node-opcua-crypto 4.11.0 → 4.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-UH5AT3JE.mjs → chunk-AXAFLVME.mjs} +2 -2
- package/dist/{chunk-2RCYFHGG.mjs → chunk-LHUQUHQQ.mjs} +183 -178
- package/dist/chunk-LHUQUHQQ.mjs.map +1 -0
- package/dist/chunk-RQA4DO2Z.mjs +1 -0
- package/dist/chunk-RQA4DO2Z.mjs.map +1 -0
- package/dist/index.d.mts +1 -2
- package/dist/index.d.ts +1 -2
- package/dist/index.js +175 -170
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +6 -7
- package/dist/source/index.d.mts +1 -15
- package/dist/source/index.d.ts +1 -15
- package/dist/source/index.js +172 -167
- package/dist/source/index.js.map +1 -1
- package/dist/source/index.mjs +5 -6
- package/dist/source/index_web.d.mts +518 -4
- package/dist/source/index_web.d.ts +518 -4
- package/dist/source/index_web.js +183 -173
- package/dist/source/index_web.js.map +1 -1
- package/dist/source/index_web.mjs +5 -3
- package/dist/source_nodejs/index.js +18 -15
- package/dist/source_nodejs/index.js.map +1 -1
- package/dist/source_nodejs/index.mjs +3 -3
- package/package.json +2 -2
- package/dist/chunk-2RCYFHGG.mjs.map +0 -1
- package/dist/chunk-C7PROBPE.mjs +0 -14
- package/dist/chunk-C7PROBPE.mjs.map +0 -1
- package/dist/index_web-C5Oeu9mq.d.mts +0 -503
- package/dist/index_web-D1qc4UN2.d.ts +0 -503
- /package/dist/{chunk-UH5AT3JE.mjs.map → chunk-AXAFLVME.mjs.map} +0 -0
package/dist/source/index.js
CHANGED
|
@@ -36,7 +36,6 @@ __export(source_exports, {
|
|
|
36
36
|
RSA_PKCS1_PADDING: () => RSA_PKCS1_PADDING,
|
|
37
37
|
Subject: () => Subject,
|
|
38
38
|
_coercePrivateKey: () => _coercePrivateKey,
|
|
39
|
-
_readExtension: () => _readExtension,
|
|
40
39
|
asn1: () => asn1,
|
|
41
40
|
certificateMatchesPrivateKey: () => certificateMatchesPrivateKey,
|
|
42
41
|
coerceCertificate: () => coerceCertificate,
|
|
@@ -84,6 +83,7 @@ __export(source_exports, {
|
|
|
84
83
|
publicEncrypt_native: () => publicEncrypt_native,
|
|
85
84
|
publicKeyAndPrivateKeyMatches: () => publicKeyAndPrivateKeyMatches,
|
|
86
85
|
readCertificationRequestInfo: () => readCertificationRequestInfo,
|
|
86
|
+
readExtension: () => readExtension,
|
|
87
87
|
readNameForCrl: () => readNameForCrl,
|
|
88
88
|
readTbsCertificate: () => readTbsCertificate,
|
|
89
89
|
reduceLength: () => reduceLength,
|
|
@@ -411,33 +411,33 @@ var oid_map = {
|
|
|
411
411
|
};
|
|
412
412
|
|
|
413
413
|
// source/asn1.ts
|
|
414
|
-
var TagType = /* @__PURE__ */ ((
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
return
|
|
414
|
+
var TagType = /* @__PURE__ */ ((TagType2) => {
|
|
415
|
+
TagType2[TagType2["BOOLEAN"] = 1] = "BOOLEAN";
|
|
416
|
+
TagType2[TagType2["INTEGER"] = 2] = "INTEGER";
|
|
417
|
+
TagType2[TagType2["BIT_STRING"] = 3] = "BIT_STRING";
|
|
418
|
+
TagType2[TagType2["OCTET_STRING"] = 4] = "OCTET_STRING";
|
|
419
|
+
TagType2[TagType2["NULL"] = 5] = "NULL";
|
|
420
|
+
TagType2[TagType2["OBJECT_IDENTIFIER"] = 6] = "OBJECT_IDENTIFIER";
|
|
421
|
+
TagType2[TagType2["UTF8String"] = 12] = "UTF8String";
|
|
422
|
+
TagType2[TagType2["NumericString"] = 18] = "NumericString";
|
|
423
|
+
TagType2[TagType2["PrintableString"] = 19] = "PrintableString";
|
|
424
|
+
TagType2[TagType2["TeletexString"] = 20] = "TeletexString";
|
|
425
|
+
TagType2[TagType2["IA5String"] = 22] = "IA5String";
|
|
426
|
+
TagType2[TagType2["UTCTime"] = 23] = "UTCTime";
|
|
427
|
+
TagType2[TagType2["GeneralizedTime"] = 24] = "GeneralizedTime";
|
|
428
|
+
TagType2[TagType2["GraphicString"] = 25] = "GraphicString";
|
|
429
|
+
TagType2[TagType2["VisibleString"] = 26] = "VisibleString";
|
|
430
|
+
TagType2[TagType2["GeneralString"] = 27] = "GeneralString";
|
|
431
|
+
TagType2[TagType2["UniversalString"] = 28] = "UniversalString";
|
|
432
|
+
TagType2[TagType2["BMPString"] = 30] = "BMPString";
|
|
433
|
+
TagType2[TagType2["SEQUENCE"] = 48] = "SEQUENCE";
|
|
434
|
+
TagType2[TagType2["SET"] = 49] = "SET";
|
|
435
|
+
TagType2[TagType2["CONTEXT_SPECIFIC0"] = 160] = "CONTEXT_SPECIFIC0";
|
|
436
|
+
TagType2[TagType2["CONTEXT_SPECIFIC1"] = 161] = "CONTEXT_SPECIFIC1";
|
|
437
|
+
TagType2[TagType2["CONTEXT_SPECIFIC2"] = 162] = "CONTEXT_SPECIFIC2";
|
|
438
|
+
TagType2[TagType2["CONTEXT_SPECIFIC3"] = 163] = "CONTEXT_SPECIFIC3";
|
|
439
|
+
TagType2[TagType2["A4"] = 164] = "A4";
|
|
440
|
+
return TagType2;
|
|
441
441
|
})(TagType || {});
|
|
442
442
|
function readTag(buf, pos) {
|
|
443
443
|
const start = pos;
|
|
@@ -483,9 +483,9 @@ function parseBitString(buffer, start, end, maxLength) {
|
|
|
483
483
|
}
|
|
484
484
|
return intro + s;
|
|
485
485
|
}
|
|
486
|
-
function
|
|
486
|
+
function readBitString(buffer, block) {
|
|
487
487
|
(0, import_assert.default)(block.tag === 3 /* BIT_STRING */);
|
|
488
|
-
const data =
|
|
488
|
+
const data = getBlock(buffer, block);
|
|
489
489
|
const ignore_bits = data.readUInt8(0);
|
|
490
490
|
return {
|
|
491
491
|
lengthInBits: data.length * 8 - ignore_bits,
|
|
@@ -501,7 +501,7 @@ function formatBuffer2DigitHexWithColum(buffer) {
|
|
|
501
501
|
}
|
|
502
502
|
return value.join(":").toUpperCase().replace(/^(00:)*/, "");
|
|
503
503
|
}
|
|
504
|
-
function
|
|
504
|
+
function readOctetString(buffer, block) {
|
|
505
505
|
(0, import_assert.default)(block.tag === 4 /* OCTET_STRING */);
|
|
506
506
|
const tag = readTag(buffer, block.position);
|
|
507
507
|
(0, import_assert.default)(tag.tag === 4 /* OCTET_STRING */);
|
|
@@ -510,19 +510,19 @@ function _readOctetString(buffer, block) {
|
|
|
510
510
|
const b = buffer.subarray(pos, pos + nbBytes);
|
|
511
511
|
return b;
|
|
512
512
|
}
|
|
513
|
-
function
|
|
513
|
+
function getBlock(buffer, block) {
|
|
514
514
|
const start = block.position;
|
|
515
515
|
const end = block.position + block.length;
|
|
516
516
|
return buffer.subarray(start, end);
|
|
517
517
|
}
|
|
518
|
-
function
|
|
519
|
-
return
|
|
518
|
+
function readIntegerAsByteString(buffer, block) {
|
|
519
|
+
return getBlock(buffer, block);
|
|
520
520
|
}
|
|
521
|
-
function
|
|
521
|
+
function readListOfInteger(buffer) {
|
|
522
522
|
const block = readTag(buffer, 0);
|
|
523
523
|
const inner_blocks = readStruct(buffer, block);
|
|
524
524
|
return inner_blocks.map((innerBlock) => {
|
|
525
|
-
return
|
|
525
|
+
return readIntegerAsByteString(buffer, innerBlock);
|
|
526
526
|
});
|
|
527
527
|
}
|
|
528
528
|
function parseOID(buffer, start, end) {
|
|
@@ -545,7 +545,7 @@ function parseOID(buffer, start, end) {
|
|
|
545
545
|
(0, import_assert.default)(bits === 0);
|
|
546
546
|
return s;
|
|
547
547
|
}
|
|
548
|
-
function
|
|
548
|
+
function readObjectIdentifier(buffer, block) {
|
|
549
549
|
(0, import_assert.default)(block.tag === 6 /* OBJECT_IDENTIFIER */);
|
|
550
550
|
const b = buffer.subarray(block.position, block.position + block.length);
|
|
551
551
|
const oid = parseOID(b, 0, block.length);
|
|
@@ -557,30 +557,30 @@ function _readObjectIdentifier(buffer, block) {
|
|
|
557
557
|
function readAlgorithmIdentifier(buffer, block) {
|
|
558
558
|
const inner_blocks = readStruct(buffer, block);
|
|
559
559
|
return {
|
|
560
|
-
identifier:
|
|
560
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name
|
|
561
561
|
};
|
|
562
562
|
}
|
|
563
|
-
function
|
|
563
|
+
function readECCAlgorithmIdentifier(buffer, block) {
|
|
564
564
|
const inner_blocks = readStruct(buffer, block);
|
|
565
565
|
return {
|
|
566
|
-
identifier:
|
|
566
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[1]).name
|
|
567
567
|
// difference with RSA as algorithm is second element of nested block
|
|
568
568
|
};
|
|
569
569
|
}
|
|
570
570
|
function readSignatureValueBin(buffer, block) {
|
|
571
|
-
return
|
|
571
|
+
return readBitString(buffer, block).data;
|
|
572
572
|
}
|
|
573
573
|
function readSignatureValue(buffer, block) {
|
|
574
574
|
return readSignatureValueBin(buffer, block).toString("hex");
|
|
575
575
|
}
|
|
576
|
-
function
|
|
576
|
+
function readLongIntegerValue(buffer, block) {
|
|
577
577
|
(0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
578
578
|
const pos = block.position;
|
|
579
579
|
const nbBytes = block.length;
|
|
580
580
|
const buf = buffer.subarray(pos, pos + nbBytes);
|
|
581
581
|
return buf;
|
|
582
582
|
}
|
|
583
|
-
function
|
|
583
|
+
function readIntegerValue(buffer, block) {
|
|
584
584
|
(0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
585
585
|
let pos = block.position;
|
|
586
586
|
const nbBytes = block.length;
|
|
@@ -592,7 +592,7 @@ function _readIntegerValue(buffer, block) {
|
|
|
592
592
|
}
|
|
593
593
|
return value;
|
|
594
594
|
}
|
|
595
|
-
function
|
|
595
|
+
function readBooleanValue(buffer, block) {
|
|
596
596
|
(0, import_assert.default)(block.tag === 1 /* BOOLEAN */, "expecting a BOOLEAN tag. got " + TagType[block.tag]);
|
|
597
597
|
const pos = block.position;
|
|
598
598
|
const nbBytes = block.length;
|
|
@@ -600,9 +600,9 @@ function _readBooleanValue(buffer, block) {
|
|
|
600
600
|
const value = buffer.readUInt8(pos) ? true : false;
|
|
601
601
|
return value;
|
|
602
602
|
}
|
|
603
|
-
function
|
|
603
|
+
function readVersionValue(buffer, block) {
|
|
604
604
|
block = readTag(buffer, block.position);
|
|
605
|
-
return
|
|
605
|
+
return readIntegerValue(buffer, block);
|
|
606
606
|
}
|
|
607
607
|
function convertGeneralizedTime(str) {
|
|
608
608
|
const year = parseInt(str.substr(0, 4), 10);
|
|
@@ -614,7 +614,7 @@ function convertGeneralizedTime(str) {
|
|
|
614
614
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
615
615
|
}
|
|
616
616
|
function _readBMPString(buffer, block) {
|
|
617
|
-
const strBuff =
|
|
617
|
+
const strBuff = getBlock(buffer, block);
|
|
618
618
|
let str = "";
|
|
619
619
|
for (let i = 0; i < strBuff.length; i += 2) {
|
|
620
620
|
const word = strBuff.readUInt16BE(i);
|
|
@@ -632,10 +632,10 @@ function convertUTCTime(str) {
|
|
|
632
632
|
year += year >= 50 ? 1900 : 2e3;
|
|
633
633
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
634
634
|
}
|
|
635
|
-
function
|
|
635
|
+
function readValue(buffer, block) {
|
|
636
636
|
switch (block.tag) {
|
|
637
637
|
case 1 /* BOOLEAN */:
|
|
638
|
-
return
|
|
638
|
+
return readBooleanValue(buffer, block);
|
|
639
639
|
case 30 /* BMPString */:
|
|
640
640
|
return _readBMPString(buffer, block);
|
|
641
641
|
case 19 /* PrintableString */:
|
|
@@ -643,44 +643,29 @@ function _readValue(buffer, block) {
|
|
|
643
643
|
case 12 /* UTF8String */:
|
|
644
644
|
case 18 /* NumericString */:
|
|
645
645
|
case 22 /* IA5String */:
|
|
646
|
-
return
|
|
646
|
+
return getBlock(buffer, block).toString("ascii");
|
|
647
647
|
case 23 /* UTCTime */:
|
|
648
|
-
return convertUTCTime(
|
|
648
|
+
return convertUTCTime(getBlock(buffer, block).toString("ascii"));
|
|
649
649
|
case 24 /* GeneralizedTime */:
|
|
650
|
-
return convertGeneralizedTime(
|
|
650
|
+
return convertGeneralizedTime(getBlock(buffer, block).toString("ascii"));
|
|
651
651
|
default:
|
|
652
652
|
throw new Error("Invalid tag 0x" + block.tag.toString(16));
|
|
653
653
|
}
|
|
654
654
|
}
|
|
655
|
-
function
|
|
656
|
-
const set_blocks = readStruct(buffer, block);
|
|
657
|
-
const names = {};
|
|
658
|
-
for (const set_block of set_blocks) {
|
|
659
|
-
(0, import_assert.default)(set_block.tag === 49);
|
|
660
|
-
const blocks = readStruct(buffer, set_block);
|
|
661
|
-
(0, import_assert.default)(blocks.length === 1);
|
|
662
|
-
(0, import_assert.default)(blocks[0].tag === 48);
|
|
663
|
-
const sequenceBlock = readStruct(buffer, blocks[0]);
|
|
664
|
-
(0, import_assert.default)(sequenceBlock.length === 2);
|
|
665
|
-
const type = _readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
666
|
-
names[type.name] = _readValue(buffer, sequenceBlock[1]);
|
|
667
|
-
}
|
|
668
|
-
return names;
|
|
669
|
-
}
|
|
670
|
-
function _findBlockAtIndex(blocks, index) {
|
|
655
|
+
function findBlockAtIndex(blocks, index) {
|
|
671
656
|
const tmp = blocks.filter((b) => b.tag === 160 + index || b.tag === 128 + index);
|
|
672
657
|
if (tmp.length === 0) {
|
|
673
658
|
return null;
|
|
674
659
|
}
|
|
675
660
|
return tmp[0];
|
|
676
661
|
}
|
|
677
|
-
function
|
|
678
|
-
return
|
|
662
|
+
function readTime(buffer, block) {
|
|
663
|
+
return readValue(buffer, block);
|
|
679
664
|
}
|
|
680
665
|
|
|
681
666
|
// source/crypto_utils.ts
|
|
682
667
|
var import_constants = __toESM(require("constants"));
|
|
683
|
-
var
|
|
668
|
+
var import_assert4 = __toESM(require("assert"));
|
|
684
669
|
var import_crypto = require("crypto");
|
|
685
670
|
var import_hexy = __toESM(require("hexy"));
|
|
686
671
|
|
|
@@ -690,14 +675,34 @@ var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (s
|
|
|
690
675
|
};
|
|
691
676
|
|
|
692
677
|
// source/crypto_explore_certificate.ts
|
|
678
|
+
var import_assert3 = __toESM(require("assert"));
|
|
679
|
+
|
|
680
|
+
// source/directory_name.ts
|
|
693
681
|
var import_assert2 = __toESM(require("assert"));
|
|
682
|
+
function readDirectoryName(buffer, block) {
|
|
683
|
+
const set_blocks = readStruct(buffer, block);
|
|
684
|
+
const names = {};
|
|
685
|
+
for (const set_block of set_blocks) {
|
|
686
|
+
(0, import_assert2.default)(set_block.tag === 49);
|
|
687
|
+
const blocks = readStruct(buffer, set_block);
|
|
688
|
+
(0, import_assert2.default)(blocks.length === 1);
|
|
689
|
+
(0, import_assert2.default)(blocks[0].tag === 48);
|
|
690
|
+
const sequenceBlock = readStruct(buffer, blocks[0]);
|
|
691
|
+
(0, import_assert2.default)(sequenceBlock.length === 2);
|
|
692
|
+
const type = readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
693
|
+
names[type.name] = readValue(buffer, sequenceBlock[1]);
|
|
694
|
+
}
|
|
695
|
+
return names;
|
|
696
|
+
}
|
|
697
|
+
|
|
698
|
+
// source/crypto_explore_certificate.ts
|
|
694
699
|
var doDebug = false;
|
|
695
700
|
function _readAttributeTypeAndValue(buffer, block) {
|
|
696
701
|
let inner_blocks = readStruct(buffer, block);
|
|
697
702
|
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
698
703
|
const data = {
|
|
699
|
-
identifier:
|
|
700
|
-
value:
|
|
704
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name,
|
|
705
|
+
value: readValue(buffer, inner_blocks[1])
|
|
701
706
|
};
|
|
702
707
|
const result = {};
|
|
703
708
|
for (const [key, value] of Object.entries(data)) {
|
|
@@ -720,29 +725,29 @@ function _readName(buffer, block) {
|
|
|
720
725
|
function _readValidity(buffer, block) {
|
|
721
726
|
const inner_blocks = readStruct(buffer, block);
|
|
722
727
|
return {
|
|
723
|
-
notBefore:
|
|
724
|
-
notAfter:
|
|
728
|
+
notBefore: readTime(buffer, inner_blocks[0]),
|
|
729
|
+
notAfter: readTime(buffer, inner_blocks[1])
|
|
725
730
|
};
|
|
726
731
|
}
|
|
727
732
|
function _readAuthorityKeyIdentifier(buffer) {
|
|
728
733
|
const block_info = readTag(buffer, 0);
|
|
729
734
|
const blocks = readStruct(buffer, block_info);
|
|
730
|
-
const keyIdentifier_block =
|
|
731
|
-
const authorityCertIssuer_block =
|
|
732
|
-
const authorityCertSerialNumber_block =
|
|
735
|
+
const keyIdentifier_block = findBlockAtIndex(blocks, 0);
|
|
736
|
+
const authorityCertIssuer_block = findBlockAtIndex(blocks, 1);
|
|
737
|
+
const authorityCertSerialNumber_block = findBlockAtIndex(blocks, 2);
|
|
733
738
|
function _readAuthorityCertIssuer(block) {
|
|
734
739
|
const inner_blocks = readStruct(buffer, block);
|
|
735
|
-
const directoryName_block =
|
|
740
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
736
741
|
if (directoryName_block) {
|
|
737
742
|
const a = readStruct(buffer, directoryName_block);
|
|
738
|
-
return
|
|
743
|
+
return readDirectoryName(buffer, a[0]);
|
|
739
744
|
} else {
|
|
740
745
|
throw new Error("Invalid _readAuthorityCertIssuer");
|
|
741
746
|
}
|
|
742
747
|
}
|
|
743
748
|
function _readAuthorityCertIssuerFingerPrint(block) {
|
|
744
749
|
const inner_blocks = readStruct(buffer, block);
|
|
745
|
-
const directoryName_block =
|
|
750
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
746
751
|
if (!directoryName_block) {
|
|
747
752
|
return "";
|
|
748
753
|
}
|
|
@@ -750,16 +755,16 @@ function _readAuthorityKeyIdentifier(buffer) {
|
|
|
750
755
|
if (a.length < 1) {
|
|
751
756
|
return "";
|
|
752
757
|
}
|
|
753
|
-
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
758
|
+
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, a[0]))) : "";
|
|
754
759
|
}
|
|
755
760
|
const authorityCertIssuer = authorityCertIssuer_block ? _readAuthorityCertIssuer(authorityCertIssuer_block) : null;
|
|
756
761
|
const authorityCertIssuerFingerPrint = authorityCertIssuer_block ? _readAuthorityCertIssuerFingerPrint(authorityCertIssuer_block) : "";
|
|
757
762
|
return {
|
|
758
763
|
authorityCertIssuer,
|
|
759
764
|
authorityCertIssuerFingerPrint,
|
|
760
|
-
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(
|
|
765
|
+
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, authorityCertSerialNumber_block)) : null,
|
|
761
766
|
// can be null for self-signed cert
|
|
762
|
-
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(
|
|
767
|
+
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, keyIdentifier_block)) : null
|
|
763
768
|
// can be null for self-signed certf
|
|
764
769
|
};
|
|
765
770
|
}
|
|
@@ -772,10 +777,10 @@ function readBasicConstraint2_5_29_19(buffer, block) {
|
|
|
772
777
|
for (const inner_block of inner_blocks) {
|
|
773
778
|
switch (inner_block.tag) {
|
|
774
779
|
case 1 /* BOOLEAN */:
|
|
775
|
-
cA =
|
|
780
|
+
cA = readBooleanValue(buffer, inner_block);
|
|
776
781
|
break;
|
|
777
782
|
case 2 /* INTEGER */:
|
|
778
|
-
pathLengthConstraint =
|
|
783
|
+
pathLengthConstraint = readIntegerValue(buffer, inner_block);
|
|
779
784
|
breakControl = 1;
|
|
780
785
|
break;
|
|
781
786
|
}
|
|
@@ -808,7 +813,7 @@ function _readGeneralNames(buffer, block) {
|
|
|
808
813
|
}
|
|
809
814
|
const n = {};
|
|
810
815
|
for (const block2 of blocks) {
|
|
811
|
-
(0,
|
|
816
|
+
(0, import_assert3.default)((block2.tag & 128) === 128);
|
|
812
817
|
const t2 = block2.tag & 127;
|
|
813
818
|
const type = _data[t2];
|
|
814
819
|
if (!type) {
|
|
@@ -818,10 +823,10 @@ function _readGeneralNames(buffer, block) {
|
|
|
818
823
|
if (t2 == 32) {
|
|
819
824
|
n[type.name] = n[type.name] || [];
|
|
820
825
|
const blocks2 = readStruct(buffer, block2);
|
|
821
|
-
const name =
|
|
822
|
-
const buf =
|
|
826
|
+
const name = readObjectIdentifier(buffer, blocks2[0]).name;
|
|
827
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
823
828
|
const b = readTag(buf, 0);
|
|
824
|
-
const nn =
|
|
829
|
+
const nn = readValue(buf, b);
|
|
825
830
|
const data = {
|
|
826
831
|
identifier: name,
|
|
827
832
|
value: nn
|
|
@@ -868,7 +873,7 @@ function readKeyUsage(oid, buffer) {
|
|
|
868
873
|
};
|
|
869
874
|
}
|
|
870
875
|
function readExtKeyUsage(oid, buffer) {
|
|
871
|
-
(0,
|
|
876
|
+
(0, import_assert3.default)(oid === "2.5.29.37");
|
|
872
877
|
const block_info = readTag(buffer, 0);
|
|
873
878
|
const inner_blocks = readStruct(buffer, block_info);
|
|
874
879
|
const extKeyUsage = {
|
|
@@ -883,7 +888,7 @@ function readExtKeyUsage(oid, buffer) {
|
|
|
883
888
|
ocspSigning: false
|
|
884
889
|
};
|
|
885
890
|
for (const block of inner_blocks) {
|
|
886
|
-
const identifier =
|
|
891
|
+
const identifier = readObjectIdentifier(buffer, block);
|
|
887
892
|
extKeyUsage[identifier.name] = true;
|
|
888
893
|
}
|
|
889
894
|
return extKeyUsage;
|
|
@@ -895,18 +900,18 @@ function _readSubjectPublicKey(buffer) {
|
|
|
895
900
|
modulus: buffer.subarray(blocks[0].position + 1, blocks[0].position + blocks[0].length)
|
|
896
901
|
};
|
|
897
902
|
}
|
|
898
|
-
function
|
|
903
|
+
function readExtension(buffer, block) {
|
|
899
904
|
const inner_blocks = readStruct(buffer, block);
|
|
900
905
|
if (inner_blocks.length === 3) {
|
|
901
|
-
(0,
|
|
906
|
+
(0, import_assert3.default)(inner_blocks[1].tag === 1 /* BOOLEAN */);
|
|
902
907
|
inner_blocks[1] = inner_blocks[2];
|
|
903
908
|
}
|
|
904
|
-
const identifier =
|
|
905
|
-
const buf =
|
|
909
|
+
const identifier = readObjectIdentifier(buffer, inner_blocks[0]);
|
|
910
|
+
const buf = getBlock(buffer, inner_blocks[1]);
|
|
906
911
|
let value = null;
|
|
907
912
|
switch (identifier.name) {
|
|
908
913
|
case "subjectKeyIdentifier":
|
|
909
|
-
value = formatBuffer2DigitHexWithColum(
|
|
914
|
+
value = formatBuffer2DigitHexWithColum(readOctetString(buffer, inner_blocks[1]));
|
|
910
915
|
break;
|
|
911
916
|
case "subjectAltName":
|
|
912
917
|
value = _readSubjectAltNames(buf);
|
|
@@ -935,10 +940,10 @@ function _readExtension(buffer, block) {
|
|
|
935
940
|
};
|
|
936
941
|
}
|
|
937
942
|
function _readExtensions(buffer, block) {
|
|
938
|
-
(0,
|
|
943
|
+
(0, import_assert3.default)(block.tag === 163);
|
|
939
944
|
let inner_blocks = readStruct(buffer, block);
|
|
940
945
|
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
941
|
-
const extensions = inner_blocks.map((block2) =>
|
|
946
|
+
const extensions = inner_blocks.map((block2) => readExtension(buffer, block2));
|
|
942
947
|
const result = {};
|
|
943
948
|
for (const e of extensions) {
|
|
944
949
|
result[e.identifier.name] = e.value;
|
|
@@ -948,9 +953,9 @@ function _readExtensions(buffer, block) {
|
|
|
948
953
|
function _readSubjectPublicKeyInfo(buffer, block) {
|
|
949
954
|
const inner_blocks = readStruct(buffer, block);
|
|
950
955
|
const algorithm = readAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
951
|
-
const subjectPublicKey =
|
|
956
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
952
957
|
const data = subjectPublicKey.data;
|
|
953
|
-
const values =
|
|
958
|
+
const values = readListOfInteger(data);
|
|
954
959
|
return {
|
|
955
960
|
algorithm: algorithm.identifier,
|
|
956
961
|
keyLength: values[0].length - 1,
|
|
@@ -961,8 +966,8 @@ function _readSubjectPublicKeyInfo(buffer, block) {
|
|
|
961
966
|
}
|
|
962
967
|
function _readSubjectECCPublicKeyInfo(buffer, block) {
|
|
963
968
|
const inner_blocks = readStruct(buffer, block);
|
|
964
|
-
const algorithm =
|
|
965
|
-
const subjectPublicKey =
|
|
969
|
+
const algorithm = readECCAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
970
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
966
971
|
const data = subjectPublicKey.data;
|
|
967
972
|
return {
|
|
968
973
|
algorithm: algorithm.identifier,
|
|
@@ -978,26 +983,26 @@ function readTbsCertificate(buffer, block) {
|
|
|
978
983
|
let subjectPublicKeyInfo;
|
|
979
984
|
if (blocks.length === 6) {
|
|
980
985
|
version = 1;
|
|
981
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
986
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[0]));
|
|
982
987
|
signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
983
988
|
issuer = _readName(buffer, blocks[2]);
|
|
984
989
|
validity = _readValidity(buffer, blocks[3]);
|
|
985
990
|
subject = _readName(buffer, blocks[4]);
|
|
986
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
991
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[4])));
|
|
987
992
|
subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[5]);
|
|
988
993
|
extensions = null;
|
|
989
994
|
} else {
|
|
990
|
-
const version_block =
|
|
995
|
+
const version_block = findBlockAtIndex(blocks, 0);
|
|
991
996
|
if (!version_block) {
|
|
992
997
|
throw new Error("cannot find version block");
|
|
993
998
|
}
|
|
994
|
-
version =
|
|
995
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
999
|
+
version = readVersionValue(buffer, version_block) + 1;
|
|
1000
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[1]));
|
|
996
1001
|
signature = readAlgorithmIdentifier(buffer, blocks[2]);
|
|
997
1002
|
issuer = _readName(buffer, blocks[3]);
|
|
998
1003
|
validity = _readValidity(buffer, blocks[4]);
|
|
999
1004
|
subject = _readName(buffer, blocks[5]);
|
|
1000
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1005
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[5])));
|
|
1001
1006
|
const inner_block = readStruct(buffer, blocks[6]);
|
|
1002
1007
|
const what_type = readAlgorithmIdentifier(buffer, inner_block[0]).identifier;
|
|
1003
1008
|
switch (what_type) {
|
|
@@ -1011,7 +1016,7 @@ function readTbsCertificate(buffer, block) {
|
|
|
1011
1016
|
break;
|
|
1012
1017
|
}
|
|
1013
1018
|
}
|
|
1014
|
-
const extensionBlock =
|
|
1019
|
+
const extensionBlock = findBlockAtIndex(blocks, 3);
|
|
1015
1020
|
if (!extensionBlock) {
|
|
1016
1021
|
doDebug && console.log("X509 certificate is invalid : cannot find extension block version =" + version_block);
|
|
1017
1022
|
extensions = null;
|
|
@@ -1032,7 +1037,7 @@ function readTbsCertificate(buffer, block) {
|
|
|
1032
1037
|
};
|
|
1033
1038
|
}
|
|
1034
1039
|
function exploreCertificate(certificate) {
|
|
1035
|
-
(0,
|
|
1040
|
+
(0, import_assert3.default)(certificate instanceof Buffer);
|
|
1036
1041
|
if (!certificate._exploreCertificate_cache) {
|
|
1037
1042
|
const block_info = readTag(certificate, 0);
|
|
1038
1043
|
const blocks = readStruct(certificate, block_info);
|
|
@@ -1061,10 +1066,10 @@ function combine_der(certificates) {
|
|
|
1061
1066
|
let sum = 0;
|
|
1062
1067
|
b.forEach((block) => {
|
|
1063
1068
|
const block_info = readTag(block, 0);
|
|
1064
|
-
(0,
|
|
1069
|
+
(0, import_assert3.default)(block_info.position + block_info.length === block.length);
|
|
1065
1070
|
sum += block.length;
|
|
1066
1071
|
});
|
|
1067
|
-
(0,
|
|
1072
|
+
(0, import_assert3.default)(sum === cert.length);
|
|
1068
1073
|
}
|
|
1069
1074
|
return Buffer.concat(certificates);
|
|
1070
1075
|
}
|
|
@@ -1086,14 +1091,14 @@ function removeTrailingLF(str) {
|
|
|
1086
1091
|
return tmp;
|
|
1087
1092
|
}
|
|
1088
1093
|
function toPem(raw_key, pem) {
|
|
1089
|
-
(0,
|
|
1090
|
-
(0,
|
|
1094
|
+
(0, import_assert4.default)(raw_key, "expecting a key");
|
|
1095
|
+
(0, import_assert4.default)(typeof pem === "string");
|
|
1091
1096
|
let pemType = identifyPemType(raw_key);
|
|
1092
1097
|
if (pemType) {
|
|
1093
1098
|
return raw_key instanceof Buffer ? removeTrailingLF(raw_key.toString("utf8")) : removeTrailingLF(raw_key);
|
|
1094
1099
|
} else {
|
|
1095
1100
|
pemType = pem;
|
|
1096
|
-
(0,
|
|
1101
|
+
(0, import_assert4.default)(["CERTIFICATE REQUEST", "CERTIFICATE", "RSA PRIVATE KEY", "PUBLIC KEY", "X509 CRL"].indexOf(pemType) >= 0);
|
|
1097
1102
|
let b = raw_key.toString("base64");
|
|
1098
1103
|
let str = "-----BEGIN " + pemType + "-----\n";
|
|
1099
1104
|
while (b.length) {
|
|
@@ -1133,7 +1138,7 @@ function makeMessageChunkSignature(chunk, options) {
|
|
|
1133
1138
|
const signer = (0, import_crypto.createSign)(options.algorithm);
|
|
1134
1139
|
signer.update(chunk);
|
|
1135
1140
|
const signature = signer.sign(options.privateKey.hidden);
|
|
1136
|
-
(0,
|
|
1141
|
+
(0, import_assert4.default)(!options.signatureLength || signature.length === options.signatureLength);
|
|
1137
1142
|
return signature;
|
|
1138
1143
|
}
|
|
1139
1144
|
function verifyMessageChunkSignature(blockToVerify, signature, options) {
|
|
@@ -1151,8 +1156,8 @@ var PaddingAlgorithm = /* @__PURE__ */ ((PaddingAlgorithm2) => {
|
|
|
1151
1156
|
PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_PADDING"] = 1] = "RSA_PKCS1_PADDING";
|
|
1152
1157
|
return PaddingAlgorithm2;
|
|
1153
1158
|
})(PaddingAlgorithm || {});
|
|
1154
|
-
(0,
|
|
1155
|
-
(0,
|
|
1159
|
+
(0, import_assert4.default)(4 /* RSA_PKCS1_OAEP_PADDING */ === import_constants.default.RSA_PKCS1_OAEP_PADDING);
|
|
1160
|
+
(0, import_assert4.default)(1 /* RSA_PKCS1_PADDING */ === import_constants.default.RSA_PKCS1_PADDING);
|
|
1156
1161
|
function publicEncrypt_native(buffer, publicKey, algorithm) {
|
|
1157
1162
|
if (algorithm === void 0) {
|
|
1158
1163
|
algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
|
|
@@ -1229,14 +1234,14 @@ function coerceCertificatePem(certificate) {
|
|
|
1229
1234
|
if (certificate instanceof Buffer) {
|
|
1230
1235
|
certificate = toPem(certificate, "CERTIFICATE");
|
|
1231
1236
|
}
|
|
1232
|
-
(0,
|
|
1237
|
+
(0, import_assert4.default)(typeof certificate === "string");
|
|
1233
1238
|
return certificate;
|
|
1234
1239
|
}
|
|
1235
1240
|
function extractPublicKeyFromCertificateSync(certificate) {
|
|
1236
1241
|
certificate = coerceCertificatePem(certificate);
|
|
1237
1242
|
const key = import_jsrsasign.default.KEYUTIL.getKey(certificate);
|
|
1238
1243
|
const publicKeyAsPem = import_jsrsasign.default.KEYUTIL.getPEM(key);
|
|
1239
|
-
(0,
|
|
1244
|
+
(0, import_assert4.default)(typeof publicKeyAsPem === "string");
|
|
1240
1245
|
return publicKeyAsPem;
|
|
1241
1246
|
}
|
|
1242
1247
|
function extractPublicKeyFromCertificate(certificate, callback) {
|
|
@@ -1372,7 +1377,7 @@ var CertificatePurpose = /* @__PURE__ */ ((CertificatePurpose2) => {
|
|
|
1372
1377
|
})(CertificatePurpose || {});
|
|
1373
1378
|
|
|
1374
1379
|
// source/crypto_utils2.ts
|
|
1375
|
-
var
|
|
1380
|
+
var import_assert5 = __toESM(require("assert"));
|
|
1376
1381
|
var import_jsrsasign2 = __toESM(require("jsrsasign"));
|
|
1377
1382
|
function rsaLengthPrivateKey(key) {
|
|
1378
1383
|
const keyPem = typeof key.hidden === "string" ? key.hidden : key.hidden.export({ type: "pkcs1", format: "pem" }).toString();
|
|
@@ -1383,8 +1388,8 @@ function toPem2(raw_key, pem) {
|
|
|
1383
1388
|
if (raw_key.hidden) {
|
|
1384
1389
|
return toPem2(raw_key.hidden, pem);
|
|
1385
1390
|
}
|
|
1386
|
-
(0,
|
|
1387
|
-
(0,
|
|
1391
|
+
(0, import_assert5.default)(raw_key, "expecting a key");
|
|
1392
|
+
(0, import_assert5.default)(typeof pem === "string");
|
|
1388
1393
|
if (isKeyObject(raw_key)) {
|
|
1389
1394
|
const _raw_key = raw_key;
|
|
1390
1395
|
if (pem === "RSA PRIVATE KEY") {
|
|
@@ -1404,40 +1409,40 @@ function coercePublicKeyPem(publicKey) {
|
|
|
1404
1409
|
if (isKeyObject(publicKey)) {
|
|
1405
1410
|
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1406
1411
|
}
|
|
1407
|
-
(0,
|
|
1412
|
+
(0, import_assert5.default)(typeof publicKey === "string");
|
|
1408
1413
|
return publicKey;
|
|
1409
1414
|
}
|
|
1410
1415
|
function coerceRsaPublicKeyPem(publicKey) {
|
|
1411
1416
|
if (isKeyObject(publicKey)) {
|
|
1412
1417
|
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1413
1418
|
}
|
|
1414
|
-
(0,
|
|
1419
|
+
(0, import_assert5.default)(typeof publicKey === "string");
|
|
1415
1420
|
return publicKey;
|
|
1416
1421
|
}
|
|
1417
1422
|
function rsaLengthPublicKey(key) {
|
|
1418
1423
|
key = coercePublicKeyPem(key);
|
|
1419
|
-
(0,
|
|
1424
|
+
(0, import_assert5.default)(typeof key === "string");
|
|
1420
1425
|
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1421
1426
|
return a.n.toString(16).length / 2;
|
|
1422
1427
|
}
|
|
1423
1428
|
function rsaLengthRsaPublicKey(key) {
|
|
1424
1429
|
key = coerceRsaPublicKeyPem(key);
|
|
1425
|
-
(0,
|
|
1430
|
+
(0, import_assert5.default)(typeof key === "string");
|
|
1426
1431
|
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1427
1432
|
return a.n.toString(16).length / 2;
|
|
1428
1433
|
}
|
|
1429
1434
|
|
|
1430
1435
|
// source/derived_keys.ts
|
|
1431
|
-
var
|
|
1436
|
+
var import_assert7 = __toESM(require("assert"));
|
|
1432
1437
|
var import_crypto3 = require("crypto");
|
|
1433
1438
|
|
|
1434
1439
|
// source/explore_certificate.ts
|
|
1435
|
-
var
|
|
1440
|
+
var import_assert6 = __toESM(require("assert"));
|
|
1436
1441
|
function coerceCertificate(certificate) {
|
|
1437
1442
|
if (typeof certificate === "string") {
|
|
1438
1443
|
certificate = convertPEMtoDER(certificate);
|
|
1439
1444
|
}
|
|
1440
|
-
(0,
|
|
1445
|
+
(0, import_assert6.default)(certificate instanceof Buffer);
|
|
1441
1446
|
return certificate;
|
|
1442
1447
|
}
|
|
1443
1448
|
function exploreCertificateInfo(certificate) {
|
|
@@ -1464,8 +1469,8 @@ function plus(buf1, buf2) {
|
|
|
1464
1469
|
return Buffer.concat([buf1, buf2]);
|
|
1465
1470
|
}
|
|
1466
1471
|
function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
1467
|
-
(0,
|
|
1468
|
-
(0,
|
|
1472
|
+
(0, import_assert7.default)(seed instanceof Buffer);
|
|
1473
|
+
(0, import_assert7.default)(sha1or256 === "SHA1" || sha1or256 === "SHA256");
|
|
1469
1474
|
const a = [];
|
|
1470
1475
|
a[0] = seed;
|
|
1471
1476
|
let index = 1;
|
|
@@ -1478,12 +1483,12 @@ function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
|
1478
1483
|
return p_hash.subarray(0, minLength);
|
|
1479
1484
|
}
|
|
1480
1485
|
function computeDerivedKeys(secret, seed, options) {
|
|
1481
|
-
(0,
|
|
1482
|
-
(0,
|
|
1483
|
-
(0,
|
|
1484
|
-
(0,
|
|
1486
|
+
(0, import_assert7.default)(Number.isFinite(options.signatureLength));
|
|
1487
|
+
(0, import_assert7.default)(Number.isFinite(options.encryptingKeyLength));
|
|
1488
|
+
(0, import_assert7.default)(Number.isFinite(options.encryptingBlockSize));
|
|
1489
|
+
(0, import_assert7.default)(typeof options.algorithm === "string");
|
|
1485
1490
|
options.sha1or256 = options.sha1or256 || "SHA1";
|
|
1486
|
-
(0,
|
|
1491
|
+
(0, import_assert7.default)(typeof options.sha1or256 === "string");
|
|
1487
1492
|
const offset1 = options.signingKeyLength;
|
|
1488
1493
|
const offset2 = offset1 + options.encryptingKeyLength;
|
|
1489
1494
|
const minLength = offset2 + options.encryptingBlockSize;
|
|
@@ -1508,7 +1513,7 @@ function removePadding(buffer) {
|
|
|
1508
1513
|
return reduceLength(buffer, nbPaddingBytes);
|
|
1509
1514
|
}
|
|
1510
1515
|
function verifyChunkSignature(chunk, options) {
|
|
1511
|
-
(0,
|
|
1516
|
+
(0, import_assert7.default)(chunk instanceof Buffer);
|
|
1512
1517
|
let signatureLength = options.signatureLength || 0;
|
|
1513
1518
|
if (signatureLength === 0) {
|
|
1514
1519
|
const cert = exploreCertificateInfo(options.publicKey);
|
|
@@ -1519,16 +1524,16 @@ function verifyChunkSignature(chunk, options) {
|
|
|
1519
1524
|
return verifyMessageChunkSignature(block_to_verify, signature, options);
|
|
1520
1525
|
}
|
|
1521
1526
|
function computePaddingFooter(buffer, derivedKeys) {
|
|
1522
|
-
(0,
|
|
1527
|
+
(0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "encryptingBlockSize"));
|
|
1523
1528
|
const paddingSize = derivedKeys.encryptingBlockSize - (buffer.length + 1) % derivedKeys.encryptingBlockSize;
|
|
1524
1529
|
const padding = createFastUninitializedBuffer(paddingSize + 1);
|
|
1525
1530
|
padding.fill(paddingSize);
|
|
1526
1531
|
return padding;
|
|
1527
1532
|
}
|
|
1528
1533
|
function derivedKeys_algorithm(derivedKeys) {
|
|
1529
|
-
(0,
|
|
1534
|
+
(0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "algorithm"));
|
|
1530
1535
|
const algorithm = derivedKeys.algorithm || "aes-128-cbc";
|
|
1531
|
-
(0,
|
|
1536
|
+
(0, import_assert7.default)(algorithm === "aes-128-cbc" || algorithm === "aes-256-cbc");
|
|
1532
1537
|
return algorithm;
|
|
1533
1538
|
}
|
|
1534
1539
|
function encryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
@@ -1554,12 +1559,12 @@ function decryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
|
1554
1559
|
return Buffer.concat(decrypted_chunks);
|
|
1555
1560
|
}
|
|
1556
1561
|
function makeMessageChunkSignatureWithDerivedKeys(message, derivedKeys) {
|
|
1557
|
-
(0,
|
|
1558
|
-
(0,
|
|
1559
|
-
(0,
|
|
1560
|
-
(0,
|
|
1562
|
+
(0, import_assert7.default)(message instanceof Buffer);
|
|
1563
|
+
(0, import_assert7.default)(derivedKeys.signingKey instanceof Buffer);
|
|
1564
|
+
(0, import_assert7.default)(typeof derivedKeys.sha1or256 === "string");
|
|
1565
|
+
(0, import_assert7.default)(derivedKeys.sha1or256 === "SHA1" || derivedKeys.sha1or256 === "SHA256");
|
|
1561
1566
|
const signature = (0, import_crypto3.createHmac)(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
|
|
1562
|
-
(0,
|
|
1567
|
+
(0, import_assert7.default)(signature.length === derivedKeys.signatureLength);
|
|
1563
1568
|
return signature;
|
|
1564
1569
|
}
|
|
1565
1570
|
function verifyChunkSignatureWithDerivedKeys(chunk, derivedKeys) {
|
|
@@ -1598,46 +1603,46 @@ function exploreAsn1(buffer) {
|
|
|
1598
1603
|
|
|
1599
1604
|
// source/explore_certificate_revocation_list.ts
|
|
1600
1605
|
function readNameForCrl(buffer, block) {
|
|
1601
|
-
return
|
|
1606
|
+
return readDirectoryName(buffer, block);
|
|
1602
1607
|
}
|
|
1603
1608
|
function _readTbsCertList(buffer, blockInfo) {
|
|
1604
1609
|
const blocks = readStruct(buffer, blockInfo);
|
|
1605
1610
|
const hasOptionalVersion = blocks[0].tag === 2 /* INTEGER */;
|
|
1606
1611
|
if (hasOptionalVersion) {
|
|
1607
|
-
const version =
|
|
1612
|
+
const version = readIntegerValue(buffer, blocks[0]);
|
|
1608
1613
|
const signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
1609
1614
|
const issuer = readNameForCrl(buffer, blocks[2]);
|
|
1610
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1611
|
-
const thisUpdate =
|
|
1612
|
-
const nextUpdate =
|
|
1615
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[2])));
|
|
1616
|
+
const thisUpdate = readTime(buffer, blocks[3]);
|
|
1617
|
+
const nextUpdate = readTime(buffer, blocks[4]);
|
|
1613
1618
|
const revokedCertificates = [];
|
|
1614
1619
|
if (blocks[5] && blocks[5].tag < 128) {
|
|
1615
1620
|
const list = readStruct(buffer, blocks[5]);
|
|
1616
1621
|
for (const r of list) {
|
|
1617
1622
|
const rr = readStruct(buffer, r);
|
|
1618
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1619
|
-
const revocationDate =
|
|
1623
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1624
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1620
1625
|
revokedCertificates.push({
|
|
1621
1626
|
revocationDate,
|
|
1622
1627
|
userCertificate
|
|
1623
1628
|
});
|
|
1624
1629
|
}
|
|
1625
1630
|
}
|
|
1626
|
-
const ext0 =
|
|
1631
|
+
const ext0 = findBlockAtIndex(blocks, 0);
|
|
1627
1632
|
return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
|
|
1628
1633
|
} else {
|
|
1629
1634
|
const signature = readAlgorithmIdentifier(buffer, blocks[0]);
|
|
1630
1635
|
const issuer = readNameForCrl(buffer, blocks[1]);
|
|
1631
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1632
|
-
const thisUpdate =
|
|
1633
|
-
const nextUpdate =
|
|
1636
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[1])));
|
|
1637
|
+
const thisUpdate = readTime(buffer, blocks[2]);
|
|
1638
|
+
const nextUpdate = readTime(buffer, blocks[3]);
|
|
1634
1639
|
const revokedCertificates = [];
|
|
1635
1640
|
if (blocks[4] && blocks[4].tag < 128) {
|
|
1636
1641
|
const list = readStruct(buffer, blocks[4]);
|
|
1637
1642
|
for (const r of list) {
|
|
1638
1643
|
const rr = readStruct(buffer, r);
|
|
1639
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1640
|
-
const revocationDate =
|
|
1644
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1645
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1641
1646
|
revokedCertificates.push({
|
|
1642
1647
|
revocationDate,
|
|
1643
1648
|
userCertificate
|
|
@@ -1660,7 +1665,7 @@ function exploreCertificateRevocationList(crl) {
|
|
|
1660
1665
|
function _readExtensionRequest(buffer) {
|
|
1661
1666
|
const block = readTag(buffer, 0);
|
|
1662
1667
|
const inner_blocks = readStruct(buffer, block);
|
|
1663
|
-
const extensions = inner_blocks.map((block1) =>
|
|
1668
|
+
const extensions = inner_blocks.map((block1) => readExtension(buffer, block1));
|
|
1664
1669
|
const result = {};
|
|
1665
1670
|
for (const e of extensions) {
|
|
1666
1671
|
result[e.identifier.name] = e.value;
|
|
@@ -1671,17 +1676,17 @@ function _readExtensionRequest(buffer) {
|
|
|
1671
1676
|
function readCertificationRequestInfo(buffer, block) {
|
|
1672
1677
|
const blocks = readStruct(buffer, block);
|
|
1673
1678
|
if (blocks.length === 4) {
|
|
1674
|
-
const extensionRequestBlock =
|
|
1679
|
+
const extensionRequestBlock = findBlockAtIndex(blocks, 0);
|
|
1675
1680
|
if (!extensionRequestBlock) {
|
|
1676
1681
|
throw new Error("cannot find extensionRequest block");
|
|
1677
1682
|
}
|
|
1678
1683
|
const blocks1 = readStruct(buffer, extensionRequestBlock);
|
|
1679
1684
|
const blocks2 = readStruct(buffer, blocks1[0]);
|
|
1680
|
-
const identifier =
|
|
1685
|
+
const identifier = readObjectIdentifier(buffer, blocks2[0]);
|
|
1681
1686
|
if (identifier.name !== "extensionRequest") {
|
|
1682
1687
|
throw new Error(" Cannot find extension Request in ASN1 block");
|
|
1683
1688
|
}
|
|
1684
|
-
const buf =
|
|
1689
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
1685
1690
|
const extensionRequest = _readExtensionRequest(buf);
|
|
1686
1691
|
return { extensionRequest };
|
|
1687
1692
|
}
|
|
@@ -6225,8 +6230,8 @@ async function createSelfSignedCertificate({
|
|
|
6225
6230
|
return { cert: cert.toString("pem"), der: cert };
|
|
6226
6231
|
}
|
|
6227
6232
|
|
|
6228
|
-
// source/
|
|
6229
|
-
var asn1 = { readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin };
|
|
6233
|
+
// source/index_web.ts
|
|
6234
|
+
var asn1 = { readDirectoryName, readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin };
|
|
6230
6235
|
// Annotate the CommonJS export names for ESM import in node:
|
|
6231
6236
|
0 && (module.exports = {
|
|
6232
6237
|
CertificatePurpose,
|
|
@@ -6235,7 +6240,6 @@ var asn1 = { readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin
|
|
|
6235
6240
|
RSA_PKCS1_PADDING,
|
|
6236
6241
|
Subject,
|
|
6237
6242
|
_coercePrivateKey,
|
|
6238
|
-
_readExtension,
|
|
6239
6243
|
asn1,
|
|
6240
6244
|
certificateMatchesPrivateKey,
|
|
6241
6245
|
coerceCertificate,
|
|
@@ -6283,6 +6287,7 @@ var asn1 = { readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin
|
|
|
6283
6287
|
publicEncrypt_native,
|
|
6284
6288
|
publicKeyAndPrivateKeyMatches,
|
|
6285
6289
|
readCertificationRequestInfo,
|
|
6290
|
+
readExtension,
|
|
6286
6291
|
readNameForCrl,
|
|
6287
6292
|
readTbsCertificate,
|
|
6288
6293
|
reduceLength,
|