|
|
@@ -544,10 +544,10 @@ function convertUTCTime(str) {
|
|
|
544
544
|
year += year >= 50 ? 1900 : 2e3;
|
|
545
545
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
546
546
|
}
|
|
547
|
-
function
|
|
547
|
+
function readValue(buffer, block) {
|
|
548
548
|
switch (block.tag) {
|
|
549
549
|
case 1 /* BOOLEAN */:
|
|
550
|
-
return
|
|
550
|
+
return readBooleanValue(buffer, block);
|
|
551
551
|
case 30 /* BMPString */:
|
|
552
552
|
return _readBMPString(buffer, block);
|
|
553
553
|
case 19 /* PrintableString */:
|
|
@@ -555,44 +555,29 @@ function _readValue(buffer, block) {
|
|
|
555
555
|
case 12 /* UTF8String */:
|
|
556
556
|
case 18 /* NumericString */:
|
|
557
557
|
case 22 /* IA5String */:
|
|
558
|
-
return
|
|
558
|
+
return getBlock(buffer, block).toString("ascii");
|
|
559
559
|
case 23 /* UTCTime */:
|
|
560
|
-
return convertUTCTime(
|
|
560
|
+
return convertUTCTime(getBlock(buffer, block).toString("ascii"));
|
|
561
561
|
case 24 /* GeneralizedTime */:
|
|
562
|
-
return convertGeneralizedTime(
|
|
562
|
+
return convertGeneralizedTime(getBlock(buffer, block).toString("ascii"));
|
|
563
563
|
default:
|
|
564
564
|
throw new Error("Invalid tag 0x" + block.tag.toString(16));
|
|
565
565
|
}
|
|
566
566
|
}
|
|
567
|
-
function
|
|
568
|
-
const set_blocks = readStruct(buffer, block);
|
|
569
|
-
const names = {};
|
|
570
|
-
for (const set_block of set_blocks) {
|
|
571
|
-
assert(set_block.tag === 49);
|
|
572
|
-
const blocks = readStruct(buffer, set_block);
|
|
573
|
-
assert(blocks.length === 1);
|
|
574
|
-
assert(blocks[0].tag === 48);
|
|
575
|
-
const sequenceBlock = readStruct(buffer, blocks[0]);
|
|
576
|
-
assert(sequenceBlock.length === 2);
|
|
577
|
-
const type = _readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
578
|
-
names[type.name] = _readValue(buffer, sequenceBlock[1]);
|
|
579
|
-
}
|
|
580
|
-
return names;
|
|
581
|
-
}
|
|
582
|
-
function _findBlockAtIndex(blocks, index) {
|
|
567
|
+
function findBlockAtIndex(blocks, index) {
|
|
583
568
|
const tmp = blocks.filter((b) => b.tag === 160 + index || b.tag === 128 + index);
|
|
584
569
|
if (tmp.length === 0) {
|
|
585
570
|
return null;
|
|
586
571
|
}
|
|
587
572
|
return tmp[0];
|
|
588
573
|
}
|
|
589
|
-
function
|
|
590
|
-
return
|
|
574
|
+
function readTime(buffer, block) {
|
|
575
|
+
return readValue(buffer, block);
|
|
591
576
|
}
|
|
592
577
|
|
|
593
578
|
// source/crypto_utils.ts
|
|
594
579
|
import constants from "constants";
|
|
595
|
-
import
|
|
580
|
+
import assert4 from "assert";
|
|
596
581
|
import {
|
|
597
582
|
createHash,
|
|
598
583
|
createSign,
|
|
@@ -608,14 +593,34 @@ var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (s
|
|
|
608
593
|
};
|
|
609
594
|
|
|
610
595
|
// source/crypto_explore_certificate.ts
|
|
596
|
+
import assert3 from "assert";
|
|
597
|
+
|
|
598
|
+
// source/directory_name.ts
|
|
611
599
|
import assert2 from "assert";
|
|
600
|
+
function readDirectoryName(buffer, block) {
|
|
601
|
+
const set_blocks = readStruct(buffer, block);
|
|
602
|
+
const names = {};
|
|
603
|
+
for (const set_block of set_blocks) {
|
|
604
|
+
assert2(set_block.tag === 49);
|
|
605
|
+
const blocks = readStruct(buffer, set_block);
|
|
606
|
+
assert2(blocks.length === 1);
|
|
607
|
+
assert2(blocks[0].tag === 48);
|
|
608
|
+
const sequenceBlock = readStruct(buffer, blocks[0]);
|
|
609
|
+
assert2(sequenceBlock.length === 2);
|
|
610
|
+
const type = readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
611
|
+
names[type.name] = readValue(buffer, sequenceBlock[1]);
|
|
612
|
+
}
|
|
613
|
+
return names;
|
|
614
|
+
}
|
|
615
|
+
|
|
616
|
+
// source/crypto_explore_certificate.ts
|
|
612
617
|
var doDebug = false;
|
|
613
618
|
function _readAttributeTypeAndValue(buffer, block) {
|
|
614
619
|
let inner_blocks = readStruct(buffer, block);
|
|
615
620
|
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
616
621
|
const data = {
|
|
617
|
-
identifier:
|
|
618
|
-
value:
|
|
622
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name,
|
|
623
|
+
value: readValue(buffer, inner_blocks[1])
|
|
619
624
|
};
|
|
620
625
|
const result = {};
|
|
621
626
|
for (const [key, value] of Object.entries(data)) {
|
|
@@ -638,29 +643,29 @@ function _readName(buffer, block) {
|
|
|
638
643
|
function _readValidity(buffer, block) {
|
|
639
644
|
const inner_blocks = readStruct(buffer, block);
|
|
640
645
|
return {
|
|
641
|
-
notBefore:
|
|
642
|
-
notAfter:
|
|
646
|
+
notBefore: readTime(buffer, inner_blocks[0]),
|
|
647
|
+
notAfter: readTime(buffer, inner_blocks[1])
|
|
643
648
|
};
|
|
644
649
|
}
|
|
645
650
|
function _readAuthorityKeyIdentifier(buffer) {
|
|
646
651
|
const block_info = readTag(buffer, 0);
|
|
647
652
|
const blocks = readStruct(buffer, block_info);
|
|
648
|
-
const keyIdentifier_block =
|
|
649
|
-
const authorityCertIssuer_block =
|
|
650
|
-
const authorityCertSerialNumber_block =
|
|
653
|
+
const keyIdentifier_block = findBlockAtIndex(blocks, 0);
|
|
654
|
+
const authorityCertIssuer_block = findBlockAtIndex(blocks, 1);
|
|
655
|
+
const authorityCertSerialNumber_block = findBlockAtIndex(blocks, 2);
|
|
651
656
|
function _readAuthorityCertIssuer(block) {
|
|
652
657
|
const inner_blocks = readStruct(buffer, block);
|
|
653
|
-
const directoryName_block =
|
|
658
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
654
659
|
if (directoryName_block) {
|
|
655
660
|
const a = readStruct(buffer, directoryName_block);
|
|
656
|
-
return
|
|
661
|
+
return readDirectoryName(buffer, a[0]);
|
|
657
662
|
} else {
|
|
658
663
|
throw new Error("Invalid _readAuthorityCertIssuer");
|
|
659
664
|
}
|
|
660
665
|
}
|
|
661
666
|
function _readAuthorityCertIssuerFingerPrint(block) {
|
|
662
667
|
const inner_blocks = readStruct(buffer, block);
|
|
663
|
-
const directoryName_block =
|
|
668
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
664
669
|
if (!directoryName_block) {
|
|
665
670
|
return "";
|
|
666
671
|
}
|
|
@@ -668,16 +673,16 @@ function _readAuthorityKeyIdentifier(buffer) {
|
|
|
668
673
|
if (a.length < 1) {
|
|
669
674
|
return "";
|
|
670
675
|
}
|
|
671
|
-
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
676
|
+
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, a[0]))) : "";
|
|
672
677
|
}
|
|
673
678
|
const authorityCertIssuer = authorityCertIssuer_block ? _readAuthorityCertIssuer(authorityCertIssuer_block) : null;
|
|
674
679
|
const authorityCertIssuerFingerPrint = authorityCertIssuer_block ? _readAuthorityCertIssuerFingerPrint(authorityCertIssuer_block) : "";
|
|
675
680
|
return {
|
|
676
681
|
authorityCertIssuer,
|
|
677
682
|
authorityCertIssuerFingerPrint,
|
|
678
|
-
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(
|
|
683
|
+
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, authorityCertSerialNumber_block)) : null,
|
|
679
684
|
// can be null for self-signed cert
|
|
680
|
-
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(
|
|
685
|
+
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, keyIdentifier_block)) : null
|
|
681
686
|
// can be null for self-signed certf
|
|
682
687
|
};
|
|
683
688
|
}
|
|
@@ -690,10 +695,10 @@ function readBasicConstraint2_5_29_19(buffer, block) {
|
|
|
690
695
|
for (const inner_block of inner_blocks) {
|
|
691
696
|
switch (inner_block.tag) {
|
|
692
697
|
case 1 /* BOOLEAN */:
|
|
693
|
-
cA =
|
|
698
|
+
cA = readBooleanValue(buffer, inner_block);
|
|
694
699
|
break;
|
|
695
700
|
case 2 /* INTEGER */:
|
|
696
|
-
pathLengthConstraint =
|
|
701
|
+
pathLengthConstraint = readIntegerValue(buffer, inner_block);
|
|
697
702
|
breakControl = 1;
|
|
698
703
|
break;
|
|
699
704
|
}
|
|
@@ -726,7 +731,7 @@ function _readGeneralNames(buffer, block) {
|
|
|
726
731
|
}
|
|
727
732
|
const n = {};
|
|
728
733
|
for (const block2 of blocks) {
|
|
729
|
-
|
|
734
|
+
assert3((block2.tag & 128) === 128);
|
|
730
735
|
const t2 = block2.tag & 127;
|
|
731
736
|
const type = _data[t2];
|
|
732
737
|
if (!type) {
|
|
@@ -736,10 +741,10 @@ function _readGeneralNames(buffer, block) {
|
|
|
736
741
|
if (t2 == 32) {
|
|
737
742
|
n[type.name] = n[type.name] || [];
|
|
738
743
|
const blocks2 = readStruct(buffer, block2);
|
|
739
|
-
const name =
|
|
740
|
-
const buf =
|
|
744
|
+
const name = readObjectIdentifier(buffer, blocks2[0]).name;
|
|
745
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
741
746
|
const b = readTag(buf, 0);
|
|
742
|
-
const nn =
|
|
747
|
+
const nn = readValue(buf, b);
|
|
743
748
|
const data = {
|
|
744
749
|
identifier: name,
|
|
745
750
|
value: nn
|
|
@@ -786,7 +791,7 @@ function readKeyUsage(oid, buffer) {
|
|
|
786
791
|
};
|
|
787
792
|
}
|
|
788
793
|
function readExtKeyUsage(oid, buffer) {
|
|
789
|
-
|
|
794
|
+
assert3(oid === "2.5.29.37");
|
|
790
795
|
const block_info = readTag(buffer, 0);
|
|
791
796
|
const inner_blocks = readStruct(buffer, block_info);
|
|
792
797
|
const extKeyUsage = {
|
|
@@ -801,7 +806,7 @@ function readExtKeyUsage(oid, buffer) {
|
|
|
801
806
|
ocspSigning: false
|
|
802
807
|
};
|
|
803
808
|
for (const block of inner_blocks) {
|
|
804
|
-
const identifier =
|
|
809
|
+
const identifier = readObjectIdentifier(buffer, block);
|
|
805
810
|
extKeyUsage[identifier.name] = true;
|
|
806
811
|
}
|
|
807
812
|
return extKeyUsage;
|
|
@@ -813,18 +818,18 @@ function _readSubjectPublicKey(buffer) {
|
|
|
813
818
|
modulus: buffer.subarray(blocks[0].position + 1, blocks[0].position + blocks[0].length)
|
|
814
819
|
};
|
|
815
820
|
}
|
|
816
|
-
function
|
|
821
|
+
function readExtension(buffer, block) {
|
|
817
822
|
const inner_blocks = readStruct(buffer, block);
|
|
818
823
|
if (inner_blocks.length === 3) {
|
|
819
|
-
|
|
824
|
+
assert3(inner_blocks[1].tag === 1 /* BOOLEAN */);
|
|
820
825
|
inner_blocks[1] = inner_blocks[2];
|
|
821
826
|
}
|
|
822
|
-
const identifier =
|
|
823
|
-
const buf =
|
|
827
|
+
const identifier = readObjectIdentifier(buffer, inner_blocks[0]);
|
|
828
|
+
const buf = getBlock(buffer, inner_blocks[1]);
|
|
824
829
|
let value = null;
|
|
825
830
|
switch (identifier.name) {
|
|
826
831
|
case "subjectKeyIdentifier":
|
|
827
|
-
value = formatBuffer2DigitHexWithColum(
|
|
832
|
+
value = formatBuffer2DigitHexWithColum(readOctetString(buffer, inner_blocks[1]));
|
|
828
833
|
break;
|
|
829
834
|
case "subjectAltName":
|
|
830
835
|
value = _readSubjectAltNames(buf);
|
|
@@ -853,10 +858,10 @@ function _readExtension(buffer, block) {
|
|
|
853
858
|
};
|
|
854
859
|
}
|
|
855
860
|
function _readExtensions(buffer, block) {
|
|
856
|
-
|
|
861
|
+
assert3(block.tag === 163);
|
|
857
862
|
let inner_blocks = readStruct(buffer, block);
|
|
858
863
|
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
859
|
-
const extensions = inner_blocks.map((block2) =>
|
|
864
|
+
const extensions = inner_blocks.map((block2) => readExtension(buffer, block2));
|
|
860
865
|
const result = {};
|
|
861
866
|
for (const e of extensions) {
|
|
862
867
|
result[e.identifier.name] = e.value;
|
|
@@ -866,9 +871,9 @@ function _readExtensions(buffer, block) {
|
|
|
866
871
|
function _readSubjectPublicKeyInfo(buffer, block) {
|
|
867
872
|
const inner_blocks = readStruct(buffer, block);
|
|
868
873
|
const algorithm = readAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
869
|
-
const subjectPublicKey =
|
|
874
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
870
875
|
const data = subjectPublicKey.data;
|
|
871
|
-
const values =
|
|
876
|
+
const values = readListOfInteger(data);
|
|
872
877
|
return {
|
|
873
878
|
algorithm: algorithm.identifier,
|
|
874
879
|
keyLength: values[0].length - 1,
|
|
@@ -879,8 +884,8 @@ function _readSubjectPublicKeyInfo(buffer, block) {
|
|
|
879
884
|
}
|
|
880
885
|
function _readSubjectECCPublicKeyInfo(buffer, block) {
|
|
881
886
|
const inner_blocks = readStruct(buffer, block);
|
|
882
|
-
const algorithm =
|
|
883
|
-
const subjectPublicKey =
|
|
887
|
+
const algorithm = readECCAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
888
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
884
889
|
const data = subjectPublicKey.data;
|
|
885
890
|
return {
|
|
886
891
|
algorithm: algorithm.identifier,
|
|
@@ -896,26 +901,26 @@ function readTbsCertificate(buffer, block) {
|
|
|
896
901
|
let subjectPublicKeyInfo;
|
|
897
902
|
if (blocks.length === 6) {
|
|
898
903
|
version = 1;
|
|
899
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
904
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[0]));
|
|
900
905
|
signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
901
906
|
issuer = _readName(buffer, blocks[2]);
|
|
902
907
|
validity = _readValidity(buffer, blocks[3]);
|
|
903
908
|
subject = _readName(buffer, blocks[4]);
|
|
904
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
909
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[4])));
|
|
905
910
|
subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[5]);
|
|
906
911
|
extensions = null;
|
|
907
912
|
} else {
|
|
908
|
-
const version_block =
|
|
913
|
+
const version_block = findBlockAtIndex(blocks, 0);
|
|
909
914
|
if (!version_block) {
|
|
910
915
|
throw new Error("cannot find version block");
|
|
911
916
|
}
|
|
912
|
-
version =
|
|
913
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
917
|
+
version = readVersionValue(buffer, version_block) + 1;
|
|
918
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[1]));
|
|
914
919
|
signature = readAlgorithmIdentifier(buffer, blocks[2]);
|
|
915
920
|
issuer = _readName(buffer, blocks[3]);
|
|
916
921
|
validity = _readValidity(buffer, blocks[4]);
|
|
917
922
|
subject = _readName(buffer, blocks[5]);
|
|
918
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
923
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[5])));
|
|
919
924
|
const inner_block = readStruct(buffer, blocks[6]);
|
|
920
925
|
const what_type = readAlgorithmIdentifier(buffer, inner_block[0]).identifier;
|
|
921
926
|
switch (what_type) {
|
|
@@ -929,7 +934,7 @@ function readTbsCertificate(buffer, block) {
|
|
|
929
934
|
break;
|
|
930
935
|
}
|
|
931
936
|
}
|
|
932
|
-
const extensionBlock =
|
|
937
|
+
const extensionBlock = findBlockAtIndex(blocks, 3);
|
|
933
938
|
if (!extensionBlock) {
|
|
934
939
|
doDebug && console.log("X509 certificate is invalid : cannot find extension block version =" + version_block);
|
|
935
940
|
extensions = null;
|
|
@@ -950,7 +955,7 @@ function readTbsCertificate(buffer, block) {
|
|
|
950
955
|
};
|
|
951
956
|
}
|
|
952
957
|
function exploreCertificate(certificate) {
|
|
953
|
-
|
|
958
|
+
assert3(certificate instanceof Buffer);
|
|
954
959
|
if (!certificate._exploreCertificate_cache) {
|
|
955
960
|
const block_info = readTag(certificate, 0);
|
|
956
961
|
const blocks = readStruct(certificate, block_info);
|
|
@@ -979,10 +984,10 @@ function combine_der(certificates) {
|
|
|
979
984
|
let sum = 0;
|
|
980
985
|
b.forEach((block) => {
|
|
981
986
|
const block_info = readTag(block, 0);
|
|
982
|
-
|
|
987
|
+
assert3(block_info.position + block_info.length === block.length);
|
|
983
988
|
sum += block.length;
|
|
984
989
|
});
|
|
985
|
-
|
|
990
|
+
assert3(sum === cert.length);
|
|
986
991
|
}
|
|
987
992
|
return Buffer.concat(certificates);
|
|
988
993
|
}
|
|
@@ -1004,14 +1009,14 @@ function removeTrailingLF(str) {
|
|
|
1004
1009
|
return tmp;
|
|
1005
1010
|
}
|
|
1006
1011
|
function toPem(raw_key, pem) {
|
|
1007
|
-
|
|
1008
|
-
|
|
1012
|
+
assert4(raw_key, "expecting a key");
|
|
1013
|
+
assert4(typeof pem === "string");
|
|
1009
1014
|
let pemType = identifyPemType(raw_key);
|
|
1010
1015
|
if (pemType) {
|
|
1011
1016
|
return raw_key instanceof Buffer ? removeTrailingLF(raw_key.toString("utf8")) : removeTrailingLF(raw_key);
|
|
1012
1017
|
} else {
|
|
1013
1018
|
pemType = pem;
|
|
1014
|
-
|
|
1019
|
+
assert4(["CERTIFICATE REQUEST", "CERTIFICATE", "RSA PRIVATE KEY", "PUBLIC KEY", "X509 CRL"].indexOf(pemType) >= 0);
|
|
1015
1020
|
let b = raw_key.toString("base64");
|
|
1016
1021
|
let str = "-----BEGIN " + pemType + "-----\n";
|
|
1017
1022
|
while (b.length) {
|
|
@@ -1051,7 +1056,7 @@ function makeMessageChunkSignature(chunk, options) {
|
|
|
1051
1056
|
const signer = createSign(options.algorithm);
|
|
1052
1057
|
signer.update(chunk);
|
|
1053
1058
|
const signature = signer.sign(options.privateKey.hidden);
|
|
1054
|
-
|
|
1059
|
+
assert4(!options.signatureLength || signature.length === options.signatureLength);
|
|
1055
1060
|
return signature;
|
|
1056
1061
|
}
|
|
1057
1062
|
function verifyMessageChunkSignature(blockToVerify, signature, options) {
|
|
@@ -1069,8 +1074,8 @@ var PaddingAlgorithm = /* @__PURE__ */ ((PaddingAlgorithm2) => {
|
|
|
1069
1074
|
PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_PADDING"] = 1] = "RSA_PKCS1_PADDING";
|
|
1070
1075
|
return PaddingAlgorithm2;
|
|
1071
1076
|
})(PaddingAlgorithm || {});
|
|
1072
|
-
|
|
1073
|
-
|
|
1077
|
+
assert4(4 /* RSA_PKCS1_OAEP_PADDING */ === constants.RSA_PKCS1_OAEP_PADDING);
|
|
1078
|
+
assert4(1 /* RSA_PKCS1_PADDING */ === constants.RSA_PKCS1_PADDING);
|
|
1074
1079
|
function publicEncrypt_native(buffer, publicKey, algorithm) {
|
|
1075
1080
|
if (algorithm === void 0) {
|
|
1076
1081
|
algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
|
|
@@ -1147,14 +1152,14 @@ function coerceCertificatePem(certificate) {
|
|
|
1147
1152
|
if (certificate instanceof Buffer) {
|
|
1148
1153
|
certificate = toPem(certificate, "CERTIFICATE");
|
|
1149
1154
|
}
|
|
1150
|
-
|
|
1155
|
+
assert4(typeof certificate === "string");
|
|
1151
1156
|
return certificate;
|
|
1152
1157
|
}
|
|
1153
1158
|
function extractPublicKeyFromCertificateSync(certificate) {
|
|
1154
1159
|
certificate = coerceCertificatePem(certificate);
|
|
1155
1160
|
const key = jsrsasign.KEYUTIL.getKey(certificate);
|
|
1156
1161
|
const publicKeyAsPem = jsrsasign.KEYUTIL.getPEM(key);
|
|
1157
|
-
|
|
1162
|
+
assert4(typeof publicKeyAsPem === "string");
|
|
1158
1163
|
return publicKeyAsPem;
|
|
1159
1164
|
}
|
|
1160
1165
|
function extractPublicKeyFromCertificate(certificate, callback) {
|
|
@@ -1290,7 +1295,7 @@ var CertificatePurpose = /* @__PURE__ */ ((CertificatePurpose2) => {
|
|
|
1290
1295
|
})(CertificatePurpose || {});
|
|
1291
1296
|
|
|
1292
1297
|
// source/crypto_utils2.ts
|
|
1293
|
-
import
|
|
1298
|
+
import assert5 from "assert";
|
|
1294
1299
|
import jsrsasign2 from "jsrsasign";
|
|
1295
1300
|
function rsaLengthPrivateKey(key) {
|
|
1296
1301
|
const keyPem = typeof key.hidden === "string" ? key.hidden : key.hidden.export({ type: "pkcs1", format: "pem" }).toString();
|
|
@@ -1301,8 +1306,8 @@ function toPem2(raw_key, pem) {
|
|
|
1301
1306
|
if (raw_key.hidden) {
|
|
1302
1307
|
return toPem2(raw_key.hidden, pem);
|
|
1303
1308
|
}
|
|
1304
|
-
|
|
1305
|
-
|
|
1309
|
+
assert5(raw_key, "expecting a key");
|
|
1310
|
+
assert5(typeof pem === "string");
|
|
1306
1311
|
if (isKeyObject(raw_key)) {
|
|
1307
1312
|
const _raw_key = raw_key;
|
|
1308
1313
|
if (pem === "RSA PRIVATE KEY") {
|
|
@@ -1322,40 +1327,40 @@ function coercePublicKeyPem(publicKey) {
|
|
|
1322
1327
|
if (isKeyObject(publicKey)) {
|
|
1323
1328
|
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1324
1329
|
}
|
|
1325
|
-
|
|
1330
|
+
assert5(typeof publicKey === "string");
|
|
1326
1331
|
return publicKey;
|
|
1327
1332
|
}
|
|
1328
1333
|
function coerceRsaPublicKeyPem(publicKey) {
|
|
1329
1334
|
if (isKeyObject(publicKey)) {
|
|
1330
1335
|
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1331
1336
|
}
|
|
1332
|
-
|
|
1337
|
+
assert5(typeof publicKey === "string");
|
|
1333
1338
|
return publicKey;
|
|
1334
1339
|
}
|
|
1335
1340
|
function rsaLengthPublicKey(key) {
|
|
1336
1341
|
key = coercePublicKeyPem(key);
|
|
1337
|
-
|
|
1342
|
+
assert5(typeof key === "string");
|
|
1338
1343
|
const a = jsrsasign2.KEYUTIL.getKey(key);
|
|
1339
1344
|
return a.n.toString(16).length / 2;
|
|
1340
1345
|
}
|
|
1341
1346
|
function rsaLengthRsaPublicKey(key) {
|
|
1342
1347
|
key = coerceRsaPublicKeyPem(key);
|
|
1343
|
-
|
|
1348
|
+
assert5(typeof key === "string");
|
|
1344
1349
|
const a = jsrsasign2.KEYUTIL.getKey(key);
|
|
1345
1350
|
return a.n.toString(16).length / 2;
|
|
1346
1351
|
}
|
|
1347
1352
|
|
|
1348
1353
|
// source/derived_keys.ts
|
|
1349
|
-
import
|
|
1354
|
+
import assert7 from "assert";
|
|
1350
1355
|
import { createCipheriv, createDecipheriv, createHmac } from "crypto";
|
|
1351
1356
|
|
|
1352
1357
|
// source/explore_certificate.ts
|
|
1353
|
-
import
|
|
1358
|
+
import assert6 from "assert";
|
|
1354
1359
|
function coerceCertificate(certificate) {
|
|
1355
1360
|
if (typeof certificate === "string") {
|
|
1356
1361
|
certificate = convertPEMtoDER(certificate);
|
|
1357
1362
|
}
|
|
1358
|
-
|
|
1363
|
+
assert6(certificate instanceof Buffer);
|
|
1359
1364
|
return certificate;
|
|
1360
1365
|
}
|
|
1361
1366
|
function exploreCertificateInfo(certificate) {
|
|
@@ -1382,8 +1387,8 @@ function plus(buf1, buf2) {
|
|
|
1382
1387
|
return Buffer.concat([buf1, buf2]);
|
|
1383
1388
|
}
|
|
1384
1389
|
function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
1385
|
-
|
|
1386
|
-
|
|
1390
|
+
assert7(seed instanceof Buffer);
|
|
1391
|
+
assert7(sha1or256 === "SHA1" || sha1or256 === "SHA256");
|
|
1387
1392
|
const a = [];
|
|
1388
1393
|
a[0] = seed;
|
|
1389
1394
|
let index = 1;
|
|
@@ -1396,12 +1401,12 @@ function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
|
1396
1401
|
return p_hash.subarray(0, minLength);
|
|
1397
1402
|
}
|
|
1398
1403
|
function computeDerivedKeys(secret, seed, options) {
|
|
1399
|
-
|
|
1400
|
-
|
|
1401
|
-
|
|
1402
|
-
|
|
1404
|
+
assert7(Number.isFinite(options.signatureLength));
|
|
1405
|
+
assert7(Number.isFinite(options.encryptingKeyLength));
|
|
1406
|
+
assert7(Number.isFinite(options.encryptingBlockSize));
|
|
1407
|
+
assert7(typeof options.algorithm === "string");
|
|
1403
1408
|
options.sha1or256 = options.sha1or256 || "SHA1";
|
|
1404
|
-
|
|
1409
|
+
assert7(typeof options.sha1or256 === "string");
|
|
1405
1410
|
const offset1 = options.signingKeyLength;
|
|
1406
1411
|
const offset2 = offset1 + options.encryptingKeyLength;
|
|
1407
1412
|
const minLength = offset2 + options.encryptingBlockSize;
|
|
@@ -1426,7 +1431,7 @@ function removePadding(buffer) {
|
|
|
1426
1431
|
return reduceLength(buffer, nbPaddingBytes);
|
|
1427
1432
|
}
|
|
1428
1433
|
function verifyChunkSignature(chunk, options) {
|
|
1429
|
-
|
|
1434
|
+
assert7(chunk instanceof Buffer);
|
|
1430
1435
|
let signatureLength = options.signatureLength || 0;
|
|
1431
1436
|
if (signatureLength === 0) {
|
|
1432
1437
|
const cert = exploreCertificateInfo(options.publicKey);
|
|
@@ -1437,16 +1442,16 @@ function verifyChunkSignature(chunk, options) {
|
|
|
1437
1442
|
return verifyMessageChunkSignature(block_to_verify, signature, options);
|
|
1438
1443
|
}
|
|
1439
1444
|
function computePaddingFooter(buffer, derivedKeys) {
|
|
1440
|
-
|
|
1445
|
+
assert7(Object.prototype.hasOwnProperty.call(derivedKeys, "encryptingBlockSize"));
|
|
1441
1446
|
const paddingSize = derivedKeys.encryptingBlockSize - (buffer.length + 1) % derivedKeys.encryptingBlockSize;
|
|
1442
1447
|
const padding = createFastUninitializedBuffer(paddingSize + 1);
|
|
1443
1448
|
padding.fill(paddingSize);
|
|
1444
1449
|
return padding;
|
|
1445
1450
|
}
|
|
1446
1451
|
function derivedKeys_algorithm(derivedKeys) {
|
|
1447
|
-
|
|
1452
|
+
assert7(Object.prototype.hasOwnProperty.call(derivedKeys, "algorithm"));
|
|
1448
1453
|
const algorithm = derivedKeys.algorithm || "aes-128-cbc";
|
|
1449
|
-
|
|
1454
|
+
assert7(algorithm === "aes-128-cbc" || algorithm === "aes-256-cbc");
|
|
1450
1455
|
return algorithm;
|
|
1451
1456
|
}
|
|
1452
1457
|
function encryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
@@ -1472,12 +1477,12 @@ function decryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
|
1472
1477
|
return Buffer.concat(decrypted_chunks);
|
|
1473
1478
|
}
|
|
1474
1479
|
function makeMessageChunkSignatureWithDerivedKeys(message, derivedKeys) {
|
|
1475
|
-
|
|
1476
|
-
|
|
1477
|
-
|
|
1478
|
-
|
|
1480
|
+
assert7(message instanceof Buffer);
|
|
1481
|
+
assert7(derivedKeys.signingKey instanceof Buffer);
|
|
1482
|
+
assert7(typeof derivedKeys.sha1or256 === "string");
|
|
1483
|
+
assert7(derivedKeys.sha1or256 === "SHA1" || derivedKeys.sha1or256 === "SHA256");
|
|
1479
1484
|
const signature = createHmac(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
|
|
1480
|
-
|
|
1485
|
+
assert7(signature.length === derivedKeys.signatureLength);
|
|
1481
1486
|
return signature;
|
|
1482
1487
|
}
|
|
1483
1488
|
function verifyChunkSignatureWithDerivedKeys(chunk, derivedKeys) {
|
|
@@ -1516,46 +1521,46 @@ function exploreAsn1(buffer) {
|
|
|
1516
1521
|
|
|
1517
1522
|
// source/explore_certificate_revocation_list.ts
|
|
1518
1523
|
function readNameForCrl(buffer, block) {
|
|
1519
|
-
return
|
|
1524
|
+
return readDirectoryName(buffer, block);
|
|
1520
1525
|
}
|
|
1521
1526
|
function _readTbsCertList(buffer, blockInfo) {
|
|
1522
1527
|
const blocks = readStruct(buffer, blockInfo);
|
|
1523
1528
|
const hasOptionalVersion = blocks[0].tag === 2 /* INTEGER */;
|
|
1524
1529
|
if (hasOptionalVersion) {
|
|
1525
|
-
const version =
|
|
1530
|
+
const version = readIntegerValue(buffer, blocks[0]);
|
|
1526
1531
|
const signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
1527
1532
|
const issuer = readNameForCrl(buffer, blocks[2]);
|
|
1528
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1529
|
-
const thisUpdate =
|
|
1530
|
-
const nextUpdate =
|
|
1533
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[2])));
|
|
1534
|
+
const thisUpdate = readTime(buffer, blocks[3]);
|
|
1535
|
+
const nextUpdate = readTime(buffer, blocks[4]);
|
|
1531
1536
|
const revokedCertificates = [];
|
|
1532
1537
|
if (blocks[5] && blocks[5].tag < 128) {
|
|
1533
1538
|
const list = readStruct(buffer, blocks[5]);
|
|
1534
1539
|
for (const r of list) {
|
|
1535
1540
|
const rr = readStruct(buffer, r);
|
|
1536
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1537
|
-
const revocationDate =
|
|
1541
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1542
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1538
1543
|
revokedCertificates.push({
|
|
1539
1544
|
revocationDate,
|
|
1540
1545
|
userCertificate
|
|
1541
1546
|
});
|
|
1542
1547
|
}
|
|
1543
1548
|
}
|
|
1544
|
-
const ext0 =
|
|
1549
|
+
const ext0 = findBlockAtIndex(blocks, 0);
|
|
1545
1550
|
return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
|
|
1546
1551
|
} else {
|
|
1547
1552
|
const signature = readAlgorithmIdentifier(buffer, blocks[0]);
|
|
1548
1553
|
const issuer = readNameForCrl(buffer, blocks[1]);
|
|
1549
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1550
|
-
const thisUpdate =
|
|
1551
|
-
const nextUpdate =
|
|
1554
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[1])));
|
|
1555
|
+
const thisUpdate = readTime(buffer, blocks[2]);
|
|
1556
|
+
const nextUpdate = readTime(buffer, blocks[3]);
|
|
1552
1557
|
const revokedCertificates = [];
|
|
1553
1558
|
if (blocks[4] && blocks[4].tag < 128) {
|
|
1554
1559
|
const list = readStruct(buffer, blocks[4]);
|
|
1555
1560
|
for (const r of list) {
|
|
1556
1561
|
const rr = readStruct(buffer, r);
|
|
1557
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1558
|
-
const revocationDate =
|
|
1562
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1563
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1559
1564
|
revokedCertificates.push({
|
|
1560
1565
|
revocationDate,
|
|
1561
1566
|
userCertificate
|
|
@@ -1578,7 +1583,7 @@ function exploreCertificateRevocationList(crl) {
|
|
|
1578
1583
|
function _readExtensionRequest(buffer) {
|
|
1579
1584
|
const block = readTag(buffer, 0);
|
|
1580
1585
|
const inner_blocks = readStruct(buffer, block);
|
|
1581
|
-
const extensions = inner_blocks.map((block1) =>
|
|
1586
|
+
const extensions = inner_blocks.map((block1) => readExtension(buffer, block1));
|
|
1582
1587
|
const result = {};
|
|
1583
1588
|
for (const e of extensions) {
|
|
1584
1589
|
result[e.identifier.name] = e.value;
|
|
@@ -1589,17 +1594,17 @@ function _readExtensionRequest(buffer) {
|
|
|
1589
1594
|
function readCertificationRequestInfo(buffer, block) {
|
|
1590
1595
|
const blocks = readStruct(buffer, block);
|
|
1591
1596
|
if (blocks.length === 4) {
|
|
1592
|
-
const extensionRequestBlock =
|
|
1597
|
+
const extensionRequestBlock = findBlockAtIndex(blocks, 0);
|
|
1593
1598
|
if (!extensionRequestBlock) {
|
|
1594
1599
|
throw new Error("cannot find extensionRequest block");
|
|
1595
1600
|
}
|
|
1596
1601
|
const blocks1 = readStruct(buffer, extensionRequestBlock);
|
|
1597
1602
|
const blocks2 = readStruct(buffer, blocks1[0]);
|
|
1598
|
-
const identifier =
|
|
1603
|
+
const identifier = readObjectIdentifier(buffer, blocks2[0]);
|
|
1599
1604
|
if (identifier.name !== "extensionRequest") {
|
|
1600
1605
|
throw new Error(" Cannot find extension Request in ASN1 block");
|
|
1601
1606
|
}
|
|
1602
|
-
const buf =
|
|
1607
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
1603
1608
|
const extensionRequest = _readExtensionRequest(buf);
|
|
1604
1609
|
return { extensionRequest };
|
|
1605
1610
|
}
|
|
@@ -5419,11 +5424,11 @@ function compareSchema(root, inputData, inputSchema) {
|
|
|
5419
5424
|
};
|
|
5420
5425
|
}
|
|
5421
5426
|
if (inputSchema.primitiveSchema && VALUE_HEX_VIEW in inputData.valueBlock) {
|
|
5422
|
-
const
|
|
5423
|
-
if (
|
|
5427
|
+
const asn12 = localFromBER(inputData.valueBlock.valueHexView);
|
|
5428
|
+
if (asn12.offset === -1) {
|
|
5424
5429
|
const _result = {
|
|
5425
5430
|
verified: false,
|
|
5426
|
-
result:
|
|
5431
|
+
result: asn12.result
|
|
5427
5432
|
};
|
|
5428
5433
|
if (inputSchema.name) {
|
|
5429
5434
|
inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING);
|
|
@@ -5434,7 +5439,7 @@ function compareSchema(root, inputData, inputSchema) {
|
|
|
5434
5439
|
}
|
|
5435
5440
|
return _result;
|
|
5436
5441
|
}
|
|
5437
|
-
return compareSchema(root,
|
|
5442
|
+
return compareSchema(root, asn12.result, inputSchema.primitiveSchema);
|
|
5438
5443
|
}
|
|
5439
5444
|
return {
|
|
5440
5445
|
verified: true,
|
|
@@ -5448,14 +5453,14 @@ function verifySchema(inputBuffer, inputSchema) {
|
|
|
5448
5453
|
result: { error: "Wrong ASN.1 schema type" }
|
|
5449
5454
|
};
|
|
5450
5455
|
}
|
|
5451
|
-
const
|
|
5452
|
-
if (
|
|
5456
|
+
const asn12 = localFromBER(BufferSourceConverter.toUint8Array(inputBuffer));
|
|
5457
|
+
if (asn12.offset === -1) {
|
|
5453
5458
|
return {
|
|
5454
5459
|
verified: false,
|
|
5455
|
-
result:
|
|
5460
|
+
result: asn12.result
|
|
5456
5461
|
};
|
|
5457
5462
|
}
|
|
5458
|
-
return compareSchema(
|
|
5463
|
+
return compareSchema(asn12.result, asn12.result, inputSchema);
|
|
5459
5464
|
}
|
|
5460
5465
|
|
|
5461
5466
|
// ../../node_modules/@peculiar/asn1-schema/build/es2015/enums.js
|
|
@@ -6143,13 +6148,12 @@ async function createSelfSignedCertificate({
|
|
|
6143
6148
|
return { cert: cert.toString("pem"), der: cert };
|
|
6144
6149
|
}
|
|
6145
6150
|
|
|
6151
|
+
// source/index_web.ts
|
|
6152
|
+
var asn1 = { readDirectoryName, readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin };
|
|
6153
|
+
|
|
6146
6154
|
export {
|
|
6147
6155
|
__dirname,
|
|
6148
|
-
|
|
6149
|
-
readStruct,
|
|
6150
|
-
readAlgorithmIdentifier,
|
|
6151
|
-
readSignatureValueBin,
|
|
6152
|
-
_readExtension,
|
|
6156
|
+
readExtension,
|
|
6153
6157
|
readTbsCertificate,
|
|
6154
6158
|
exploreCertificate,
|
|
6155
6159
|
split_der,
|
|
@@ -6219,7 +6223,8 @@ export {
|
|
|
6219
6223
|
coercePEMorDerToPrivateKey,
|
|
6220
6224
|
_coercePrivateKey,
|
|
6221
6225
|
createCertificateSigningRequest,
|
|
6222
|
-
createSelfSignedCertificate
|
|
6226
|
+
createSelfSignedCertificate,
|
|
6227
|
+
asn1
|
|
6223
6228
|
};
|
|
6224
6229
|
/*! Bundled license information:
|
|
6225
6230
|
|
|
@@ -6289,4 +6294,4 @@ asn1js/build/index.es.js:
|
|
|
6289
6294
|
*
|
|
6290
6295
|
*)
|
|
6291
6296
|
*/
|
|
6292
|
-
//# sourceMappingURL=chunk-
|
|
6297
|
+
//# sourceMappingURL=chunk-LHUQUHQQ.mjs.map
|