sliftutils 1.5.1 → 1.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.d.ts +1 -1
- package/misc/https/certs.d.ts +1 -1
- package/misc/https/certs.ts +25 -4
- package/package.json +1 -1
package/index.d.ts
CHANGED
|
@@ -72,7 +72,7 @@ declare module "sliftutils/misc/https/certs" {
|
|
|
72
72
|
import * as forge from "node-forge";
|
|
73
73
|
import { MaybePromise } from "socket-function/src/types";
|
|
74
74
|
export declare const CA_NOT_FOUND_ERROR = "18aa7318-f88f-4d2d-b41f-3daf4a433827";
|
|
75
|
-
export declare const identityStorageKey = "
|
|
75
|
+
export declare const identityStorageKey = "machineCA_12";
|
|
76
76
|
export type IdentityStorageType = {
|
|
77
77
|
domain: string;
|
|
78
78
|
certB64: string;
|
package/misc/https/certs.d.ts
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
import * as forge from "node-forge";
|
|
6
6
|
import { MaybePromise } from "socket-function/src/types";
|
|
7
7
|
export declare const CA_NOT_FOUND_ERROR = "18aa7318-f88f-4d2d-b41f-3daf4a433827";
|
|
8
|
-
export declare const identityStorageKey = "
|
|
8
|
+
export declare const identityStorageKey = "machineCA_12";
|
|
9
9
|
export type IdentityStorageType = {
|
|
10
10
|
domain: string;
|
|
11
11
|
certB64: string;
|
package/misc/https/certs.ts
CHANGED
|
@@ -28,7 +28,7 @@ const timeInDay = 1000 * 60 * 60 * 24;
|
|
|
28
28
|
|
|
29
29
|
export const CA_NOT_FOUND_ERROR = "18aa7318-f88f-4d2d-b41f-3daf4a433827";
|
|
30
30
|
|
|
31
|
-
export const identityStorageKey = "
|
|
31
|
+
export const identityStorageKey = "machineCA_12";
|
|
32
32
|
export type IdentityStorageType = { domain: string; certB64: string; keyB64: string };
|
|
33
33
|
// In the browser the private key is a non-extractable CryptoKey. IndexedDB structured-clones
|
|
34
34
|
// it, so it persists, but the raw key bytes can never be read by JavaScript (only used
|
|
@@ -258,6 +258,27 @@ function normalizeCertToPEM(PEMorDER: string | Buffer): string {
|
|
|
258
258
|
return "-----BEGIN CERTIFICATE-----\n" + PEMorDER + "\n-----END CERTIFICATE-----";
|
|
259
259
|
}
|
|
260
260
|
|
|
261
|
+
// Base32 (RFC 4648, lowercase, unpadded), as domain names are case-insensitive,
|
|
262
|
+
// which rules out base64/hex-with-case
|
|
263
|
+
const base32Alphabet = "abcdefghijklmnopqrstuvwxyz234567";
|
|
264
|
+
function encodeBase32(bytes: Buffer): string {
|
|
265
|
+
let result = "";
|
|
266
|
+
let bitCount = 0;
|
|
267
|
+
let value = 0;
|
|
268
|
+
for (let byte of bytes) {
|
|
269
|
+
value = (value << 8) | byte;
|
|
270
|
+
bitCount += 8;
|
|
271
|
+
while (bitCount >= 5) {
|
|
272
|
+
result += base32Alphabet[(value >>> (bitCount - 5)) & 31];
|
|
273
|
+
bitCount -= 5;
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
if (bitCount > 0) {
|
|
277
|
+
result += base32Alphabet[(value << (5 - bitCount)) & 31];
|
|
278
|
+
}
|
|
279
|
+
return result;
|
|
280
|
+
}
|
|
281
|
+
|
|
261
282
|
function getDomainPartFromPublicKey(publicKey: { publicKeyBytes: Buffer } | forge.pki.KeyPair["publicKey"] | Buffer) {
|
|
262
283
|
let bytes: Buffer;
|
|
263
284
|
if ("publicKeyBytes" in publicKey) {
|
|
@@ -267,7 +288,7 @@ function getDomainPartFromPublicKey(publicKey: { publicKeyBytes: Buffer } | forg
|
|
|
267
288
|
} else {
|
|
268
289
|
bytes = Buffer.from(new Uint32Array((publicKey as any).n.data).buffer);
|
|
269
290
|
}
|
|
270
|
-
return "b" + Buffer.from(sha265.sha256.array(Buffer.from(bytes)))
|
|
291
|
+
return "b" + encodeBase32(Buffer.from(sha265.sha256.array(Buffer.from(bytes)))).slice(0, 20);
|
|
271
292
|
}
|
|
272
293
|
|
|
273
294
|
export function validateCACert(domain: string, cert: string | Buffer) {
|
|
@@ -644,7 +665,7 @@ export async function loadIdentityCA(domain: string) {
|
|
|
644
665
|
export function getIdentityCA(domain: string): X509KeyPair {
|
|
645
666
|
let value = identityCA(domain)();
|
|
646
667
|
if (value instanceof Promise) {
|
|
647
|
-
throw new Error(
|
|
668
|
+
throw new Error(`Identity CA is not yet loaded. Call and wait for loadIdentityCA(${JSON.stringify(domain)}) in your startup before accessing the identity (or call getIdentityCAPromise(${JSON.stringify(domain)}))`);
|
|
648
669
|
}
|
|
649
670
|
return value;
|
|
650
671
|
}
|
|
@@ -662,7 +683,7 @@ export function getOwnMachineId(domain: string) {
|
|
|
662
683
|
export function getOwnThreadId(domain: string) {
|
|
663
684
|
let threadKeyCert = getThreadKeyCert(domain);
|
|
664
685
|
if (threadKeyCert instanceof Promise) {
|
|
665
|
-
throw new Error(
|
|
686
|
+
throw new Error(`Thread key cert is not yet loaded. Await getThreadKeyCert(${JSON.stringify(domain)}) in your startup before accessing the threadId`);
|
|
666
687
|
}
|
|
667
688
|
return decodeNodeIdAssert(threadKeyCert.domain, domain).threadId;
|
|
668
689
|
}
|