Socket
Socket
Sign inDemoInstall

@peculiar/x509

Package Overview
Dependencies
Maintainers
6
Versions
49
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@peculiar/x509 - npm Package Compare versions

Comparing version 1.0.10 to 1.1.0

build/types/asn_signature_formatter.d.ts
build/types/ec_signature_formatter.d.ts

3

build/types/index.d.ts
import "reflect-metadata";
export * from "./extensions";
export * from "./attributes";
export * from "./asn_data";
export * from "./asn_signature_formatter";
export * from "./algorithm";
export * from "./rsa_algorithm";
export * from "./ec_algorithm";
export * from "./ec_signature_formatter";
export * from "./asn_data";

@@ -8,0 +11,0 @@ export * from "./attribute";

2

build/types/x509_cert.d.ts

@@ -8,3 +8,3 @@ import { Certificate } from "@peculiar/asn1-x509";

date?: Date;
publicKey?: CryptoKey;
publicKey?: CryptoKey | PublicKey | X509Certificate;
signatureOnly?: boolean;

@@ -11,0 +11,0 @@ }

143

build/x509.cjs.js

@@ -502,2 +502,12 @@ /*!

const diAsnSignatureFormatter = "crypto.signatureFormatter";
class AsnDefaultSignatureFormatter {
toAsnSignature(algorithm, signature) {
return pvtsutils.BufferSourceConverter.toArrayBuffer(signature);
}
toWebSignature(algorithm, signature) {
return pvtsutils.BufferSourceConverter.toArrayBuffer(signature);
}
}
class X509Certificate extends PemData {

@@ -564,6 +574,38 @@ constructor(param) {

async verify(params, crypto = cryptoProvider.get()) {
const date = params.date || new Date();
const keyAlgorithm = { ...this.publicKey.algorithm, ...this.signatureAlgorithm };
const publicKey = params.publicKey || await this.publicKey.export(keyAlgorithm, ["verify"], crypto);
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, this.signature, this.tbs);
let keyAlgorithm;
let publicKey;
const paramsKey = params.publicKey;
try {
if (!paramsKey) {
keyAlgorithm = { ...this.publicKey.algorithm, ...this.signatureAlgorithm };
publicKey = await this.publicKey.export(keyAlgorithm, ["verify"], crypto);
}
else if (paramsKey instanceof X509Certificate) {
keyAlgorithm = { ...paramsKey.publicKey.algorithm, ...this.signatureAlgorithm };
publicKey = await paramsKey.publicKey.export(keyAlgorithm, ["verify"]);
}
else if (paramsKey instanceof PublicKey) {
keyAlgorithm = { ...paramsKey.algorithm, ...this.signatureAlgorithm };
publicKey = await paramsKey.export(keyAlgorithm, ["verify"]);
}
else {
keyAlgorithm = { ...paramsKey.algorithm, ...this.signatureAlgorithm };
publicKey = paramsKey;
}
}
catch (_a) {
return false;
}
const signatureFormatters = tsyringe.container.resolveAll(diAsnSignatureFormatter).reverse();
let signature = null;
for (const signatureFormatter of signatureFormatters) {
signature = signatureFormatter.toWebSignature(keyAlgorithm, this.signature);
if (signature) {
break;
}
}
if (!signature) {
throw Error("Cannot convert ASN.1 signature value to WebCrypto format");
}
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, signature, this.tbs);
if (params.signatureOnly) {

@@ -573,2 +615,3 @@ return ok;

else {
const date = params.date || new Date();
const time = date.getTime();

@@ -1081,2 +1124,46 @@ return ok && this.notBefore.getTime() < time && time < this.notAfter.getTime();

class AsnEcSignatureFormatter {
addPadding(pointSize, data) {
const bytes = pvtsutils.BufferSourceConverter.toUint8Array(data);
const res = new Uint8Array(pointSize);
res.set(bytes, pointSize - bytes.length);
return res;
}
removePadding(data) {
const bytes = pvtsutils.BufferSourceConverter.toUint8Array(data);
for (let i = 0; i < bytes.length; i++) {
if (!bytes[i]) {
continue;
}
return bytes.slice(i).buffer;
}
return new ArrayBuffer(0);
}
toAsnSignature(algorithm, signature) {
if (algorithm.name === "ECDSA") {
const namedCurve = algorithm.namedCurve;
const pointSize = AsnEcSignatureFormatter.namedCurveSize.get(namedCurve) || AsnEcSignatureFormatter.defaultNamedCurveSize;
const ecSignature = new asn1Ecc.ECDSASigValue();
const uint8Signature = pvtsutils.BufferSourceConverter.toUint8Array(signature);
ecSignature.r = this.removePadding(uint8Signature.slice(0, pointSize));
ecSignature.s = this.removePadding(uint8Signature.slice(pointSize, pointSize + pointSize));
return asn1Schema.AsnConvert.serialize(ecSignature);
}
return null;
}
toWebSignature(algorithm, signature) {
if (algorithm.name === "ECDSA") {
const ecSigValue = asn1Schema.AsnConvert.parse(signature, asn1Ecc.ECDSASigValue);
const namedCurve = algorithm.namedCurve;
const pointSize = AsnEcSignatureFormatter.namedCurveSize.get(namedCurve) || AsnEcSignatureFormatter.defaultNamedCurveSize;
const r = this.addPadding(pointSize, this.removePadding(ecSigValue.r));
const s = this.addPadding(pointSize, this.removePadding(ecSigValue.s));
return pvtsutils.combine(r, s);
}
return null;
}
}
AsnEcSignatureFormatter.namedCurveSize = new Map();
AsnEcSignatureFormatter.defaultNamedCurveSize = 32;
class Pkcs10CertificateRequest extends PemData {

@@ -1132,3 +1219,14 @@ constructor(param) {

const publicKey = await this.publicKey.export(algorithm, ["verify"], crypto);
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, this.signature, this.tbs);
const signatureFormatters = tsyringe.container.resolveAll(diAsnSignatureFormatter).reverse();
let signature = null;
for (const signatureFormatter of signatureFormatters) {
signature = signatureFormatter.toWebSignature(algorithm, this.signature);
if (signature) {
break;
}
}
if (!signature) {
throw Error("Cannot convert WebCrypto signature value to ASN.1 format");
}
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, signature, this.tbs);
return ok;

@@ -1168,3 +1266,14 @@ }

const signature = await crypto.subtle.sign(signingAlgorithm, params.keys.privateKey, tbs);
asnReq.signature = signature;
const signatureFormatters = tsyringe.container.resolveAll(diAsnSignatureFormatter).reverse();
let asnSignature = null;
for (const signatureFormatter of signatureFormatters) {
asnSignature = signatureFormatter.toAsnSignature(signingAlgorithm, signature);
if (asnSignature) {
break;
}
}
if (!asnSignature) {
throw Error("Cannot convert WebCrypto signature value to ASN.1 format");
}
asnReq.signature = asnSignature;
return new Pkcs10CertificateRequest(asn1Schema.AsnConvert.serialize(asnReq));

@@ -1336,3 +1445,14 @@ }

const signature = await crypto.subtle.sign(signingAlgorithm, params.signingKey, tbs);
asnX509.signatureValue = signature;
const signatureFormatters = tsyringe.container.resolveAll(diAsnSignatureFormatter).reverse();
let asnSignature = null;
for (const signatureFormatter of signatureFormatters) {
asnSignature = signatureFormatter.toAsnSignature(signingAlgorithm, signature);
if (asnSignature) {
break;
}
}
if (!asnSignature) {
throw Error("Cannot convert ASN.1 signature value to WebCrypto format");
}
asnX509.signatureValue = asnSignature;
return new X509Certificate(asn1Schema.AsnConvert.serialize(asnX509));

@@ -1350,5 +1470,13 @@ }

AttributeFactory.register(asnPkcs9.id_pkcs9_at_extensionRequest, ExtensionsAttribute);
tsyringe.container.registerSingleton(diAsnSignatureFormatter, AsnDefaultSignatureFormatter);
tsyringe.container.registerSingleton(diAsnSignatureFormatter, AsnEcSignatureFormatter);
AsnEcSignatureFormatter.namedCurveSize.set("P-256", 32);
AsnEcSignatureFormatter.namedCurveSize.set("K-256", 32);
AsnEcSignatureFormatter.namedCurveSize.set("P-384", 48);
AsnEcSignatureFormatter.namedCurveSize.set("P-521", 66);
exports.AlgorithmProvider = AlgorithmProvider;
exports.AsnData = AsnData;
exports.AsnDefaultSignatureFormatter = AsnDefaultSignatureFormatter;
exports.AsnEcSignatureFormatter = AsnEcSignatureFormatter;
exports.Attribute = Attribute;

@@ -1381,1 +1509,2 @@ exports.AttributeFactory = AttributeFactory;

exports.diAlgorithmProvider = diAlgorithmProvider;
exports.diAsnSignatureFormatter = diAsnSignatureFormatter;

146

build/x509.es.js

@@ -28,3 +28,3 @@ /*!

import { Extension as Extension$1, Name as Name$1, AttributeTypeAndValue, RelativeDistinguishedName, SubjectPublicKeyInfo, Certificate, AuthorityKeyIdentifier, id_ce_authorityKeyIdentifier, BasicConstraints, id_ce_basicConstraints, ExtendedKeyUsage, id_ce_extKeyUsage, KeyUsage, id_ce_keyUsage, SubjectKeyIdentifier, id_ce_subjectKeyIdentifier, OtherName as OtherName$1, SubjectAlternativeName, GeneralName, id_ce_subjectAltName, DirectoryString, Attribute as Attribute$1, Extensions, AlgorithmIdentifier, TBSCertificate, Version, Validity } from '@peculiar/asn1-x509';
import { BufferSourceConverter, isEqual, Convert } from 'pvtsutils';
import { BufferSourceConverter, isEqual, Convert, combine } from 'pvtsutils';
import { container, injectable } from 'tsyringe';

@@ -34,3 +34,3 @@ import { id_rsaEncryption, RSAPublicKey, id_sha512WithRSAEncryption, id_sha384WithRSAEncryption, id_sha256WithRSAEncryption, id_sha1WithRSAEncryption } from '@peculiar/asn1-rsa';

import { __decorate } from 'tslib';
import { id_ecdsaWithSHA512, id_ecdsaWithSHA384, id_ecdsaWithSHA256, id_ecdsaWithSHA1, id_ecPublicKey, ECParameters, id_secp521r1, id_secp384r1, id_secp256r1 } from '@peculiar/asn1-ecc';
import { id_ecdsaWithSHA512, id_ecdsaWithSHA384, id_ecdsaWithSHA256, id_ecdsaWithSHA1, id_ecPublicKey, ECParameters, id_secp521r1, id_secp384r1, id_secp256r1, ECDSASigValue } from '@peculiar/asn1-ecc';
import { CertificationRequest, CertificationRequestInfo } from '@peculiar/asn1-csr';

@@ -500,2 +500,12 @@ import { SignedData, CertificateSet, CertificateChoices, ContentInfo, id_signedData } from '@peculiar/asn1-cms';

const diAsnSignatureFormatter = "crypto.signatureFormatter";
class AsnDefaultSignatureFormatter {
toAsnSignature(algorithm, signature) {
return BufferSourceConverter.toArrayBuffer(signature);
}
toWebSignature(algorithm, signature) {
return BufferSourceConverter.toArrayBuffer(signature);
}
}
class X509Certificate extends PemData {

@@ -562,6 +572,38 @@ constructor(param) {

async verify(params, crypto = cryptoProvider.get()) {
const date = params.date || new Date();
const keyAlgorithm = { ...this.publicKey.algorithm, ...this.signatureAlgorithm };
const publicKey = params.publicKey || await this.publicKey.export(keyAlgorithm, ["verify"], crypto);
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, this.signature, this.tbs);
let keyAlgorithm;
let publicKey;
const paramsKey = params.publicKey;
try {
if (!paramsKey) {
keyAlgorithm = { ...this.publicKey.algorithm, ...this.signatureAlgorithm };
publicKey = await this.publicKey.export(keyAlgorithm, ["verify"], crypto);
}
else if (paramsKey instanceof X509Certificate) {
keyAlgorithm = { ...paramsKey.publicKey.algorithm, ...this.signatureAlgorithm };
publicKey = await paramsKey.publicKey.export(keyAlgorithm, ["verify"]);
}
else if (paramsKey instanceof PublicKey) {
keyAlgorithm = { ...paramsKey.algorithm, ...this.signatureAlgorithm };
publicKey = await paramsKey.export(keyAlgorithm, ["verify"]);
}
else {
keyAlgorithm = { ...paramsKey.algorithm, ...this.signatureAlgorithm };
publicKey = paramsKey;
}
}
catch (_a) {
return false;
}
const signatureFormatters = container.resolveAll(diAsnSignatureFormatter).reverse();
let signature = null;
for (const signatureFormatter of signatureFormatters) {
signature = signatureFormatter.toWebSignature(keyAlgorithm, this.signature);
if (signature) {
break;
}
}
if (!signature) {
throw Error("Cannot convert ASN.1 signature value to WebCrypto format");
}
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, signature, this.tbs);
if (params.signatureOnly) {

@@ -571,2 +613,3 @@ return ok;

else {
const date = params.date || new Date();
const time = date.getTime();

@@ -1080,2 +1123,46 @@ return ok && this.notBefore.getTime() < time && time < this.notAfter.getTime();

class AsnEcSignatureFormatter {
addPadding(pointSize, data) {
const bytes = BufferSourceConverter.toUint8Array(data);
const res = new Uint8Array(pointSize);
res.set(bytes, pointSize - bytes.length);
return res;
}
removePadding(data) {
const bytes = BufferSourceConverter.toUint8Array(data);
for (let i = 0; i < bytes.length; i++) {
if (!bytes[i]) {
continue;
}
return bytes.slice(i).buffer;
}
return new ArrayBuffer(0);
}
toAsnSignature(algorithm, signature) {
if (algorithm.name === "ECDSA") {
const namedCurve = algorithm.namedCurve;
const pointSize = AsnEcSignatureFormatter.namedCurveSize.get(namedCurve) || AsnEcSignatureFormatter.defaultNamedCurveSize;
const ecSignature = new ECDSASigValue();
const uint8Signature = BufferSourceConverter.toUint8Array(signature);
ecSignature.r = this.removePadding(uint8Signature.slice(0, pointSize));
ecSignature.s = this.removePadding(uint8Signature.slice(pointSize, pointSize + pointSize));
return AsnConvert.serialize(ecSignature);
}
return null;
}
toWebSignature(algorithm, signature) {
if (algorithm.name === "ECDSA") {
const ecSigValue = AsnConvert.parse(signature, ECDSASigValue);
const namedCurve = algorithm.namedCurve;
const pointSize = AsnEcSignatureFormatter.namedCurveSize.get(namedCurve) || AsnEcSignatureFormatter.defaultNamedCurveSize;
const r = this.addPadding(pointSize, this.removePadding(ecSigValue.r));
const s = this.addPadding(pointSize, this.removePadding(ecSigValue.s));
return combine(r, s);
}
return null;
}
}
AsnEcSignatureFormatter.namedCurveSize = new Map();
AsnEcSignatureFormatter.defaultNamedCurveSize = 32;
class Pkcs10CertificateRequest extends PemData {

@@ -1131,3 +1218,14 @@ constructor(param) {

const publicKey = await this.publicKey.export(algorithm, ["verify"], crypto);
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, this.signature, this.tbs);
const signatureFormatters = container.resolveAll(diAsnSignatureFormatter).reverse();
let signature = null;
for (const signatureFormatter of signatureFormatters) {
signature = signatureFormatter.toWebSignature(algorithm, this.signature);
if (signature) {
break;
}
}
if (!signature) {
throw Error("Cannot convert WebCrypto signature value to ASN.1 format");
}
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, signature, this.tbs);
return ok;

@@ -1167,3 +1265,14 @@ }

const signature = await crypto.subtle.sign(signingAlgorithm, params.keys.privateKey, tbs);
asnReq.signature = signature;
const signatureFormatters = container.resolveAll(diAsnSignatureFormatter).reverse();
let asnSignature = null;
for (const signatureFormatter of signatureFormatters) {
asnSignature = signatureFormatter.toAsnSignature(signingAlgorithm, signature);
if (asnSignature) {
break;
}
}
if (!asnSignature) {
throw Error("Cannot convert WebCrypto signature value to ASN.1 format");
}
asnReq.signature = asnSignature;
return new Pkcs10CertificateRequest(AsnConvert.serialize(asnReq));

@@ -1335,3 +1444,14 @@ }

const signature = await crypto.subtle.sign(signingAlgorithm, params.signingKey, tbs);
asnX509.signatureValue = signature;
const signatureFormatters = container.resolveAll(diAsnSignatureFormatter).reverse();
let asnSignature = null;
for (const signatureFormatter of signatureFormatters) {
asnSignature = signatureFormatter.toAsnSignature(signingAlgorithm, signature);
if (asnSignature) {
break;
}
}
if (!asnSignature) {
throw Error("Cannot convert ASN.1 signature value to WebCrypto format");
}
asnX509.signatureValue = asnSignature;
return new X509Certificate(AsnConvert.serialize(asnX509));

@@ -1349,3 +1469,9 @@ }

AttributeFactory.register(id_pkcs9_at_extensionRequest, ExtensionsAttribute);
container.registerSingleton(diAsnSignatureFormatter, AsnDefaultSignatureFormatter);
container.registerSingleton(diAsnSignatureFormatter, AsnEcSignatureFormatter);
AsnEcSignatureFormatter.namedCurveSize.set("P-256", 32);
AsnEcSignatureFormatter.namedCurveSize.set("K-256", 32);
AsnEcSignatureFormatter.namedCurveSize.set("P-384", 48);
AsnEcSignatureFormatter.namedCurveSize.set("P-521", 66);
export { AlgorithmProvider, AsnData, Attribute, AttributeFactory, AuthorityKeyIdentifierExtension, BasicConstraintsExtension, ChallengePasswordAttribute, CryptoProvider, EcAlgorithm, ExtendedKeyUsageExtension, Extension, ExtensionFactory, ExtensionsAttribute, KeyUsageFlags, KeyUsagesExtension, Name, NameIdentifier, OtherName, PemConverter, Pkcs10CertificateRequest, Pkcs10CertificateRequestGenerator, PublicKey, RsaAlgorithm, SubjectAlternativeNameExtension, SubjectKeyIdentifierExtension, X509Certificate, X509CertificateGenerator, X509Certificates, X509ChainBuilder, cryptoProvider, diAlgorithm, diAlgorithmProvider };
export { AlgorithmProvider, AsnData, AsnDefaultSignatureFormatter, AsnEcSignatureFormatter, Attribute, AttributeFactory, AuthorityKeyIdentifierExtension, BasicConstraintsExtension, ChallengePasswordAttribute, CryptoProvider, EcAlgorithm, ExtendedKeyUsageExtension, Extension, ExtensionFactory, ExtensionsAttribute, KeyUsageFlags, KeyUsagesExtension, Name, NameIdentifier, OtherName, PemConverter, Pkcs10CertificateRequest, Pkcs10CertificateRequestGenerator, PublicKey, RsaAlgorithm, SubjectAlternativeNameExtension, SubjectKeyIdentifierExtension, X509Certificate, X509CertificateGenerator, X509Certificates, X509ChainBuilder, cryptoProvider, diAlgorithm, diAlgorithmProvider, diAsnSignatureFormatter };

2

package.json
{
"name": "@peculiar/x509",
"version": "1.0.10",
"version": "1.1.0",
"description": "@peculiar/x509 is an easy to use TypeScript/Javascript library based on @peculiar/asn1-schema that makes generating X.509 Certificates and Certificate Requests as well as validating certificate chains easy",

@@ -5,0 +5,0 @@ "main": "build/x509.cjs.js",

build/x509.js

Sorry, the diff of this file is too big to display

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc