node-opcua-crypto 4.11.0 → 4.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -20
- package/dist/{chunk-UH5AT3JE.mjs → chunk-C4C76C7T.mjs} +4 -4
- package/dist/chunk-C4C76C7T.mjs.map +1 -0
- package/dist/{chunk-2RCYFHGG.mjs → chunk-F5EAPW2U.mjs} +187 -182
- package/dist/chunk-F5EAPW2U.mjs.map +1 -0
- package/dist/chunk-RQA4DO2Z.mjs +1 -0
- package/dist/chunk-RQA4DO2Z.mjs.map +1 -0
- package/dist/index.d.mts +1 -2
- package/dist/index.d.ts +1 -2
- package/dist/index.js +181 -176
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +6 -7
- package/dist/source/index.d.mts +1 -15
- package/dist/source/index.d.ts +1 -15
- package/dist/source/index.js +176 -171
- package/dist/source/index.js.map +1 -1
- package/dist/source/index.mjs +5 -6
- package/dist/source/index_web.d.mts +518 -4
- package/dist/source/index_web.d.ts +518 -4
- package/dist/source/index_web.js +187 -177
- package/dist/source/index_web.js.map +1 -1
- package/dist/source/index_web.mjs +5 -3
- package/dist/source_nodejs/index.js +22 -19
- package/dist/source_nodejs/index.js.map +1 -1
- package/dist/source_nodejs/index.mjs +3 -3
- package/package.json +4 -4
- package/dist/chunk-2RCYFHGG.mjs.map +0 -1
- package/dist/chunk-C7PROBPE.mjs +0 -14
- package/dist/chunk-C7PROBPE.mjs.map +0 -1
- package/dist/chunk-UH5AT3JE.mjs.map +0 -1
- package/dist/index_web-C5Oeu9mq.d.mts +0 -503
- package/dist/index_web-D1qc4UN2.d.ts +0 -503
package/dist/source/index_web.js
CHANGED
|
@@ -36,7 +36,7 @@ __export(index_web_exports, {
|
|
|
36
36
|
RSA_PKCS1_PADDING: () => RSA_PKCS1_PADDING,
|
|
37
37
|
Subject: () => Subject,
|
|
38
38
|
_coercePrivateKey: () => _coercePrivateKey,
|
|
39
|
-
|
|
39
|
+
asn1: () => asn1,
|
|
40
40
|
certificateMatchesPrivateKey: () => certificateMatchesPrivateKey,
|
|
41
41
|
coerceCertificate: () => coerceCertificate,
|
|
42
42
|
coerceCertificatePem: () => coerceCertificatePem,
|
|
@@ -83,6 +83,7 @@ __export(index_web_exports, {
|
|
|
83
83
|
publicEncrypt_native: () => publicEncrypt_native,
|
|
84
84
|
publicKeyAndPrivateKeyMatches: () => publicKeyAndPrivateKeyMatches,
|
|
85
85
|
readCertificationRequestInfo: () => readCertificationRequestInfo,
|
|
86
|
+
readExtension: () => readExtension,
|
|
86
87
|
readNameForCrl: () => readNameForCrl,
|
|
87
88
|
readTbsCertificate: () => readTbsCertificate,
|
|
88
89
|
reduceLength: () => reduceLength,
|
|
@@ -410,33 +411,33 @@ var oid_map = {
|
|
|
410
411
|
};
|
|
411
412
|
|
|
412
413
|
// source/asn1.ts
|
|
413
|
-
var TagType = /* @__PURE__ */ ((
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
return
|
|
414
|
+
var TagType = /* @__PURE__ */ ((TagType2) => {
|
|
415
|
+
TagType2[TagType2["BOOLEAN"] = 1] = "BOOLEAN";
|
|
416
|
+
TagType2[TagType2["INTEGER"] = 2] = "INTEGER";
|
|
417
|
+
TagType2[TagType2["BIT_STRING"] = 3] = "BIT_STRING";
|
|
418
|
+
TagType2[TagType2["OCTET_STRING"] = 4] = "OCTET_STRING";
|
|
419
|
+
TagType2[TagType2["NULL"] = 5] = "NULL";
|
|
420
|
+
TagType2[TagType2["OBJECT_IDENTIFIER"] = 6] = "OBJECT_IDENTIFIER";
|
|
421
|
+
TagType2[TagType2["UTF8String"] = 12] = "UTF8String";
|
|
422
|
+
TagType2[TagType2["NumericString"] = 18] = "NumericString";
|
|
423
|
+
TagType2[TagType2["PrintableString"] = 19] = "PrintableString";
|
|
424
|
+
TagType2[TagType2["TeletexString"] = 20] = "TeletexString";
|
|
425
|
+
TagType2[TagType2["IA5String"] = 22] = "IA5String";
|
|
426
|
+
TagType2[TagType2["UTCTime"] = 23] = "UTCTime";
|
|
427
|
+
TagType2[TagType2["GeneralizedTime"] = 24] = "GeneralizedTime";
|
|
428
|
+
TagType2[TagType2["GraphicString"] = 25] = "GraphicString";
|
|
429
|
+
TagType2[TagType2["VisibleString"] = 26] = "VisibleString";
|
|
430
|
+
TagType2[TagType2["GeneralString"] = 27] = "GeneralString";
|
|
431
|
+
TagType2[TagType2["UniversalString"] = 28] = "UniversalString";
|
|
432
|
+
TagType2[TagType2["BMPString"] = 30] = "BMPString";
|
|
433
|
+
TagType2[TagType2["SEQUENCE"] = 48] = "SEQUENCE";
|
|
434
|
+
TagType2[TagType2["SET"] = 49] = "SET";
|
|
435
|
+
TagType2[TagType2["CONTEXT_SPECIFIC0"] = 160] = "CONTEXT_SPECIFIC0";
|
|
436
|
+
TagType2[TagType2["CONTEXT_SPECIFIC1"] = 161] = "CONTEXT_SPECIFIC1";
|
|
437
|
+
TagType2[TagType2["CONTEXT_SPECIFIC2"] = 162] = "CONTEXT_SPECIFIC2";
|
|
438
|
+
TagType2[TagType2["CONTEXT_SPECIFIC3"] = 163] = "CONTEXT_SPECIFIC3";
|
|
439
|
+
TagType2[TagType2["A4"] = 164] = "A4";
|
|
440
|
+
return TagType2;
|
|
440
441
|
})(TagType || {});
|
|
441
442
|
function readTag(buf, pos) {
|
|
442
443
|
const start = pos;
|
|
@@ -482,9 +483,9 @@ function parseBitString(buffer, start, end, maxLength) {
|
|
|
482
483
|
}
|
|
483
484
|
return intro + s;
|
|
484
485
|
}
|
|
485
|
-
function
|
|
486
|
+
function readBitString(buffer, block) {
|
|
486
487
|
(0, import_assert.default)(block.tag === 3 /* BIT_STRING */);
|
|
487
|
-
const data =
|
|
488
|
+
const data = getBlock(buffer, block);
|
|
488
489
|
const ignore_bits = data.readUInt8(0);
|
|
489
490
|
return {
|
|
490
491
|
lengthInBits: data.length * 8 - ignore_bits,
|
|
@@ -500,7 +501,7 @@ function formatBuffer2DigitHexWithColum(buffer) {
|
|
|
500
501
|
}
|
|
501
502
|
return value.join(":").toUpperCase().replace(/^(00:)*/, "");
|
|
502
503
|
}
|
|
503
|
-
function
|
|
504
|
+
function readOctetString(buffer, block) {
|
|
504
505
|
(0, import_assert.default)(block.tag === 4 /* OCTET_STRING */);
|
|
505
506
|
const tag = readTag(buffer, block.position);
|
|
506
507
|
(0, import_assert.default)(tag.tag === 4 /* OCTET_STRING */);
|
|
@@ -509,19 +510,19 @@ function _readOctetString(buffer, block) {
|
|
|
509
510
|
const b = buffer.subarray(pos, pos + nbBytes);
|
|
510
511
|
return b;
|
|
511
512
|
}
|
|
512
|
-
function
|
|
513
|
+
function getBlock(buffer, block) {
|
|
513
514
|
const start = block.position;
|
|
514
515
|
const end = block.position + block.length;
|
|
515
516
|
return buffer.subarray(start, end);
|
|
516
517
|
}
|
|
517
|
-
function
|
|
518
|
-
return
|
|
518
|
+
function readIntegerAsByteString(buffer, block) {
|
|
519
|
+
return getBlock(buffer, block);
|
|
519
520
|
}
|
|
520
|
-
function
|
|
521
|
+
function readListOfInteger(buffer) {
|
|
521
522
|
const block = readTag(buffer, 0);
|
|
522
523
|
const inner_blocks = readStruct(buffer, block);
|
|
523
524
|
return inner_blocks.map((innerBlock) => {
|
|
524
|
-
return
|
|
525
|
+
return readIntegerAsByteString(buffer, innerBlock);
|
|
525
526
|
});
|
|
526
527
|
}
|
|
527
528
|
function parseOID(buffer, start, end) {
|
|
@@ -544,7 +545,7 @@ function parseOID(buffer, start, end) {
|
|
|
544
545
|
(0, import_assert.default)(bits === 0);
|
|
545
546
|
return s;
|
|
546
547
|
}
|
|
547
|
-
function
|
|
548
|
+
function readObjectIdentifier(buffer, block) {
|
|
548
549
|
(0, import_assert.default)(block.tag === 6 /* OBJECT_IDENTIFIER */);
|
|
549
550
|
const b = buffer.subarray(block.position, block.position + block.length);
|
|
550
551
|
const oid = parseOID(b, 0, block.length);
|
|
@@ -556,30 +557,30 @@ function _readObjectIdentifier(buffer, block) {
|
|
|
556
557
|
function readAlgorithmIdentifier(buffer, block) {
|
|
557
558
|
const inner_blocks = readStruct(buffer, block);
|
|
558
559
|
return {
|
|
559
|
-
identifier:
|
|
560
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name
|
|
560
561
|
};
|
|
561
562
|
}
|
|
562
|
-
function
|
|
563
|
+
function readECCAlgorithmIdentifier(buffer, block) {
|
|
563
564
|
const inner_blocks = readStruct(buffer, block);
|
|
564
565
|
return {
|
|
565
|
-
identifier:
|
|
566
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[1]).name
|
|
566
567
|
// difference with RSA as algorithm is second element of nested block
|
|
567
568
|
};
|
|
568
569
|
}
|
|
569
570
|
function readSignatureValueBin(buffer, block) {
|
|
570
|
-
return
|
|
571
|
+
return readBitString(buffer, block).data;
|
|
571
572
|
}
|
|
572
573
|
function readSignatureValue(buffer, block) {
|
|
573
574
|
return readSignatureValueBin(buffer, block).toString("hex");
|
|
574
575
|
}
|
|
575
|
-
function
|
|
576
|
+
function readLongIntegerValue(buffer, block) {
|
|
576
577
|
(0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
577
578
|
const pos = block.position;
|
|
578
579
|
const nbBytes = block.length;
|
|
579
580
|
const buf = buffer.subarray(pos, pos + nbBytes);
|
|
580
581
|
return buf;
|
|
581
582
|
}
|
|
582
|
-
function
|
|
583
|
+
function readIntegerValue(buffer, block) {
|
|
583
584
|
(0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
|
|
584
585
|
let pos = block.position;
|
|
585
586
|
const nbBytes = block.length;
|
|
@@ -591,7 +592,7 @@ function _readIntegerValue(buffer, block) {
|
|
|
591
592
|
}
|
|
592
593
|
return value;
|
|
593
594
|
}
|
|
594
|
-
function
|
|
595
|
+
function readBooleanValue(buffer, block) {
|
|
595
596
|
(0, import_assert.default)(block.tag === 1 /* BOOLEAN */, "expecting a BOOLEAN tag. got " + TagType[block.tag]);
|
|
596
597
|
const pos = block.position;
|
|
597
598
|
const nbBytes = block.length;
|
|
@@ -599,9 +600,9 @@ function _readBooleanValue(buffer, block) {
|
|
|
599
600
|
const value = buffer.readUInt8(pos) ? true : false;
|
|
600
601
|
return value;
|
|
601
602
|
}
|
|
602
|
-
function
|
|
603
|
+
function readVersionValue(buffer, block) {
|
|
603
604
|
block = readTag(buffer, block.position);
|
|
604
|
-
return
|
|
605
|
+
return readIntegerValue(buffer, block);
|
|
605
606
|
}
|
|
606
607
|
function convertGeneralizedTime(str) {
|
|
607
608
|
const year = parseInt(str.substr(0, 4), 10);
|
|
@@ -613,7 +614,7 @@ function convertGeneralizedTime(str) {
|
|
|
613
614
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
614
615
|
}
|
|
615
616
|
function _readBMPString(buffer, block) {
|
|
616
|
-
const strBuff =
|
|
617
|
+
const strBuff = getBlock(buffer, block);
|
|
617
618
|
let str = "";
|
|
618
619
|
for (let i = 0; i < strBuff.length; i += 2) {
|
|
619
620
|
const word = strBuff.readUInt16BE(i);
|
|
@@ -631,10 +632,10 @@ function convertUTCTime(str) {
|
|
|
631
632
|
year += year >= 50 ? 1900 : 2e3;
|
|
632
633
|
return new Date(Date.UTC(year, month, day, hours, mins, secs));
|
|
633
634
|
}
|
|
634
|
-
function
|
|
635
|
+
function readValue(buffer, block) {
|
|
635
636
|
switch (block.tag) {
|
|
636
637
|
case 1 /* BOOLEAN */:
|
|
637
|
-
return
|
|
638
|
+
return readBooleanValue(buffer, block);
|
|
638
639
|
case 30 /* BMPString */:
|
|
639
640
|
return _readBMPString(buffer, block);
|
|
640
641
|
case 19 /* PrintableString */:
|
|
@@ -642,44 +643,29 @@ function _readValue(buffer, block) {
|
|
|
642
643
|
case 12 /* UTF8String */:
|
|
643
644
|
case 18 /* NumericString */:
|
|
644
645
|
case 22 /* IA5String */:
|
|
645
|
-
return
|
|
646
|
+
return getBlock(buffer, block).toString("ascii");
|
|
646
647
|
case 23 /* UTCTime */:
|
|
647
|
-
return convertUTCTime(
|
|
648
|
+
return convertUTCTime(getBlock(buffer, block).toString("ascii"));
|
|
648
649
|
case 24 /* GeneralizedTime */:
|
|
649
|
-
return convertGeneralizedTime(
|
|
650
|
+
return convertGeneralizedTime(getBlock(buffer, block).toString("ascii"));
|
|
650
651
|
default:
|
|
651
652
|
throw new Error("Invalid tag 0x" + block.tag.toString(16));
|
|
652
653
|
}
|
|
653
654
|
}
|
|
654
|
-
function
|
|
655
|
-
const set_blocks = readStruct(buffer, block);
|
|
656
|
-
const names = {};
|
|
657
|
-
for (const set_block of set_blocks) {
|
|
658
|
-
(0, import_assert.default)(set_block.tag === 49);
|
|
659
|
-
const blocks = readStruct(buffer, set_block);
|
|
660
|
-
(0, import_assert.default)(blocks.length === 1);
|
|
661
|
-
(0, import_assert.default)(blocks[0].tag === 48);
|
|
662
|
-
const sequenceBlock = readStruct(buffer, blocks[0]);
|
|
663
|
-
(0, import_assert.default)(sequenceBlock.length === 2);
|
|
664
|
-
const type = _readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
665
|
-
names[type.name] = _readValue(buffer, sequenceBlock[1]);
|
|
666
|
-
}
|
|
667
|
-
return names;
|
|
668
|
-
}
|
|
669
|
-
function _findBlockAtIndex(blocks, index) {
|
|
655
|
+
function findBlockAtIndex(blocks, index) {
|
|
670
656
|
const tmp = blocks.filter((b) => b.tag === 160 + index || b.tag === 128 + index);
|
|
671
657
|
if (tmp.length === 0) {
|
|
672
658
|
return null;
|
|
673
659
|
}
|
|
674
660
|
return tmp[0];
|
|
675
661
|
}
|
|
676
|
-
function
|
|
677
|
-
return
|
|
662
|
+
function readTime(buffer, block) {
|
|
663
|
+
return readValue(buffer, block);
|
|
678
664
|
}
|
|
679
665
|
|
|
680
666
|
// source/crypto_utils.ts
|
|
681
667
|
var import_constants = __toESM(require("constants"));
|
|
682
|
-
var
|
|
668
|
+
var import_assert4 = __toESM(require("assert"));
|
|
683
669
|
var import_crypto = require("crypto");
|
|
684
670
|
var import_hexy = __toESM(require("hexy"));
|
|
685
671
|
|
|
@@ -689,14 +675,34 @@ var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (s
|
|
|
689
675
|
};
|
|
690
676
|
|
|
691
677
|
// source/crypto_explore_certificate.ts
|
|
678
|
+
var import_assert3 = __toESM(require("assert"));
|
|
679
|
+
|
|
680
|
+
// source/directory_name.ts
|
|
692
681
|
var import_assert2 = __toESM(require("assert"));
|
|
682
|
+
function readDirectoryName(buffer, block) {
|
|
683
|
+
const set_blocks = readStruct(buffer, block);
|
|
684
|
+
const names = {};
|
|
685
|
+
for (const set_block of set_blocks) {
|
|
686
|
+
(0, import_assert2.default)(set_block.tag === 49);
|
|
687
|
+
const blocks = readStruct(buffer, set_block);
|
|
688
|
+
(0, import_assert2.default)(blocks.length === 1);
|
|
689
|
+
(0, import_assert2.default)(blocks[0].tag === 48);
|
|
690
|
+
const sequenceBlock = readStruct(buffer, blocks[0]);
|
|
691
|
+
(0, import_assert2.default)(sequenceBlock.length === 2);
|
|
692
|
+
const type = readObjectIdentifier(buffer, sequenceBlock[0]);
|
|
693
|
+
names[type.name] = readValue(buffer, sequenceBlock[1]);
|
|
694
|
+
}
|
|
695
|
+
return names;
|
|
696
|
+
}
|
|
697
|
+
|
|
698
|
+
// source/crypto_explore_certificate.ts
|
|
693
699
|
var doDebug = false;
|
|
694
700
|
function _readAttributeTypeAndValue(buffer, block) {
|
|
695
701
|
let inner_blocks = readStruct(buffer, block);
|
|
696
702
|
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
697
703
|
const data = {
|
|
698
|
-
identifier:
|
|
699
|
-
value:
|
|
704
|
+
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name,
|
|
705
|
+
value: readValue(buffer, inner_blocks[1])
|
|
700
706
|
};
|
|
701
707
|
const result = {};
|
|
702
708
|
for (const [key, value] of Object.entries(data)) {
|
|
@@ -719,29 +725,29 @@ function _readName(buffer, block) {
|
|
|
719
725
|
function _readValidity(buffer, block) {
|
|
720
726
|
const inner_blocks = readStruct(buffer, block);
|
|
721
727
|
return {
|
|
722
|
-
notBefore:
|
|
723
|
-
notAfter:
|
|
728
|
+
notBefore: readTime(buffer, inner_blocks[0]),
|
|
729
|
+
notAfter: readTime(buffer, inner_blocks[1])
|
|
724
730
|
};
|
|
725
731
|
}
|
|
726
732
|
function _readAuthorityKeyIdentifier(buffer) {
|
|
727
733
|
const block_info = readTag(buffer, 0);
|
|
728
734
|
const blocks = readStruct(buffer, block_info);
|
|
729
|
-
const keyIdentifier_block =
|
|
730
|
-
const authorityCertIssuer_block =
|
|
731
|
-
const authorityCertSerialNumber_block =
|
|
735
|
+
const keyIdentifier_block = findBlockAtIndex(blocks, 0);
|
|
736
|
+
const authorityCertIssuer_block = findBlockAtIndex(blocks, 1);
|
|
737
|
+
const authorityCertSerialNumber_block = findBlockAtIndex(blocks, 2);
|
|
732
738
|
function _readAuthorityCertIssuer(block) {
|
|
733
739
|
const inner_blocks = readStruct(buffer, block);
|
|
734
|
-
const directoryName_block =
|
|
740
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
735
741
|
if (directoryName_block) {
|
|
736
742
|
const a = readStruct(buffer, directoryName_block);
|
|
737
|
-
return
|
|
743
|
+
return readDirectoryName(buffer, a[0]);
|
|
738
744
|
} else {
|
|
739
745
|
throw new Error("Invalid _readAuthorityCertIssuer");
|
|
740
746
|
}
|
|
741
747
|
}
|
|
742
748
|
function _readAuthorityCertIssuerFingerPrint(block) {
|
|
743
749
|
const inner_blocks = readStruct(buffer, block);
|
|
744
|
-
const directoryName_block =
|
|
750
|
+
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
|
|
745
751
|
if (!directoryName_block) {
|
|
746
752
|
return "";
|
|
747
753
|
}
|
|
@@ -749,16 +755,16 @@ function _readAuthorityKeyIdentifier(buffer) {
|
|
|
749
755
|
if (a.length < 1) {
|
|
750
756
|
return "";
|
|
751
757
|
}
|
|
752
|
-
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
758
|
+
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, a[0]))) : "";
|
|
753
759
|
}
|
|
754
760
|
const authorityCertIssuer = authorityCertIssuer_block ? _readAuthorityCertIssuer(authorityCertIssuer_block) : null;
|
|
755
761
|
const authorityCertIssuerFingerPrint = authorityCertIssuer_block ? _readAuthorityCertIssuerFingerPrint(authorityCertIssuer_block) : "";
|
|
756
762
|
return {
|
|
757
763
|
authorityCertIssuer,
|
|
758
764
|
authorityCertIssuerFingerPrint,
|
|
759
|
-
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(
|
|
765
|
+
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, authorityCertSerialNumber_block)) : null,
|
|
760
766
|
// can be null for self-signed cert
|
|
761
|
-
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(
|
|
767
|
+
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, keyIdentifier_block)) : null
|
|
762
768
|
// can be null for self-signed certf
|
|
763
769
|
};
|
|
764
770
|
}
|
|
@@ -771,10 +777,10 @@ function readBasicConstraint2_5_29_19(buffer, block) {
|
|
|
771
777
|
for (const inner_block of inner_blocks) {
|
|
772
778
|
switch (inner_block.tag) {
|
|
773
779
|
case 1 /* BOOLEAN */:
|
|
774
|
-
cA =
|
|
780
|
+
cA = readBooleanValue(buffer, inner_block);
|
|
775
781
|
break;
|
|
776
782
|
case 2 /* INTEGER */:
|
|
777
|
-
pathLengthConstraint =
|
|
783
|
+
pathLengthConstraint = readIntegerValue(buffer, inner_block);
|
|
778
784
|
breakControl = 1;
|
|
779
785
|
break;
|
|
780
786
|
}
|
|
@@ -807,7 +813,7 @@ function _readGeneralNames(buffer, block) {
|
|
|
807
813
|
}
|
|
808
814
|
const n = {};
|
|
809
815
|
for (const block2 of blocks) {
|
|
810
|
-
(0,
|
|
816
|
+
(0, import_assert3.default)((block2.tag & 128) === 128);
|
|
811
817
|
const t2 = block2.tag & 127;
|
|
812
818
|
const type = _data[t2];
|
|
813
819
|
if (!type) {
|
|
@@ -817,10 +823,10 @@ function _readGeneralNames(buffer, block) {
|
|
|
817
823
|
if (t2 == 32) {
|
|
818
824
|
n[type.name] = n[type.name] || [];
|
|
819
825
|
const blocks2 = readStruct(buffer, block2);
|
|
820
|
-
const name =
|
|
821
|
-
const buf =
|
|
826
|
+
const name = readObjectIdentifier(buffer, blocks2[0]).name;
|
|
827
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
822
828
|
const b = readTag(buf, 0);
|
|
823
|
-
const nn =
|
|
829
|
+
const nn = readValue(buf, b);
|
|
824
830
|
const data = {
|
|
825
831
|
identifier: name,
|
|
826
832
|
value: nn
|
|
@@ -867,7 +873,7 @@ function readKeyUsage(oid, buffer) {
|
|
|
867
873
|
};
|
|
868
874
|
}
|
|
869
875
|
function readExtKeyUsage(oid, buffer) {
|
|
870
|
-
(0,
|
|
876
|
+
(0, import_assert3.default)(oid === "2.5.29.37");
|
|
871
877
|
const block_info = readTag(buffer, 0);
|
|
872
878
|
const inner_blocks = readStruct(buffer, block_info);
|
|
873
879
|
const extKeyUsage = {
|
|
@@ -882,7 +888,7 @@ function readExtKeyUsage(oid, buffer) {
|
|
|
882
888
|
ocspSigning: false
|
|
883
889
|
};
|
|
884
890
|
for (const block of inner_blocks) {
|
|
885
|
-
const identifier =
|
|
891
|
+
const identifier = readObjectIdentifier(buffer, block);
|
|
886
892
|
extKeyUsage[identifier.name] = true;
|
|
887
893
|
}
|
|
888
894
|
return extKeyUsage;
|
|
@@ -894,18 +900,18 @@ function _readSubjectPublicKey(buffer) {
|
|
|
894
900
|
modulus: buffer.subarray(blocks[0].position + 1, blocks[0].position + blocks[0].length)
|
|
895
901
|
};
|
|
896
902
|
}
|
|
897
|
-
function
|
|
903
|
+
function readExtension(buffer, block) {
|
|
898
904
|
const inner_blocks = readStruct(buffer, block);
|
|
899
905
|
if (inner_blocks.length === 3) {
|
|
900
|
-
(0,
|
|
906
|
+
(0, import_assert3.default)(inner_blocks[1].tag === 1 /* BOOLEAN */);
|
|
901
907
|
inner_blocks[1] = inner_blocks[2];
|
|
902
908
|
}
|
|
903
|
-
const identifier =
|
|
904
|
-
const buf =
|
|
909
|
+
const identifier = readObjectIdentifier(buffer, inner_blocks[0]);
|
|
910
|
+
const buf = getBlock(buffer, inner_blocks[1]);
|
|
905
911
|
let value = null;
|
|
906
912
|
switch (identifier.name) {
|
|
907
913
|
case "subjectKeyIdentifier":
|
|
908
|
-
value = formatBuffer2DigitHexWithColum(
|
|
914
|
+
value = formatBuffer2DigitHexWithColum(readOctetString(buffer, inner_blocks[1]));
|
|
909
915
|
break;
|
|
910
916
|
case "subjectAltName":
|
|
911
917
|
value = _readSubjectAltNames(buf);
|
|
@@ -934,10 +940,10 @@ function _readExtension(buffer, block) {
|
|
|
934
940
|
};
|
|
935
941
|
}
|
|
936
942
|
function _readExtensions(buffer, block) {
|
|
937
|
-
(0,
|
|
943
|
+
(0, import_assert3.default)(block.tag === 163);
|
|
938
944
|
let inner_blocks = readStruct(buffer, block);
|
|
939
945
|
inner_blocks = readStruct(buffer, inner_blocks[0]);
|
|
940
|
-
const extensions = inner_blocks.map((block2) =>
|
|
946
|
+
const extensions = inner_blocks.map((block2) => readExtension(buffer, block2));
|
|
941
947
|
const result = {};
|
|
942
948
|
for (const e of extensions) {
|
|
943
949
|
result[e.identifier.name] = e.value;
|
|
@@ -947,9 +953,9 @@ function _readExtensions(buffer, block) {
|
|
|
947
953
|
function _readSubjectPublicKeyInfo(buffer, block) {
|
|
948
954
|
const inner_blocks = readStruct(buffer, block);
|
|
949
955
|
const algorithm = readAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
950
|
-
const subjectPublicKey =
|
|
956
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
951
957
|
const data = subjectPublicKey.data;
|
|
952
|
-
const values =
|
|
958
|
+
const values = readListOfInteger(data);
|
|
953
959
|
return {
|
|
954
960
|
algorithm: algorithm.identifier,
|
|
955
961
|
keyLength: values[0].length - 1,
|
|
@@ -960,8 +966,8 @@ function _readSubjectPublicKeyInfo(buffer, block) {
|
|
|
960
966
|
}
|
|
961
967
|
function _readSubjectECCPublicKeyInfo(buffer, block) {
|
|
962
968
|
const inner_blocks = readStruct(buffer, block);
|
|
963
|
-
const algorithm =
|
|
964
|
-
const subjectPublicKey =
|
|
969
|
+
const algorithm = readECCAlgorithmIdentifier(buffer, inner_blocks[0]);
|
|
970
|
+
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
|
|
965
971
|
const data = subjectPublicKey.data;
|
|
966
972
|
return {
|
|
967
973
|
algorithm: algorithm.identifier,
|
|
@@ -977,26 +983,26 @@ function readTbsCertificate(buffer, block) {
|
|
|
977
983
|
let subjectPublicKeyInfo;
|
|
978
984
|
if (blocks.length === 6) {
|
|
979
985
|
version = 1;
|
|
980
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
986
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[0]));
|
|
981
987
|
signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
982
988
|
issuer = _readName(buffer, blocks[2]);
|
|
983
989
|
validity = _readValidity(buffer, blocks[3]);
|
|
984
990
|
subject = _readName(buffer, blocks[4]);
|
|
985
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
991
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[4])));
|
|
986
992
|
subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[5]);
|
|
987
993
|
extensions = null;
|
|
988
994
|
} else {
|
|
989
|
-
const version_block =
|
|
995
|
+
const version_block = findBlockAtIndex(blocks, 0);
|
|
990
996
|
if (!version_block) {
|
|
991
997
|
throw new Error("cannot find version block");
|
|
992
998
|
}
|
|
993
|
-
version =
|
|
994
|
-
serialNumber = formatBuffer2DigitHexWithColum(
|
|
999
|
+
version = readVersionValue(buffer, version_block) + 1;
|
|
1000
|
+
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[1]));
|
|
995
1001
|
signature = readAlgorithmIdentifier(buffer, blocks[2]);
|
|
996
1002
|
issuer = _readName(buffer, blocks[3]);
|
|
997
1003
|
validity = _readValidity(buffer, blocks[4]);
|
|
998
1004
|
subject = _readName(buffer, blocks[5]);
|
|
999
|
-
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1005
|
+
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[5])));
|
|
1000
1006
|
const inner_block = readStruct(buffer, blocks[6]);
|
|
1001
1007
|
const what_type = readAlgorithmIdentifier(buffer, inner_block[0]).identifier;
|
|
1002
1008
|
switch (what_type) {
|
|
@@ -1010,7 +1016,7 @@ function readTbsCertificate(buffer, block) {
|
|
|
1010
1016
|
break;
|
|
1011
1017
|
}
|
|
1012
1018
|
}
|
|
1013
|
-
const extensionBlock =
|
|
1019
|
+
const extensionBlock = findBlockAtIndex(blocks, 3);
|
|
1014
1020
|
if (!extensionBlock) {
|
|
1015
1021
|
doDebug && console.log("X509 certificate is invalid : cannot find extension block version =" + version_block);
|
|
1016
1022
|
extensions = null;
|
|
@@ -1031,7 +1037,7 @@ function readTbsCertificate(buffer, block) {
|
|
|
1031
1037
|
};
|
|
1032
1038
|
}
|
|
1033
1039
|
function exploreCertificate(certificate) {
|
|
1034
|
-
(0,
|
|
1040
|
+
(0, import_assert3.default)(Buffer.isBuffer(certificate));
|
|
1035
1041
|
if (!certificate._exploreCertificate_cache) {
|
|
1036
1042
|
const block_info = readTag(certificate, 0);
|
|
1037
1043
|
const blocks = readStruct(certificate, block_info);
|
|
@@ -1060,10 +1066,10 @@ function combine_der(certificates) {
|
|
|
1060
1066
|
let sum = 0;
|
|
1061
1067
|
b.forEach((block) => {
|
|
1062
1068
|
const block_info = readTag(block, 0);
|
|
1063
|
-
(0,
|
|
1069
|
+
(0, import_assert3.default)(block_info.position + block_info.length === block.length);
|
|
1064
1070
|
sum += block.length;
|
|
1065
1071
|
});
|
|
1066
|
-
(0,
|
|
1072
|
+
(0, import_assert3.default)(sum === cert.length);
|
|
1067
1073
|
}
|
|
1068
1074
|
return Buffer.concat(certificates);
|
|
1069
1075
|
}
|
|
@@ -1074,7 +1080,7 @@ var { hexy } = import_hexy.default;
|
|
|
1074
1080
|
var PEM_REGEX = /^(-----BEGIN (.*)-----\r?\n([/+=a-zA-Z0-9\r\n]*)\r?\n-----END \2-----\r?\n?)/gm;
|
|
1075
1081
|
var PEM_TYPE_REGEX = /^(-----BEGIN (.*)-----)/m;
|
|
1076
1082
|
function identifyPemType(rawKey) {
|
|
1077
|
-
if (rawKey
|
|
1083
|
+
if (Buffer.isBuffer(rawKey)) {
|
|
1078
1084
|
rawKey = rawKey.toString("utf8");
|
|
1079
1085
|
}
|
|
1080
1086
|
const match = PEM_TYPE_REGEX.exec(rawKey);
|
|
@@ -1085,14 +1091,14 @@ function removeTrailingLF(str) {
|
|
|
1085
1091
|
return tmp;
|
|
1086
1092
|
}
|
|
1087
1093
|
function toPem(raw_key, pem) {
|
|
1088
|
-
(0,
|
|
1089
|
-
(0,
|
|
1094
|
+
(0, import_assert4.default)(raw_key, "expecting a key");
|
|
1095
|
+
(0, import_assert4.default)(typeof pem === "string");
|
|
1090
1096
|
let pemType = identifyPemType(raw_key);
|
|
1091
1097
|
if (pemType) {
|
|
1092
|
-
return raw_key
|
|
1098
|
+
return Buffer.isBuffer(raw_key) ? removeTrailingLF(raw_key.toString("utf8")) : removeTrailingLF(raw_key);
|
|
1093
1099
|
} else {
|
|
1094
1100
|
pemType = pem;
|
|
1095
|
-
(0,
|
|
1101
|
+
(0, import_assert4.default)(["CERTIFICATE REQUEST", "CERTIFICATE", "RSA PRIVATE KEY", "PUBLIC KEY", "X509 CRL"].indexOf(pemType) >= 0);
|
|
1096
1102
|
let b = raw_key.toString("base64");
|
|
1097
1103
|
let str = "-----BEGIN " + pemType + "-----\n";
|
|
1098
1104
|
while (b.length) {
|
|
@@ -1132,7 +1138,7 @@ function makeMessageChunkSignature(chunk, options) {
|
|
|
1132
1138
|
const signer = (0, import_crypto.createSign)(options.algorithm);
|
|
1133
1139
|
signer.update(chunk);
|
|
1134
1140
|
const signature = signer.sign(options.privateKey.hidden);
|
|
1135
|
-
(0,
|
|
1141
|
+
(0, import_assert4.default)(!options.signatureLength || signature.length === options.signatureLength);
|
|
1136
1142
|
return signature;
|
|
1137
1143
|
}
|
|
1138
1144
|
function verifyMessageChunkSignature(blockToVerify, signature, options) {
|
|
@@ -1150,8 +1156,8 @@ var PaddingAlgorithm = /* @__PURE__ */ ((PaddingAlgorithm2) => {
|
|
|
1150
1156
|
PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_PADDING"] = 1] = "RSA_PKCS1_PADDING";
|
|
1151
1157
|
return PaddingAlgorithm2;
|
|
1152
1158
|
})(PaddingAlgorithm || {});
|
|
1153
|
-
(0,
|
|
1154
|
-
(0,
|
|
1159
|
+
(0, import_assert4.default)(4 /* RSA_PKCS1_OAEP_PADDING */ === import_constants.default.RSA_PKCS1_OAEP_PADDING);
|
|
1160
|
+
(0, import_assert4.default)(1 /* RSA_PKCS1_PADDING */ === import_constants.default.RSA_PKCS1_PADDING);
|
|
1155
1161
|
function publicEncrypt_native(buffer, publicKey, algorithm) {
|
|
1156
1162
|
if (algorithm === void 0) {
|
|
1157
1163
|
algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
|
|
@@ -1225,17 +1231,17 @@ function privateDecrypt_long(buffer, privateKey, blockSize, paddingAlgorithm) {
|
|
|
1225
1231
|
return outputBuffer.subarray(0, total_length);
|
|
1226
1232
|
}
|
|
1227
1233
|
function coerceCertificatePem(certificate) {
|
|
1228
|
-
if (certificate
|
|
1234
|
+
if (Buffer.isBuffer(certificate)) {
|
|
1229
1235
|
certificate = toPem(certificate, "CERTIFICATE");
|
|
1230
1236
|
}
|
|
1231
|
-
(0,
|
|
1237
|
+
(0, import_assert4.default)(typeof certificate === "string");
|
|
1232
1238
|
return certificate;
|
|
1233
1239
|
}
|
|
1234
1240
|
function extractPublicKeyFromCertificateSync(certificate) {
|
|
1235
1241
|
certificate = coerceCertificatePem(certificate);
|
|
1236
1242
|
const key = import_jsrsasign.default.KEYUTIL.getKey(certificate);
|
|
1237
1243
|
const publicKeyAsPem = import_jsrsasign.default.KEYUTIL.getPEM(key);
|
|
1238
|
-
(0,
|
|
1244
|
+
(0, import_assert4.default)(typeof publicKeyAsPem === "string");
|
|
1239
1245
|
return publicKeyAsPem;
|
|
1240
1246
|
}
|
|
1241
1247
|
function extractPublicKeyFromCertificate(certificate, callback) {
|
|
@@ -1371,7 +1377,7 @@ var CertificatePurpose = /* @__PURE__ */ ((CertificatePurpose2) => {
|
|
|
1371
1377
|
})(CertificatePurpose || {});
|
|
1372
1378
|
|
|
1373
1379
|
// source/crypto_utils2.ts
|
|
1374
|
-
var
|
|
1380
|
+
var import_assert5 = __toESM(require("assert"));
|
|
1375
1381
|
var import_jsrsasign2 = __toESM(require("jsrsasign"));
|
|
1376
1382
|
function rsaLengthPrivateKey(key) {
|
|
1377
1383
|
const keyPem = typeof key.hidden === "string" ? key.hidden : key.hidden.export({ type: "pkcs1", format: "pem" }).toString();
|
|
@@ -1382,8 +1388,8 @@ function toPem2(raw_key, pem) {
|
|
|
1382
1388
|
if (raw_key.hidden) {
|
|
1383
1389
|
return toPem2(raw_key.hidden, pem);
|
|
1384
1390
|
}
|
|
1385
|
-
(0,
|
|
1386
|
-
(0,
|
|
1391
|
+
(0, import_assert5.default)(raw_key, "expecting a key");
|
|
1392
|
+
(0, import_assert5.default)(typeof pem === "string");
|
|
1387
1393
|
if (isKeyObject(raw_key)) {
|
|
1388
1394
|
const _raw_key = raw_key;
|
|
1389
1395
|
if (pem === "RSA PRIVATE KEY") {
|
|
@@ -1403,40 +1409,40 @@ function coercePublicKeyPem(publicKey) {
|
|
|
1403
1409
|
if (isKeyObject(publicKey)) {
|
|
1404
1410
|
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1405
1411
|
}
|
|
1406
|
-
(0,
|
|
1412
|
+
(0, import_assert5.default)(typeof publicKey === "string");
|
|
1407
1413
|
return publicKey;
|
|
1408
1414
|
}
|
|
1409
1415
|
function coerceRsaPublicKeyPem(publicKey) {
|
|
1410
1416
|
if (isKeyObject(publicKey)) {
|
|
1411
1417
|
return publicKey.export({ format: "pem", type: "spki" }).toString();
|
|
1412
1418
|
}
|
|
1413
|
-
(0,
|
|
1419
|
+
(0, import_assert5.default)(typeof publicKey === "string");
|
|
1414
1420
|
return publicKey;
|
|
1415
1421
|
}
|
|
1416
1422
|
function rsaLengthPublicKey(key) {
|
|
1417
1423
|
key = coercePublicKeyPem(key);
|
|
1418
|
-
(0,
|
|
1424
|
+
(0, import_assert5.default)(typeof key === "string");
|
|
1419
1425
|
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1420
1426
|
return a.n.toString(16).length / 2;
|
|
1421
1427
|
}
|
|
1422
1428
|
function rsaLengthRsaPublicKey(key) {
|
|
1423
1429
|
key = coerceRsaPublicKeyPem(key);
|
|
1424
|
-
(0,
|
|
1430
|
+
(0, import_assert5.default)(typeof key === "string");
|
|
1425
1431
|
const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
|
|
1426
1432
|
return a.n.toString(16).length / 2;
|
|
1427
1433
|
}
|
|
1428
1434
|
|
|
1429
1435
|
// source/derived_keys.ts
|
|
1430
|
-
var
|
|
1436
|
+
var import_assert7 = __toESM(require("assert"));
|
|
1431
1437
|
var import_crypto3 = require("crypto");
|
|
1432
1438
|
|
|
1433
1439
|
// source/explore_certificate.ts
|
|
1434
|
-
var
|
|
1440
|
+
var import_assert6 = __toESM(require("assert"));
|
|
1435
1441
|
function coerceCertificate(certificate) {
|
|
1436
1442
|
if (typeof certificate === "string") {
|
|
1437
1443
|
certificate = convertPEMtoDER(certificate);
|
|
1438
1444
|
}
|
|
1439
|
-
(0,
|
|
1445
|
+
(0, import_assert6.default)(Buffer.isBuffer(certificate));
|
|
1440
1446
|
return certificate;
|
|
1441
1447
|
}
|
|
1442
1448
|
function exploreCertificateInfo(certificate) {
|
|
@@ -1463,8 +1469,8 @@ function plus(buf1, buf2) {
|
|
|
1463
1469
|
return Buffer.concat([buf1, buf2]);
|
|
1464
1470
|
}
|
|
1465
1471
|
function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
1466
|
-
(0,
|
|
1467
|
-
(0,
|
|
1472
|
+
(0, import_assert7.default)(Buffer.isBuffer(seed));
|
|
1473
|
+
(0, import_assert7.default)(sha1or256 === "SHA1" || sha1or256 === "SHA256");
|
|
1468
1474
|
const a = [];
|
|
1469
1475
|
a[0] = seed;
|
|
1470
1476
|
let index = 1;
|
|
@@ -1477,12 +1483,12 @@ function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
|
|
|
1477
1483
|
return p_hash.subarray(0, minLength);
|
|
1478
1484
|
}
|
|
1479
1485
|
function computeDerivedKeys(secret, seed, options) {
|
|
1480
|
-
(0,
|
|
1481
|
-
(0,
|
|
1482
|
-
(0,
|
|
1483
|
-
(0,
|
|
1486
|
+
(0, import_assert7.default)(Number.isFinite(options.signatureLength));
|
|
1487
|
+
(0, import_assert7.default)(Number.isFinite(options.encryptingKeyLength));
|
|
1488
|
+
(0, import_assert7.default)(Number.isFinite(options.encryptingBlockSize));
|
|
1489
|
+
(0, import_assert7.default)(typeof options.algorithm === "string");
|
|
1484
1490
|
options.sha1or256 = options.sha1or256 || "SHA1";
|
|
1485
|
-
(0,
|
|
1491
|
+
(0, import_assert7.default)(typeof options.sha1or256 === "string");
|
|
1486
1492
|
const offset1 = options.signingKeyLength;
|
|
1487
1493
|
const offset2 = offset1 + options.encryptingKeyLength;
|
|
1488
1494
|
const minLength = offset2 + options.encryptingBlockSize;
|
|
@@ -1507,7 +1513,7 @@ function removePadding(buffer) {
|
|
|
1507
1513
|
return reduceLength(buffer, nbPaddingBytes);
|
|
1508
1514
|
}
|
|
1509
1515
|
function verifyChunkSignature(chunk, options) {
|
|
1510
|
-
(0,
|
|
1516
|
+
(0, import_assert7.default)(Buffer.isBuffer(chunk));
|
|
1511
1517
|
let signatureLength = options.signatureLength || 0;
|
|
1512
1518
|
if (signatureLength === 0) {
|
|
1513
1519
|
const cert = exploreCertificateInfo(options.publicKey);
|
|
@@ -1518,16 +1524,16 @@ function verifyChunkSignature(chunk, options) {
|
|
|
1518
1524
|
return verifyMessageChunkSignature(block_to_verify, signature, options);
|
|
1519
1525
|
}
|
|
1520
1526
|
function computePaddingFooter(buffer, derivedKeys) {
|
|
1521
|
-
(0,
|
|
1527
|
+
(0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "encryptingBlockSize"));
|
|
1522
1528
|
const paddingSize = derivedKeys.encryptingBlockSize - (buffer.length + 1) % derivedKeys.encryptingBlockSize;
|
|
1523
1529
|
const padding = createFastUninitializedBuffer(paddingSize + 1);
|
|
1524
1530
|
padding.fill(paddingSize);
|
|
1525
1531
|
return padding;
|
|
1526
1532
|
}
|
|
1527
1533
|
function derivedKeys_algorithm(derivedKeys) {
|
|
1528
|
-
(0,
|
|
1534
|
+
(0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "algorithm"));
|
|
1529
1535
|
const algorithm = derivedKeys.algorithm || "aes-128-cbc";
|
|
1530
|
-
(0,
|
|
1536
|
+
(0, import_assert7.default)(algorithm === "aes-128-cbc" || algorithm === "aes-256-cbc");
|
|
1531
1537
|
return algorithm;
|
|
1532
1538
|
}
|
|
1533
1539
|
function encryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
@@ -1553,12 +1559,12 @@ function decryptBufferWithDerivedKeys(buffer, derivedKeys) {
|
|
|
1553
1559
|
return Buffer.concat(decrypted_chunks);
|
|
1554
1560
|
}
|
|
1555
1561
|
function makeMessageChunkSignatureWithDerivedKeys(message, derivedKeys) {
|
|
1556
|
-
(0,
|
|
1557
|
-
(0,
|
|
1558
|
-
(0,
|
|
1559
|
-
(0,
|
|
1562
|
+
(0, import_assert7.default)(Buffer.isBuffer(message));
|
|
1563
|
+
(0, import_assert7.default)(Buffer.isBuffer(derivedKeys.signingKey));
|
|
1564
|
+
(0, import_assert7.default)(typeof derivedKeys.sha1or256 === "string");
|
|
1565
|
+
(0, import_assert7.default)(derivedKeys.sha1or256 === "SHA1" || derivedKeys.sha1or256 === "SHA256");
|
|
1560
1566
|
const signature = (0, import_crypto3.createHmac)(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
|
|
1561
|
-
(0,
|
|
1567
|
+
(0, import_assert7.default)(signature.length === derivedKeys.signatureLength);
|
|
1562
1568
|
return signature;
|
|
1563
1569
|
}
|
|
1564
1570
|
function verifyChunkSignatureWithDerivedKeys(chunk, derivedKeys) {
|
|
@@ -1597,46 +1603,46 @@ function exploreAsn1(buffer) {
|
|
|
1597
1603
|
|
|
1598
1604
|
// source/explore_certificate_revocation_list.ts
|
|
1599
1605
|
function readNameForCrl(buffer, block) {
|
|
1600
|
-
return
|
|
1606
|
+
return readDirectoryName(buffer, block);
|
|
1601
1607
|
}
|
|
1602
1608
|
function _readTbsCertList(buffer, blockInfo) {
|
|
1603
1609
|
const blocks = readStruct(buffer, blockInfo);
|
|
1604
1610
|
const hasOptionalVersion = blocks[0].tag === 2 /* INTEGER */;
|
|
1605
1611
|
if (hasOptionalVersion) {
|
|
1606
|
-
const version =
|
|
1612
|
+
const version = readIntegerValue(buffer, blocks[0]);
|
|
1607
1613
|
const signature = readAlgorithmIdentifier(buffer, blocks[1]);
|
|
1608
1614
|
const issuer = readNameForCrl(buffer, blocks[2]);
|
|
1609
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1610
|
-
const thisUpdate =
|
|
1611
|
-
const nextUpdate =
|
|
1615
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[2])));
|
|
1616
|
+
const thisUpdate = readTime(buffer, blocks[3]);
|
|
1617
|
+
const nextUpdate = readTime(buffer, blocks[4]);
|
|
1612
1618
|
const revokedCertificates = [];
|
|
1613
1619
|
if (blocks[5] && blocks[5].tag < 128) {
|
|
1614
1620
|
const list = readStruct(buffer, blocks[5]);
|
|
1615
1621
|
for (const r of list) {
|
|
1616
1622
|
const rr = readStruct(buffer, r);
|
|
1617
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1618
|
-
const revocationDate =
|
|
1623
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1624
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1619
1625
|
revokedCertificates.push({
|
|
1620
1626
|
revocationDate,
|
|
1621
1627
|
userCertificate
|
|
1622
1628
|
});
|
|
1623
1629
|
}
|
|
1624
1630
|
}
|
|
1625
|
-
const ext0 =
|
|
1631
|
+
const ext0 = findBlockAtIndex(blocks, 0);
|
|
1626
1632
|
return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
|
|
1627
1633
|
} else {
|
|
1628
1634
|
const signature = readAlgorithmIdentifier(buffer, blocks[0]);
|
|
1629
1635
|
const issuer = readNameForCrl(buffer, blocks[1]);
|
|
1630
|
-
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(
|
|
1631
|
-
const thisUpdate =
|
|
1632
|
-
const nextUpdate =
|
|
1636
|
+
const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[1])));
|
|
1637
|
+
const thisUpdate = readTime(buffer, blocks[2]);
|
|
1638
|
+
const nextUpdate = readTime(buffer, blocks[3]);
|
|
1633
1639
|
const revokedCertificates = [];
|
|
1634
1640
|
if (blocks[4] && blocks[4].tag < 128) {
|
|
1635
1641
|
const list = readStruct(buffer, blocks[4]);
|
|
1636
1642
|
for (const r of list) {
|
|
1637
1643
|
const rr = readStruct(buffer, r);
|
|
1638
|
-
const userCertificate = formatBuffer2DigitHexWithColum(
|
|
1639
|
-
const revocationDate =
|
|
1644
|
+
const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
|
|
1645
|
+
const revocationDate = readTime(buffer, rr[1]);
|
|
1640
1646
|
revokedCertificates.push({
|
|
1641
1647
|
revocationDate,
|
|
1642
1648
|
userCertificate
|
|
@@ -1659,7 +1665,7 @@ function exploreCertificateRevocationList(crl) {
|
|
|
1659
1665
|
function _readExtensionRequest(buffer) {
|
|
1660
1666
|
const block = readTag(buffer, 0);
|
|
1661
1667
|
const inner_blocks = readStruct(buffer, block);
|
|
1662
|
-
const extensions = inner_blocks.map((block1) =>
|
|
1668
|
+
const extensions = inner_blocks.map((block1) => readExtension(buffer, block1));
|
|
1663
1669
|
const result = {};
|
|
1664
1670
|
for (const e of extensions) {
|
|
1665
1671
|
result[e.identifier.name] = e.value;
|
|
@@ -1670,17 +1676,17 @@ function _readExtensionRequest(buffer) {
|
|
|
1670
1676
|
function readCertificationRequestInfo(buffer, block) {
|
|
1671
1677
|
const blocks = readStruct(buffer, block);
|
|
1672
1678
|
if (blocks.length === 4) {
|
|
1673
|
-
const extensionRequestBlock =
|
|
1679
|
+
const extensionRequestBlock = findBlockAtIndex(blocks, 0);
|
|
1674
1680
|
if (!extensionRequestBlock) {
|
|
1675
1681
|
throw new Error("cannot find extensionRequest block");
|
|
1676
1682
|
}
|
|
1677
1683
|
const blocks1 = readStruct(buffer, extensionRequestBlock);
|
|
1678
1684
|
const blocks2 = readStruct(buffer, blocks1[0]);
|
|
1679
|
-
const identifier =
|
|
1685
|
+
const identifier = readObjectIdentifier(buffer, blocks2[0]);
|
|
1680
1686
|
if (identifier.name !== "extensionRequest") {
|
|
1681
1687
|
throw new Error(" Cannot find extension Request in ASN1 block");
|
|
1682
1688
|
}
|
|
1683
|
-
const buf =
|
|
1689
|
+
const buf = getBlock(buffer, blocks2[1]);
|
|
1684
1690
|
const extensionRequest = _readExtensionRequest(buf);
|
|
1685
1691
|
return { extensionRequest };
|
|
1686
1692
|
}
|
|
@@ -1942,7 +1948,7 @@ function coercePEMorDerToPrivateKey(privateKeyInDerOrPem) {
|
|
|
1942
1948
|
}
|
|
1943
1949
|
async function _coercePrivateKey(privateKey) {
|
|
1944
1950
|
const KeyObject4 = crypto2.KeyObject;
|
|
1945
|
-
if (privateKey
|
|
1951
|
+
if (Buffer.isBuffer(privateKey)) {
|
|
1946
1952
|
const privateKey1 = await derToPrivateKey(privateKey);
|
|
1947
1953
|
return KeyObject4.from(privateKey1);
|
|
1948
1954
|
} else if (typeof privateKey === "string") {
|
|
@@ -5500,11 +5506,11 @@ function compareSchema(root, inputData, inputSchema) {
|
|
|
5500
5506
|
};
|
|
5501
5507
|
}
|
|
5502
5508
|
if (inputSchema.primitiveSchema && VALUE_HEX_VIEW in inputData.valueBlock) {
|
|
5503
|
-
const
|
|
5504
|
-
if (
|
|
5509
|
+
const asn12 = localFromBER(inputData.valueBlock.valueHexView);
|
|
5510
|
+
if (asn12.offset === -1) {
|
|
5505
5511
|
const _result = {
|
|
5506
5512
|
verified: false,
|
|
5507
|
-
result:
|
|
5513
|
+
result: asn12.result
|
|
5508
5514
|
};
|
|
5509
5515
|
if (inputSchema.name) {
|
|
5510
5516
|
inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING);
|
|
@@ -5515,7 +5521,7 @@ function compareSchema(root, inputData, inputSchema) {
|
|
|
5515
5521
|
}
|
|
5516
5522
|
return _result;
|
|
5517
5523
|
}
|
|
5518
|
-
return compareSchema(root,
|
|
5524
|
+
return compareSchema(root, asn12.result, inputSchema.primitiveSchema);
|
|
5519
5525
|
}
|
|
5520
5526
|
return {
|
|
5521
5527
|
verified: true,
|
|
@@ -5529,14 +5535,14 @@ function verifySchema(inputBuffer, inputSchema) {
|
|
|
5529
5535
|
result: { error: "Wrong ASN.1 schema type" }
|
|
5530
5536
|
};
|
|
5531
5537
|
}
|
|
5532
|
-
const
|
|
5533
|
-
if (
|
|
5538
|
+
const asn12 = localFromBER(BufferSourceConverter.toUint8Array(inputBuffer));
|
|
5539
|
+
if (asn12.offset === -1) {
|
|
5534
5540
|
return {
|
|
5535
5541
|
verified: false,
|
|
5536
|
-
result:
|
|
5542
|
+
result: asn12.result
|
|
5537
5543
|
};
|
|
5538
5544
|
}
|
|
5539
|
-
return compareSchema(
|
|
5545
|
+
return compareSchema(asn12.result, asn12.result, inputSchema);
|
|
5540
5546
|
}
|
|
5541
5547
|
|
|
5542
5548
|
// ../../node_modules/@peculiar/asn1-schema/build/es2015/enums.js
|
|
@@ -6223,6 +6229,9 @@ async function createSelfSignedCertificate({
|
|
|
6223
6229
|
);
|
|
6224
6230
|
return { cert: cert.toString("pem"), der: cert };
|
|
6225
6231
|
}
|
|
6232
|
+
|
|
6233
|
+
// source/index_web.ts
|
|
6234
|
+
var asn1 = { readDirectoryName, readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin };
|
|
6226
6235
|
// Annotate the CommonJS export names for ESM import in node:
|
|
6227
6236
|
0 && (module.exports = {
|
|
6228
6237
|
CertificatePurpose,
|
|
@@ -6231,7 +6240,7 @@ async function createSelfSignedCertificate({
|
|
|
6231
6240
|
RSA_PKCS1_PADDING,
|
|
6232
6241
|
Subject,
|
|
6233
6242
|
_coercePrivateKey,
|
|
6234
|
-
|
|
6243
|
+
asn1,
|
|
6235
6244
|
certificateMatchesPrivateKey,
|
|
6236
6245
|
coerceCertificate,
|
|
6237
6246
|
coerceCertificatePem,
|
|
@@ -6278,6 +6287,7 @@ async function createSelfSignedCertificate({
|
|
|
6278
6287
|
publicEncrypt_native,
|
|
6279
6288
|
publicKeyAndPrivateKeyMatches,
|
|
6280
6289
|
readCertificationRequestInfo,
|
|
6290
|
+
readExtension,
|
|
6281
6291
|
readNameForCrl,
|
|
6282
6292
|
readTbsCertificate,
|
|
6283
6293
|
reduceLength,
|