@peculiar/x509
Advanced tools
Comparing version 1.0.10 to 1.1.0
import "reflect-metadata"; | ||
export * from "./extensions"; | ||
export * from "./attributes"; | ||
export * from "./asn_data"; | ||
export * from "./asn_signature_formatter"; | ||
export * from "./algorithm"; | ||
export * from "./rsa_algorithm"; | ||
export * from "./ec_algorithm"; | ||
export * from "./ec_signature_formatter"; | ||
export * from "./asn_data"; | ||
@@ -8,0 +11,0 @@ export * from "./attribute"; |
@@ -8,3 +8,3 @@ import { Certificate } from "@peculiar/asn1-x509"; | ||
date?: Date; | ||
publicKey?: CryptoKey; | ||
publicKey?: CryptoKey | PublicKey | X509Certificate; | ||
signatureOnly?: boolean; | ||
@@ -11,0 +11,0 @@ } |
@@ -502,2 +502,12 @@ /*! | ||
const diAsnSignatureFormatter = "crypto.signatureFormatter"; | ||
class AsnDefaultSignatureFormatter { | ||
toAsnSignature(algorithm, signature) { | ||
return pvtsutils.BufferSourceConverter.toArrayBuffer(signature); | ||
} | ||
toWebSignature(algorithm, signature) { | ||
return pvtsutils.BufferSourceConverter.toArrayBuffer(signature); | ||
} | ||
} | ||
class X509Certificate extends PemData { | ||
@@ -564,6 +574,38 @@ constructor(param) { | ||
async verify(params, crypto = cryptoProvider.get()) { | ||
const date = params.date || new Date(); | ||
const keyAlgorithm = { ...this.publicKey.algorithm, ...this.signatureAlgorithm }; | ||
const publicKey = params.publicKey || await this.publicKey.export(keyAlgorithm, ["verify"], crypto); | ||
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, this.signature, this.tbs); | ||
let keyAlgorithm; | ||
let publicKey; | ||
const paramsKey = params.publicKey; | ||
try { | ||
if (!paramsKey) { | ||
keyAlgorithm = { ...this.publicKey.algorithm, ...this.signatureAlgorithm }; | ||
publicKey = await this.publicKey.export(keyAlgorithm, ["verify"], crypto); | ||
} | ||
else if (paramsKey instanceof X509Certificate) { | ||
keyAlgorithm = { ...paramsKey.publicKey.algorithm, ...this.signatureAlgorithm }; | ||
publicKey = await paramsKey.publicKey.export(keyAlgorithm, ["verify"]); | ||
} | ||
else if (paramsKey instanceof PublicKey) { | ||
keyAlgorithm = { ...paramsKey.algorithm, ...this.signatureAlgorithm }; | ||
publicKey = await paramsKey.export(keyAlgorithm, ["verify"]); | ||
} | ||
else { | ||
keyAlgorithm = { ...paramsKey.algorithm, ...this.signatureAlgorithm }; | ||
publicKey = paramsKey; | ||
} | ||
} | ||
catch (_a) { | ||
return false; | ||
} | ||
const signatureFormatters = tsyringe.container.resolveAll(diAsnSignatureFormatter).reverse(); | ||
let signature = null; | ||
for (const signatureFormatter of signatureFormatters) { | ||
signature = signatureFormatter.toWebSignature(keyAlgorithm, this.signature); | ||
if (signature) { | ||
break; | ||
} | ||
} | ||
if (!signature) { | ||
throw Error("Cannot convert ASN.1 signature value to WebCrypto format"); | ||
} | ||
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, signature, this.tbs); | ||
if (params.signatureOnly) { | ||
@@ -573,2 +615,3 @@ return ok; | ||
else { | ||
const date = params.date || new Date(); | ||
const time = date.getTime(); | ||
@@ -1081,2 +1124,46 @@ return ok && this.notBefore.getTime() < time && time < this.notAfter.getTime(); | ||
class AsnEcSignatureFormatter { | ||
addPadding(pointSize, data) { | ||
const bytes = pvtsutils.BufferSourceConverter.toUint8Array(data); | ||
const res = new Uint8Array(pointSize); | ||
res.set(bytes, pointSize - bytes.length); | ||
return res; | ||
} | ||
removePadding(data) { | ||
const bytes = pvtsutils.BufferSourceConverter.toUint8Array(data); | ||
for (let i = 0; i < bytes.length; i++) { | ||
if (!bytes[i]) { | ||
continue; | ||
} | ||
return bytes.slice(i).buffer; | ||
} | ||
return new ArrayBuffer(0); | ||
} | ||
toAsnSignature(algorithm, signature) { | ||
if (algorithm.name === "ECDSA") { | ||
const namedCurve = algorithm.namedCurve; | ||
const pointSize = AsnEcSignatureFormatter.namedCurveSize.get(namedCurve) || AsnEcSignatureFormatter.defaultNamedCurveSize; | ||
const ecSignature = new asn1Ecc.ECDSASigValue(); | ||
const uint8Signature = pvtsutils.BufferSourceConverter.toUint8Array(signature); | ||
ecSignature.r = this.removePadding(uint8Signature.slice(0, pointSize)); | ||
ecSignature.s = this.removePadding(uint8Signature.slice(pointSize, pointSize + pointSize)); | ||
return asn1Schema.AsnConvert.serialize(ecSignature); | ||
} | ||
return null; | ||
} | ||
toWebSignature(algorithm, signature) { | ||
if (algorithm.name === "ECDSA") { | ||
const ecSigValue = asn1Schema.AsnConvert.parse(signature, asn1Ecc.ECDSASigValue); | ||
const namedCurve = algorithm.namedCurve; | ||
const pointSize = AsnEcSignatureFormatter.namedCurveSize.get(namedCurve) || AsnEcSignatureFormatter.defaultNamedCurveSize; | ||
const r = this.addPadding(pointSize, this.removePadding(ecSigValue.r)); | ||
const s = this.addPadding(pointSize, this.removePadding(ecSigValue.s)); | ||
return pvtsutils.combine(r, s); | ||
} | ||
return null; | ||
} | ||
} | ||
AsnEcSignatureFormatter.namedCurveSize = new Map(); | ||
AsnEcSignatureFormatter.defaultNamedCurveSize = 32; | ||
class Pkcs10CertificateRequest extends PemData { | ||
@@ -1132,3 +1219,14 @@ constructor(param) { | ||
const publicKey = await this.publicKey.export(algorithm, ["verify"], crypto); | ||
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, this.signature, this.tbs); | ||
const signatureFormatters = tsyringe.container.resolveAll(diAsnSignatureFormatter).reverse(); | ||
let signature = null; | ||
for (const signatureFormatter of signatureFormatters) { | ||
signature = signatureFormatter.toWebSignature(algorithm, this.signature); | ||
if (signature) { | ||
break; | ||
} | ||
} | ||
if (!signature) { | ||
throw Error("Cannot convert WebCrypto signature value to ASN.1 format"); | ||
} | ||
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, signature, this.tbs); | ||
return ok; | ||
@@ -1168,3 +1266,14 @@ } | ||
const signature = await crypto.subtle.sign(signingAlgorithm, params.keys.privateKey, tbs); | ||
asnReq.signature = signature; | ||
const signatureFormatters = tsyringe.container.resolveAll(diAsnSignatureFormatter).reverse(); | ||
let asnSignature = null; | ||
for (const signatureFormatter of signatureFormatters) { | ||
asnSignature = signatureFormatter.toAsnSignature(signingAlgorithm, signature); | ||
if (asnSignature) { | ||
break; | ||
} | ||
} | ||
if (!asnSignature) { | ||
throw Error("Cannot convert WebCrypto signature value to ASN.1 format"); | ||
} | ||
asnReq.signature = asnSignature; | ||
return new Pkcs10CertificateRequest(asn1Schema.AsnConvert.serialize(asnReq)); | ||
@@ -1336,3 +1445,14 @@ } | ||
const signature = await crypto.subtle.sign(signingAlgorithm, params.signingKey, tbs); | ||
asnX509.signatureValue = signature; | ||
const signatureFormatters = tsyringe.container.resolveAll(diAsnSignatureFormatter).reverse(); | ||
let asnSignature = null; | ||
for (const signatureFormatter of signatureFormatters) { | ||
asnSignature = signatureFormatter.toAsnSignature(signingAlgorithm, signature); | ||
if (asnSignature) { | ||
break; | ||
} | ||
} | ||
if (!asnSignature) { | ||
throw Error("Cannot convert ASN.1 signature value to WebCrypto format"); | ||
} | ||
asnX509.signatureValue = asnSignature; | ||
return new X509Certificate(asn1Schema.AsnConvert.serialize(asnX509)); | ||
@@ -1350,5 +1470,13 @@ } | ||
AttributeFactory.register(asnPkcs9.id_pkcs9_at_extensionRequest, ExtensionsAttribute); | ||
tsyringe.container.registerSingleton(diAsnSignatureFormatter, AsnDefaultSignatureFormatter); | ||
tsyringe.container.registerSingleton(diAsnSignatureFormatter, AsnEcSignatureFormatter); | ||
AsnEcSignatureFormatter.namedCurveSize.set("P-256", 32); | ||
AsnEcSignatureFormatter.namedCurveSize.set("K-256", 32); | ||
AsnEcSignatureFormatter.namedCurveSize.set("P-384", 48); | ||
AsnEcSignatureFormatter.namedCurveSize.set("P-521", 66); | ||
exports.AlgorithmProvider = AlgorithmProvider; | ||
exports.AsnData = AsnData; | ||
exports.AsnDefaultSignatureFormatter = AsnDefaultSignatureFormatter; | ||
exports.AsnEcSignatureFormatter = AsnEcSignatureFormatter; | ||
exports.Attribute = Attribute; | ||
@@ -1381,1 +1509,2 @@ exports.AttributeFactory = AttributeFactory; | ||
exports.diAlgorithmProvider = diAlgorithmProvider; | ||
exports.diAsnSignatureFormatter = diAsnSignatureFormatter; |
@@ -28,3 +28,3 @@ /*! | ||
import { Extension as Extension$1, Name as Name$1, AttributeTypeAndValue, RelativeDistinguishedName, SubjectPublicKeyInfo, Certificate, AuthorityKeyIdentifier, id_ce_authorityKeyIdentifier, BasicConstraints, id_ce_basicConstraints, ExtendedKeyUsage, id_ce_extKeyUsage, KeyUsage, id_ce_keyUsage, SubjectKeyIdentifier, id_ce_subjectKeyIdentifier, OtherName as OtherName$1, SubjectAlternativeName, GeneralName, id_ce_subjectAltName, DirectoryString, Attribute as Attribute$1, Extensions, AlgorithmIdentifier, TBSCertificate, Version, Validity } from '@peculiar/asn1-x509'; | ||
import { BufferSourceConverter, isEqual, Convert } from 'pvtsutils'; | ||
import { BufferSourceConverter, isEqual, Convert, combine } from 'pvtsutils'; | ||
import { container, injectable } from 'tsyringe'; | ||
@@ -34,3 +34,3 @@ import { id_rsaEncryption, RSAPublicKey, id_sha512WithRSAEncryption, id_sha384WithRSAEncryption, id_sha256WithRSAEncryption, id_sha1WithRSAEncryption } from '@peculiar/asn1-rsa'; | ||
import { __decorate } from 'tslib'; | ||
import { id_ecdsaWithSHA512, id_ecdsaWithSHA384, id_ecdsaWithSHA256, id_ecdsaWithSHA1, id_ecPublicKey, ECParameters, id_secp521r1, id_secp384r1, id_secp256r1 } from '@peculiar/asn1-ecc'; | ||
import { id_ecdsaWithSHA512, id_ecdsaWithSHA384, id_ecdsaWithSHA256, id_ecdsaWithSHA1, id_ecPublicKey, ECParameters, id_secp521r1, id_secp384r1, id_secp256r1, ECDSASigValue } from '@peculiar/asn1-ecc'; | ||
import { CertificationRequest, CertificationRequestInfo } from '@peculiar/asn1-csr'; | ||
@@ -500,2 +500,12 @@ import { SignedData, CertificateSet, CertificateChoices, ContentInfo, id_signedData } from '@peculiar/asn1-cms'; | ||
const diAsnSignatureFormatter = "crypto.signatureFormatter"; | ||
class AsnDefaultSignatureFormatter { | ||
toAsnSignature(algorithm, signature) { | ||
return BufferSourceConverter.toArrayBuffer(signature); | ||
} | ||
toWebSignature(algorithm, signature) { | ||
return BufferSourceConverter.toArrayBuffer(signature); | ||
} | ||
} | ||
class X509Certificate extends PemData { | ||
@@ -562,6 +572,38 @@ constructor(param) { | ||
async verify(params, crypto = cryptoProvider.get()) { | ||
const date = params.date || new Date(); | ||
const keyAlgorithm = { ...this.publicKey.algorithm, ...this.signatureAlgorithm }; | ||
const publicKey = params.publicKey || await this.publicKey.export(keyAlgorithm, ["verify"], crypto); | ||
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, this.signature, this.tbs); | ||
let keyAlgorithm; | ||
let publicKey; | ||
const paramsKey = params.publicKey; | ||
try { | ||
if (!paramsKey) { | ||
keyAlgorithm = { ...this.publicKey.algorithm, ...this.signatureAlgorithm }; | ||
publicKey = await this.publicKey.export(keyAlgorithm, ["verify"], crypto); | ||
} | ||
else if (paramsKey instanceof X509Certificate) { | ||
keyAlgorithm = { ...paramsKey.publicKey.algorithm, ...this.signatureAlgorithm }; | ||
publicKey = await paramsKey.publicKey.export(keyAlgorithm, ["verify"]); | ||
} | ||
else if (paramsKey instanceof PublicKey) { | ||
keyAlgorithm = { ...paramsKey.algorithm, ...this.signatureAlgorithm }; | ||
publicKey = await paramsKey.export(keyAlgorithm, ["verify"]); | ||
} | ||
else { | ||
keyAlgorithm = { ...paramsKey.algorithm, ...this.signatureAlgorithm }; | ||
publicKey = paramsKey; | ||
} | ||
} | ||
catch (_a) { | ||
return false; | ||
} | ||
const signatureFormatters = container.resolveAll(diAsnSignatureFormatter).reverse(); | ||
let signature = null; | ||
for (const signatureFormatter of signatureFormatters) { | ||
signature = signatureFormatter.toWebSignature(keyAlgorithm, this.signature); | ||
if (signature) { | ||
break; | ||
} | ||
} | ||
if (!signature) { | ||
throw Error("Cannot convert ASN.1 signature value to WebCrypto format"); | ||
} | ||
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, signature, this.tbs); | ||
if (params.signatureOnly) { | ||
@@ -571,2 +613,3 @@ return ok; | ||
else { | ||
const date = params.date || new Date(); | ||
const time = date.getTime(); | ||
@@ -1080,2 +1123,46 @@ return ok && this.notBefore.getTime() < time && time < this.notAfter.getTime(); | ||
class AsnEcSignatureFormatter { | ||
addPadding(pointSize, data) { | ||
const bytes = BufferSourceConverter.toUint8Array(data); | ||
const res = new Uint8Array(pointSize); | ||
res.set(bytes, pointSize - bytes.length); | ||
return res; | ||
} | ||
removePadding(data) { | ||
const bytes = BufferSourceConverter.toUint8Array(data); | ||
for (let i = 0; i < bytes.length; i++) { | ||
if (!bytes[i]) { | ||
continue; | ||
} | ||
return bytes.slice(i).buffer; | ||
} | ||
return new ArrayBuffer(0); | ||
} | ||
toAsnSignature(algorithm, signature) { | ||
if (algorithm.name === "ECDSA") { | ||
const namedCurve = algorithm.namedCurve; | ||
const pointSize = AsnEcSignatureFormatter.namedCurveSize.get(namedCurve) || AsnEcSignatureFormatter.defaultNamedCurveSize; | ||
const ecSignature = new ECDSASigValue(); | ||
const uint8Signature = BufferSourceConverter.toUint8Array(signature); | ||
ecSignature.r = this.removePadding(uint8Signature.slice(0, pointSize)); | ||
ecSignature.s = this.removePadding(uint8Signature.slice(pointSize, pointSize + pointSize)); | ||
return AsnConvert.serialize(ecSignature); | ||
} | ||
return null; | ||
} | ||
toWebSignature(algorithm, signature) { | ||
if (algorithm.name === "ECDSA") { | ||
const ecSigValue = AsnConvert.parse(signature, ECDSASigValue); | ||
const namedCurve = algorithm.namedCurve; | ||
const pointSize = AsnEcSignatureFormatter.namedCurveSize.get(namedCurve) || AsnEcSignatureFormatter.defaultNamedCurveSize; | ||
const r = this.addPadding(pointSize, this.removePadding(ecSigValue.r)); | ||
const s = this.addPadding(pointSize, this.removePadding(ecSigValue.s)); | ||
return combine(r, s); | ||
} | ||
return null; | ||
} | ||
} | ||
AsnEcSignatureFormatter.namedCurveSize = new Map(); | ||
AsnEcSignatureFormatter.defaultNamedCurveSize = 32; | ||
class Pkcs10CertificateRequest extends PemData { | ||
@@ -1131,3 +1218,14 @@ constructor(param) { | ||
const publicKey = await this.publicKey.export(algorithm, ["verify"], crypto); | ||
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, this.signature, this.tbs); | ||
const signatureFormatters = container.resolveAll(diAsnSignatureFormatter).reverse(); | ||
let signature = null; | ||
for (const signatureFormatter of signatureFormatters) { | ||
signature = signatureFormatter.toWebSignature(algorithm, this.signature); | ||
if (signature) { | ||
break; | ||
} | ||
} | ||
if (!signature) { | ||
throw Error("Cannot convert WebCrypto signature value to ASN.1 format"); | ||
} | ||
const ok = await crypto.subtle.verify(this.signatureAlgorithm, publicKey, signature, this.tbs); | ||
return ok; | ||
@@ -1167,3 +1265,14 @@ } | ||
const signature = await crypto.subtle.sign(signingAlgorithm, params.keys.privateKey, tbs); | ||
asnReq.signature = signature; | ||
const signatureFormatters = container.resolveAll(diAsnSignatureFormatter).reverse(); | ||
let asnSignature = null; | ||
for (const signatureFormatter of signatureFormatters) { | ||
asnSignature = signatureFormatter.toAsnSignature(signingAlgorithm, signature); | ||
if (asnSignature) { | ||
break; | ||
} | ||
} | ||
if (!asnSignature) { | ||
throw Error("Cannot convert WebCrypto signature value to ASN.1 format"); | ||
} | ||
asnReq.signature = asnSignature; | ||
return new Pkcs10CertificateRequest(AsnConvert.serialize(asnReq)); | ||
@@ -1335,3 +1444,14 @@ } | ||
const signature = await crypto.subtle.sign(signingAlgorithm, params.signingKey, tbs); | ||
asnX509.signatureValue = signature; | ||
const signatureFormatters = container.resolveAll(diAsnSignatureFormatter).reverse(); | ||
let asnSignature = null; | ||
for (const signatureFormatter of signatureFormatters) { | ||
asnSignature = signatureFormatter.toAsnSignature(signingAlgorithm, signature); | ||
if (asnSignature) { | ||
break; | ||
} | ||
} | ||
if (!asnSignature) { | ||
throw Error("Cannot convert ASN.1 signature value to WebCrypto format"); | ||
} | ||
asnX509.signatureValue = asnSignature; | ||
return new X509Certificate(AsnConvert.serialize(asnX509)); | ||
@@ -1349,3 +1469,9 @@ } | ||
AttributeFactory.register(id_pkcs9_at_extensionRequest, ExtensionsAttribute); | ||
container.registerSingleton(diAsnSignatureFormatter, AsnDefaultSignatureFormatter); | ||
container.registerSingleton(diAsnSignatureFormatter, AsnEcSignatureFormatter); | ||
AsnEcSignatureFormatter.namedCurveSize.set("P-256", 32); | ||
AsnEcSignatureFormatter.namedCurveSize.set("K-256", 32); | ||
AsnEcSignatureFormatter.namedCurveSize.set("P-384", 48); | ||
AsnEcSignatureFormatter.namedCurveSize.set("P-521", 66); | ||
export { AlgorithmProvider, AsnData, Attribute, AttributeFactory, AuthorityKeyIdentifierExtension, BasicConstraintsExtension, ChallengePasswordAttribute, CryptoProvider, EcAlgorithm, ExtendedKeyUsageExtension, Extension, ExtensionFactory, ExtensionsAttribute, KeyUsageFlags, KeyUsagesExtension, Name, NameIdentifier, OtherName, PemConverter, Pkcs10CertificateRequest, Pkcs10CertificateRequestGenerator, PublicKey, RsaAlgorithm, SubjectAlternativeNameExtension, SubjectKeyIdentifierExtension, X509Certificate, X509CertificateGenerator, X509Certificates, X509ChainBuilder, cryptoProvider, diAlgorithm, diAlgorithmProvider }; | ||
export { AlgorithmProvider, AsnData, AsnDefaultSignatureFormatter, AsnEcSignatureFormatter, Attribute, AttributeFactory, AuthorityKeyIdentifierExtension, BasicConstraintsExtension, ChallengePasswordAttribute, CryptoProvider, EcAlgorithm, ExtendedKeyUsageExtension, Extension, ExtensionFactory, ExtensionsAttribute, KeyUsageFlags, KeyUsagesExtension, Name, NameIdentifier, OtherName, PemConverter, Pkcs10CertificateRequest, Pkcs10CertificateRequestGenerator, PublicKey, RsaAlgorithm, SubjectAlternativeNameExtension, SubjectKeyIdentifierExtension, X509Certificate, X509CertificateGenerator, X509Certificates, X509ChainBuilder, cryptoProvider, diAlgorithm, diAlgorithmProvider, diAsnSignatureFormatter }; |
{ | ||
"name": "@peculiar/x509", | ||
"version": "1.0.10", | ||
"version": "1.1.0", | ||
"description": "@peculiar/x509 is an easy to use TypeScript/Javascript library based on @peculiar/asn1-schema that makes generating X.509 Certificates and Certificate Requests as well as validating certificate chains easy", | ||
@@ -5,0 +5,0 @@ "main": "build/x509.cjs.js", |
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
320557
39
4034