npm - node-opcua-crypto - Versions diffs - 4.17.0 → 5.1.0 - Mend

node-opcua-crypto 4.17.0 → 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/dist/{chunk-EURHGMEG.mjs → chunk-ULG5CYBT.mjs} +164 -143
package/dist/chunk-ULG5CYBT.mjs.map +1 -0
package/dist/{chunk-CQ5JIXZF.mjs → chunk-UXPULF3W.mjs} +9 -8
package/dist/chunk-UXPULF3W.mjs.map +1 -0
package/dist/index.d.mts +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +181 -158
package/dist/index.js.map +1 -1
package/dist/index.mjs +6 -2
package/dist/source/index.d.mts +1 -1
package/dist/source/index.d.ts +1 -1
package/dist/source/index.js +166 -144
package/dist/source/index.js.map +1 -1
package/dist/source/index.mjs +5 -1
package/dist/source/index_web.d.mts +38 -4
package/dist/source/index_web.d.ts +38 -4
package/dist/source/index_web.js +166 -144
package/dist/source/index_web.js.map +1 -1
package/dist/source/index_web.mjs +5 -1
package/dist/source_nodejs/index.d.mts +2 -1
package/dist/source_nodejs/index.d.ts +2 -1
package/dist/source_nodejs/index.js +23 -23
package/dist/source_nodejs/index.js.map +1 -1
package/dist/source_nodejs/index.mjs +2 -2
package/package.json +4 -8
package/dist/chunk-CQ5JIXZF.mjs.map +0 -1
package/dist/chunk-EURHGMEG.mjs.map +0 -1

package/dist/{chunk-CQ5JIXZF.mjs → chunk-UXPULF3W.mjs} RENAMED Viewed

@@ -6,11 +6,11 @@ import {
   privateKeyToPEM,
   removeTrailingLF,
   toPem
-} from "./chunk-EURHGMEG.mjs";
+} from "./chunk-ULG5CYBT.mjs";
 // source_nodejs/generate_private_key_filename.ts
+import { generateKeyPairSync } from "crypto";
 import fs from "fs";
-import jsrsasign from "jsrsasign";
 async function generatePrivateKeyFile(privateKeyFilename, modulusLength) {
   const keys = await generateKeyPair(modulusLength);
   const privateKeyPem = await privateKeyToPEM(keys.privateKey);
@@ -19,11 +19,12 @@ async function generatePrivateKeyFile(privateKeyFilename, modulusLength) {
   privateKeyPem.privDer = new ArrayBuffer(0);
 }
 async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength) {
-  const kp = jsrsasign.KEYUTIL.generateKeypair("RSA", modulusLength);
-  const prv = kp.prvKeyObj;
-  const _pub = kp.pubKeyObj;
-  const prvpem = jsrsasign.KEYUTIL.getPEM(prv, "PKCS8PRV");
-  await fs.promises.writeFile(privateKeyFilename, prvpem, "utf-8");
+  const { privateKey } = generateKeyPairSync("rsa", {
+    modulusLength,
+    privateKeyEncoding: { type: "pkcs8", format: "pem" },
+    publicKeyEncoding: { type: "spki", format: "pem" }
+  });
+  await fs.promises.writeFile(privateKeyFilename, privateKey, "utf-8");
 }
 // source_nodejs/read.ts
@@ -165,4 +166,4 @@ export {
   readCertificateRevocationList,
   readCertificateSigningRequest
 };
-//# sourceMappingURL=chunk-CQ5JIXZF.mjs.map
+//# sourceMappingURL=chunk-UXPULF3W.mjs.map

package/dist/chunk-UXPULF3W.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../source_nodejs/generate_private_key_filename.ts","../source_nodejs/read.ts","../source_nodejs/read_certificate_revocation_list.ts","../source_nodejs/read_certificate_signing_request.ts"],"sourcesContent":["// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so, subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport { generateKeyPairSync } from \"node:crypto\";\nimport fs from \"node:fs\";\nimport { generateKeyPair, privateKeyToPEM } from \"../source/index.js\";\nexport async function generatePrivateKeyFile(privateKeyFilename: string, modulusLength: 1024 | 2048 | 3072 | 4096) {\n const keys = await generateKeyPair(modulusLength);\n const privateKeyPem = await privateKeyToPEM(keys.privateKey);\n await fs.promises.writeFile(privateKeyFilename, privateKeyPem.privPem, \"utf-8\");\n privateKeyPem.privPem = \"\";\n privateKeyPem.privDer = new ArrayBuffer(0);\n}\n\n/**\n * alternate function to generate PrivateKeyFile, using native\n * node:crypto.\n *\n * This function is slower than generatePrivateKeyFile\n */\nexport async function generatePrivateKeyFileAlternate(privateKeyFilename: string, modulusLength: 2048 | 3072 | 4096) {\n const { privateKey } = generateKeyPairSync(\"rsa\", {\n modulusLength,\n privateKeyEncoding: { type: \"pkcs8\", format: \"pem\" },\n publicKeyEncoding: { type: \"spki\", format: \"pem\" },\n });\n await fs.promises.writeFile(privateKeyFilename, privateKey, \"utf-8\");\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so, subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport assert from \"node:assert\";\nimport { createPrivateKey, createPublicKey } from \"node:crypto\";\nimport fs from \"node:fs\";\nimport path from \"node:path\";\nimport sshpk from \"sshpk\";\nimport type {\n Certificate,\n CertificatePEM,\n DER,\n KeyObject,\n PEM,\n PrivateKey,\n PrivateKeyPEM,\n PublicKey,\n PublicKeyPEM,\n} from \"../source/common.js\";\nimport { convertPEMtoDER, identifyPemType, removeTrailingLF, toPem } from \"../source/crypto_utils.js\";\n\nfunction _readPemFile(filename: string): PEM {\n assert(typeof filename === \"string\");\n return removeTrailingLF(fs.readFileSync(filename, \"utf-8\"));\n}\n\nfunction _readPemOrDerFileAsDER(filename: string): DER {\n if (filename.match(/.*\\.der/)) {\n return fs.readFileSync(filename) as Buffer;\n }\n const raw_key: string = _readPemFile(filename);\n return convertPEMtoDER(raw_key);\n}\n\n/**\n * read a DER or PEM certificate from file\n */\nexport function readCertificate(filename: string): Certificate {\n return _readPemOrDerFileAsDER(filename) as Certificate;\n}\n\n/**\n * read a DER or PEM certificate from file\n */\nexport function readPublicKey(filename: string): KeyObject {\n if (filename.match(/.*\\.der/)) {\n const der = fs.readFileSync(filename) as Buffer;\n return createPublicKey(der);\n } else {\n const raw_key: string = _readPemFile(filename);\n return createPublicKey(raw_key);\n }\n}\n\n// console.log(\"createPrivateKey\", (crypto as any).createPrivateKey, process.env.NO_CREATE_PRIVATEKEY);\n\nfunction myCreatePrivateKey(rawKey: string | Buffer): PrivateKey {\n if (!createPrivateKey || process.env.NO_CREATE_PRIVATEKEY) {\n // we are not running nodejs or createPrivateKey is not supported in the environment\n if (Buffer.isBuffer(rawKey)) {\n const pemKey = toPem(rawKey, \"PRIVATE KEY\");\n assert([\"RSA PRIVATE KEY\", \"PRIVATE KEY\"].indexOf(identifyPemType(pemKey) as string) >= 0);\n return { hidden: pemKey };\n }\n return { hidden: ensureTrailingLF(rawKey as string) };\n }\n // see https://askubuntu.com/questions/1409458/openssl-config-cuases-error-in-node-js-crypto-how-should-the-config-be-updated\n const backup = process.env.OPENSSL_CONF;\n process.env.OPENSSL_CONF = \"/dev/null\";\n const retValue = createPrivateKey(rawKey);\n process.env.OPENSSL_CONF = backup;\n return { hidden: retValue };\n}\n\nfunction ensureTrailingLF(str: string): string {\n return str.match(/\\n$/) ? str : `${str}\\n`;\n}\n/**\n * read a DER or PEM certificate from file\n */\nexport function readPrivateKey(filename: string): PrivateKey {\n if (filename.match(/.*\\.der/)) {\n const der: Buffer = fs.readFileSync(filename);\n return myCreatePrivateKey(der);\n } else {\n const raw_key: string = _readPemFile(filename);\n return myCreatePrivateKey(raw_key);\n }\n}\n\nexport function readCertificatePEM(filename: string): CertificatePEM {\n return _readPemFile(filename);\n}\n\nexport function readPublicKeyPEM(filename: string): PublicKeyPEM {\n return _readPemFile(filename);\n}\n/**\n *\n * @deprecated\n */\nexport function readPrivateKeyPEM(filename: string): PrivateKeyPEM {\n return _readPemFile(filename);\n}\n\nlet _g_certificate_store: string = \"\";\n\nexport function setCertificateStore(store: string): string {\n const old_store = _g_certificate_store;\n _g_certificate_store = store;\n return old_store;\n}\nexport function getCertificateStore(): string {\n if (!_g_certificate_store) {\n _g_certificate_store = path.join(__dirname, \"../../certificates/\");\n }\n return _g_certificate_store;\n}\n/**\n *\n * @param filename\n */\nexport function readPrivateRsaKey(filename: string): PrivateKey {\n if (!createPrivateKey) {\n throw new Error(\"createPrivateKey is not supported in this environment\");\n }\n if (filename.substring(0, 1) !== \".\" && !fs.existsSync(filename)) {\n filename = path.join(getCertificateStore(), filename);\n }\n const content = fs.readFileSync(filename, \"utf8\");\n const sshKey = sshpk.parsePrivateKey(content, \"auto\");\n const key = sshKey.toString(\"pkcs1\") as PEM;\n const hidden = createPrivateKey({ format: \"pem\", type: \"pkcs1\", key });\n return { hidden };\n}\n\nexport function readPublicRsaKey(filename: string): PublicKey {\n if (filename.substring(0, 1) !== \".\" && !fs.existsSync(filename)) {\n filename = path.join(getCertificateStore(), filename);\n }\n const content = fs.readFileSync(filename, \"utf-8\");\n const sshKey = sshpk.parseKey(content, \"ssh\");\n const key = sshKey.toString(\"pkcs1\") as PEM;\n return createPublicKey({ format: \"pem\", type: \"pkcs1\", key });\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so, subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport fs from \"node:fs\";\nimport type { CertificateRevocationList } from \"../source/common.js\";\nimport { convertPEMtoDER } from \"../source/crypto_utils.js\";\n\nexport async function readCertificateRevocationList(filename: string): Promise<CertificateRevocationList> {\n const crl = await fs.promises.readFile(filename);\n if (crl[0] === 0x30 && crl[1] === 0x82) {\n // der format\n return crl as CertificateRevocationList;\n }\n const raw_crl = crl.toString();\n return convertPEMtoDER(raw_crl);\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so, subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport fs from \"node:fs\";\nimport type { CertificateRevocationList } from \"../source/common.js\";\nimport { convertPEMtoDER } from \"../source/crypto_utils.js\";\n\nexport type CertificateSigningRequest = Buffer;\n\nexport async function readCertificateSigningRequest(filename: string): Promise<CertificateSigningRequest> {\n const csr = await fs.promises.readFile(filename);\n if (csr[0] === 0x30 && csr[1] === 0x82) {\n // der format\n return csr as CertificateRevocationList;\n }\n const raw_crl = csr.toString();\n return convertPEMtoDER(raw_crl);\n}\n"],"mappings":";;;;;;;;;;;AAuBA,SAAS,2BAA2B;AACpC,OAAO,QAAQ;AAEf,eAAsB,uBAAuB,oBAA4B,eAA0C;AAC/G,QAAM,OAAO,MAAM,gBAAgB,aAAa;AAChD,QAAM,gBAAgB,MAAM,gBAAgB,KAAK,UAAU;AAC3D,QAAM,GAAG,SAAS,UAAU,oBAAoB,cAAc,SAAS,OAAO;AAC9E,gBAAc,UAAU;AACxB,gBAAc,UAAU,IAAI,YAAY,CAAC;AAC7C;AAQA,eAAsB,gCAAgC,oBAA4B,eAAmC;AACjH,QAAM,EAAE,WAAW,IAAI,oBAAoB,OAAO;AAAA,IAC9C;AAAA,IACA,oBAAoB,EAAE,MAAM,SAAS,QAAQ,MAAM;AAAA,IACnD,mBAAmB,EAAE,MAAM,QAAQ,QAAQ,MAAM;AAAA,EACrD,CAAC;AACD,QAAM,GAAG,SAAS,UAAU,oBAAoB,YAAY,OAAO;AACvE;;;ACxBA,OAAO,YAAY;AACnB,SAAS,kBAAkB,uBAAuB;AAClD,OAAOA,SAAQ;AACf,OAAO,UAAU;AACjB,OAAO,WAAW;AAclB,SAAS,aAAa,UAAuB;AACzC,SAAO,OAAO,aAAa,QAAQ;AACnC,SAAO,iBAAiBC,IAAG,aAAa,UAAU,OAAO,CAAC;AAC9D;AAEA,SAAS,uBAAuB,UAAuB;AACnD,MAAI,SAAS,MAAM,SAAS,GAAG;AAC3B,WAAOA,IAAG,aAAa,QAAQ;AAAA,EACnC;AACA,QAAM,UAAkB,aAAa,QAAQ;AAC7C,SAAO,gBAAgB,OAAO;AAClC;AAKO,SAAS,gBAAgB,UAA+B;AAC3D,SAAO,uBAAuB,QAAQ;AAC1C;AAKO,SAAS,cAAc,UAA6B;AACvD,MAAI,SAAS,MAAM,SAAS,GAAG;AAC3B,UAAM,MAAMA,IAAG,aAAa,QAAQ;AACpC,WAAO,gBAAgB,GAAG;AAAA,EAC9B,OAAO;AACH,UAAM,UAAkB,aAAa,QAAQ;AAC7C,WAAO,gBAAgB,OAAO;AAAA,EAClC;AACJ;AAIA,SAAS,mBAAmB,QAAqC;AAC7D,MAAI,CAAC,oBAAoB,QAAQ,IAAI,sBAAsB;AAEvD,QAAI,OAAO,SAAS,MAAM,GAAG;AACzB,YAAM,SAAS,MAAM,QAAQ,aAAa;AAC1C,aAAO,CAAC,mBAAmB,aAAa,EAAE,QAAQ,gBAAgB,MAAM,CAAW,KAAK,CAAC;AACzF,aAAO,EAAE,QAAQ,OAAO;AAAA,IAC5B;AACA,WAAO,EAAE,QAAQ,iBAAiB,MAAgB,EAAE;AAAA,EACxD;AAEA,QAAM,SAAS,QAAQ,IAAI;AAC3B,UAAQ,IAAI,eAAe;AAC3B,QAAM,WAAW,iBAAiB,MAAM;AACxC,UAAQ,IAAI,eAAe;AAC3B,SAAO,EAAE,QAAQ,SAAS;AAC9B;AAEA,SAAS,iBAAiB,KAAqB;AAC3C,SAAO,IAAI,MAAM,KAAK,IAAI,MAAM,GAAG,GAAG;AAAA;AAC1C;AAIO,SAAS,eAAe,UAA8B;AACzD,MAAI,SAAS,MAAM,SAAS,GAAG;AAC3B,UAAM,MAAcA,IAAG,aAAa,QAAQ;AAC5C,WAAO,mBAAmB,GAAG;AAAA,EACjC,OAAO;AACH,UAAM,UAAkB,aAAa,QAAQ;AAC7C,WAAO,mBAAmB,OAAO;AAAA,EACrC;AACJ;AAEO,SAAS,mBAAmB,UAAkC;AACjE,SAAO,aAAa,QAAQ;AAChC;AAEO,SAAS,iBAAiB,UAAgC;AAC7D,SAAO,aAAa,QAAQ;AAChC;AAKO,SAAS,kBAAkB,UAAiC;AAC/D,SAAO,aAAa,QAAQ;AAChC;AAEA,IAAI,uBAA+B;AAE5B,SAAS,oBAAoB,OAAuB;AACvD,QAAM,YAAY;AAClB,yBAAuB;AACvB,SAAO;AACX;AACO,SAAS,sBAA8B;AAC1C,MAAI,CAAC,sBAAsB;AACvB,2BAAuB,KAAK,KAAK,WAAW,qBAAqB;AAAA,EACrE;AACA,SAAO;AACX;AAKO,SAAS,kBAAkB,UAA8B;AAC5D,MAAI,CAAC,kBAAkB;AACnB,UAAM,IAAI,MAAM,uDAAuD;AAAA,EAC3E;AACA,MAAI,SAAS,UAAU,GAAG,CAAC,MAAM,OAAO,CAACA,IAAG,WAAW,QAAQ,GAAG;AAC9D,eAAW,KAAK,KAAK,oBAAoB,GAAG,QAAQ;AAAA,EACxD;AACA,QAAM,UAAUA,IAAG,aAAa,UAAU,MAAM;AAChD,QAAM,SAAS,MAAM,gBAAgB,SAAS,MAAM;AACpD,QAAM,MAAM,OAAO,SAAS,OAAO;AACnC,QAAM,SAAS,iBAAiB,EAAE,QAAQ,OAAO,MAAM,SAAS,IAAI,CAAC;AACrE,SAAO,EAAE,OAAO;AACpB;AAEO,SAAS,iBAAiB,UAA6B;AAC1D,MAAI,SAAS,UAAU,GAAG,CAAC,MAAM,OAAO,CAACA,IAAG,WAAW,QAAQ,GAAG;AAC9D,eAAW,KAAK,KAAK,oBAAoB,GAAG,QAAQ;AAAA,EACxD;AACA,QAAM,UAAUA,IAAG,aAAa,UAAU,OAAO;AACjD,QAAM,SAAS,MAAM,SAAS,SAAS,KAAK;AAC5C,QAAM,MAAM,OAAO,SAAS,OAAO;AACnC,SAAO,gBAAgB,EAAE,QAAQ,OAAO,MAAM,SAAS,IAAI,CAAC;AAChE;;;AC7IA,OAAOC,SAAQ;AAIf,eAAsB,8BAA8B,UAAsD;AACtG,QAAM,MAAM,MAAMC,IAAG,SAAS,SAAS,QAAQ;AAC/C,MAAI,IAAI,CAAC,MAAM,MAAQ,IAAI,CAAC,MAAM,KAAM;AAEpC,WAAO;AAAA,EACX;AACA,QAAM,UAAU,IAAI,SAAS;AAC7B,SAAO,gBAAgB,OAAO;AAClC;;;ACZA,OAAOC,SAAQ;AAMf,eAAsB,8BAA8B,UAAsD;AACtG,QAAM,MAAM,MAAMC,IAAG,SAAS,SAAS,QAAQ;AAC/C,MAAI,IAAI,CAAC,MAAM,MAAQ,IAAI,CAAC,MAAM,KAAM;AAEpC,WAAO;AAAA,EACX;AACA,QAAM,UAAU,IAAI,SAAS;AAC7B,SAAO,gBAAgB,OAAO;AAClC;","names":["fs","fs","fs","fs","fs","fs"]}

package/dist/index.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-export { AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, Subject, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, asn1, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreAsn1, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePrivateKeyThumbPrint, makePseudoRandomBuffer, makeSHA1Thumbprint, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readExtension, readNameForCrl, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyMessageChunkSignature } from './source/index_web.mjs';
+export { AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, Subject, SubjectAltName, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, asn1, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreAsn1, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, isCrlIssuedByCertificate, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePrivateKeyThumbPrint, makePseudoRandomBuffer, makeSHA1Thumbprint, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readExtension, readNameForCrl, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyCrlIssuedByCertificate, verifyMessageChunkSignature } from './source/index_web.mjs';
 export { CertificateSigningRequest, generatePrivateKeyFile, generatePrivateKeyFileAlternate, getCertificateStore, readCertificate, readCertificatePEM, readCertificateRevocationList, readCertificateSigningRequest, readPrivateKey, readPrivateKeyPEM, readPrivateRsaKey, readPublicKey, readPublicKeyPEM, readPublicRsaKey, setCertificateStore } from './source_nodejs/index.mjs';
 export { C as Certificate, d as CertificatePEM, h as CertificatePurpose, g as CertificateRevocationList, D as DER, K as KeyObject, N as Nonce, b as PEM, P as PrivateKey, e as PrivateKeyPEM, a as PublicKey, f as PublicKeyPEM, S as Signature, c as createPrivateKeyFromNodeJSCrypto, i as isKeyObject } from './common-DxHkx4Pv.mjs';
 import 'node:crypto';

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-export { AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, Subject, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, asn1, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreAsn1, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePrivateKeyThumbPrint, makePseudoRandomBuffer, makeSHA1Thumbprint, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readExtension, readNameForCrl, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyMessageChunkSignature } from './source/index_web.js';
+export { AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, Subject, SubjectAltName, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, asn1, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreAsn1, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, isCrlIssuedByCertificate, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePrivateKeyThumbPrint, makePseudoRandomBuffer, makeSHA1Thumbprint, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readExtension, readNameForCrl, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyCrlIssuedByCertificate, verifyMessageChunkSignature } from './source/index_web.js';
 export { CertificateSigningRequest, generatePrivateKeyFile, generatePrivateKeyFileAlternate, getCertificateStore, readCertificate, readCertificatePEM, readCertificateRevocationList, readCertificateSigningRequest, readPrivateKey, readPrivateKeyPEM, readPrivateRsaKey, readPublicKey, readPublicKeyPEM, readPublicRsaKey, setCertificateStore } from './source_nodejs/index.js';
 export { C as Certificate, d as CertificatePEM, h as CertificatePurpose, g as CertificateRevocationList, D as DER, K as KeyObject, N as Nonce, b as PEM, P as PrivateKey, e as PrivateKeyPEM, a as PublicKey, f as PublicKeyPEM, S as Signature, c as createPrivateKeyFromNodeJSCrypto, i as isKeyObject } from './common-DxHkx4Pv.js';
 import 'node:crypto';

package/dist/index.js CHANGED Viewed

@@ -69,6 +69,7 @@ __export(index_exports, {
   getCertificateStore: () => getCertificateStore,
   hexDump: () => hexDump,
   identifyPemType: () => identifyPemType,
+  isCrlIssuedByCertificate: () => isCrlIssuedByCertificate,
   isKeyObject: () => isKeyObject,
   makeMessageChunkSignature: () => makeMessageChunkSignature,
   makeMessageChunkSignatureWithDerivedKeys: () => makeMessageChunkSignatureWithDerivedKeys,
@@ -115,6 +116,7 @@ __export(index_exports, {
   verifyCertificateSignature: () => verifyCertificateSignature,
   verifyChunkSignature: () => verifyChunkSignature,
   verifyChunkSignatureWithDerivedKeys: () => verifyChunkSignatureWithDerivedKeys,
+  verifyCrlIssuedByCertificate: () => verifyCrlIssuedByCertificate,
   verifyMessageChunkSignature: () => verifyMessageChunkSignature
 });
 module.exports = __toCommonJS(index_exports);
@@ -703,7 +705,6 @@ function readTime(buffer, block) {
 var import_node_assert2 = __toESM(require("assert"));
 var import_node_constants = __toESM(require("constants"));
 var import_node_crypto2 = require("crypto");
-var import_jsrsasign = __toESM(require("jsrsasign"));
 // source/buffer_utils.ts
 var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (size) => {
@@ -893,8 +894,8 @@ function coerceCertificatePem(certificate) {
 }
 function extractPublicKeyFromCertificateSync(certificate) {
   certificate = coerceCertificatePem(certificate);
-  const key = import_jsrsasign.default.KEYUTIL.getKey(certificate);
-  const publicKeyAsPem = import_jsrsasign.default.KEYUTIL.getPEM(key);
+  const publicKeyObject = (0, import_node_crypto2.createPublicKey)(certificate);
+  const publicKeyAsPem = publicKeyObject.export({ format: "pem", type: "spki" }).toString();
   (0, import_node_assert2.default)(typeof publicKeyAsPem === "string");
   return publicKeyAsPem;
 }
@@ -1316,13 +1317,154 @@ function combine_der(certificates) {
   return Buffer.concat(certificates);
 }
+// source/explore_certificate_revocation_list.ts
+function readNameForCrl(buffer, block) {
+  return readDirectoryName(buffer, block);
+}
+function _readTbsCertList(buffer, blockInfo) {
+  const blocks = readStruct(buffer, blockInfo);
+  const hasOptionalVersion = blocks[0].tag === 2 /* INTEGER */;
+  if (hasOptionalVersion) {
+    const _version = readIntegerValue(buffer, blocks[0]);
+    const signature = readAlgorithmIdentifier(buffer, blocks[1]);
+    const issuer = readNameForCrl(buffer, blocks[2]);
+    const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[2])));
+    const thisUpdate = readTime(buffer, blocks[3]);
+    const nextUpdate = readTime(buffer, blocks[4]);
+    const revokedCertificates = [];
+    if (blocks[5] && blocks[5].tag < 128) {
+      const list = readStruct(buffer, blocks[5]);
+      for (const r of list) {
+        const rr = readStruct(buffer, r);
+        const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
+        const revocationDate = readTime(buffer, rr[1]);
+        revokedCertificates.push({
+          revocationDate,
+          userCertificate
+        });
+      }
+    }
+    const _ext0 = findBlockAtIndex(blocks, 0);
+    return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
+  } else {
+    const signature = readAlgorithmIdentifier(buffer, blocks[0]);
+    const issuer = readNameForCrl(buffer, blocks[1]);
+    const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[1])));
+    const thisUpdate = readTime(buffer, blocks[2]);
+    const nextUpdate = readTime(buffer, blocks[3]);
+    const revokedCertificates = [];
+    if (blocks[4] && blocks[4].tag < 128) {
+      const list = readStruct(buffer, blocks[4]);
+      for (const r of list) {
+        const rr = readStruct(buffer, r);
+        const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
+        const revocationDate = readTime(buffer, rr[1]);
+        revokedCertificates.push({
+          revocationDate,
+          userCertificate
+        });
+      }
+    }
+    return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
+  }
+}
+function exploreCertificateRevocationList(crl) {
+  const blockInfo = readTag(crl, 0);
+  const blocks = readStruct(crl, blockInfo);
+  const tbsCertList = _readTbsCertList(crl, blocks[0]);
+  const signatureAlgorithm = readAlgorithmIdentifier(crl, blocks[1]);
+  const signatureValue = readSignatureValueBin(crl, blocks[2]);
+  return { tbsCertList, signatureAlgorithm, signatureValue };
+}
+// source/verify_certificate_signature.ts
+var import_node_crypto3 = require("crypto");
+function verifyCertificateOrClrSignature(certificateOrCrl, parentCertificate) {
+  const block_info = readTag(certificateOrCrl, 0);
+  const blocks = readStruct(certificateOrCrl, block_info);
+  const bufferToBeSigned = certificateOrCrl.subarray(block_info.position, blocks[1].position - 2);
+  const signatureAlgorithm = readAlgorithmIdentifier(certificateOrCrl, blocks[1]);
+  const signatureValue = readSignatureValueBin(certificateOrCrl, blocks[2]);
+  const p = split_der(parentCertificate)[0];
+  const certPem = toPem(p, "CERTIFICATE");
+  const verify = (0, import_node_crypto3.createVerify)(signatureAlgorithm.identifier);
+  verify.update(bufferToBeSigned);
+  verify.end();
+  return verify.verify(certPem, signatureValue);
+}
+function verifyCertificateSignature(certificate, parentCertificate) {
+  return verifyCertificateOrClrSignature(certificate, parentCertificate);
+}
+function verifyCertificateRevocationListSignature(certificateRevocationList, parentCertificate) {
+  return verifyCertificateOrClrSignature(certificateRevocationList, parentCertificate);
+}
+async function verifyCertificateChain(certificateChain) {
+  for (let index = 1; index < certificateChain.length; index++) {
+    const cert = certificateChain[index - 1];
+    const certParent = certificateChain[index];
+    const certParentInfo = exploreCertificate(certParent);
+    const keyUsage = certParentInfo.tbsCertificate.extensions?.keyUsage;
+    if (!keyUsage || !keyUsage.keyCertSign) {
+      return {
+        status: "BadCertificateIssuerUseNotAllowed",
+        reason: "One of the certificate in the chain has not keyUsage set for Certificate Signing"
+      };
+    }
+    const parentSignChild = verifyCertificateSignature(cert, certParent);
+    if (!parentSignChild) {
+      return {
+        status: "BadCertificateInvalid",
+        reason: "One of the certificate in the chain is not signing the previous certificate"
+      };
+    }
+    const certInfo = exploreCertificate(cert);
+    if (!certInfo.tbsCertificate.extensions) {
+      return {
+        status: "BadCertificateInvalid",
+        reason: "Cannot find X409 Extension 3 in certificate"
+      };
+    }
+    if (!certParentInfo.tbsCertificate.extensions || !certInfo.tbsCertificate.extensions.authorityKeyIdentifier) {
+      return {
+        status: "BadCertificateInvalid",
+        reason: "Cannot find X409 Extension 3 in certificate (parent)"
+      };
+    }
+    if (certParentInfo.tbsCertificate.extensions.subjectKeyIdentifier !== certInfo.tbsCertificate.extensions.authorityKeyIdentifier.keyIdentifier) {
+      return {
+        status: "BadCertificateInvalid",
+        reason: "subjectKeyIdentifier authorityKeyIdentifier in child certificate do not match subjectKeyIdentifier of parent certificate"
+      };
+    }
+  }
+  return {
+    status: "Good",
+    reason: `certificate chain is valid(length = ${certificateChain.length})`
+  };
+}
+// source/crl_utils.ts
+function isCrlIssuedByCertificate(crl, certificate) {
+  const crlInfo = exploreCertificateRevocationList(crl);
+  const certInfo = exploreCertificate(certificate);
+  return crlInfo.tbsCertList.issuerFingerprint === certInfo.tbsCertificate.subjectFingerPrint;
+}
+function verifyCrlIssuedByCertificate(crl, certificate) {
+  if (!isCrlIssuedByCertificate(crl, certificate)) {
+    return false;
+  }
+  return verifyCertificateRevocationListSignature(crl, certificate);
+}
 // source/crypto_utils2.ts
 var import_node_assert5 = __toESM(require("assert"));
-var import_jsrsasign2 = __toESM(require("jsrsasign"));
+var import_node_crypto4 = require("crypto");
 function rsaLengthPrivateKey(key) {
   const keyPem = typeof key.hidden === "string" ? key.hidden : key.hidden.export({ type: "pkcs1", format: "pem" }).toString();
-  const a = import_jsrsasign2.default.KEYUTIL.getKey(keyPem);
-  return a.n.toString(16).length / 2;
+  const keyObject = (0, import_node_crypto4.createPrivateKey)(keyPem);
+  const modulusLength = keyObject.asymmetricKeyDetails?.modulusLength;
+  (0, import_node_assert5.default)(modulusLength, "Cannot determine modulus length from private key");
+  return modulusLength / 8;
 }
 function toPem2(raw_key, pem) {
   if (raw_key.hidden) {
@@ -1362,19 +1504,23 @@ function coerceRsaPublicKeyPem(publicKey) {
 function rsaLengthPublicKey(key) {
   key = coercePublicKeyPem(key);
   (0, import_node_assert5.default)(typeof key === "string");
-  const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
-  return a.n.toString(16).length / 2;
+  const keyObject = (0, import_node_crypto4.createPublicKey)(key);
+  const modulusLength = keyObject.asymmetricKeyDetails?.modulusLength;
+  (0, import_node_assert5.default)(modulusLength, "Cannot determine modulus length from public key");
+  return modulusLength / 8;
 }
 function rsaLengthRsaPublicKey(key) {
   key = coerceRsaPublicKeyPem(key);
   (0, import_node_assert5.default)(typeof key === "string");
-  const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
-  return a.n.toString(16).length / 2;
+  const keyObject = (0, import_node_crypto4.createPublicKey)(key);
+  const modulusLength = keyObject.asymmetricKeyDetails?.modulusLength;
+  (0, import_node_assert5.default)(modulusLength, "Cannot determine modulus length from public key");
+  return modulusLength / 8;
 }
 // source/derived_keys.ts
 var import_node_assert7 = __toESM(require("assert"));
-var import_node_crypto3 = require("crypto");
+var import_node_crypto5 = require("crypto");
 // source/explore_certificate.ts
 var import_node_assert6 = __toESM(require("assert"));
@@ -1403,7 +1549,7 @@ function exploreCertificateInfo(certificate) {
 // source/derived_keys.ts
 function HMAC_HASH(sha1or256, secret, message) {
-  return (0, import_node_crypto3.createHmac)(sha1or256, secret).update(message).digest();
+  return (0, import_node_crypto5.createHmac)(sha1or256, secret).update(message).digest();
 }
 function plus(buf1, buf2) {
   return Buffer.concat([buf1, buf2]);
@@ -1480,7 +1626,7 @@ function encryptBufferWithDerivedKeys(buffer, derivedKeys) {
   const algorithm = derivedKeys_algorithm(derivedKeys);
   const key = derivedKeys.encryptingKey;
   const initVector = derivedKeys.initializationVector;
-  const cipher = (0, import_node_crypto3.createCipheriv)(algorithm, key, initVector);
+  const cipher = (0, import_node_crypto5.createCipheriv)(algorithm, key, initVector);
   cipher.setAutoPadding(false);
   const encrypted_chunks = [];
   encrypted_chunks.push(cipher.update(buffer));
@@ -1491,7 +1637,7 @@ function decryptBufferWithDerivedKeys(buffer, derivedKeys) {
   const algorithm = derivedKeys_algorithm(derivedKeys);
   const key = derivedKeys.encryptingKey;
   const initVector = derivedKeys.initializationVector;
-  const cipher = (0, import_node_crypto3.createDecipheriv)(algorithm, key, initVector);
+  const cipher = (0, import_node_crypto5.createDecipheriv)(algorithm, key, initVector);
   cipher.setAutoPadding(false);
   const decrypted_chunks = [];
   decrypted_chunks.push(cipher.update(buffer));
@@ -1503,7 +1649,7 @@ function makeMessageChunkSignatureWithDerivedKeys(message, derivedKeys) {
   (0, import_node_assert7.default)(Buffer.isBuffer(derivedKeys.signingKey));
   (0, import_node_assert7.default)(typeof derivedKeys.sha1or256 === "string");
   (0, import_node_assert7.default)(derivedKeys.sha1or256 === "SHA1" || derivedKeys.sha1or256 === "SHA256");
-  const signature = (0, import_node_crypto3.createHmac)(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
+  const signature = (0, import_node_crypto5.createHmac)(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
   (0, import_node_assert7.default)(signature.length === derivedKeys.signatureLength);
   return signature;
 }
@@ -1541,66 +1687,6 @@ function exploreAsn1(buffer) {
   dump(0, 0);
 }
-// source/explore_certificate_revocation_list.ts
-function readNameForCrl(buffer, block) {
-  return readDirectoryName(buffer, block);
-}
-function _readTbsCertList(buffer, blockInfo) {
-  const blocks = readStruct(buffer, blockInfo);
-  const hasOptionalVersion = blocks[0].tag === 2 /* INTEGER */;
-  if (hasOptionalVersion) {
-    const _version = readIntegerValue(buffer, blocks[0]);
-    const signature = readAlgorithmIdentifier(buffer, blocks[1]);
-    const issuer = readNameForCrl(buffer, blocks[2]);
-    const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[2])));
-    const thisUpdate = readTime(buffer, blocks[3]);
-    const nextUpdate = readTime(buffer, blocks[4]);
-    const revokedCertificates = [];
-    if (blocks[5] && blocks[5].tag < 128) {
-      const list = readStruct(buffer, blocks[5]);
-      for (const r of list) {
-        const rr = readStruct(buffer, r);
-        const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
-        const revocationDate = readTime(buffer, rr[1]);
-        revokedCertificates.push({
-          revocationDate,
-          userCertificate
-        });
-      }
-    }
-    const _ext0 = findBlockAtIndex(blocks, 0);
-    return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
-  } else {
-    const signature = readAlgorithmIdentifier(buffer, blocks[0]);
-    const issuer = readNameForCrl(buffer, blocks[1]);
-    const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[1])));
-    const thisUpdate = readTime(buffer, blocks[2]);
-    const nextUpdate = readTime(buffer, blocks[3]);
-    const revokedCertificates = [];
-    if (blocks[4] && blocks[4].tag < 128) {
-      const list = readStruct(buffer, blocks[4]);
-      for (const r of list) {
-        const rr = readStruct(buffer, r);
-        const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0]));
-        const revocationDate = readTime(buffer, rr[1]);
-        revokedCertificates.push({
-          revocationDate,
-          userCertificate
-        });
-      }
-    }
-    return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
-  }
-}
-function exploreCertificateRevocationList(crl) {
-  const blockInfo = readTag(crl, 0);
-  const blocks = readStruct(crl, blockInfo);
-  const tbsCertList = _readTbsCertList(crl, blocks[0]);
-  const signatureAlgorithm = readAlgorithmIdentifier(crl, blocks[1]);
-  const signatureValue = readSignatureValueBin(crl, blocks[2]);
-  return { tbsCertList, signatureAlgorithm, signatureValue };
-}
 // source/explore_certificate_signing_request.ts
 function _readExtensionRequest(buffer) {
   const block = readTag(buffer, 0);
@@ -1848,74 +1934,8 @@ var Subject = class _Subject {
   }
 };
-// source/verify_certificate_signature.ts
-var import_node_crypto4 = require("crypto");
-function verifyCertificateOrClrSignature(certificateOrCrl, parentCertificate) {
-  const block_info = readTag(certificateOrCrl, 0);
-  const blocks = readStruct(certificateOrCrl, block_info);
-  const bufferToBeSigned = certificateOrCrl.subarray(block_info.position, blocks[1].position - 2);
-  const signatureAlgorithm = readAlgorithmIdentifier(certificateOrCrl, blocks[1]);
-  const signatureValue = readSignatureValueBin(certificateOrCrl, blocks[2]);
-  const p = split_der(parentCertificate)[0];
-  const certPem = toPem(p, "CERTIFICATE");
-  const verify = (0, import_node_crypto4.createVerify)(signatureAlgorithm.identifier);
-  verify.update(bufferToBeSigned);
-  verify.end();
-  return verify.verify(certPem, signatureValue);
-}
-function verifyCertificateSignature(certificate, parentCertificate) {
-  return verifyCertificateOrClrSignature(certificate, parentCertificate);
-}
-function verifyCertificateRevocationListSignature(certificateRevocationList, parentCertificate) {
-  return verifyCertificateOrClrSignature(certificateRevocationList, parentCertificate);
-}
-async function verifyCertificateChain(certificateChain) {
-  for (let index = 1; index < certificateChain.length; index++) {
-    const cert = certificateChain[index - 1];
-    const certParent = certificateChain[index];
-    const certParentInfo = exploreCertificate(certParent);
-    const keyUsage = certParentInfo.tbsCertificate.extensions?.keyUsage;
-    if (!keyUsage || !keyUsage.keyCertSign) {
-      return {
-        status: "BadCertificateIssuerUseNotAllowed",
-        reason: "One of the certificate in the chain has not keyUsage set for Certificate Signing"
-      };
-    }
-    const parentSignChild = verifyCertificateSignature(cert, certParent);
-    if (!parentSignChild) {
-      return {
-        status: "BadCertificateInvalid",
-        reason: "One of the certificate in the chain is not signing the previous certificate"
-      };
-    }
-    const certInfo = exploreCertificate(cert);
-    if (!certInfo.tbsCertificate.extensions) {
-      return {
-        status: "BadCertificateInvalid",
-        reason: "Cannot find X409 Extension 3 in certificate"
-      };
-    }
-    if (!certParentInfo.tbsCertificate.extensions || !certInfo.tbsCertificate.extensions.authorityKeyIdentifier) {
-      return {
-        status: "BadCertificateInvalid",
-        reason: "Cannot find X409 Extension 3 in certificate (parent)"
-      };
-    }
-    if (certParentInfo.tbsCertificate.extensions.subjectKeyIdentifier !== certInfo.tbsCertificate.extensions.authorityKeyIdentifier.keyIdentifier) {
-      return {
-        status: "BadCertificateInvalid",
-        reason: "subjectKeyIdentifier authorityKeyIdentifier in child certificate do not match subjectKeyIdentifier of parent certificate"
-      };
-    }
-  }
-  return {
-    status: "Good",
-    reason: `certificate chain is valid(length = ${certificateChain.length})`
-  };
-}
 // source/x509/_crypto.ts
-var import_node_crypto5 = __toESM(require("crypto"));
+var import_node_crypto6 = __toESM(require("crypto"));
 var import_webcrypto = require("@peculiar/webcrypto");
 var x509 = __toESM(require("@peculiar/x509"));
 var x5092 = __toESM(require("@peculiar/x509"));
@@ -1923,7 +1943,7 @@ var doDebug3 = false;
 var _crypto;
 var ignoreCrypto = process.env.IGNORE_SUBTLE_FROM_CRYPTO;
 if (typeof window === "undefined") {
-  _crypto = import_node_crypto5.default;
+  _crypto = import_node_crypto6.default;
   if (!_crypto?.subtle || ignoreCrypto) {
     _crypto = new import_webcrypto.Crypto();
     doDebug3 && console.warn("using @peculiar/webcrypto");
@@ -1937,7 +1957,7 @@ if (typeof window === "undefined") {
   x509.cryptoProvider.set(crypto);
 }
 function getCrypto() {
-  return _crypto || crypto || import_node_crypto5.default;
+  return _crypto || crypto || import_node_crypto6.default;
 }
 // source/x509/create_key_pair.ts
@@ -6440,8 +6460,8 @@ async function createSelfSignedCertificate({
 var asn1 = { readDirectoryName, readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin };
 // source_nodejs/generate_private_key_filename.ts
+var import_node_crypto7 = require("crypto");
 var import_node_fs = __toESM(require("fs"));
-var import_jsrsasign3 = __toESM(require("jsrsasign"));
 async function generatePrivateKeyFile(privateKeyFilename, modulusLength) {
   const keys = await generateKeyPair(modulusLength);
   const privateKeyPem = await privateKeyToPEM(keys.privateKey);
@@ -6450,16 +6470,17 @@ async function generatePrivateKeyFile(privateKeyFilename, modulusLength) {
   privateKeyPem.privDer = new ArrayBuffer(0);
 }
 async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength) {
-  const kp = import_jsrsasign3.default.KEYUTIL.generateKeypair("RSA", modulusLength);
-  const prv = kp.prvKeyObj;
-  const _pub = kp.pubKeyObj;
-  const prvpem = import_jsrsasign3.default.KEYUTIL.getPEM(prv, "PKCS8PRV");
-  await import_node_fs.default.promises.writeFile(privateKeyFilename, prvpem, "utf-8");
+  const { privateKey } = (0, import_node_crypto7.generateKeyPairSync)("rsa", {
+    modulusLength,
+    privateKeyEncoding: { type: "pkcs8", format: "pem" },
+    publicKeyEncoding: { type: "spki", format: "pem" }
+  });
+  await import_node_fs.default.promises.writeFile(privateKeyFilename, privateKey, "utf-8");
 }
 // source_nodejs/read.ts
 var import_node_assert8 = __toESM(require("assert"));
-var import_node_crypto6 = require("crypto");
+var import_node_crypto8 = require("crypto");
 var import_node_fs2 = __toESM(require("fs"));
 var import_node_path = __toESM(require("path"));
 var import_sshpk = __toESM(require("sshpk"));
@@ -6480,14 +6501,14 @@ function readCertificate(filename) {
 function readPublicKey(filename) {
   if (filename.match(/.*\.der/)) {
     const der = import_node_fs2.default.readFileSync(filename);
-    return (0, import_node_crypto6.createPublicKey)(der);
+    return (0, import_node_crypto8.createPublicKey)(der);
   } else {
     const raw_key = _readPemFile(filename);
-    return (0, import_node_crypto6.createPublicKey)(raw_key);
+    return (0, import_node_crypto8.createPublicKey)(raw_key);
   }
 }
 function myCreatePrivateKey(rawKey) {
-  if (!import_node_crypto6.createPrivateKey || process.env.NO_CREATE_PRIVATEKEY) {
+  if (!import_node_crypto8.createPrivateKey || process.env.NO_CREATE_PRIVATEKEY) {
     if (Buffer.isBuffer(rawKey)) {
       const pemKey = toPem(rawKey, "PRIVATE KEY");
       (0, import_node_assert8.default)(["RSA PRIVATE KEY", "PRIVATE KEY"].indexOf(identifyPemType(pemKey)) >= 0);
@@ -6497,7 +6518,7 @@ function myCreatePrivateKey(rawKey) {
   }
   const backup = process.env.OPENSSL_CONF;
   process.env.OPENSSL_CONF = "/dev/null";
-  const retValue = (0, import_node_crypto6.createPrivateKey)(rawKey);
+  const retValue = (0, import_node_crypto8.createPrivateKey)(rawKey);
   process.env.OPENSSL_CONF = backup;
   return { hidden: retValue };
 }
@@ -6536,7 +6557,7 @@ function getCertificateStore() {
   return _g_certificate_store;
 }
 function readPrivateRsaKey(filename) {
-  if (!import_node_crypto6.createPrivateKey) {
+  if (!import_node_crypto8.createPrivateKey) {
     throw new Error("createPrivateKey is not supported in this environment");
   }
   if (filename.substring(0, 1) !== "." && !import_node_fs2.default.existsSync(filename)) {
@@ -6545,7 +6566,7 @@ function readPrivateRsaKey(filename) {
   const content = import_node_fs2.default.readFileSync(filename, "utf8");
   const sshKey = import_sshpk.default.parsePrivateKey(content, "auto");
   const key = sshKey.toString("pkcs1");
-  const hidden = (0, import_node_crypto6.createPrivateKey)({ format: "pem", type: "pkcs1", key });
+  const hidden = (0, import_node_crypto8.createPrivateKey)({ format: "pem", type: "pkcs1", key });
   return { hidden };
 }
 function readPublicRsaKey(filename) {
@@ -6555,7 +6576,7 @@ function readPublicRsaKey(filename) {
   const content = import_node_fs2.default.readFileSync(filename, "utf-8");
   const sshKey = import_sshpk.default.parseKey(content, "ssh");
   const key = sshKey.toString("pkcs1");
-  return (0, import_node_crypto6.createPublicKey)({ format: "pem", type: "pkcs1", key });
+  return (0, import_node_crypto8.createPublicKey)({ format: "pem", type: "pkcs1", key });
 }
 // source_nodejs/read_certificate_revocation_list.ts
@@ -6620,6 +6641,7 @@ async function readCertificateSigningRequest(filename) {
   getCertificateStore,
   hexDump,
   identifyPemType,
+  isCrlIssuedByCertificate,
   isKeyObject,
   makeMessageChunkSignature,
   makeMessageChunkSignatureWithDerivedKeys,
@@ -6666,6 +6688,7 @@ async function readCertificateSigningRequest(filename) {
   verifyCertificateSignature,
   verifyChunkSignature,
   verifyChunkSignatureWithDerivedKeys,
+  verifyCrlIssuedByCertificate,
   verifyMessageChunkSignature
 });
 /*! Bundled license information: