Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

node-opcua-crypto

Package Overview
Dependencies
Maintainers
1
Versions
99
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-opcua-crypto - npm Package Compare versions

Comparing version 1.4.3 to 1.4.4

56

dist/source_nodejs/read_certificate_revocation_list.js

@@ -11,50 +11,16 @@ "use strict";

};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (_) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.readCertificateRevocationList = void 0;
var fs = require("fs");
var util_1 = require("util");
var crypto_utils_1 = require("../source/crypto_utils");
const fs = require("fs");
const util_1 = require("util");
const crypto_utils_1 = require("../source/crypto_utils");
function readCertificateRevocationList(filename) {
return __awaiter(this, void 0, void 0, function () {
var crl, raw_crl;
return __generator(this, function (_a) {
switch (_a.label) {
case 0: return [4 /*yield*/, util_1.promisify(fs.readFile)(filename)];
case 1:
crl = _a.sent();
if (crl[0] === 0x30 && crl[1] === 0x82) {
// der format
return [2 /*return*/, crl];
}
raw_crl = crl.toString();
return [2 /*return*/, crypto_utils_1.convertPEMtoDER(raw_crl)];
}
});
return __awaiter(this, void 0, void 0, function* () {
const crl = yield util_1.promisify(fs.readFile)(filename);
if (crl[0] === 0x30 && crl[1] === 0x82) {
// der format
return crl;
}
const raw_crl = crl.toString();
return crypto_utils_1.convertPEMtoDER(raw_crl);
});

@@ -61,0 +27,0 @@ }

24

dist/source_nodejs/read.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.readPublicRsaKey = exports.readPrivateRsaKey = exports.read_sshkey_as_pem = exports.setCertificateStore = exports.readPrivateKeyPEM = exports.readPublicKeyPEM = exports.readCertificatePEM = exports.readPrivateKey = exports.readPublicKey = exports.readCertificate = exports.readKeyPem = void 0;
var assert = require("assert");
var fs = require("fs");
var path = require("path");
var crypto_utils_1 = require("../source/crypto_utils");
var sshpk = require("sshpk");
const assert = require("assert");
const fs = require("fs");
const path = require("path");
const crypto_utils_1 = require("../source/crypto_utils");
const sshpk = require("sshpk");
/**

@@ -14,4 +14,4 @@ * @method readKeyPem

function readKeyPem(filename) {
var raw_key = fs.readFileSync(filename, "utf8");
var pemType = crypto_utils_1.identifyPemType(raw_key);
const raw_key = fs.readFileSync(filename, "utf8");
const pemType = crypto_utils_1.identifyPemType(raw_key);
assert(typeof pemType === "string"); // must have a valid pem type

@@ -29,3 +29,3 @@ return raw_key;

}
var raw_key = _readPemFile(filename);
const raw_key = _readPemFile(filename);
return crypto_utils_1.convertPEMtoDER(raw_key);

@@ -66,5 +66,5 @@ }

exports.readPrivateKeyPEM = readPrivateKeyPEM;
var __certificate_store = path.join(__dirname, "../../certificates/");
let __certificate_store = path.join(__dirname, "../../certificates/");
function setCertificateStore(store) {
var old_store = __certificate_store;
const old_store = __certificate_store;
__certificate_store = store;

@@ -78,4 +78,4 @@ return old_store;

}
var key = fs.readFileSync(filename, "ascii");
var sshKey = sshpk.parseKey(key, "ssh");
const key = fs.readFileSync(filename, "ascii");
const sshKey = sshpk.parseKey(key, "ssh");
return sshKey.toString("pkcs8");

@@ -82,0 +82,0 @@ }

143

dist/source/asn1.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports._readTime = exports._findBlockAtIndex = exports._readDirectoryName = exports.compactDirectoryName = exports._readValue = exports._readVersionValue = exports._readBooleanValue = exports._readIntegerValue = exports._readLongIntegerValue = exports._readSignatureValue = exports._readSignatureValueBin = exports._readAlgorithmIdentifier = exports._readObjectIdentifier = exports._readListOfInteger = exports._readIntegerAsByteString = exports._getBlock = exports._readOctetString = exports.formatBuffer2DigitHexWithColum = exports._readBitString = exports.parseBitString = exports._readStruct = exports.readTag = exports.TagType = void 0;
var assert = require("assert");
var oid_map_1 = require("./oid_map");
const assert = require("assert");
const oid_map_1 = require("./oid_map");
// https://github.com/lapo-luchini/asn1js/blob/master/asn1.js

@@ -35,11 +35,11 @@ var TagType;

}
var tag = buf.readUInt8(pos);
const tag = buf.readUInt8(pos);
pos += 1;
var length = buf.readUInt8(pos);
let length = buf.readUInt8(pos);
pos += 1;
// tslint:disable:no-bitwise
if (length > 127) {
var nbBytes = length & 0x7f;
const nbBytes = length & 0x7f;
length = 0;
for (var i = 0; i < nbBytes; i++) {
for (let i = 0; i < nbBytes; i++) {
length = length * 256 + buf.readUInt8(pos);

@@ -49,12 +49,12 @@ pos += 1;

}
return { tag: tag, position: pos, length: length };
return { tag, position: pos, length };
}
exports.readTag = readTag;
function _readStruct(buf, blockInfo) {
var length = blockInfo.length;
var cursor = blockInfo.position;
var end = blockInfo.position + length;
var blocks = [];
const length = blockInfo.length;
let cursor = blockInfo.position;
const end = blockInfo.position + length;
const blocks = [];
while (cursor < end) {
var inner = readTag(buf, cursor);
const inner = readTag(buf, cursor);
cursor = inner.position + inner.length;

@@ -67,7 +67,7 @@ blocks.push(inner);

function parseBitString(buffer, start, end, maxLength) {
var unusedBit = buffer.readUInt8(start), lenBit = ((end - start - 1) << 3) - unusedBit, intro = "(" + lenBit + " bit)\n";
var s = "", skip = unusedBit;
for (var i = end - 1; i > start; --i) {
var b = buffer.readUInt8(i);
for (var j = skip; j < 8; ++j) {
const unusedBit = buffer.readUInt8(start), lenBit = ((end - start - 1) << 3) - unusedBit, intro = "(" + lenBit + " bit)\n";
let s = "", skip = unusedBit;
for (let i = end - 1; i > start; --i) {
const b = buffer.readUInt8(i);
for (let j = skip; j < 8; ++j) {
// noinspection JSBitwiseOperatorUsage

@@ -84,5 +84,5 @@ s += (b >> j) & 1 ? "1" : "0";

assert(block.tag === TagType.BIT_STRING);
var data = _getBlock(buffer, block);
const data = _getBlock(buffer, block);
// number of skipped bits
var ignore_bits = data.readUInt8(0);
const ignore_bits = data.readUInt8(0);
return {

@@ -97,4 +97,4 @@ lengthInBits: data.length * 8 - ignore_bits,

function formatBuffer2DigitHexWithColum(buffer) {
var value = [];
for (var i = 0; i < buffer.length; i++) {
const value = [];
for (let i = 0; i < buffer.length; i++) {
value.push(("00" + buffer.readUInt8(i).toString(16)).substr(-2, 2));

@@ -111,7 +111,7 @@ }

assert(block.tag === TagType.OCTET_STRING);
var tag = readTag(buffer, block.position);
const tag = readTag(buffer, block.position);
assert(tag.tag === TagType.OCTET_STRING);
var nbBytes = tag.length;
var pos = tag.position;
var b = buffer.slice(pos, pos + nbBytes);
const nbBytes = tag.length;
const pos = tag.position;
const b = buffer.slice(pos, pos + nbBytes);
return b;

@@ -121,4 +121,4 @@ }

function _getBlock(buffer, block) {
var start = block.position;
var end = block.position + block.length;
const start = block.position;
const end = block.position + block.length;
return buffer.slice(start, end);

@@ -132,5 +132,5 @@ }

function _readListOfInteger(buffer) {
var block = readTag(buffer, 0);
var inner_blocks = _readStruct(buffer, block);
return inner_blocks.map(function (bblock) {
const block = readTag(buffer, 0);
const inner_blocks = _readStruct(buffer, block);
return inner_blocks.map((bblock) => {
return _readIntegerAsByteString(buffer, bblock);

@@ -143,5 +143,5 @@ });

// Copyright (c) 2008-2014 Lapo Luchini <lapo@lapo.it>
var s = "", n = 0, bits = 0;
for (var i = start; i < end; ++i) {
var v = buffer.readUInt8(i);
let s = "", n = 0, bits = 0;
for (let i = start; i < end; ++i) {
const v = buffer.readUInt8(i);
// tslint:disable-next-line: no-bitwise

@@ -155,3 +155,3 @@ n = n * 128 + (v & 0x7f);

if (s === "") {
var m = n < 80 ? (n < 40 ? 0 : 1) : 2;
const m = n < 80 ? (n < 40 ? 0 : 1) : 2;
s = m + "." + (n - m * 40);

@@ -171,6 +171,6 @@ }

assert(block.tag === TagType.OBJECT_IDENTIFIER);
var b = buffer.slice(block.position, block.position + block.length);
var oid = parseOID(b, 0, block.length);
const b = buffer.slice(block.position, block.position + block.length);
const oid = parseOID(b, 0, block.length);
return {
oid: oid,
oid,
name: oid_map_1.oid_map[oid] ? oid_map_1.oid_map[oid].d : oid,

@@ -181,3 +181,3 @@ };

function _readAlgorithmIdentifier(buffer, block) {
var inner_blocks = _readStruct(buffer, block);
const inner_blocks = _readStruct(buffer, block);
return {

@@ -198,5 +198,5 @@ identifier: _readObjectIdentifier(buffer, inner_blocks[0]).name,

assert(block.tag === TagType.INTEGER, "expecting a INTEGER tag");
var pos = block.position;
var nbBytes = block.length;
var buf = buffer.slice(pos, pos + nbBytes);
const pos = block.position;
const nbBytes = block.length;
const buf = buffer.slice(pos, pos + nbBytes);
return buf;

@@ -207,7 +207,7 @@ }

assert(block.tag === TagType.INTEGER, "expecting a INTEGER tag");
var pos = block.position;
var nbBytes = block.length;
let pos = block.position;
const nbBytes = block.length;
assert(nbBytes < 4);
var value = 0;
for (var i = 0; i < nbBytes; i++) {
let value = 0;
for (let i = 0; i < nbBytes; i++) {
value = value * 256 + buffer.readUInt8(pos);

@@ -221,6 +221,6 @@ pos += 1;

assert(block.tag === TagType.BOOLEAN, "expecting a BOOLEAN tag. got " + TagType[block.tag]);
var pos = block.position;
var nbBytes = block.length;
const pos = block.position;
const nbBytes = block.length;
assert(nbBytes < 4);
var value = buffer.readUInt8(pos) ? true : false;
const value = buffer.readUInt8(pos) ? true : false;
return value;

@@ -249,15 +249,15 @@ }

function convertGeneralizedTime(str) {
var year = parseInt(str.substr(0, 4), 10);
var month = parseInt(str.substr(4, 2), 10) - 1;
var day = parseInt(str.substr(6, 2), 10);
var hours = parseInt(str.substr(8, 2), 10);
var mins = parseInt(str.substr(10, 2), 10);
var secs = parseInt(str.substr(12, 2), 10);
const year = parseInt(str.substr(0, 4), 10);
const month = parseInt(str.substr(4, 2), 10) - 1;
const day = parseInt(str.substr(6, 2), 10);
const hours = parseInt(str.substr(8, 2), 10);
const mins = parseInt(str.substr(10, 2), 10);
const secs = parseInt(str.substr(12, 2), 10);
return new Date(Date.UTC(year, month, day, hours, mins, secs));
}
function _readBMPString(buffer, block) {
var strBuff = _getBlock(buffer, block);
var str = "";
for (var i = 0; i < strBuff.length; i += 2) {
var word = strBuff.readUInt16BE(i);
const strBuff = _getBlock(buffer, block);
let str = "";
for (let i = 0; i < strBuff.length; i += 2) {
const word = strBuff.readUInt16BE(i);
str += String.fromCharCode(word);

@@ -298,8 +298,8 @@ }

function convertUTCTime(str) {
var year = parseInt(str.substr(0, 2), 10);
var month = parseInt(str.substr(2, 2), 10) - 1;
var day = parseInt(str.substr(4, 2), 10);
var hours = parseInt(str.substr(6, 2), 10);
var mins = parseInt(str.substr(8, 2), 10);
var secs = parseInt(str.substr(10, 2), 10);
let year = parseInt(str.substr(0, 2), 10);
const month = parseInt(str.substr(2, 2), 10) - 1;
const day = parseInt(str.substr(4, 2), 10);
const hours = parseInt(str.substr(6, 2), 10);
const mins = parseInt(str.substr(8, 2), 10);
const secs = parseInt(str.substr(10, 2), 10);
year += year >= 50 ? 1900 : 2000;

@@ -338,13 +338,12 @@ return new Date(Date.UTC(year, month, day, hours, mins, secs));

// value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
var set_blocks = _readStruct(buffer, block);
var names = {};
for (var _i = 0, set_blocks_1 = set_blocks; _i < set_blocks_1.length; _i++) {
var set_block = set_blocks_1[_i];
const set_blocks = _readStruct(buffer, block);
const names = {};
for (const set_block of set_blocks) {
assert(set_block.tag === 0x31);
var blocks = _readStruct(buffer, set_block);
const blocks = _readStruct(buffer, set_block);
assert(blocks.length === 1);
assert(blocks[0].tag === 0x30);
var sequenceBlock = _readStruct(buffer, blocks[0]);
const sequenceBlock = _readStruct(buffer, blocks[0]);
assert(sequenceBlock.length === 2);
var type = _readObjectIdentifier(buffer, sequenceBlock[0]);
const type = _readObjectIdentifier(buffer, sequenceBlock[0]);
names[type.name] = _readValue(buffer, sequenceBlock[1]);

@@ -356,3 +355,3 @@ }

function _findBlockAtIndex(blocks, index) {
var tmp = blocks.filter(function (b) { return b.tag === 0xa0 + index || b.tag === 0x80 + index; });
const tmp = blocks.filter((b) => b.tag === 0xa0 + index || b.tag === 0x80 + index);
if (tmp.length === 0) {

@@ -359,0 +358,0 @@ return null;

2

dist/source/buffer_utils.js

@@ -18,3 +18,3 @@ "use strict";

? Buffer.allocUnsafe
: function (size) {
: (size) => {
// istanbul ignore next

@@ -21,0 +21,0 @@ return new Buffer(size);

200

dist/source/crypto_explore_certificate.js

@@ -56,5 +56,5 @@ "use strict";

// $ openssl asn1parse -in cert.pem
var assert = require("assert");
var asn1_1 = require("./asn1");
var crypto_utils_1 = require("./crypto_utils");
const assert = require("assert");
const asn1_1 = require("./asn1");
const crypto_utils_1 = require("./crypto_utils");
// Converted from: https://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg

@@ -64,13 +64,12 @@ // which is made by Peter Gutmann and whose license states:

// as long as you don't try to claim you wrote it.
var doDebug = false;
const doDebug = false;
function _readAttributeTypeAndValue(buffer, block) {
var inner_blocks = asn1_1._readStruct(buffer, block);
let inner_blocks = asn1_1._readStruct(buffer, block);
inner_blocks = asn1_1._readStruct(buffer, inner_blocks[0]);
var data = {
const data = {
identifier: asn1_1._readObjectIdentifier(buffer, inner_blocks[0]).name,
value: asn1_1._readValue(buffer, inner_blocks[1]),
};
var result = {};
for (var _i = 0, _a = Object.entries(data); _i < _a.length; _i++) {
var _b = _a[_i], key = _b[0], value = _b[1];
const result = {};
for (const [key, value] of Object.entries(data)) {
result[key] = value;

@@ -81,7 +80,6 @@ }

function _readRelativeDistinguishedName(buffer, block) {
var inner_blocks = asn1_1._readStruct(buffer, block);
var data = inner_blocks.map(function (block) { return _readAttributeTypeAndValue(buffer, block); });
var result = {};
for (var _i = 0, data_1 = data; _i < data_1.length; _i++) {
var e = data_1[_i];
const inner_blocks = asn1_1._readStruct(buffer, block);
const data = inner_blocks.map((block) => _readAttributeTypeAndValue(buffer, block));
const result = {};
for (const e of data) {
result[e.identifier] = e.value;

@@ -95,3 +93,3 @@ }

function _readValidity(buffer, block) {
var inner_blocks = asn1_1._readStruct(buffer, block);
const inner_blocks = asn1_1._readStruct(buffer, block);
return {

@@ -119,12 +117,12 @@ notBefore: asn1_1._readTime(buffer, inner_blocks[0]),

// KeyIdentifier ::= OCTET STRING
var block_info = asn1_1.readTag(buffer, 0);
var blocks = asn1_1._readStruct(buffer, block_info);
var keyIdentifier_block = asn1_1._findBlockAtIndex(blocks, 0);
var authorityCertIssuer_block = asn1_1._findBlockAtIndex(blocks, 1);
var authorityCertSerialNumber_block = asn1_1._findBlockAtIndex(blocks, 2);
const block_info = asn1_1.readTag(buffer, 0);
const blocks = asn1_1._readStruct(buffer, block_info);
const keyIdentifier_block = asn1_1._findBlockAtIndex(blocks, 0);
const authorityCertIssuer_block = asn1_1._findBlockAtIndex(blocks, 1);
const authorityCertSerialNumber_block = asn1_1._findBlockAtIndex(blocks, 2);
function _readAuthorityCertIssuer(block) {
var inner_blocks = asn1_1._readStruct(buffer, block);
var directoryName_block = asn1_1._findBlockAtIndex(inner_blocks, 4);
const inner_blocks = asn1_1._readStruct(buffer, block);
const directoryName_block = asn1_1._findBlockAtIndex(inner_blocks, 4);
if (directoryName_block) {
var a = asn1_1._readStruct(buffer, directoryName_block);
const a = asn1_1._readStruct(buffer, directoryName_block);
return asn1_1._readDirectoryName(buffer, a[0]);

@@ -137,8 +135,8 @@ }

function _readAuthorityCertIssuerFingerPrint(block) {
var inner_blocks = asn1_1._readStruct(buffer, block);
var directoryName_block = asn1_1._findBlockAtIndex(inner_blocks, 4);
const inner_blocks = asn1_1._readStruct(buffer, block);
const directoryName_block = asn1_1._findBlockAtIndex(inner_blocks, 4);
if (!directoryName_block) {
return "";
}
var a = asn1_1._readStruct(buffer, directoryName_block);
const a = asn1_1._readStruct(buffer, directoryName_block);
if (a.length < 1) {

@@ -149,9 +147,9 @@ return "";

}
var authorityCertIssuer = authorityCertIssuer_block ? _readAuthorityCertIssuer(authorityCertIssuer_block) : null;
var authorityCertIssuerFingerPrint = authorityCertIssuer_block
const authorityCertIssuer = authorityCertIssuer_block ? _readAuthorityCertIssuer(authorityCertIssuer_block) : null;
const authorityCertIssuerFingerPrint = authorityCertIssuer_block
? _readAuthorityCertIssuerFingerPrint(authorityCertIssuer_block)
: "";
return {
authorityCertIssuer: authorityCertIssuer,
authorityCertIssuerFingerPrint: authorityCertIssuerFingerPrint,
authorityCertIssuer,
authorityCertIssuerFingerPrint,
serial: authorityCertSerialNumber_block

@@ -190,12 +188,12 @@ ? asn1_1.formatBuffer2DigitHexWithColum(asn1_1._getBlock(buffer, authorityCertSerialNumber_block))

function readBasicConstraint2_5_29_19(buffer, block) {
var block_info = asn1_1.readTag(buffer, 0);
var inner_blocks = asn1_1._readStruct(buffer, block_info);
var cA = inner_blocks.length > 0 ? asn1_1._readBooleanValue(buffer, inner_blocks[0]) : false;
const block_info = asn1_1.readTag(buffer, 0);
const inner_blocks = asn1_1._readStruct(buffer, block_info);
const cA = inner_blocks.length > 0 ? asn1_1._readBooleanValue(buffer, inner_blocks[0]) : false;
// console.log("buffer[block_info.position] = ", buffer[block_info.position]);
// const cA = buffer[block_info.position] ? true : false;
var pathLengthConstraint = 0;
let pathLengthConstraint = 0;
if (inner_blocks.length > 1) {
pathLengthConstraint = asn1_1._readIntegerValue(buffer, inner_blocks[1]);
}
return { critical: true, cA: cA, pathLengthConstraint: pathLengthConstraint };
return { critical: true, cA, pathLengthConstraint };
}

@@ -214,3 +212,3 @@ // GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

function _readGeneralNames(buffer, block) {
var _data = {
const _data = {
1: { name: "rfc822Name", type: "IA5String" },

@@ -225,3 +223,3 @@ 2: { name: "dNSName", type: "IA5String" },

};
var blocks = asn1_1._readStruct(buffer, block);
const blocks = asn1_1._readStruct(buffer, block);
function _readFromType(buffer, block, type) {

@@ -235,10 +233,9 @@ switch (type) {

}
var n = {};
for (var _i = 0, blocks_1 = blocks; _i < blocks_1.length; _i++) {
var block_1 = blocks_1[_i];
const n = {};
for (const block of blocks) {
// tslint:disable-next-line: no-bitwise
assert((block_1.tag & 0x80) === 0x80);
assert((block.tag & 0x80) === 0x80);
// tslint:disable-next-line: no-bitwise
var t = block_1.tag & 0x7f;
var type = _data[t];
const t = block.tag & 0x7f;
const type = _data[t];
// istanbul ignore next

@@ -249,3 +246,3 @@ if (!type) {

n[type.name] = n[type.name] || [];
n[type.name].push(_readFromType(buffer, block_1, type.type));
n[type.name].push(_readFromType(buffer, block, type.type));
}

@@ -255,10 +252,10 @@ return n;

function _readSubjectAltNames(buffer) {
var block_info = asn1_1.readTag(buffer, 0);
const block_info = asn1_1.readTag(buffer, 0);
return _readGeneralNames(buffer, block_info);
}
function readKeyUsage(oid, buffer) {
var block_info = asn1_1.readTag(buffer, 0);
const block_info = asn1_1.readTag(buffer, 0);
// get value as BIT STRING
var b2 = 0x00;
var b3 = 0x00;
let b2 = 0x00;
let b3 = 0x00;
if (block_info.length > 1) {

@@ -319,3 +316,3 @@ // skip first byte, just indicates unused bits which

function _readExtension(buffer, block) {
var inner_blocks = asn1_1._readStruct(buffer, block);
const inner_blocks = asn1_1._readStruct(buffer, block);
if (inner_blocks.length === 3) {

@@ -325,5 +322,5 @@ assert(inner_blocks[1].tag === asn1_1.TagType.BOOLEAN);

}
var identifier = asn1_1._readObjectIdentifier(buffer, inner_blocks[0]);
var buf = asn1_1._getBlock(buffer, inner_blocks[1]);
var value = null;
const identifier = asn1_1._readObjectIdentifier(buffer, inner_blocks[0]);
const buf = asn1_1._getBlock(buffer, inner_blocks[1]);
let value = null;
switch (identifier.name) {

@@ -370,4 +367,4 @@ case "subjectKeyIdentifier":

return {
identifier: identifier,
value: value,
identifier,
value,
};

@@ -378,8 +375,7 @@ }

assert(block.tag === 0xa3);
var inner_blocks = asn1_1._readStruct(buffer, block);
let inner_blocks = asn1_1._readStruct(buffer, block);
inner_blocks = asn1_1._readStruct(buffer, inner_blocks[0]);
var extensions = inner_blocks.map(function (block) { return _readExtension(buffer, block); });
var result = {};
for (var _i = 0, extensions_1 = extensions; _i < extensions_1.length; _i++) {
var e = extensions_1[_i];
const extensions = inner_blocks.map((block) => _readExtension(buffer, block));
const result = {};
for (const e of extensions) {
result[e.identifier.name] = e.value;

@@ -414,10 +410,10 @@ }

function _readSubjectPublicKeyInfo(buffer, block) {
var inner_blocks = asn1_1._readStruct(buffer, block);
const inner_blocks = asn1_1._readStruct(buffer, block);
// algorithm identifier
var algorithm = asn1_1._readAlgorithmIdentifier(buffer, inner_blocks[0]);
const algorithm = asn1_1._readAlgorithmIdentifier(buffer, inner_blocks[0]);
//const parameters = _readBitString(buffer,inner_blocks[1]);
var subjectPublicKey = asn1_1._readBitString(buffer, inner_blocks[1]);
const subjectPublicKey = asn1_1._readBitString(buffer, inner_blocks[1]);
// read the 2 big integers of the key
var data = subjectPublicKey.data;
var values = asn1_1._readListOfInteger(data);
const data = subjectPublicKey.data;
const values = asn1_1._readListOfInteger(data);
// xx const value = _readListOfInteger(data);

@@ -431,4 +427,4 @@ return {

function readTbsCertificate(buffer, block) {
var blocks = asn1_1._readStruct(buffer, block);
var version, serialNumber, signature, issuer, validity, subject, subjectFingerPrint, subjectPublicKeyInfo, extensions;
const blocks = asn1_1._readStruct(buffer, block);
let version, serialNumber, signature, issuer, validity, subject, subjectFingerPrint, subjectPublicKeyInfo, extensions;
if (blocks.length === 6) {

@@ -448,3 +444,3 @@ // X509 Version 1:

// X509 Version 3:
var version_block = asn1_1._findBlockAtIndex(blocks, 0);
const version_block = asn1_1._findBlockAtIndex(blocks, 0);
if (!version_block) {

@@ -461,3 +457,3 @@ throw new Error("cannot find version block");

subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[6]);
var extensionBlock = asn1_1._findBlockAtIndex(blocks, 3);
const extensionBlock = asn1_1._findBlockAtIndex(blocks, 3);
if (!extensionBlock) {

@@ -473,11 +469,11 @@ // tslint:disable-next-line: no-console

return {
version: version,
serialNumber: serialNumber,
signature: signature,
issuer: issuer,
validity: validity,
subject: subject,
subjectFingerPrint: subjectFingerPrint,
subjectPublicKeyInfo: subjectPublicKeyInfo,
extensions: extensions,
version,
serialNumber,
signature,
issuer,
validity,
subject,
subjectFingerPrint,
subjectPublicKeyInfo,
extensions,
};

@@ -493,4 +489,4 @@ }

if (!certificate._exploreCertificate_cache) {
var block_info = asn1_1.readTag(certificate, 0);
var blocks = asn1_1._readStruct(certificate, block_info);
const block_info = asn1_1.readTag(certificate, 0);
const blocks = asn1_1._readStruct(certificate, block_info);
certificate._exploreCertificate_cache = {

@@ -507,4 +503,4 @@ tbsCertificate: readTbsCertificate(certificate, blocks[0]),

assert(privateKey instanceof Buffer);
var block_info = asn1_1.readTag(privateKey, 0);
var blocks = asn1_1._readStruct(privateKey, block_info);
const block_info = asn1_1.readTag(privateKey, 0);
const blocks = asn1_1._readStruct(privateKey, block_info);
/* istanbul ignore next */

@@ -515,3 +511,3 @@ if (doDebug) {

// tslint:disable:no-console
console.log(blocks.map(function (b) { return ({
console.log(blocks.map((b) => ({
tag: asn1_1.TagType[b.tag] + " 0x" + b.tag.toString(16),

@@ -521,12 +517,12 @@ l: b.length,

buff: privateKey.slice(b.position, b.position + b.length).toString("hex"),
}); }));
})));
}
var b = blocks[2];
var bb = privateKey.slice(b.position, b.position + b.length);
var block_info1 = asn1_1.readTag(bb, 0);
var blocks1 = asn1_1._readStruct(bb, block_info1);
const b = blocks[2];
const bb = privateKey.slice(b.position, b.position + b.length);
const block_info1 = asn1_1.readTag(bb, 0);
const blocks1 = asn1_1._readStruct(bb, block_info1);
/* istanbul ignore next */
if (doDebug) {
// tslint:disable:no-console
console.log(blocks1.map(function (b) { return ({
console.log(blocks1.map((b) => ({
tag: asn1_1.TagType[b.tag] + " 0x" + b.tag.toString(16),

@@ -536,3 +532,3 @@ l: b.length,

buff: privateKey.slice(b.position, b.position + b.length).toString("hex"),
}); }));
})));
}

@@ -549,9 +545,9 @@ return {};

function split_der(certificateChain) {
var certificate_chain = [];
const certificate_chain = [];
do {
var block_info = asn1_1.readTag(certificateChain, 0);
var length_1 = block_info.position + block_info.length;
var der_certificate = certificateChain.slice(0, length_1);
const block_info = asn1_1.readTag(certificateChain, 0);
const length = block_info.position + block_info.length;
const der_certificate = certificateChain.slice(0, length);
certificate_chain.push(der_certificate);
certificateChain = certificateChain.slice(length_1);
certificateChain = certificateChain.slice(length);
} while (certificateChain.length > 0);

@@ -568,7 +564,8 @@ return certificate_chain;

function combine_der(certificates) {
var _loop_1 = function (cert) {
var b = split_der(cert);
var sum = 0;
b.forEach(function (block) {
var block_info = asn1_1.readTag(block, 0);
// perform some sanity check
for (const cert of certificates) {
const b = split_der(cert);
let sum = 0;
b.forEach((block) => {
const block_info = asn1_1.readTag(block, 0);
//xx console.log("xxxx" ,cert.length,block_info);

@@ -580,7 +577,2 @@ //xx console.log(cert.toString("base64"));

assert(sum === cert.length);
};
// perform some sanity check
for (var _i = 0, certificates_1 = certificates; _i < certificates_1.length; _i++) {
var cert = certificates_1[_i];
_loop_1(cert);
}

@@ -587,0 +579,0 @@ return Buffer.concat(certificates);

80

dist/source/crypto_utils.js

@@ -8,11 +8,11 @@ "use strict";

*/
var constants = require("constants");
var crypto = require("crypto");
var buffer_utils_1 = require("./buffer_utils");
var crypto_explore_certificate_1 = require("./crypto_explore_certificate");
var assert = require("assert");
var hexy_1 = require("hexy");
var jsrsasign = require("jsrsasign");
var PEM_REGEX = /^(-----BEGIN (.*)-----\r?\n([\/+=a-zA-Z0-9\r\n]*)\r?\n-----END \2-----\r?\n)/gm;
var PEM_TYPE_REGEX = /^(-----BEGIN (.*)-----)/m;
const constants = require("constants");
const crypto = require("crypto");
const buffer_utils_1 = require("./buffer_utils");
const crypto_explore_certificate_1 = require("./crypto_explore_certificate");
const assert = require("assert");
const hexy_1 = require("hexy");
const jsrsasign = require("jsrsasign");
const PEM_REGEX = /^(-----BEGIN (.*)-----\r?\n([\/+=a-zA-Z0-9\r\n]*)\r?\n-----END \2-----\r?\n)/gm;
const PEM_TYPE_REGEX = /^(-----BEGIN (.*)-----)/m;
// Copyright 2012 The Obvious Corporation.

@@ -29,3 +29,3 @@ // identifyPemType

}
var match = PEM_TYPE_REGEX.exec(rawKey);
const match = PEM_TYPE_REGEX.exec(rawKey);
return !match ? undefined : match[2];

@@ -35,6 +35,6 @@ }

function convertPEMtoDER(raw_key) {
var match;
var pemType;
var base64str;
var parts = [];
let match;
let pemType;
let base64str;
const parts = [];
PEM_REGEX.lastIndex = 0;

@@ -61,3 +61,3 @@ // tslint:disable-next-line:no-conditional-assignment

assert(typeof pem === "string");
var pemType = identifyPemType(raw_key);
let pemType = identifyPemType(raw_key);
if (pemType) {

@@ -69,4 +69,4 @@ return raw_key;

assert(["CERTIFICATE REQUEST", "CERTIFICATE", "RSA PRIVATE KEY", "PUBLIC KEY", "X509 CRL"].indexOf(pemType) >= 0);
var b = raw_key.toString("base64");
var str = "-----BEGIN " + pemType + "-----\n";
let b = raw_key.toString("base64");
let str = "-----BEGIN " + pemType + "-----\n";
while (b.length) {

@@ -89,6 +89,6 @@ str += b.substr(0, 64) + "\n";

if (buffer.length > 1024) {
return hexy_1.hexy(buffer.slice(0, 1024), { width: width, format: "twos" }) + "\n .... ( " + buffer.length + ")";
return hexy_1.hexy(buffer.slice(0, 1024), { width, format: "twos" }) + "\n .... ( " + buffer.length + ")";
}
else {
return hexy_1.hexy(buffer, { width: width, format: "twos" });
return hexy_1.hexy(buffer, { width, format: "twos" });
}

@@ -111,5 +111,5 @@ }

// signature length = 128 bytes
var signer = crypto.createSign(options.algorithm);
const signer = crypto.createSign(options.algorithm);
signer.update(chunk);
var signature = signer.sign(options.privateKey);
const signature = signer.sign(options.privateKey);
assert(!options.signatureLength || signature.length === options.signatureLength);

@@ -140,3 +140,3 @@ return signature; // Buffer

assert(identifyPemType(options.publicKey));
var verify = crypto.createVerify(options.algorithm);
const verify = crypto.createVerify(options.algorithm);
verify.update(blockToVerify);

@@ -205,8 +205,8 @@ return verify.verify(options.publicKey, signature);

assert(algorithm === exports.RSA_PKCS1_PADDING || algorithm === exports.RSA_PKCS1_OAEP_PADDING);
var chunk_size = blockSize - padding;
var nbBlocks = Math.ceil(buffer.length / chunk_size);
var outputBuffer = buffer_utils_1.createFastUninitializedBuffer(nbBlocks * blockSize);
for (var i = 0; i < nbBlocks; i++) {
var currentBlock = buffer.slice(chunk_size * i, chunk_size * (i + 1));
var encrypted_chunk = exports.publicEncrypt(currentBlock, publicKey, algorithm);
const chunk_size = blockSize - padding;
const nbBlocks = Math.ceil(buffer.length / chunk_size);
const outputBuffer = buffer_utils_1.createFastUninitializedBuffer(nbBlocks * blockSize);
for (let i = 0; i < nbBlocks; i++) {
const currentBlock = buffer.slice(chunk_size * i, chunk_size * (i + 1));
const encrypted_chunk = exports.publicEncrypt(currentBlock, publicKey, algorithm);
assert(encrypted_chunk.length === blockSize);

@@ -221,8 +221,8 @@ encrypted_chunk.copy(outputBuffer, i * blockSize);

assert(algorithm === exports.RSA_PKCS1_PADDING || algorithm === exports.RSA_PKCS1_OAEP_PADDING);
var nbBlocks = Math.ceil(buffer.length / blockSize);
var outputBuffer = buffer_utils_1.createFastUninitializedBuffer(nbBlocks * blockSize);
var total_length = 0;
for (var i = 0; i < nbBlocks; i++) {
var currentBlock = buffer.slice(blockSize * i, Math.min(blockSize * (i + 1), buffer.length));
var decrypted_buf = exports.privateDecrypt(currentBlock, privateKey, algorithm);
const nbBlocks = Math.ceil(buffer.length / blockSize);
const outputBuffer = buffer_utils_1.createFastUninitializedBuffer(nbBlocks * blockSize);
let total_length = 0;
for (let i = 0; i < nbBlocks; i++) {
const currentBlock = buffer.slice(blockSize * i, Math.min(blockSize * (i + 1), buffer.length));
const decrypted_buf = exports.privateDecrypt(currentBlock, privateKey, algorithm);
decrypted_buf.copy(outputBuffer, total_length);

@@ -259,3 +259,3 @@ total_length += decrypted_buf.length;

assert(typeof key === "string");
var a = jsrsasign.KEYUTIL.getKey(key);
const a = jsrsasign.KEYUTIL.getKey(key);
return a.n.toString(16).length / 2;

@@ -266,4 +266,4 @@ }

certificate = coerceCertificatePem(certificate);
var key = jsrsasign.KEYUTIL.getKey(certificate);
var publicKeyAsPem = jsrsasign.KEYUTIL.getPEM(key);
const key = jsrsasign.KEYUTIL.getKey(certificate);
const publicKeyAsPem = jsrsasign.KEYUTIL.getPEM(key);
assert(typeof publicKeyAsPem === "string");

@@ -280,4 +280,4 @@ return publicKeyAsPem;

function extractPublicKeyFromCertificate(certificate, callback) {
var err1 = null;
var keyPem;
let err1 = null;
let keyPem;
try {

@@ -289,3 +289,3 @@ keyPem = extractPublicKeyFromCertificateSync(certificate);

}
setImmediate(function () {
setImmediate(() => {
callback(err1, keyPem);

@@ -292,0 +292,0 @@ });

68

dist/source/derived_keys.js

@@ -7,7 +7,7 @@ "use strict";

*/
var crypto = require("crypto");
var buffer_utils_1 = require("./buffer_utils");
var crypto_utils_1 = require("./crypto_utils");
var explore_certificate_1 = require("./explore_certificate");
var assert = require("assert");
const crypto = require("crypto");
const buffer_utils_1 = require("./buffer_utils");
const crypto_utils_1 = require("./crypto_utils");
const explore_certificate_1 = require("./explore_certificate");
const assert = require("assert");
function HMAC_HASH(sha1or256, secret, message) {

@@ -69,6 +69,6 @@ return crypto.createHmac(sha1or256, secret).update(message).digest();

assert(sha1or256 === "SHA1" || sha1or256 === "SHA256");
var a = [];
const a = [];
a[0] = seed;
var index = 1;
var p_hash = buffer_utils_1.createFastUninitializedBuffer(0);
let index = 1;
let p_hash = buffer_utils_1.createFastUninitializedBuffer(0);
while (p_hash.length <= minLength) {

@@ -90,6 +90,6 @@ /* eslint new-cap:0 */

assert(typeof options.sha1or256 === "string");
var offset1 = options.signingKeyLength;
var offset2 = offset1 + options.encryptingKeyLength;
var minLength = offset2 + options.encryptingBlockSize;
var buf = makePseudoRandomBuffer(secret, seed, minLength, options.sha1or256);
const offset1 = options.signingKeyLength;
const offset2 = offset1 + options.encryptingKeyLength;
const minLength = offset2 + options.encryptingBlockSize;
const buf = makePseudoRandomBuffer(secret, seed, minLength, options.sha1or256);
return {

@@ -124,3 +124,3 @@ signatureLength: options.signatureLength,

function removePadding(buffer) {
var nbPaddingBytes = buffer.readUInt8(buffer.length - 1) + 1;
const nbPaddingBytes = buffer.readUInt8(buffer.length - 1) + 1;
return reduceLength(buffer, nbPaddingBytes);

@@ -147,11 +147,11 @@ }

assert(chunk instanceof Buffer);
var signatureLength = options.signatureLength || 0;
let signatureLength = options.signatureLength || 0;
if (signatureLength === 0) {
// let's get the signatureLength by checking the size
// of the certificate's public key
var cert = explore_certificate_1.exploreCertificateInfo(options.publicKey);
const cert = explore_certificate_1.exploreCertificateInfo(options.publicKey);
signatureLength = cert.publicKeyLength || 0; // 1024 bits = 128Bytes or 2048=256Bytes
}
var block_to_verify = chunk.slice(0, chunk.length - signatureLength);
var signature = chunk.slice(chunk.length - signatureLength);
const block_to_verify = chunk.slice(0, chunk.length - signatureLength);
const signature = chunk.slice(chunk.length - signatureLength);
return crypto_utils_1.verifyMessageChunkSignature(block_to_verify, signature, options);

@@ -186,4 +186,4 @@ }

assert(derivedKeys.hasOwnProperty("encryptingBlockSize"));
var paddingSize = derivedKeys.encryptingBlockSize - ((buffer.length + 1) % derivedKeys.encryptingBlockSize);
var padding = buffer_utils_1.createFastUninitializedBuffer(paddingSize + 1);
const paddingSize = derivedKeys.encryptingBlockSize - ((buffer.length + 1) % derivedKeys.encryptingBlockSize);
const padding = buffer_utils_1.createFastUninitializedBuffer(paddingSize + 1);
padding.fill(paddingSize);

@@ -195,3 +195,3 @@ return padding;

assert(derivedKeys.hasOwnProperty("algorithm"));
var algorithm = derivedKeys.algorithm || "aes-128-cbc";
const algorithm = derivedKeys.algorithm || "aes-128-cbc";
assert(algorithm === "aes-128-cbc" || algorithm === "aes-256-cbc");

@@ -201,8 +201,8 @@ return algorithm;

function encryptBufferWithDerivedKeys(buffer, derivedKeys) {
var algorithm = derivedKeys_algorithm(derivedKeys);
var key = derivedKeys.encryptingKey;
var initVector = derivedKeys.initializationVector;
var cypher = crypto.createCipheriv(algorithm, key, initVector);
const algorithm = derivedKeys_algorithm(derivedKeys);
const key = derivedKeys.encryptingKey;
const initVector = derivedKeys.initializationVector;
const cypher = crypto.createCipheriv(algorithm, key, initVector);
cypher.setAutoPadding(false);
var encrypted_chunks = [];
const encrypted_chunks = [];
encrypted_chunks.push(cypher.update(buffer));

@@ -214,8 +214,8 @@ encrypted_chunks.push(cypher.final());

function decryptBufferWithDerivedKeys(buffer, derivedKeys) {
var algorithm = derivedKeys_algorithm(derivedKeys);
var key = derivedKeys.encryptingKey;
var initVector = derivedKeys.initializationVector;
var cypher = crypto.createDecipheriv(algorithm, key, initVector);
const algorithm = derivedKeys_algorithm(derivedKeys);
const key = derivedKeys.encryptingKey;
const initVector = derivedKeys.initializationVector;
const cypher = crypto.createDecipheriv(algorithm, key, initVector);
cypher.setAutoPadding(false);
var decrypted_chunks = [];
const decrypted_chunks = [];
decrypted_chunks.push(cypher.update(buffer));

@@ -237,3 +237,3 @@ decrypted_chunks.push(cypher.final());

assert(derivedKeys.sha1or256 === "SHA1" || derivedKeys.sha1or256 === "SHA256");
var signature = crypto.createHmac(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
const signature = crypto.createHmac(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
assert(signature.length === derivedKeys.signatureLength);

@@ -250,5 +250,5 @@ return signature;

function verifyChunkSignatureWithDerivedKeys(chunk, derivedKeys) {
var message = chunk.slice(0, chunk.length - derivedKeys.signatureLength);
var signature = chunk.slice(chunk.length - derivedKeys.signatureLength);
var verif = makeMessageChunkSignatureWithDerivedKeys(message, derivedKeys);
const message = chunk.slice(0, chunk.length - derivedKeys.signatureLength);
const signature = chunk.slice(chunk.length - derivedKeys.signatureLength);
const verif = makeMessageChunkSignatureWithDerivedKeys(message, derivedKeys);
return verif.toString("hex") === signature.toString("hex");

@@ -255,0 +255,0 @@ }

51

dist/source/explore_certificate_revocation_list.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.exploreCertificateRevocationList = exports.readNameForCrl = void 0;
var asn1_1 = require("./asn1");
var crypto_utils_1 = require("./crypto_utils");
const asn1_1 = require("./asn1");
const crypto_utils_1 = require("./crypto_utils");
function readNameForCrl(buffer, block) {

@@ -11,37 +11,36 @@ return asn1_1._readDirectoryName(buffer, block);

function _readTbsCertList(buffer, blockInfo) {
var blocks = asn1_1._readStruct(buffer, blockInfo);
var version = asn1_1._readIntegerValue(buffer, blocks[0]);
var signature = asn1_1._readAlgorithmIdentifier(buffer, blocks[1]);
var issuer = readNameForCrl(buffer, blocks[2]);
var issuerFingerprint = asn1_1.formatBuffer2DigitHexWithColum(crypto_utils_1.makeSHA1Thumbprint(asn1_1._getBlock(buffer, blocks[2])));
var thisUpdate = asn1_1._readTime(buffer, blocks[3]);
var nextUpdate = asn1_1._readTime(buffer, blocks[4]);
var revokedCertificates = [];
const blocks = asn1_1._readStruct(buffer, blockInfo);
const version = asn1_1._readIntegerValue(buffer, blocks[0]);
const signature = asn1_1._readAlgorithmIdentifier(buffer, blocks[1]);
const issuer = readNameForCrl(buffer, blocks[2]);
const issuerFingerprint = asn1_1.formatBuffer2DigitHexWithColum(crypto_utils_1.makeSHA1Thumbprint(asn1_1._getBlock(buffer, blocks[2])));
const thisUpdate = asn1_1._readTime(buffer, blocks[3]);
const nextUpdate = asn1_1._readTime(buffer, blocks[4]);
const revokedCertificates = [];
if (blocks[5] && blocks[5].tag < 0x80) {
var list = asn1_1._readStruct(buffer, blocks[5]);
for (var _i = 0, list_1 = list; _i < list_1.length; _i++) {
var r = list_1[_i];
const list = asn1_1._readStruct(buffer, blocks[5]);
for (const r of list) {
// sometime blocks[5] doesn't exits .. in this case
var rr = asn1_1._readStruct(buffer, r);
var userCertificate = asn1_1.formatBuffer2DigitHexWithColum(asn1_1._readLongIntegerValue(buffer, rr[0]));
var revocationDate = asn1_1._readTime(buffer, rr[1]);
const rr = asn1_1._readStruct(buffer, r);
const userCertificate = asn1_1.formatBuffer2DigitHexWithColum(asn1_1._readLongIntegerValue(buffer, rr[0]));
const revocationDate = asn1_1._readTime(buffer, rr[1]);
revokedCertificates.push({
revocationDate: revocationDate,
userCertificate: userCertificate,
revocationDate,
userCertificate,
});
}
}
var ext0 = asn1_1._findBlockAtIndex(blocks, 0);
return { issuer: issuer, issuerFingerprint: issuerFingerprint, thisUpdate: thisUpdate, nextUpdate: nextUpdate, signature: signature, revokedCertificates: revokedCertificates };
const ext0 = asn1_1._findBlockAtIndex(blocks, 0);
return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
}
// see https://tools.ietf.org/html/rfc5280
function exploreCertificateRevocationList(crl) {
var blockInfo = asn1_1.readTag(crl, 0);
var blocks = asn1_1._readStruct(crl, blockInfo);
var tbsCertList = _readTbsCertList(crl, blocks[0]);
var signatureAlgorithm = asn1_1._readAlgorithmIdentifier(crl, blocks[1]);
var signatureValue = asn1_1._readSignatureValueBin(crl, blocks[2]);
return { tbsCertList: tbsCertList, signatureAlgorithm: signatureAlgorithm, signatureValue: signatureValue };
const blockInfo = asn1_1.readTag(crl, 0);
const blocks = asn1_1._readStruct(crl, blockInfo);
const tbsCertList = _readTbsCertList(crl, blocks[0]);
const signatureAlgorithm = asn1_1._readAlgorithmIdentifier(crl, blocks[1]);
const signatureValue = asn1_1._readSignatureValueBin(crl, blocks[2]);
return { tbsCertList, signatureAlgorithm, signatureValue };
}
exports.exploreCertificateRevocationList = exploreCertificateRevocationList;
//# sourceMappingURL=explore_certificate_revocation_list.js.map

10

dist/source/explore_certificate.js

@@ -7,5 +7,5 @@ "use strict";

exports.exploreCertificateInfo = exports.coerceCertificate = void 0;
var crypto_explore_certificate_1 = require("./crypto_explore_certificate");
var crypto_utils_1 = require("./crypto_utils");
var assert = require("assert");
const crypto_explore_certificate_1 = require("./crypto_explore_certificate");
const crypto_utils_1 = require("./crypto_utils");
const assert = require("assert");
function coerceCertificate(certificate) {

@@ -27,4 +27,4 @@ if (typeof certificate === "string") {

certificate = coerceCertificate(certificate);
var certInfo = crypto_explore_certificate_1.exploreCertificate(certificate);
var data = {
const certInfo = crypto_explore_certificate_1.exploreCertificate(certificate);
const data = {
publicKeyLength: certInfo.tbsCertificate.subjectPublicKeyInfo.keyLength,

@@ -31,0 +31,0 @@ notBefore: certInfo.tbsCertificate.validity.notBefore,

153

dist/source/verify_certificate_signature.js

@@ -12,29 +12,2 @@ "use strict";

};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (_) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
Object.defineProperty(exports, "__esModule", { value: true });

@@ -47,17 +20,17 @@ exports.verifyCertificateChain = exports.verifyCertificateRevocationListSignature = exports.verifyCertificateSignature = exports.verifyCertificateOrClrSignature = void 0;

// The start of the body is always the first digit of the second line of the following command:
var crypto = require("crypto");
var crypto_explore_certificate_1 = require("./crypto_explore_certificate");
var crypto_utils_1 = require("./crypto_utils");
var asn1_1 = require("./asn1");
const crypto = require("crypto");
const crypto_explore_certificate_1 = require("./crypto_explore_certificate");
const crypto_utils_1 = require("./crypto_utils");
const asn1_1 = require("./asn1");
function verifyCertificateOrClrSignature(certificateOrCrl, parentCertificate) {
var block_info = asn1_1.readTag(certificateOrCrl, 0);
var blocks = asn1_1._readStruct(certificateOrCrl, block_info);
var bufferToBeSigned = certificateOrCrl.slice(block_info.position, blocks[1].position - 2);
const block_info = asn1_1.readTag(certificateOrCrl, 0);
const blocks = asn1_1._readStruct(certificateOrCrl, block_info);
const bufferToBeSigned = certificateOrCrl.slice(block_info.position, blocks[1].position - 2);
//xx console.log("bufferToBeSigned = ", bufferToBeSigned.length, bufferToBeSigned.toString("hex").substr(0, 50), bufferToBeSigned.toString("hex").substr(-10));
var signatureAlgorithm = asn1_1._readAlgorithmIdentifier(certificateOrCrl, blocks[1]);
var signatureValue = asn1_1._readSignatureValueBin(certificateOrCrl, blocks[2]);
var p = crypto_explore_certificate_1.split_der(parentCertificate)[0];
const signatureAlgorithm = asn1_1._readAlgorithmIdentifier(certificateOrCrl, blocks[1]);
const signatureValue = asn1_1._readSignatureValueBin(certificateOrCrl, blocks[2]);
const p = crypto_explore_certificate_1.split_der(parentCertificate)[0];
//xx const publicKey = extractPublicKeyFromCertificateSync(p);
var certPem = crypto_utils_1.toPem(p, "CERTIFICATE");
var verify = crypto.createVerify(signatureAlgorithm.identifier);
const certPem = crypto_utils_1.toPem(p, "CERTIFICATE");
const verify = crypto.createVerify(signatureAlgorithm.identifier);
verify.update(bufferToBeSigned);

@@ -77,55 +50,53 @@ verify.end();

function verifyCertificateChain(certificateChain) {
return __awaiter(this, void 0, void 0, function () {
var index, cert, certParent, certParentInfo, keyUsage, parentSignChild, certInfo;
return __generator(this, function (_a) {
// verify that all the certificate
// second certificate must be used for CertificateSign
for (index = 1; index < certificateChain.length; index++) {
cert = certificateChain[index - 1];
certParent = certificateChain[index];
certParentInfo = crypto_explore_certificate_1.exploreCertificate(certParent);
keyUsage = certParentInfo.tbsCertificate.extensions.keyUsage;
// istanbul ignore next
if (!keyUsage.keyCertSign) {
return [2 /*return*/, {
status: "BadCertificateIssuerUseNotAllowed",
reason: "One of the certificate in the chain has not keyUsage set for Certificate Signing",
}];
}
parentSignChild = verifyCertificateSignature(cert, certParent);
if (!parentSignChild) {
return [2 /*return*/, {
status: "BadCertificateInvalid",
reason: "One of the certificate in the chain is not signing the previous certificate",
}];
}
certInfo = crypto_explore_certificate_1.exploreCertificate(cert);
// istanbul ignore next
if (!certInfo.tbsCertificate.extensions) {
return [2 /*return*/, {
status: "BadCertificateInvalid",
reason: "Cannot find X409 Extension 3 in certificate",
}];
}
// istanbul ignore next
if (!certParentInfo.tbsCertificate.extensions || !certInfo.tbsCertificate.extensions.authorityKeyIdentifier) {
return [2 /*return*/, {
status: "BadCertificateInvalid",
reason: "Cannot find X409 Extension 3 in certificate (parent)",
}];
}
// istanbul ignore next
if (certParentInfo.tbsCertificate.extensions.subjectKeyIdentifier !==
certInfo.tbsCertificate.extensions.authorityKeyIdentifier.keyIdentifier) {
return [2 /*return*/, {
status: "BadCertificateInvalid",
reason: "subjectKeyIdentifier authorityKeyIdentifier in child certificate do not match subjectKeyIdentifier of parent certificate",
}];
}
return __awaiter(this, void 0, void 0, function* () {
// verify that all the certificate
// second certificate must be used for CertificateSign
for (let index = 1; index < certificateChain.length; index++) {
const cert = certificateChain[index - 1];
const certParent = certificateChain[index];
// parent child must have keyCertSign
const certParentInfo = crypto_explore_certificate_1.exploreCertificate(certParent);
const keyUsage = certParentInfo.tbsCertificate.extensions.keyUsage;
// istanbul ignore next
if (!keyUsage.keyCertSign) {
return {
status: "BadCertificateIssuerUseNotAllowed",
reason: "One of the certificate in the chain has not keyUsage set for Certificate Signing",
};
}
return [2 /*return*/, {
status: "Good",
reason: "certificate chain is valid(length = " + certificateChain.length + ")",
}];
});
const parentSignChild = verifyCertificateSignature(cert, certParent);
if (!parentSignChild) {
return {
status: "BadCertificateInvalid",
reason: "One of the certificate in the chain is not signing the previous certificate",
};
}
const certInfo = crypto_explore_certificate_1.exploreCertificate(cert);
// istanbul ignore next
if (!certInfo.tbsCertificate.extensions) {
return {
status: "BadCertificateInvalid",
reason: "Cannot find X409 Extension 3 in certificate",
};
}
// istanbul ignore next
if (!certParentInfo.tbsCertificate.extensions || !certInfo.tbsCertificate.extensions.authorityKeyIdentifier) {
return {
status: "BadCertificateInvalid",
reason: "Cannot find X409 Extension 3 in certificate (parent)",
};
}
// istanbul ignore next
if (certParentInfo.tbsCertificate.extensions.subjectKeyIdentifier !==
certInfo.tbsCertificate.extensions.authorityKeyIdentifier.keyIdentifier) {
return {
status: "BadCertificateInvalid",
reason: "subjectKeyIdentifier authorityKeyIdentifier in child certificate do not match subjectKeyIdentifier of parent certificate",
};
}
}
return {
status: "Good",
reason: `certificate chain is valid(length = ${certificateChain.length})`,
};
});

@@ -132,0 +103,0 @@ }

4

index.d.ts

@@ -1,2 +0,2 @@

export * from "./source";
export * from "./source_nodejs";
export * from "./dist/source";
export * from "./dist/source_nodejs";

2

package.json
{
"name": "node-opcua-crypto",
"version": "1.4.3",
"version": "1.4.4",
"description": "Crypto tools for Node-OPCUA",

@@ -5,0 +5,0 @@ "main": "./index.js",

2

tsconfig.json
{
"compilerOptions": {
"skipLibCheck": true,
"target": "es5",
"target": "es6",
"moduleResolution": "node",

@@ -6,0 +6,0 @@ "module": "commonjs",

dist/source_nodejs/read_certificate_revocation_list.js.map

Sorry, the diff of this file is not supported yet

dist/source_nodejs/read.js.map

Sorry, the diff of this file is not supported yet

dist/source/asn1.js.map

Sorry, the diff of this file is not supported yet

dist/source/buffer_utils.js.map

Sorry, the diff of this file is not supported yet

dist/source/crypto_explore_certificate.js.map

Sorry, the diff of this file is not supported yet

dist/source/crypto_utils.js.map

Sorry, the diff of this file is not supported yet

dist/source/derived_keys.js.map

Sorry, the diff of this file is not supported yet

dist/source/explore_certificate_revocation_list.js.map

Sorry, the diff of this file is not supported yet

dist/source/explore_certificate.js.map

Sorry, the diff of this file is not supported yet

dist/source/verify_certificate_signature.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc