sliftutils 1.5.1 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/index.d.ts CHANGED
@@ -72,7 +72,7 @@ declare module "sliftutils/misc/https/certs" {
72
72
  import * as forge from "node-forge";
73
73
  import { MaybePromise } from "socket-function/src/types";
74
74
  export declare const CA_NOT_FOUND_ERROR = "18aa7318-f88f-4d2d-b41f-3daf4a433827";
75
- export declare const identityStorageKey = "machineCA_11";
75
+ export declare const identityStorageKey = "machineCA_12";
76
76
  export type IdentityStorageType = {
77
77
  domain: string;
78
78
  certB64: string;
@@ -5,7 +5,7 @@
5
5
  import * as forge from "node-forge";
6
6
  import { MaybePromise } from "socket-function/src/types";
7
7
  export declare const CA_NOT_FOUND_ERROR = "18aa7318-f88f-4d2d-b41f-3daf4a433827";
8
- export declare const identityStorageKey = "machineCA_11";
8
+ export declare const identityStorageKey = "machineCA_12";
9
9
  export type IdentityStorageType = {
10
10
  domain: string;
11
11
  certB64: string;
@@ -28,7 +28,7 @@ const timeInDay = 1000 * 60 * 60 * 24;
28
28
 
29
29
  export const CA_NOT_FOUND_ERROR = "18aa7318-f88f-4d2d-b41f-3daf4a433827";
30
30
 
31
- export const identityStorageKey = "machineCA_11";
31
+ export const identityStorageKey = "machineCA_12";
32
32
  export type IdentityStorageType = { domain: string; certB64: string; keyB64: string };
33
33
  // In the browser the private key is a non-extractable CryptoKey. IndexedDB structured-clones
34
34
  // it, so it persists, but the raw key bytes can never be read by JavaScript (only used
@@ -258,6 +258,27 @@ function normalizeCertToPEM(PEMorDER: string | Buffer): string {
258
258
  return "-----BEGIN CERTIFICATE-----\n" + PEMorDER + "\n-----END CERTIFICATE-----";
259
259
  }
260
260
 
261
+ // Base32 (RFC 4648, lowercase, unpadded), as domain names are case-insensitive,
262
+ // which rules out base64/hex-with-case
263
+ const base32Alphabet = "abcdefghijklmnopqrstuvwxyz234567";
264
+ function encodeBase32(bytes: Buffer): string {
265
+ let result = "";
266
+ let bitCount = 0;
267
+ let value = 0;
268
+ for (let byte of bytes) {
269
+ value = (value << 8) | byte;
270
+ bitCount += 8;
271
+ while (bitCount >= 5) {
272
+ result += base32Alphabet[(value >>> (bitCount - 5)) & 31];
273
+ bitCount -= 5;
274
+ }
275
+ }
276
+ if (bitCount > 0) {
277
+ result += base32Alphabet[(value << (5 - bitCount)) & 31];
278
+ }
279
+ return result;
280
+ }
281
+
261
282
  function getDomainPartFromPublicKey(publicKey: { publicKeyBytes: Buffer } | forge.pki.KeyPair["publicKey"] | Buffer) {
262
283
  let bytes: Buffer;
263
284
  if ("publicKeyBytes" in publicKey) {
@@ -267,7 +288,7 @@ function getDomainPartFromPublicKey(publicKey: { publicKeyBytes: Buffer } | forg
267
288
  } else {
268
289
  bytes = Buffer.from(new Uint32Array((publicKey as any).n.data).buffer);
269
290
  }
270
- return "b" + Buffer.from(sha265.sha256.array(Buffer.from(bytes))).toString("base64").slice(0, 16).replaceAll("+", "-").replaceAll("/", "_");
291
+ return "b" + encodeBase32(Buffer.from(sha265.sha256.array(Buffer.from(bytes)))).slice(0, 20);
271
292
  }
272
293
 
273
294
  export function validateCACert(domain: string, cert: string | Buffer) {
@@ -644,7 +665,7 @@ export async function loadIdentityCA(domain: string) {
644
665
  export function getIdentityCA(domain: string): X509KeyPair {
645
666
  let value = identityCA(domain)();
646
667
  if (value instanceof Promise) {
647
- throw new Error("Identity CA is not yet loaded. Call and wait for loadIdentityCA() in your startup before accessing the identity (or call getIdentityCAPromise())");
668
+ throw new Error(`Identity CA is not yet loaded. Call and wait for loadIdentityCA(${JSON.stringify(domain)}) in your startup before accessing the identity (or call getIdentityCAPromise(${JSON.stringify(domain)}))`);
648
669
  }
649
670
  return value;
650
671
  }
@@ -662,7 +683,7 @@ export function getOwnMachineId(domain: string) {
662
683
  export function getOwnThreadId(domain: string) {
663
684
  let threadKeyCert = getThreadKeyCert(domain);
664
685
  if (threadKeyCert instanceof Promise) {
665
- throw new Error("Thread key cert is not yet loaded. Await getThreadKeyCert() in your startup before accessing the threadId");
686
+ throw new Error(`Thread key cert is not yet loaded. Await getThreadKeyCert(${JSON.stringify(domain)}) in your startup before accessing the threadId`);
666
687
  }
667
688
  return decodeNodeIdAssert(threadKeyCert.domain, domain).threadId;
668
689
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "sliftutils",
3
- "version": "1.5.1",
3
+ "version": "1.5.2",
4
4
  "main": "index.js",
5
5
  "license": "MIT",
6
6
  "files": [