node-opcua-crypto 4.9.3 → 4.10.0

package/dist/index.mjs

@@ -14,8 +14,10 @@ import {
   readPublicKeyPEM,
   readPublicRsaKey,
   setCertificateStore
-} from "./chunk-WYY6WVVJ.mjs";
-import "./chunk-5NV4OKIV.mjs";
+} from "./chunk-GNEWUC7X.mjs";
+import {
+  exploreAsn1
+} from "./chunk-VI4S2NM5.mjs";
 import {
   CertificatePurpose,
   PaddingAlgorithm,
@@ -110,7 +112,7 @@ import {
   verifyChunkSignature,
   verifyChunkSignatureWithDerivedKeys,
   verifyMessageChunkSignature
-} from "./chunk-VAMKYXNP.mjs";
+} from "./chunk-46EEAYVO.mjs";
 export {
   CertificatePurpose,
   PaddingAlgorithm,
@@ -157,6 +159,7 @@ export {
   decryptBufferWithDerivedKeys,
   derToPrivateKey,
   encryptBufferWithDerivedKeys,
+  exploreAsn1,
   exploreCertificate,
   exploreCertificateInfo,
   exploreCertificateRevocationList,

package/dist/index_web.d.mts

@@ -1,4 +1,5 @@
 export { C as Certificate, d as CertificatePEM, h as CertificatePurpose, g as CertificateRevocationList, D as DER, K as KeyObject, N as Nonce, b as PEM, P as PrivateKey, e as PrivateKeyPEM, a as PublicKey, f as PublicKeyPEM, S as Signature, c as createPrivateKeyFromNodeJSCrypto, i as isKeyObject } from './common-CFr95Map.mjs';
-export { AlgorithmIdentifier, AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, BitString, BlockInfo, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, SignatureValue, Subject, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TagType, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, _findBlockAtIndex, _getBlock, _readAlgorithmIdentifier, _readBitString, _readBooleanValue, _readDirectoryName, _readECCAlgorithmIdentifier, _readExtension, _readIntegerAsByteString, _readIntegerValue, _readListOfInteger, _readLongIntegerValue, _readObjectIdentifier, _readOctetString, _readSignatureValue, _readSignatureValueBin, _readStruct, _readTime, _readValue, _readVersionValue, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, compactDirectoryName, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, formatBuffer2DigitHexWithColum, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePseudoRandomBuffer, makeSHA1Thumbprint, parseBitString, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readNameForCrl, readTag, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyMessageChunkSignature } from './source/index.mjs';
+export { AlgorithmIdentifier, AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, BitString, BlockInfo, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, SignatureValue, Subject, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TagType, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, _findBlockAtIndex, _getBlock, _readAlgorithmIdentifier, _readBitString, _readBooleanValue, _readDirectoryName, _readECCAlgorithmIdentifier, _readExtension, _readIntegerAsByteString, _readIntegerValue, _readListOfInteger, _readLongIntegerValue, _readObjectIdentifier, _readOctetString, _readSignatureValue, _readSignatureValueBin, _readStruct, _readTime, _readValue, _readVersionValue, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, compactDirectoryName, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, formatBuffer2DigitHexWithColum, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePseudoRandomBuffer, makeSHA1Thumbprint, parseBitString, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readNameForCrl, readTag, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyMessageChunkSignature } from './source/index_web.mjs';
+export { exploreAsn1 } from './source/index.mjs';
 import 'crypto';
 import '@peculiar/x509';

package/dist/index_web.d.ts

@@ -1,4 +1,5 @@
 export { C as Certificate, d as CertificatePEM, h as CertificatePurpose, g as CertificateRevocationList, D as DER, K as KeyObject, N as Nonce, b as PEM, P as PrivateKey, e as PrivateKeyPEM, a as PublicKey, f as PublicKeyPEM, S as Signature, c as createPrivateKeyFromNodeJSCrypto, i as isKeyObject } from './common-CFr95Map.js';
-export { AlgorithmIdentifier, AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, BitString, BlockInfo, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, SignatureValue, Subject, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TagType, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, _findBlockAtIndex, _getBlock, _readAlgorithmIdentifier, _readBitString, _readBooleanValue, _readDirectoryName, _readECCAlgorithmIdentifier, _readExtension, _readIntegerAsByteString, _readIntegerValue, _readListOfInteger, _readLongIntegerValue, _readObjectIdentifier, _readOctetString, _readSignatureValue, _readSignatureValueBin, _readStruct, _readTime, _readValue, _readVersionValue, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, compactDirectoryName, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, formatBuffer2DigitHexWithColum, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePseudoRandomBuffer, makeSHA1Thumbprint, parseBitString, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readNameForCrl, readTag, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyMessageChunkSignature } from './source/index.js';
+export { AlgorithmIdentifier, AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, BitString, BlockInfo, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, SignatureValue, Subject, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TagType, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, _findBlockAtIndex, _getBlock, _readAlgorithmIdentifier, _readBitString, _readBooleanValue, _readDirectoryName, _readECCAlgorithmIdentifier, _readExtension, _readIntegerAsByteString, _readIntegerValue, _readListOfInteger, _readLongIntegerValue, _readObjectIdentifier, _readOctetString, _readSignatureValue, _readSignatureValueBin, _readStruct, _readTime, _readValue, _readVersionValue, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, compactDirectoryName, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, formatBuffer2DigitHexWithColum, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePseudoRandomBuffer, makeSHA1Thumbprint, parseBitString, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readNameForCrl, readTag, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyMessageChunkSignature } from './source/index_web.js';
+export { exploreAsn1 } from './source/index.js';
 import 'crypto';
 import '@peculiar/x509';

package/dist/index_web.js

@@ -75,6 +75,7 @@ __export(index_web_exports, {
   decryptBufferWithDerivedKeys: () => decryptBufferWithDerivedKeys,
   derToPrivateKey: () => derToPrivateKey,
   encryptBufferWithDerivedKeys: () => encryptBufferWithDerivedKeys,
+  exploreAsn1: () => exploreAsn1,
   exploreCertificate: () => exploreCertificate,
   exploreCertificateInfo: () => exploreCertificateInfo,
   exploreCertificateRevocationList: () => exploreCertificateRevocationList,
@@ -229,6 +230,7 @@ var oid_map = {
   "1.3.6.1.4.1.311.2.1.22": { d: "1.3.6.1.4.1.311.2.1.22", c: "SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID" },
   "1.3.6.1.4.1.311.10.3.1": { d: "1.3.6.1.4.1.311.10.3.1", c: "Signer of CTLs -- szOID_KP_CTL_USAGE_SIGNING" },
   "1.3.6.1.4.1.311.10.3.4": { d: "1.3.6.1.4.1.311.10.3.4", c: "szOID_EFS_RECOVERY (Encryption File System)" },
+  "1.3.6.1.4.1.311.20.2.3": { d: "1.3.6.1.4.1.311.20.2.3", c: "id-on-personalData" },
   "1.3.6.1.5.5.7.3.17": { d: "1.3.6.1.5.5.7.3.17", c: "Internet Key Exchange (IKE)" },
   "1.3.6.1.5.5.7.3.1": { d: "serverAuth", c: "PKIX key purpose" },
   "1.3.6.1.5.5.7.3.2": { d: "clientAuth", c: "PKIX key purpose" },
@@ -488,12 +490,15 @@ var TagType = /* @__PURE__ */ ((TagType3) => {
   TagType3[TagType3["BMPString"] = 30] = "BMPString";
   TagType3[TagType3["SEQUENCE"] = 48] = "SEQUENCE";
   TagType3[TagType3["SET"] = 49] = "SET";
-  TagType3[TagType3["A3"] = 163] = "A3";
+  TagType3[TagType3["CONTEXT_SPECIFIC0"] = 160] = "CONTEXT_SPECIFIC0";
+  TagType3[TagType3["CONTEXT_SPECIFIC1"] = 161] = "CONTEXT_SPECIFIC1";
+  TagType3[TagType3["CONTEXT_SPECIFIC2"] = 162] = "CONTEXT_SPECIFIC2";
+  TagType3[TagType3["CONTEXT_SPECIFIC3"] = 163] = "CONTEXT_SPECIFIC3";
+  TagType3[TagType3["A4"] = 164] = "A4";
   return TagType3;
 })(TagType || {});
 function readTag(buf, pos) {
-  (0, import_assert.default)(buf instanceof Buffer);
-  (0, import_assert.default)(Number.isFinite(pos) && pos >= 0);
+  const start = pos;
   if (buf.length <= pos) {
     throw new Error("Invalid position : buf.length=" + buf.length + " pos =" + pos);
   }
@@ -509,7 +514,7 @@ function readTag(buf, pos) {
       pos += 1;
     }
   }
-  return { tag, position: pos, length };
+  return { start, tag, position: pos, length };
 }
 function _readStruct(buf, blockInfo) {
   const length = blockInfo.length;
@@ -574,8 +579,8 @@ function _readIntegerAsByteString(buffer, block) {
 function _readListOfInteger(buffer) {
   const block = readTag(buffer, 0);
   const inner_blocks = _readStruct(buffer, block);
-  return inner_blocks.map((bblock) => {
-    return _readIntegerAsByteString(buffer, bblock);
+  return inner_blocks.map((innerBlock) => {
+    return _readIntegerAsByteString(buffer, innerBlock);
   });
 }
 function parseOID(buffer, start, end) {
@@ -838,7 +843,8 @@ function _readGeneralNames(buffer, block) {
     5: { name: "ediPartyName", type: "EDIPartyName" },
     6: { name: "uniformResourceIdentifier", type: "IA5String" },
     7: { name: "iPAddress", type: "OCTET_STRING" },
-    8: { name: "registeredID", type: "OBJECT_IDENTIFIER" }
+    8: { name: "registeredID", type: "OBJECT_IDENTIFIER" },
+    32: { name: "otherName", type: "AnotherName" }
   };
   const blocks = _readStruct(buffer, block);
   function _readFromType(buffer2, block2, type) {
@@ -852,13 +858,28 @@ function _readGeneralNames(buffer, block) {
   const n = {};
   for (const block2 of blocks) {
     (0, import_assert2.default)((block2.tag & 128) === 128);
-    const t = block2.tag & 127;
-    const type = _data[t];
+    const t2 = block2.tag & 127;
+    const type = _data[t2];
     if (!type) {
-      throw new Error(" INVALID TYPE => " + t + "0x" + t.toString(16));
+      console.log("_readGeneralNames: INVALID TYPE => " + t2 + " 0x" + t2.toString(16));
+      continue;
+    }
+    if (t2 == 32) {
+      n[type.name] = n[type.name] || [];
+      const blocks2 = _readStruct(buffer, block2);
+      const name = _readObjectIdentifier(buffer, blocks2[0]).name;
+      const buf = _getBlock(buffer, blocks2[1]);
+      const b = readTag(buf, 0);
+      const nn = _readValue(buf, b);
+      const data = {
+        identifier: name,
+        value: nn
+      };
+      n[type.name].push(data.value);
+    } else {
+      n[type.name] = n[type.name] || [];
+      n[type.name].push(_readFromType(buffer, block2, type.type));
     }
-    n[type.name] = n[type.name] || [];
-    n[type.name].push(_readFromType(buffer, block2, type.type));
   }
   return n;
 }
@@ -1744,19 +1765,20 @@ var x509 = __toESM(require("@peculiar/x509"));
 var import_webcrypto = require("@peculiar/webcrypto");
 var import_crypto5 = __toESM(require("crypto"));
 var x5092 = __toESM(require("@peculiar/x509"));
+var doDebug3 = false;
 var _crypto;
 var ignoreCrypto = process.env.IGNORE_SUBTLE_FROM_CRYPTO;
 if (typeof window === "undefined") {
   _crypto = import_crypto5.default;
   if (!_crypto?.subtle || ignoreCrypto) {
     _crypto = new import_webcrypto.Crypto();
-    console.warn("using @peculiar/webcrypto");
+    doDebug3 && console.warn("using @peculiar/webcrypto");
   } else {
-    console.warn("using nodejs crypto (native)");
+    doDebug3 && console.warn("using nodejs crypto (native)");
   }
   x509.cryptoProvider.set(_crypto);
 } else {
-  console.warn("using browser crypto (native)");
+  doDebug3 && console.warn("using browser crypto (native)");
   _crypto = crypto;
   x509.cryptoProvider.set(crypto);
 }
@@ -1894,8 +1916,8 @@ var Subject = class _Subject {
     return this.toStringInternal("/");
   }
   toString() {
-    const t = this.toStringForOPCUA();
-    return t ? "/" + t : t;
+    const t2 = this.toStringForOPCUA();
+    return t2 ? "/" + t2 : t2;
   }
 };
 
@@ -6166,7 +6188,7 @@ async function createSelfSignedCertificate({
 
 // source/x509/coerce_private_key.ts
 var crypto2 = getCrypto();
-var doDebug3 = false;
+var doDebug4 = false;
 function coercePEMorDerToPrivateKey(privateKeyInDerOrPem) {
   if (typeof privateKeyInDerOrPem === "string") {
     const hidden = createPrivateKeyFromNodeJSCrypto(privateKeyInDerOrPem);
@@ -6184,7 +6206,7 @@ async function _coercePrivateKey(privateKey) {
       const privateKey1 = await pemToPrivateKey(privateKey);
       return KeyObject4.from(privateKey1);
     } catch (err) {
-      doDebug3 && console.log(privateKey);
+      doDebug4 && console.log(privateKey);
       throw err;
     }
   } else if (privateKey instanceof KeyObject4) {
@@ -6193,6 +6215,33 @@ async function _coercePrivateKey(privateKey) {
   throw new Error("Invalid privateKey");
 }
 
+// source/explore_asn1.ts
+function t(tag) {
+  return TagType[tag];
+}
+function bi(blockInfo, depth) {
+  const indent = "  ".repeat(depth);
+  const hl = blockInfo.position - blockInfo.start;
+  return `${blockInfo.start.toString().padStart(5, " ")}:d=${depth} hl=${hl.toString().padEnd(3, " ")}  l=${blockInfo.length.toString().padStart(6, " ")} ${blockInfo.tag.toString(16).padEnd(2, " ")} ${indent} ${t(blockInfo.tag)}`;
+}
+function exploreAsn1(buffer) {
+  console.log(hexDump(buffer));
+  function dump(offset, depth) {
+    const blockInfo = readTag(buffer, offset);
+    dumpBlock(blockInfo, depth);
+    function dumpBlock(blockInfo2, depth2) {
+      console.log(bi(blockInfo2, depth2));
+      if (blockInfo2.tag === 48 /* SEQUENCE */ || blockInfo2.tag === 49 /* SET */ || blockInfo2.tag >= 160 /* CONTEXT_SPECIFIC0 */) {
+        const blocks = _readStruct(buffer, blockInfo2);
+        for (const block of blocks) {
+          dumpBlock(block, depth2 + 1);
+        }
+      }
+    }
+  }
+  dump(0, 0);
+}
+
 // source/make_private_key_from_pem.ts
 function makePrivateKeyFromPem(privateKeyInPem) {
   return { hidden: privateKeyInPem };
@@ -6244,6 +6293,7 @@ function makePrivateKeyFromPem(privateKeyInPem) {
   decryptBufferWithDerivedKeys,
   derToPrivateKey,
   encryptBufferWithDerivedKeys,
+  exploreAsn1,
   exploreCertificate,
   exploreCertificateInfo,
   exploreCertificateRevocationList,