node-opcua-crypto 4.11.0 → 4.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-UH5AT3JE.mjs → chunk-AXAFLVME.mjs} +2 -2
- package/dist/{chunk-2RCYFHGG.mjs → chunk-LHUQUHQQ.mjs} +183 -178
- package/dist/chunk-LHUQUHQQ.mjs.map +1 -0
- package/dist/chunk-RQA4DO2Z.mjs +1 -0
- package/dist/chunk-RQA4DO2Z.mjs.map +1 -0
- package/dist/index.d.mts +1 -2
- package/dist/index.d.ts +1 -2
- package/dist/index.js +175 -170
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +6 -7
- package/dist/source/index.d.mts +1 -15
- package/dist/source/index.d.ts +1 -15
- package/dist/source/index.js +172 -167
- package/dist/source/index.js.map +1 -1
- package/dist/source/index.mjs +5 -6
- package/dist/source/index_web.d.mts +518 -4
- package/dist/source/index_web.d.ts +518 -4
- package/dist/source/index_web.js +183 -173
- package/dist/source/index_web.js.map +1 -1
- package/dist/source/index_web.mjs +5 -3
- package/dist/source_nodejs/index.js +18 -15
- package/dist/source_nodejs/index.js.map +1 -1
- package/dist/source_nodejs/index.mjs +3 -3
- package/package.json +2 -2
- package/dist/chunk-2RCYFHGG.mjs.map +0 -1
- package/dist/chunk-C7PROBPE.mjs +0 -14
- package/dist/chunk-C7PROBPE.mjs.map +0 -1
- package/dist/index_web-C5Oeu9mq.d.mts +0 -503
- package/dist/index_web-D1qc4UN2.d.ts +0 -503
- /package/dist/{chunk-UH5AT3JE.mjs.map → chunk-AXAFLVME.mjs.map} +0 -0
package/dist/index.js
CHANGED
|
@@ -36,7 +36,6 @@ __export(node_opcua_crypto_exports, {
|
|
|
36
36
|
RSA_PKCS1_PADDING: () => RSA_PKCS1_PADDING,
|
|
37
37
|
Subject: () => Subject,
|
|
38
38
|
_coercePrivateKey: () => _coercePrivateKey,
|
|
39
|
-
_readExtension: () => _readExtension,
|
|
40
39
|
asn1: () => asn1,
|
|
41
40
|
certificateMatchesPrivateKey: () => certificateMatchesPrivateKey,
|
|
42
41
|
coerceCertificate: () => coerceCertificate,
|
|
@@ -91,6 +90,7 @@ __export(node_opcua_crypto_exports, {
|
|
|
91
90
|
readCertificateRevocationList: () => readCertificateRevocationList,
|
|
92
91
|
readCertificateSigningRequest: () => readCertificateSigningRequest,
|
|
93
92
|
readCertificationRequestInfo: () => readCertificationRequestInfo,
|
|
93
|
+
readExtension: () => readExtension,
|
|
94
94
|
readNameForCrl: () => readNameForCrl,
|
|
95
95
|
readPrivateKey: () => readPrivateKey,
|
|
96
96
|
readPrivateKeyPEM: () => readPrivateKeyPEM,
|
|
@@ -425,33 +425,33 @@ var oid_map = {
|
|
|
425
425
|
};
|
|
426
426
|
|
|
427
427
|
// source/asn1.ts
|
|
428
|
-
var TagType = /* @__PURE__ */ ((
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
return
|
|
428
|
+
var TagType = /* @__PURE__ */ ((TagType2) => {
|
|
429
|
+
TagType2[TagType2["BOOLEAN"] = 1] = "BOOLEAN";
|
|
430
|
+
TagType2[TagType2["INTEGER"] = 2] = "INTEGER";
|
|
431
|
+
TagType2[TagType2["BIT_STRING"] = 3] = "BIT_STRING";
|
|
432
|
+
TagType2[TagType2["OCTET_STRING"] = 4] = "OCTET_STRING";
|
|
433
|
+
TagType2[TagType2["NULL"] = 5] = "NULL";
|
|
434
|
+
TagType2[TagType2["OBJECT_IDENTIFIER"] = 6] = "OBJECT_IDENTIFIER";
|
|
435
|
+
TagType2[TagType2["UTF8String"] = 12] = "UTF8String";
|
|
436
|
+
TagType2[TagType2["NumericString"] = 18] = "NumericString";
|
|
437
|
+
TagType2[TagType2["PrintableString"] = 19] = "PrintableString";
|
|
438
|
+
TagType2[TagType2["TeletexString"] = 20] = "TeletexString";
|
|
439
|
+
TagType2[TagType2["IA5String"] = 22] = "IA5String";
|
|
440
|
+
TagType2[TagType2["UTCTime"] = 23] = "UTCTime";
|
|
441
|
+
TagType2[TagType2["GeneralizedTime"] = 24] = "GeneralizedTime";
|
|
442
|
+
TagType2[TagType2["GraphicString"] = 25] = "GraphicString";
|
|
443
|
+
TagType2[TagType2["VisibleString"] = 26] = "VisibleString";
|
|
444
|
+
TagType2[TagType2["GeneralString"] = 27] = "GeneralString";
|
|
445
|
+
TagType2[TagType2["UniversalString"] = 28] = "UniversalString";
|
|
446
|
+
TagType2[TagType2["BMPString"] = 30] = "BMPString";
|
|
447
|
+
TagType2[TagType2["SEQUENCE"] = 48] = "SEQUENCE";
|
|
448
|
+
TagType2[TagType2["SET"] = 49] = "SET";
|
|
449
|
+
TagType2[TagType2["CONTEXT_SPECIFIC0"] = 160] = "CONTEXT_SPECIFIC0";
|
|
450
|
+
TagType2[TagType2["CONTEXT_SPECIFIC1"] = 161] = "CONTEXT_SPECIFIC1";
|
|
451
|
+
TagType2[TagType2["CONTEXT_SPECIFIC2"] = 162] = "CONTEXT_SPECIFIC2";
|
|
452
|
+
TagType2[TagType2["CONTEXT_SPECIFIC3"] = 163] = "CONTEXT_SPECIFIC3";
|
|
453
|
+
TagType2[TagType2["A4"] = 164] = "A4";
|
|
454
|
+
return TagType2;
|
|
455
455
|
})(TagType || {});
|
|
456
456
|
function readTag(buf, pos) {
|
|
457
457
|
const start = pos;
|
|
@@ -497,9 +497,9 @@ function parseBitString(buffer, start, end, maxLength) {
|
|
|
497
497
|
}
|
|
498
498
|
return intro + s;
|
|
499
499
|
}
|
|
500
|
-
function
|
|
500
|
+
function readBitString(buffer, block) {
|
|
501
501
|
(0, import_assert.default)(block.tag === 3 /* BIT_STRING */);
|
|
502
|
-
const data =
|
|
502
|
+
const data = getBlock(buffer, block);
|
|
503
503
|
const ignore_bits = data.readUInt8(0);
|
|
504
504
|
return {
|
|
505
505
|
lengthInBits: data.length * 8 - ignore_bits,
|
|
@@ -515,7 +515,7 @@ function formatBuffer2DigitHexWithColum(buffer) {
|
|
|
515
515
|
}
|
|
516
516
|
return value.join(":").toUpperCase().replace(/^(00:)*/, "");
|
|
517
517
|
}
|
|
518
|
-
function
|
|
518
|
+
function readOctetString(buffer, block) {
|
|
519
519
|
(0, import_assert.default)(block.tag === 4 /* OCTET_STRING */);
|
|
520
520
|
const tag = readTag(buffer, block.position);
|
|
521
521
|
(0, import_assert.default)(tag.tag === 4 /* OCTET_STRING */);
|
|
@@ -524,19 +524,19 @@ function _readOctetString(buffer, block) {
|
|
|
524
524
|
const b = buffer.subarray(pos, pos + nbBytes);
|
|
525
525
|
return b;
|
|
526
526
|
}
|
|
527
|
-
function
|
|
527
|
+
function getBlock(buffer, block) {
|
|
528
528
|
const start = block.position;
|
|
529
529
|
const end = block.position + block.length;
|
|
530
530
|
return buffer.subarray(start, end);
|
|
531
531
|
}
|
|
532
|
-
function
|
|
533
|
-
return
|
|
532
|
+
function readIntegerAsByteString(buffer, block) {
|
|
533
|
+
return getBlock(buffer, block);
|
|
534
534
|
}
|
|
535
|
-
function
|
|
535
|
+
function readListOfInteger(buffer) {
|
|
536
536
|
const block = readTag(buffer, 0);
|
|
537
537
|
const inner_blocks = readStruct(buffer, block);
|
|
538
538
|
return inner_blocks.map((innerBlock) => {
|
|
539
|
-
return
|
|
539
|
+
return readIntegerAsByteString(buffer, innerBlock);
|
|
540
540
|
});
|
|
541
541
|
}
|
|
542
542
|
function parseOID(buffer, start, end) {
|
|
@@ -559,7 +559,7 @@ function parseOID(buffer, start, end) {
|
|
|
559
559
|
(0, import_assert.default)(bits === 0);
|
|
560
560
|
return s;
|
|
561
561
|
}
|
|
562
|
-
function
|
|
562
|
+
function readObjectIdentifier(buffer, block) {
|
|
563
563
|
(0, import_assert.default)(block.tag === 6 /* OBJECT_IDENTIFIER */);
|
|
564
564
|
const b = buffer.subarray(block.position, block.position + block.length);
|
|
565
565
|
const oid = parseOID(b, 0, block.length);
|
|
@@ -571,30 +571,30 @@ function _readObjectIdentifier(buffer, block) {
|
|
|
571
571
|
function readAlgorithmIdentifier(buffer, block) {
|
|
572
572
|
const inner_blocks = readStruct(buffer, block);
|
|
573
573
|
return {
|
|
574
|
-
identifier:
|
|
574
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name
|
|
575
575
|
};
|
|
576
576
|
}
|
|
577
|
-
function
|
|
577
|
+
function readECCAlgorithmIdentifier(buffer, block) {
|
|
578
578
|
const inner_blocks = readStruct(buffer, block);
|
|
579
579
|
return {
|
|
580
|
-
identifier:
|
|
580
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[1]).name
|
|
581
581
|
// difference with RSA as algorithm is second element of nested block
|
|
582
582
|
};
|
|
583
583
|
}
|
|
584
584
|
function readSignatureValueBin(buffer, block) {
|
|
585
|
-
return
|
|
585
|
+
return readBitString(buffer, block).data;
|
|
586
586
|
}
|
|
587
587
|
function readSignatureValue(buffer, block) {
|
|
588
588
|
return readSignatureValueBin(buffer, block).toString("hex");
|
|
589
589
|
}
|
|
590
|
-
function
|
|
590
|
+
function readLongIntegerValue(buffer, block) {
|
|
591
591
|
(0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
592
592
|
const pos = block.position;
|
|
593
593
|
const nbBytes = block.length;
|
|
594
594
|
const buf = buffer.subarray(pos, pos + nbBytes);
|
|
595
595
|
return buf;
|
|
596
596
|
}
|
|
597
|
-
function
|
|
597
|
+
function readIntegerValue(buffer, block) {
|
|
598
598
|
(0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
599
599
|
let pos = block.position;
|
|
600
600
|
const nbBytes = block.length;
|
|
@@ -606,7 +606,7 @@ function _readIntegerValue(buffer, block) {
|
|
|
606
606
|
}
|
|
607
607
|
return value;
|
|
608
608
|
}
|
|
609
|
-
function
|
|
609
|
+
function readBooleanValue(buffer, block) {
|
|
610
610
|
(0, import_assert.default)(block.tag === 1 /* BOOLEAN */, "expecting a BOOLEAN tag. got " + TagType[block.tag]);
|
|
611
611
|
const pos = block.position;
|
|
612
612
|
const nbBytes = block.length;
|
|
@@ -614,9 +614,9 @@ function _readBooleanValue(buffer, block) {
|
|
|
614
614
|
const value = buffer.readUInt8(pos) ? true : false;
|
|
615
615
|
return value;
|
|
616
616
|
}
|
|
617
|
-
function
|
|
617
|
+
function readVersionValue(buffer, block) {
|
|
618
618
|
block = readTag(buffer, block.position);
|
|
619
|
-
return
|
|
619
|
+
return readIntegerValue(buffer, block);
|
|
620
620
|
}
|
|
621
621
|
function convertGeneralizedTime(str) {
|
|
622
622
|
const year = parseInt(str.substr(0, 4), 10);
|
|
@@ -628,7 +628,7 @@ function convertGeneralizedTime(str) {
|
|
|
628
628
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
629
629
|
}
|
|
630
630
|
function _readBMPString(buffer, block) {
|
|
631
|
-
const strBuff =
|
|
631
|
+
const strBuff = getBlock(buffer, block);
|
|
632
632
|
let str = "";
|
|
633
633
|
for (let i = 0; i < strBuff.length; i += 2) {
|
|
634
634
|
const word = strBuff.readUInt16BE(i);
|
|
@@ -646,10 +646,10 @@ function convertUTCTime(str) {
|
|
|
646
646
|
year += year >= 50 ? 1900 : 2e3;
|
|
647
647
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
648
648
|
}
|
|
649
|
-
function
|
|
649
|
+
function readValue(buffer, block) {
|
|
650
650
|
switch (block.tag) {
|
|
651
651
|
case 1 /* BOOLEAN */:
|
|
652
|
-
return
|
|
652
|
+
return readBooleanValue(buffer, block);
|
|
653
653
|
case 30 /* BMPString */:
|
|
654
654
|
return _readBMPString(buffer, block);
|
|
655
655
|
case 19 /* PrintableString */:
|
|
@@ -657,44 +657,29 @@ function _readValue(buffer, block) {
|
|
|
657
657
|
case 12 /* UTF8String */:
|
|
658
658
|
case 18 /* NumericString */:
|
|
659
659
|
case 22 /* IA5String */:
|
|
660
|
-
return
|
|
660
|
+
return getBlock(buffer, block).toString("ascii");
|
|
661
661
|
case 23 /* UTCTime */:
|
|
662
|
-
return convertUTCTime(
|
|
662
|
+
return convertUTCTime(getBlock(buffer, block).toString("ascii"));
|
|
663
663
|
case 24 /* GeneralizedTime */:
|
|
664
|
-
return convertGeneralizedTime(
|
|
664
|
+
return convertGeneralizedTime(getBlock(buffer, block).toString("ascii"));
|
|
665
665
|
default:
|
|
666
666
|
throw new Error("Invalid tag 0x" + block.tag.toString(16));
|
|
667
667
|
}
|
|
668
668
|
}
|
|
669
|
-
function
|
|
670
|
-
const set_blocks = readStruct(buffer, block);
|
|
671
|
-
const names = {};
|
|
672
|
-
for (const set_block of set_blocks) {
|
|
673
|
-
(0, import_assert.default)(set_block.tag === 49);
|
|
674
|
-
const blocks = readStruct(buffer, set_block);
|
|
675
|
-
(0, import_assert.default)(blocks.length === 1);
|
|
676
|
-
(0, import_assert.default)(blocks[0].tag === 48);
|
|
677
|
-
const sequenceBlock = readStruct(buffer, blocks[0]);
|
|
678
|
-
(0, import_assert.default)(sequenceBlock.length === 2);
|
|
679
|
-
const type = _readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
680
|
-
names[type.name] = _readValue(buffer, sequenceBlock[1]);
|
|
681
|
-
}
|
|
682
|
-
return names;
|
|
683
|
-
}
|
|
684
|
-
function _findBlockAtIndex(blocks, index) {
|
|
669
|
+
function findBlockAtIndex(blocks, index) {
|
|
685
670
|
const tmp = blocks.filter((b) => b.tag === 160 + index || b.tag === 128 + index);
|
|
686
671
|
if (tmp.length === 0) {
|
|
687
672
|
return null;
|
|
688
673
|
}
|
|
689
674
|
return tmp[0];
|
|
690
675
|
}
|
|
691
|
-
function
|
|
692
|
-
return
|
|
676
|
+
function readTime(buffer, block) {
|
|
677
|
+
return readValue(buffer, block);
|
|
693
678
|
}
|
|
694
679
|
|
|
695
680
|
// source/crypto_utils.ts
|
|
696
681
|
var import_constants = __toESM(require("constants"));
|
|
697
|
-
var
|
|
682
|
+
var import_assert4 = __toESM(require("assert"));
|
|
698
683
|
var import_crypto = require("crypto");
|
|
699
684
|
var import_hexy = __toESM(require("hexy"));
|
|
700
685
|
|
|
@@ -704,14 +689,34 @@ var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (s
|
|
|
704
689
|
};
|
|
705
690
|
|
|
706
691
|
// source/crypto_explore_certificate.ts
|
|
692
|
+
var import_assert3 = __toESM(require("assert"));
|
|
693
|
+
|
|
694
|
+
// source/directory_name.ts
|
|
707
695
|
var import_assert2 = __toESM(require("assert"));
|
|
696
|
+
function readDirectoryName(buffer, block) {
|
|
697
|
+
const set_blocks = readStruct(buffer, block);
|
|
698
|
+
const names = {};
|
|
699
|
+
for (const set_block of set_blocks) {
|
|
700
|
+
(0, import_assert2.default)(set_block.tag === 49);
|
|
701
|
+
const blocks = readStruct(buffer, set_block);
|
|
702
|
+
(0, import_assert2.default)(blocks.length === 1);
|
|
703
|
+
(0, import_assert2.default)(blocks[0].tag === 48);
|
|
704
|
+
const sequenceBlock = readStruct(buffer, blocks[0]);
|
|
705
|
+
(0, import_assert2.default)(sequenceBlock.length === 2);
|
|
706
|
+
const type = readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
707
|
+
names[type.name] = readValue(buffer, sequenceBlock[1]);
|
|
708
|
+
}
|
|
709
|
+
return names;
|
|
710
|
+
}
|
|
711
|
+
|
|
712
|
+
// source/crypto_explore_certificate.ts
|
|
708
713
|
var doDebug = false;
|
|
709
714
|
function _readAttributeTypeAndValue(buffer, block) {
|
|
710
715
|
let inner_blocks = readStruct(buffer, block);
|
|
711
716
|
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
712
717
|
const data = {
|
|
713
|
-
identifier:
|
|
714
|
-
value:
|
|
718
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name,
|
|
719
|
+
value: readValue(buffer, inner_blocks[1])
|
|
715
720
|
};
|
|
716
721
|
const result = {};
|
|
717
722
|
for (const [key, value] of Object.entries(data)) {
|
|
@@ -734,29 +739,29 @@ function _readName(buffer, block) {
|
|
|
734
739
|
function _readValidity(buffer, block) {
|
|
735
740
|
const inner_blocks = readStruct(buffer, block);
|
|
736
741
|
return {
|
|
737
|
-
notBefore:
|
|
738
|
-
notAfter:
|
|
742
|
+
notBefore: readTime(buffer, inner_blocks[0]),
|
|
743
|
+
notAfter: readTime(buffer, inner_blocks[1])
|
|
739
744
|
};
|
|
740
745
|
}
|
|
741
746
|
function _readAuthorityKeyIdentifier(buffer) {
|
|
742
747
|
const block_info = readTag(buffer, 0);
|
|
743
748
|
const blocks = readStruct(buffer, block_info);
|
|
744
|
-
const keyIdentifier_block =
|
|
745
|
-
const authorityCertIssuer_block =
|
|
746
|
-
const authorityCertSerialNumber_block =
|
|
749
|
+
const keyIdentifier_block = findBlockAtIndex(blocks, 0);
|
|
750
|
+
const authorityCertIssuer_block = findBlockAtIndex(blocks, 1);
|
|
751
|
+
const authorityCertSerialNumber_block = findBlockAtIndex(blocks, 2);
|
|
747
752
|
function _readAuthorityCertIssuer(block) {
|
|
748
753
|
const inner_blocks = readStruct(buffer, block);
|
|
749
|
-
const directoryName_block =
|
|
754
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
750
755
|
if (directoryName_block) {
|
|
751
756
|
const a = readStruct(buffer, directoryName_block);
|
|
752
|
-
return
|
|
757
|
+
return readDirectoryName(buffer, a[0]);
|
|
753
758
|
} else {
|
|
754
759
|
throw new Error("Invalid _readAuthorityCertIssuer");
|
|
755
760
|
}
|
|
756
761
|
}
|
|
757
762
|
function _readAuthorityCertIssuerFingerPrint(block) {
|
|
758
763
|
const inner_blocks = readStruct(buffer, block);
|
|
759
|
-
const directoryName_block =
|
|
764
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
760
765
|
if (!directoryName_block) {
|
|
761
766
|
return "";
|
|
762
767
|
}
|
|
@@ -764,16 +769,16 @@ function _readAuthorityKeyIdentifier(buffer) {
|
|
|
764
769
|
if (a.length < 1) {
|
|
765
770
|
return "";
|
|
766
771
|
}
|
|
767
|
-
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
772
|
+
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, a[0]))) : "";
|
|
768
773
|
}
|
|
769
774
|
const authorityCertIssuer = authorityCertIssuer_block ? _readAuthorityCertIssuer(authorityCertIssuer_block) : null;
|
|
770
775
|
const authorityCertIssuerFingerPrint = authorityCertIssuer_block ? _readAuthorityCertIssuerFingerPrint(authorityCertIssuer_block) : "";
|
|
771
776
|
return {
|
|
772
777
|
authorityCertIssuer,
|
|
773
778
|
authorityCertIssuerFingerPrint,
|
|
774
|
-
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(
|
|
779
|
+
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, authorityCertSerialNumber_block)) : null,
|
|
775
780
|
// can be null for self-signed cert
|
|
776
|
-
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(
|
|
781
|
+
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, keyIdentifier_block)) : null
|
|
777
782
|
// can be null for self-signed certf
|
|
778
783
|
};
|
|
779
784
|
}
|
|
@@ -786,10 +791,10 @@ function readBasicConstraint2_5_29_19(buffer, block) {
|
|
|
786
791
|
for (const inner_block of inner_blocks) {
|
|
787
792
|
switch (inner_block.tag) {
|
|
788
793
|
case 1 /* BOOLEAN */:
|
|
789
|
-
cA =
|
|
794
|
+
cA = readBooleanValue(buffer, inner_block);
|
|
790
795
|
break;
|
|
791
796
|
case 2 /* INTEGER */:
|
|
792
|
-
pathLengthConstraint =
|
|
797
|
+
pathLengthConstraint = readIntegerValue(buffer, inner_block);
|
|
793
798
|
breakControl = 1;
|
|
794
799
|
break;
|
|
795
800
|
}
|
|
@@ -822,7 +827,7 @@ function _readGeneralNames(buffer, block) {
|
|
|
822
827
|
}
|
|
823
828
|
const n = {};
|
|
824
829
|
for (const block2 of blocks) {
|
|
825
|
-
(0,
|
|
830
|
+
(0, import_assert3.default)((block2.tag & 128) === 128);
|
|
826
831
|
const t2 = block2.tag & 127;
|
|
827
832
|
const type = _data[t2];
|
|
828
833
|
if (!type) {
|
|
@@ -832,10 +837,10 @@ function _readGeneralNames(buffer, block) {
|
|
|
832
837
|
if (t2 == 32) {
|
|
833
838
|
n[type.name] = n[type.name] || [];
|
|
834
839
|
const blocks2 = readStruct(buffer, block2);
|
|
835
|
-
const name =
|
|
836
|
-
const buf =
|
|
840
|
+
const name = readObjectIdentifier(buffer, blocks2[0]).name;
|
|
841
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
837
842
|
const b = readTag(buf, 0);
|
|
838
|
-
const nn =
|
|
843
|
+
const nn = readValue(buf, b);
|
|
839
844
|
const data = {
|
|
840
845
|
identifier: name,
|
|
841
846
|
value: nn
|
|
@@ -882,7 +887,7 @@ function readKeyUsage(oid, buffer) {
|
|
|
882
887
|
};
|
|
883
888
|
}
|
|
884
889
|
function readExtKeyUsage(oid, buffer) {
|
|
885
|
-
(0,
|
|
890
|
+
(0, import_assert3.default)(oid === "2.5.29.37");
|
|
886
891
|
const block_info = readTag(buffer, 0);
|
|
887
892
|
const inner_blocks = readStruct(buffer, block_info);
|
|
888
893
|
const extKeyUsage = {
|
|
@@ -897,7 +902,7 @@ function readExtKeyUsage(oid, buffer) {
|
|
|
897
902
|
ocspSigning: false
|
|
898
903
|
};
|
|
899
904
|
for (const block of inner_blocks) {
|
|
900
|
-
const identifier =
|
|
905
|
+
const identifier = readObjectIdentifier(buffer, block);
|
|
901
906
|
extKeyUsage[identifier.name] = true;
|
|
902
907
|
}
|
|
903
908
|
return extKeyUsage;
|
|
@@ -909,18 +914,18 @@ function _readSubjectPublicKey(buffer) {
|
|
|
909
914
|
modulus: buffer.subarray(blocks[0].position + 1, blocks[0].position + blocks[0].length)
|
|
910
915
|
};
|
|
911
916
|
}
|
|
912
|
-
function
|
|
917
|
+
function readExtension(buffer, block) {
|
|
913
918
|
const inner_blocks = readStruct(buffer, block);
|
|
914
919
|
if (inner_blocks.length === 3) {
|
|
915
|
-
(0,
|
|
920
|
+
(0, import_assert3.default)(inner_blocks[1].tag === 1 /* BOOLEAN */);
|
|
916
921
|
inner_blocks[1] = inner_blocks[2];
|
|
917
922
|
}
|
|
918
|
-
const identifier =
|
|
919
|
-
const buf =
|
|
923
|
+
const identifier = readObjectIdentifier(buffer, inner_blocks[0]);
|
|
924
|
+
const buf = getBlock(buffer, inner_blocks[1]);
|
|
920
925
|
let value = null;
|
|
921
926
|
switch (identifier.name) {
|
|
922
927
|
case "subjectKeyIdentifier":
|
|
923
|
-
value = formatBuffer2DigitHexWithColum(
|
|
928
|
+
value = formatBuffer2DigitHexWithColum(readOctetString(buffer, inner_blocks[1]));
|
|
924
929
|
break;
|
|
925
930
|
case "subjectAltName":
|
|
926
931
|
value = _readSubjectAltNames(buf);
|
|
@@ -949,10 +954,10 @@ function _readExtension(buffer, block) {
|
|
|
949
954
|
};
|
|
950
955
|
}
|
|
951
956
|
function _readExtensions(buffer, block) {
|
|
952
|
-
(0,
|
|
957
|
+
(0, import_assert3.default)(block.tag === 163);
|
|
953
958
|
let inner_blocks = readStruct(buffer, block);
|
|
954
959
|
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
955
|
-
const extensions = inner_blocks.map((block2) =>
|
|
960
|
+
const extensions = inner_blocks.map((block2) => readExtension(buffer, block2));
|
|
956
961
|
const result = {};
|
|
957
962
|
for (const e of extensions) {
|
|
958
963
|
result[e.identifier.name] = e.value;
|
|
@@ -962,9 +967,9 @@ function _readExtensions(buffer, block) {
|
|
|
962
967
|
function _readSubjectPublicKeyInfo(buffer, block) {
|
|
963
968
|
const inner_blocks = readStruct(buffer, block);
|
|
964
969
|
const algorithm = readAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
965
|
-
const subjectPublicKey =
|
|
970
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
966
971
|
const data = subjectPublicKey.data;
|
|
967
|
-
const values =
|
|
972
|
+
const values = readListOfInteger(data);
|
|
968
973
|
return {
|
|
969
974
|
algorithm: algorithm.identifier,
|
|
970
975
|
keyLength: values[0].length - 1,
|
|
@@ -975,8 +980,8 @@ function _readSubjectPublicKeyInfo(buffer, block) {
|
|
|
975
980
|
}
|
|
976
981
|
function _readSubjectECCPublicKeyInfo(buffer, block) {
|
|
977
982
|
const inner_blocks = readStruct(buffer, block);
|
|
978
|
-
const algorithm =
|
|
979
|
-
const subjectPublicKey =
|
|
983
|
+
const algorithm = readECCAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
984
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
980
985
|
const data = subjectPublicKey.data;
|
|
981
986
|
return {
|
|
982
987
|
algorithm: algorithm.identifier,
|
|
@@ -992,26 +997,26 @@ function readTbsCertificate(buffer, block) {
|
|
|
992
997
|
let subjectPublicKeyInfo;
|
|
993
998
|
if (blocks.length === 6) {
|
|
994
999
|
version = 1;
|
|
995
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
1000
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[0]));
|
|
996
1001
|
signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
997
1002
|
issuer = _readName(buffer, blocks[2]);
|
|
998
1003
|
validity = _readValidity(buffer, blocks[3]);
|
|
999
1004
|
subject = _readName(buffer, blocks[4]);
|
|
1000
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1005
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[4])));
|
|
1001
1006
|
subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[5]);
|
|
1002
1007
|
extensions = null;
|
|
1003
1008
|
} else {
|
|
1004
|
-
const version_block =
|
|
1009
|
+
const version_block = findBlockAtIndex(blocks, 0);
|
|
1005
1010
|
if (!version_block) {
|
|
1006
1011
|
throw new Error("cannot find version block");
|
|
1007
1012
|
}
|
|
1008
|
-
version =
|
|
1009
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
1013
|
+
version = readVersionValue(buffer, version_block) + 1;
|
|
1014
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[1]));
|
|
1010
1015
|
signature = readAlgorithmIdentifier(buffer, blocks[2]);
|
|
1011
1016
|
issuer = _readName(buffer, blocks[3]);
|
|
1012
1017
|
validity = _readValidity(buffer, blocks[4]);
|
|
1013
1018
|
subject = _readName(buffer, blocks[5]);
|
|
1014
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1019
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[5])));
|
|
1015
1020
|
const inner_block = readStruct(buffer, blocks[6]);
|
|
1016
1021
|
const what_type = readAlgorithmIdentifier(buffer, inner_block[0]).identifier;
|
|
1017
1022
|
switch (what_type) {
|
|
@@ -1025,7 +1030,7 @@ function readTbsCertificate(buffer, block) {
|
|
|
1025
1030
|
break;
|
|
1026
1031
|
}
|
|
1027
1032
|
}
|
|
1028
|
-
const extensionBlock =
|
|
1033
|
+
const extensionBlock = findBlockAtIndex(blocks, 3);
|
|
1029
1034
|
if (!extensionBlock) {
|
|
1030
1035
|
doDebug && console.log("X509 certificate is invalid : cannot find extension block version =" + version_block);
|
|
1031
1036
|
extensions = null;
|
|
@@ -1046,7 +1051,7 @@ function readTbsCertificate(buffer, block) {
|
|
|
1046
1051
|
};
|
|
1047
1052
|
}
|
|
1048
1053
|
function exploreCertificate(certificate) {
|
|
1049
|
-
(0,
|
|
1054
|
+
(0, import_assert3.default)(certificate instanceof Buffer);
|
|
1050
1055
|
if (!certificate._exploreCertificate_cache) {
|
|
1051
1056
|
const block_info = readTag(certificate, 0);
|
|
1052
1057
|
const blocks = readStruct(certificate, block_info);
|
|
@@ -1075,10 +1080,10 @@ function combine_der(certificates) {
|
|
|
1075
1080
|
let sum = 0;
|
|
1076
1081
|
b.forEach((block) => {
|
|
1077
1082
|
const block_info = readTag(block, 0);
|
|
1078
|
-
(0,
|
|
1083
|
+
(0, import_assert3.default)(block_info.position + block_info.length === block.length);
|
|
1079
1084
|
sum += block.length;
|
|
1080
1085
|
});
|
|
1081
|
-
(0,
|
|
1086
|
+
(0, import_assert3.default)(sum === cert.length);
|
|
1082
1087
|
}
|
|
1083
1088
|
return Buffer.concat(certificates);
|
|
1084
1089
|
}
|
|
@@ -1100,14 +1105,14 @@ function removeTrailingLF(str) {
|
|
|
1100
1105
|
return tmp;
|
|
1101
1106
|
}
|
|
1102
1107
|
function toPem(raw_key, pem) {
|
|
1103
|
-
(0,
|
|
1104
|
-
(0,
|
|
1108
|
+
(0, import_assert4.default)(raw_key, "expecting a key");
|
|
1109
|
+
(0, import_assert4.default)(typeof pem === "string");
|
|
1105
1110
|
let pemType = identifyPemType(raw_key);
|
|
1106
1111
|
if (pemType) {
|
|
1107
1112
|
return raw_key instanceof Buffer ? removeTrailingLF(raw_key.toString("utf8")) : removeTrailingLF(raw_key);
|
|
1108
1113
|
} else {
|
|
1109
1114
|
pemType = pem;
|
|
1110
|
-
(0,
|
|
1115
|
+
(0, import_assert4.default)(["CERTIFICATE REQUEST", "CERTIFICATE", "RSA PRIVATE KEY", "PUBLIC KEY", "X509 CRL"].indexOf(pemType) >= 0);
|
|
1111
1116
|
let b = raw_key.toString("base64");
|
|
1112
1117
|
let str = "-----BEGIN " + pemType + "-----\n";
|
|
1113
1118
|
while (b.length) {
|
|
@@ -1147,7 +1152,7 @@ function makeMessageChunkSignature(chunk, options) {
|
|
|
1147
1152
|
const signer = (0, import_crypto.createSign)(options.algorithm);
|
|
1148
1153
|
signer.update(chunk);
|
|
1149
1154
|
const signature = signer.sign(options.privateKey.hidden);
|
|
1150
|
-
(0,
|
|
1155
|
+
(0, import_assert4.default)(!options.signatureLength || signature.length === options.signatureLength);
|
|
1151
1156
|
return signature;
|
|
1152
1157
|
}
|
|
1153
1158
|
function verifyMessageChunkSignature(blockToVerify, signature, options) {
|
|
@@ -1165,8 +1170,8 @@ var PaddingAlgorithm = /* @__PURE__ */ ((PaddingAlgorithm2) => {
|
|
|
1165
1170
|
PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_PADDING"] = 1] = "RSA_PKCS1_PADDING";
|
|
1166
1171
|
return PaddingAlgorithm2;
|
|
1167
1172
|
})(PaddingAlgorithm || {});
|
|
1168
|
-
(0,
|
|
1169
|
-
(0,
|
|
1173
|
+
(0, import_assert4.default)(4 /* RSA_PKCS1_OAEP_PADDING */ === import_constants.default.RSA_PKCS1_OAEP_PADDING);
|
|
1174
|
+
(0, import_assert4.default)(1 /* RSA_PKCS1_PADDING */ === import_constants.default.RSA_PKCS1_PADDING);
|
|
1170
1175
|
function publicEncrypt_native(buffer, publicKey, algorithm) {
|
|
1171
1176
|
if (algorithm === void 0) {
|
|
1172
1177
|
algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
|
|
@@ -1243,14 +1248,14 @@ function coerceCertificatePem(certificate) {
|
|
|
1243
1248
|
if (certificate instanceof Buffer) {
|
|
1244
1249
|
certificate = toPem(certificate, "CERTIFICATE");
|
|
1245
1250
|
}
|
|
1246
|
-
(0,
|
|
1251
|
+
(0, import_assert4.default)(typeof certificate === "string");
|
|
1247
1252
|
return certificate;
|
|
1248
1253
|
}
|
|
1249
1254
|
function extractPublicKeyFromCertificateSync(certificate) {
|
|
1250
1255
|
certificate = coerceCertificatePem(certificate);
|
|
1251
1256
|
const key = import_jsrsasign.default.KEYUTIL.getKey(certificate);
|
|
1252
1257
|
const publicKeyAsPem = import_jsrsasign.default.KEYUTIL.getPEM(key);
|
|
1253
|
-
(0,
|
|
1258
|
+
(0, import_assert4.default)(typeof publicKeyAsPem === "string");
|
|
1254
1259
|
return publicKeyAsPem;
|
|
1255
1260
|
}
|
|
1256
1261
|
function extractPublicKeyFromCertificate(certificate, callback) {
|
|
@@ -1386,7 +1391,7 @@ var CertificatePurpose = /* @__PURE__ */ ((CertificatePurpose2) => {
|
|
|
1386
1391
|
})(CertificatePurpose || {});
|
|
1387
1392
|
|
|
1388
1393
|
// source/crypto_utils2.ts
|
|
1389
|
-
var
|
|
1394
|
+
var import_assert5 = __toESM(require("assert"));
|
|
1390
1395
|
var import_jsrsasign2 = __toESM(require("jsrsasign"));
|
|
1391
1396
|
function rsaLengthPrivateKey(key) {
|
|
1392
1397
|
const keyPem = typeof key.hidden === "string" ? key.hidden : key.hidden.export({ type: "pkcs1", format: "pem" }).toString();
|
|
@@ -1397,8 +1402,8 @@ function toPem2(raw_key, pem) {
|
|
|
1397
1402
|
if (raw_key.hidden) {
|
|
1398
1403
|
return toPem2(raw_key.hidden, pem);
|
|
1399
1404
|
}
|
|
1400
|
-
(0,
|
|
1401
|
-
(0,
|
|
1405
|
+
(0, import_assert5.default)(raw_key, "expecting a key");
|
|
1406
|
+
(0, import_assert5.default)(typeof pem === "string");
|
|
1402
1407
|
if (isKeyObject(raw_key)) {
|
|
1403
1408
|
const _raw_key = raw_key;
|
|
1404
1409
|
if (pem === "RSA PRIVATE KEY") {
|
|
@@ -1418,40 +1423,40 @@ function coercePublicKeyPem(publicKey) {
|
|
|
1418
1423
|
if (isKeyObject(publicKey)) {
|
|
1419
1424
|
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1420
1425
|
}
|
|
1421
|
-
(0,
|
|
1426
|
+
(0, import_assert5.default)(typeof publicKey === "string");
|
|
1422
1427
|
return publicKey;
|
|
1423
1428
|
}
|
|
1424
1429
|
function coerceRsaPublicKeyPem(publicKey) {
|
|
1425
1430
|
if (isKeyObject(publicKey)) {
|
|
1426
1431
|
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1427
1432
|
}
|
|
1428
|
-
(0,
|
|
1433
|
+
(0, import_assert5.default)(typeof publicKey === "string");
|
|
1429
1434
|
return publicKey;
|
|
1430
1435
|
}
|
|
1431
1436
|
function rsaLengthPublicKey(key) {
|
|
1432
1437
|
key = coercePublicKeyPem(key);
|
|
1433
|
-
(0,
|
|
1438
|
+
(0, import_assert5.default)(typeof key === "string");
|
|
1434
1439
|
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1435
1440
|
return a.n.toString(16).length / 2;
|
|
1436
1441
|
}
|
|
1437
1442
|
function rsaLengthRsaPublicKey(key) {
|
|
1438
1443
|
key = coerceRsaPublicKeyPem(key);
|
|
1439
|
-
(0,
|
|
1444
|
+
(0, import_assert5.default)(typeof key === "string");
|
|
1440
1445
|
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1441
1446
|
return a.n.toString(16).length / 2;
|
|
1442
1447
|
}
|
|
1443
1448
|
|
|
1444
1449
|
// source/derived_keys.ts
|
|
1445
|
-
var
|
|
1450
|
+
var import_assert7 = __toESM(require("assert"));
|
|
1446
1451
|
var import_crypto3 = require("crypto");
|
|
1447
1452
|
|
|
1448
1453
|
// source/explore_certificate.ts
|
|
1449
|
-
var
|
|
1454
|
+
var import_assert6 = __toESM(require("assert"));
|
|
1450
1455
|
function coerceCertificate(certificate) {
|
|
1451
1456
|
if (typeof certificate === "string") {
|
|
1452
1457
|
certificate = convertPEMtoDER(certificate);
|
|
1453
1458
|
}
|
|
1454
|
-
(0,
|
|
1459
|
+
(0, import_assert6.default)(certificate instanceof Buffer);
|
|
1455
1460
|
return certificate;
|
|
1456
1461
|
}
|
|
1457
1462
|
function exploreCertificateInfo(certificate) {
|
|
@@ -1478,8 +1483,8 @@ function plus(buf1, buf2) {
|
|
|
1478
1483
|
return Buffer.concat([buf1, buf2]);
|
|
1479
1484
|
}
|
|
1480
1485
|
function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
1481
|
-
(0,
|
|
1482
|
-
(0,
|
|
1486
|
+
(0, import_assert7.default)(seed instanceof Buffer);
|
|
1487
|
+
(0, import_assert7.default)(sha1or256 === "SHA1" || sha1or256 === "SHA256");
|
|
1483
1488
|
const a = [];
|
|
1484
1489
|
a[0] = seed;
|
|
1485
1490
|
let index = 1;
|
|
@@ -1492,12 +1497,12 @@ function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
|
1492
1497
|
return p_hash.subarray(0, minLength);
|
|
1493
1498
|
}
|
|
1494
1499
|
function computeDerivedKeys(secret, seed, options) {
|
|
1495
|
-
(0,
|
|
1496
|
-
(0,
|
|
1497
|
-
(0,
|
|
1498
|
-
(0,
|
|
1500
|
+
(0, import_assert7.default)(Number.isFinite(options.signatureLength));
|
|
1501
|
+
(0, import_assert7.default)(Number.isFinite(options.encryptingKeyLength));
|
|
1502
|
+
(0, import_assert7.default)(Number.isFinite(options.encryptingBlockSize));
|
|
1503
|
+
(0, import_assert7.default)(typeof options.algorithm === "string");
|
|
1499
1504
|
options.sha1or256 = options.sha1or256 || "SHA1";
|
|
1500
|
-
(0,
|
|
1505
|
+
(0, import_assert7.default)(typeof options.sha1or256 === "string");
|
|
1501
1506
|
const offset1 = options.signingKeyLength;
|
|
1502
1507
|
const offset2 = offset1 + options.encryptingKeyLength;
|
|
1503
1508
|
const minLength = offset2 + options.encryptingBlockSize;
|
|
@@ -1522,7 +1527,7 @@ function removePadding(buffer) {
|
|
|
1522
1527
|
return reduceLength(buffer, nbPaddingBytes);
|
|
1523
1528
|
}
|
|
1524
1529
|
function verifyChunkSignature(chunk, options) {
|
|
1525
|
-
(0,
|
|
1530
|
+
(0, import_assert7.default)(chunk instanceof Buffer);
|
|
1526
1531
|
let signatureLength = options.signatureLength || 0;
|
|
1527
1532
|
if (signatureLength === 0) {
|
|
1528
1533
|
const cert = exploreCertificateInfo(options.publicKey);
|
|
@@ -1533,16 +1538,16 @@ function verifyChunkSignature(chunk, options) {
|
|
|
1533
1538
|
return verifyMessageChunkSignature(block_to_verify, signature, options);
|
|
1534
1539
|
}
|
|
1535
1540
|
function computePaddingFooter(buffer, derivedKeys) {
|
|
1536
|
-
(0,
|
|
1541
|
+
(0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "encryptingBlockSize"));
|
|
1537
1542
|
const paddingSize = derivedKeys.encryptingBlockSize - (buffer.length + 1) % derivedKeys.encryptingBlockSize;
|
|
1538
1543
|
const padding = createFastUninitializedBuffer(paddingSize + 1);
|
|
1539
1544
|
padding.fill(paddingSize);
|
|
1540
1545
|
return padding;
|
|
1541
1546
|
}
|
|
1542
1547
|
function derivedKeys_algorithm(derivedKeys) {
|
|
1543
|
-
(0,
|
|
1548
|
+
(0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "algorithm"));
|
|
1544
1549
|
const algorithm = derivedKeys.algorithm || "aes-128-cbc";
|
|
1545
|
-
(0,
|
|
1550
|
+
(0, import_assert7.default)(algorithm === "aes-128-cbc" || algorithm === "aes-256-cbc");
|
|
1546
1551
|
return algorithm;
|
|
1547
1552
|
}
|
|
1548
1553
|
function encryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
@@ -1568,12 +1573,12 @@ function decryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
|
1568
1573
|
return Buffer.concat(decrypted_chunks);
|
|
1569
1574
|
}
|
|
1570
1575
|
function makeMessageChunkSignatureWithDerivedKeys(message, derivedKeys) {
|
|
1571
|
-
(0,
|
|
1572
|
-
(0,
|
|
1573
|
-
(0,
|
|
1574
|
-
(0,
|
|
1576
|
+
(0, import_assert7.default)(message instanceof Buffer);
|
|
1577
|
+
(0, import_assert7.default)(derivedKeys.signingKey instanceof Buffer);
|
|
1578
|
+
(0, import_assert7.default)(typeof derivedKeys.sha1or256 === "string");
|
|
1579
|
+
(0, import_assert7.default)(derivedKeys.sha1or256 === "SHA1" || derivedKeys.sha1or256 === "SHA256");
|
|
1575
1580
|
const signature = (0, import_crypto3.createHmac)(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
|
|
1576
|
-
(0,
|
|
1581
|
+
(0, import_assert7.default)(signature.length === derivedKeys.signatureLength);
|
|
1577
1582
|
return signature;
|
|
1578
1583
|
}
|
|
1579
1584
|
function verifyChunkSignatureWithDerivedKeys(chunk, derivedKeys) {
|
|
@@ -1612,46 +1617,46 @@ function exploreAsn1(buffer) {
|
|
|
1612
1617
|
|
|
1613
1618
|
// source/explore_certificate_revocation_list.ts
|
|
1614
1619
|
function readNameForCrl(buffer, block) {
|
|
1615
|
-
return
|
|
1620
|
+
return readDirectoryName(buffer, block);
|
|
1616
1621
|
}
|
|
1617
1622
|
function _readTbsCertList(buffer, blockInfo) {
|
|
1618
1623
|
const blocks = readStruct(buffer, blockInfo);
|
|
1619
1624
|
const hasOptionalVersion = blocks[0].tag === 2 /* INTEGER */;
|
|
1620
1625
|
if (hasOptionalVersion) {
|
|
1621
|
-
const version =
|
|
1626
|
+
const version = readIntegerValue(buffer, blocks[0]);
|
|
1622
1627
|
const signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
1623
1628
|
const issuer = readNameForCrl(buffer, blocks[2]);
|
|
1624
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1625
|
-
const thisUpdate =
|
|
1626
|
-
const nextUpdate =
|
|
1629
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[2])));
|
|
1630
|
+
const thisUpdate = readTime(buffer, blocks[3]);
|
|
1631
|
+
const nextUpdate = readTime(buffer, blocks[4]);
|
|
1627
1632
|
const revokedCertificates = [];
|
|
1628
1633
|
if (blocks[5] && blocks[5].tag < 128) {
|
|
1629
1634
|
const list = readStruct(buffer, blocks[5]);
|
|
1630
1635
|
for (const r of list) {
|
|
1631
1636
|
const rr = readStruct(buffer, r);
|
|
1632
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1633
|
-
const revocationDate =
|
|
1637
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1638
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1634
1639
|
revokedCertificates.push({
|
|
1635
1640
|
revocationDate,
|
|
1636
1641
|
userCertificate
|
|
1637
1642
|
});
|
|
1638
1643
|
}
|
|
1639
1644
|
}
|
|
1640
|
-
const ext0 =
|
|
1645
|
+
const ext0 = findBlockAtIndex(blocks, 0);
|
|
1641
1646
|
return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
|
|
1642
1647
|
} else {
|
|
1643
1648
|
const signature = readAlgorithmIdentifier(buffer, blocks[0]);
|
|
1644
1649
|
const issuer = readNameForCrl(buffer, blocks[1]);
|
|
1645
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1646
|
-
const thisUpdate =
|
|
1647
|
-
const nextUpdate =
|
|
1650
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[1])));
|
|
1651
|
+
const thisUpdate = readTime(buffer, blocks[2]);
|
|
1652
|
+
const nextUpdate = readTime(buffer, blocks[3]);
|
|
1648
1653
|
const revokedCertificates = [];
|
|
1649
1654
|
if (blocks[4] && blocks[4].tag < 128) {
|
|
1650
1655
|
const list = readStruct(buffer, blocks[4]);
|
|
1651
1656
|
for (const r of list) {
|
|
1652
1657
|
const rr = readStruct(buffer, r);
|
|
1653
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1654
|
-
const revocationDate =
|
|
1658
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1659
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1655
1660
|
revokedCertificates.push({
|
|
1656
1661
|
revocationDate,
|
|
1657
1662
|
userCertificate
|
|
@@ -1674,7 +1679,7 @@ function exploreCertificateRevocationList(crl) {
|
|
|
1674
1679
|
function _readExtensionRequest(buffer) {
|
|
1675
1680
|
const block = readTag(buffer, 0);
|
|
1676
1681
|
const inner_blocks = readStruct(buffer, block);
|
|
1677
|
-
const extensions = inner_blocks.map((block1) =>
|
|
1682
|
+
const extensions = inner_blocks.map((block1) => readExtension(buffer, block1));
|
|
1678
1683
|
const result = {};
|
|
1679
1684
|
for (const e of extensions) {
|
|
1680
1685
|
result[e.identifier.name] = e.value;
|
|
@@ -1685,17 +1690,17 @@ function _readExtensionRequest(buffer) {
|
|
|
1685
1690
|
function readCertificationRequestInfo(buffer, block) {
|
|
1686
1691
|
const blocks = readStruct(buffer, block);
|
|
1687
1692
|
if (blocks.length === 4) {
|
|
1688
|
-
const extensionRequestBlock =
|
|
1693
|
+
const extensionRequestBlock = findBlockAtIndex(blocks, 0);
|
|
1689
1694
|
if (!extensionRequestBlock) {
|
|
1690
1695
|
throw new Error("cannot find extensionRequest block");
|
|
1691
1696
|
}
|
|
1692
1697
|
const blocks1 = readStruct(buffer, extensionRequestBlock);
|
|
1693
1698
|
const blocks2 = readStruct(buffer, blocks1[0]);
|
|
1694
|
-
const identifier =
|
|
1699
|
+
const identifier = readObjectIdentifier(buffer, blocks2[0]);
|
|
1695
1700
|
if (identifier.name !== "extensionRequest") {
|
|
1696
1701
|
throw new Error(" Cannot find extension Request in ASN1 block");
|
|
1697
1702
|
}
|
|
1698
|
-
const buf =
|
|
1703
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
1699
1704
|
const extensionRequest = _readExtensionRequest(buf);
|
|
1700
1705
|
return { extensionRequest };
|
|
1701
1706
|
}
|
|
@@ -6239,17 +6244,17 @@ async function createSelfSignedCertificate({
|
|
|
6239
6244
|
return { cert: cert.toString("pem"), der: cert };
|
|
6240
6245
|
}
|
|
6241
6246
|
|
|
6242
|
-
// source/
|
|
6243
|
-
var asn1 = { readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin };
|
|
6247
|
+
// source/index_web.ts
|
|
6248
|
+
var asn1 = { readDirectoryName, readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin };
|
|
6244
6249
|
|
|
6245
6250
|
// source_nodejs/read.ts
|
|
6246
|
-
var
|
|
6251
|
+
var import_assert8 = __toESM(require("assert"));
|
|
6247
6252
|
var import_node_fs = __toESM(require("fs"));
|
|
6248
6253
|
var import_node_path = __toESM(require("path"));
|
|
6249
6254
|
var import_crypto13 = require("crypto");
|
|
6250
6255
|
var import_sshpk = __toESM(require("sshpk"));
|
|
6251
6256
|
function _readPemFile(filename) {
|
|
6252
|
-
(0,
|
|
6257
|
+
(0, import_assert8.default)(typeof filename === "string");
|
|
6253
6258
|
return removeTrailingLF(import_node_fs.default.readFileSync(filename, "utf-8"));
|
|
6254
6259
|
}
|
|
6255
6260
|
function _readPemOrDerFileAsDER(filename) {
|
|
@@ -6275,7 +6280,7 @@ function myCreatePrivateKey(rawKey) {
|
|
|
6275
6280
|
if (!import_crypto13.createPrivateKey || process.env.NO_CREATE_PRIVATEKEY) {
|
|
6276
6281
|
if (rawKey instanceof Buffer) {
|
|
6277
6282
|
const pemKey = toPem(rawKey, "PRIVATE KEY");
|
|
6278
|
-
(0,
|
|
6283
|
+
(0, import_assert8.default)(["RSA PRIVATE KEY", "PRIVATE KEY"].indexOf(identifyPemType(pemKey)) >= 0);
|
|
6279
6284
|
return { hidden: pemKey };
|
|
6280
6285
|
}
|
|
6281
6286
|
return { hidden: ensureTrailingLF(rawKey) };
|
|
@@ -6389,7 +6394,6 @@ async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength
|
|
|
6389
6394
|
RSA_PKCS1_PADDING,
|
|
6390
6395
|
Subject,
|
|
6391
6396
|
_coercePrivateKey,
|
|
6392
|
-
_readExtension,
|
|
6393
6397
|
asn1,
|
|
6394
6398
|
certificateMatchesPrivateKey,
|
|
6395
6399
|
coerceCertificate,
|
|
@@ -6444,6 +6448,7 @@ async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength
|
|
|
6444
6448
|
readCertificateRevocationList,
|
|
6445
6449
|
readCertificateSigningRequest,
|
|
6446
6450
|
readCertificationRequestInfo,
|
|
6451
|
+
readExtension,
|
|
6447
6452
|
readNameForCrl,
|
|
6448
6453
|
readPrivateKey,
|
|
6449
6454
|
readPrivateKeyPEM,
|