Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
pkijs - npm Package Compare versions
Comparing version 2.1.43 to 2.1.44
@@ -743,2 +743,3 @@ "use strict"; | ||
| //endregion | ||
| //region Generate ephemeral ECDH key | ||
@@ -764,2 +765,3 @@ currentSequence = currentSequence.then(function (result) { | ||
| //endregion | ||
| //region Import recipient's public key | ||
@@ -792,2 +794,3 @@ currentSequence = currentSequence.then(function (result) { | ||
| //endregion | ||
| //region Apply KDF function to shared secret | ||
@@ -921,2 +924,3 @@ currentSequence = currentSequence.then(function (result) { | ||
| //endregion | ||
| //region Append all neccessary data to current CMS_RECIPIENT_INFO object | ||
@@ -953,2 +957,3 @@ currentSequence = currentSequence.then(function (result) { | ||
| //endregion | ||
| //region Wrap previously exported session key | ||
@@ -955,0 +960,0 @@ currentSequence = currentSequence.then(function (result) { |
@@ -25,2 +25,3 @@ { | ||
| "emailjs-mime-parser": "^2.0.1", | ||
| "eslint": "^4.19.1", | ||
| "mocha": "^3.0.2", | ||
@@ -31,4 +32,3 @@ "nyc": "^11.6.0", | ||
| "rollup-plugin-node-builtins": "latest", | ||
| "rollup-plugin-node-resolve": "^1.7.1", | ||
| "eslint": "latest" | ||
| "rollup-plugin-node-resolve": "^1.7.1" | ||
| }, | ||
@@ -87,4 +87,4 @@ "dependencies": { | ||
| "name": "pkijs", | ||
| "version": "2.1.43", | ||
| "version": "2.1.44", | ||
| "license": "MIT" | ||
| } |
@@ -516,28 +516,28 @@ import * as asn1js from "asn1js"; | ||
| return Promise.all(Array.from(_this.certs, element => checkCA(element))).then(promiseResults => | ||
| { | ||
| const additionalCerts = []; | ||
| additionalCerts.push(signerCert); | ||
| for(const promiseResult of promiseResults) | ||
| { | ||
| const additionalCerts = []; | ||
| additionalCerts.push(signerCert); | ||
| if(promiseResult !== null) | ||
| additionalCerts.push(promiseResult); | ||
| } | ||
| const certChain = new CertificateChainValidationEngine({ | ||
| certs: additionalCerts, | ||
| trustedCerts | ||
| }); | ||
| return certChain.verify().then(verificationResult => | ||
| { | ||
| if(verificationResult.result === true) | ||
| return Promise.resolve(); | ||
| for(const promiseResult of promiseResults) | ||
| { | ||
| if(promiseResult !== null) | ||
| additionalCerts.push(promiseResult); | ||
| } | ||
| const certChain = new CertificateChainValidationEngine({ | ||
| certs: additionalCerts, | ||
| trustedCerts | ||
| }); | ||
| return certChain.verify().then(verificationResult => | ||
| { | ||
| if(verificationResult.result === true) | ||
| return Promise.resolve(); | ||
| return Promise.reject("Validation of signer's certificate failed"); | ||
| }, error => | ||
| Promise.reject(`Validation of signer's certificate failed with error: ${((error instanceof Object) ? error.resultMessage : error)}`) | ||
| ); | ||
| }, promiseError => | ||
| Promise.reject(`Error during checking certificates for CA flag: ${promiseError}`) | ||
| return Promise.reject("Validation of signer's certificate failed"); | ||
| }, error => | ||
| Promise.reject(`Validation of signer's certificate failed with error: ${((error instanceof Object) ? error.resultMessage : error)}`) | ||
| ); | ||
| }, promiseError => | ||
| Promise.reject(`Error during checking certificates for CA flag: ${promiseError}`) | ||
| ); | ||
@@ -544,0 +544,0 @@ }); |
| import { getParametersValue, isEqualBuffer } from "pvutils"; | ||
| import { getAlgorithmByOID, stringPrep } from "./common.js"; | ||
| import CertificateRevocationList from "./CertificateRevocationList.js"; | ||
| import Certificate from "./Certificate.js"; | ||
| //************************************************************************************** | ||
@@ -795,2 +793,258 @@ export default class CertificateChainValidationEngine | ||
| { | ||
| //region Auxiliary functions for name constraints checking | ||
| function compareDNSName(name, constraint) | ||
| { | ||
| /// <summary>Compare two dNSName values</summary> | ||
| /// <param name="name" type="String">DNS from name</param> | ||
| /// <param name="constraint" type="String">Constraint for DNS from name</param> | ||
| /// <returns type="Boolean">Boolean result - valid or invalid the "name" against the "constraint"</returns> | ||
| //region Make a "string preparation" for both name and constrain | ||
| const namePrepared = stringPrep(name); | ||
| const constraintPrepared = stringPrep(constraint); | ||
| //endregion | ||
| //region Make a "splitted" versions of "constraint" and "name" | ||
| const nameSplitted = namePrepared.split("."); | ||
| const constraintSplitted = constraintPrepared.split("."); | ||
| //endregion | ||
| //region Length calculation and additional check | ||
| const nameLen = nameSplitted.length; | ||
| const constrLen = constraintSplitted.length; | ||
| if((nameLen === 0) || (constrLen === 0) || (nameLen < constrLen)) | ||
| return false; | ||
| //endregion | ||
| //region Check that no part of "name" has zero length | ||
| for(let i = 0; i < nameLen; i++) | ||
| { | ||
| if(nameSplitted[i].length === 0) | ||
| return false; | ||
| } | ||
| //endregion | ||
| //region Check that no part of "constraint" has zero length | ||
| for(let i = 0; i < constrLen; i++) | ||
| { | ||
| if(constraintSplitted[i].length === 0) | ||
| { | ||
| if(i === 0) | ||
| { | ||
| if(constrLen === 1) | ||
| return false; | ||
| continue; | ||
| } | ||
| return false; | ||
| } | ||
| } | ||
| //endregion | ||
| //region Check that "name" has a tail as "constraint" | ||
| for(let i = 0; i < constrLen; i++) | ||
| { | ||
| if(constraintSplitted[constrLen - 1 - i].length === 0) | ||
| continue; | ||
| if(nameSplitted[nameLen - 1 - i].localeCompare(constraintSplitted[constrLen - 1 - i]) !== 0) | ||
| return false; | ||
| } | ||
| //endregion | ||
| return true; | ||
| } | ||
| function compareRFC822Name(name, constraint) | ||
| { | ||
| /// <summary>Compare two rfc822Name values</summary> | ||
| /// <param name="name" type="String">E-mail address from name</param> | ||
| /// <param name="constraint" type="String">Constraint for e-mail address from name</param> | ||
| /// <returns type="Boolean">Boolean result - valid or invalid the "name" against the "constraint"</returns> | ||
| //region Make a "string preparation" for both name and constrain | ||
| const namePrepared = stringPrep(name); | ||
| const constraintPrepared = stringPrep(constraint); | ||
| //endregion | ||
| //region Make a "splitted" versions of "constraint" and "name" | ||
| const nameSplitted = namePrepared.split("@"); | ||
| const constraintSplitted = constraintPrepared.split("@"); | ||
| //endregion | ||
| //region Splitted array length checking | ||
| if((nameSplitted.length === 0) || (constraintSplitted.length === 0) || (nameSplitted.length < constraintSplitted.length)) | ||
| return false; | ||
| //endregion | ||
| if(constraintSplitted.length === 1) | ||
| { | ||
| const result = compareDNSName(nameSplitted[1], constraintSplitted[0]); | ||
| if(result) | ||
| { | ||
| //region Make a "splitted" versions of domain name from "constraint" and "name" | ||
| const ns = nameSplitted[1].split("."); | ||
| const cs = constraintSplitted[0].split("."); | ||
| //endregion | ||
| if(cs[0].length === 0) | ||
| return true; | ||
| return ns.length === cs.length; | ||
| } | ||
| return false; | ||
| } | ||
| return (namePrepared.localeCompare(constraintPrepared) === 0); | ||
| } | ||
| function compareUniformResourceIdentifier(name, constraint) | ||
| { | ||
| /// <summary>Compare two uniformResourceIdentifier values</summary> | ||
| /// <param name="name" type="String">uniformResourceIdentifier from name</param> | ||
| /// <param name="constraint" type="String">Constraint for uniformResourceIdentifier from name</param> | ||
| /// <returns type="Boolean">Boolean result - valid or invalid the "name" against the "constraint"</returns> | ||
| //region Make a "string preparation" for both name and constrain | ||
| let namePrepared = stringPrep(name); | ||
| const constraintPrepared = stringPrep(constraint); | ||
| //endregion | ||
| //region Find out a major URI part to compare with | ||
| const ns = namePrepared.split("/"); | ||
| const cs = constraintPrepared.split("/"); | ||
| if(cs.length > 1) // Malformed constraint | ||
| return false; | ||
| if(ns.length > 1) // Full URI string | ||
| { | ||
| for(let i = 0; i < ns.length; i++) | ||
| { | ||
| if((ns[i].length > 0) && (ns[i].charAt(ns[i].length - 1) !== ":")) | ||
| { | ||
| const nsPort = ns[i].split(":"); | ||
| namePrepared = nsPort[0]; | ||
| break; | ||
| } | ||
| } | ||
| } | ||
| //endregion | ||
| const result = compareDNSName(namePrepared, constraintPrepared); | ||
| if(result) | ||
| { | ||
| //region Make a "splitted" versions of "constraint" and "name" | ||
| const nameSplitted = namePrepared.split("."); | ||
| const constraintSplitted = constraintPrepared.split("."); | ||
| //endregion | ||
| if(constraintSplitted[0].length === 0) | ||
| return true; | ||
| return nameSplitted.length === constraintSplitted.length; | ||
| } | ||
| return false; | ||
| } | ||
| function compareIPAddress(name, constraint) | ||
| { | ||
| /// <summary>Compare two iPAddress values</summary> | ||
| /// <param name="name" type="in_window.org.pkijs.asn1.OCTETSTRING">iPAddress from name</param> | ||
| /// <param name="constraint" type="in_window.org.pkijs.asn1.OCTETSTRING">Constraint for iPAddress from name</param> | ||
| /// <returns type="Boolean">Boolean result - valid or invalid the "name" against the "constraint"</returns> | ||
| //region Common variables | ||
| const nameView = new Uint8Array(name.valueBlock.valueHex); | ||
| const constraintView = new Uint8Array(constraint.valueBlock.valueHex); | ||
| //endregion | ||
| //region Work with IPv4 addresses | ||
| if((nameView.length === 4) && (constraintView.length === 8)) | ||
| { | ||
| for(let i = 0; i < 4; i++) | ||
| { | ||
| if((nameView[i] ^ constraintView[i]) & constraintView[i + 4]) | ||
| return false; | ||
| } | ||
| return true; | ||
| } | ||
| //endregion | ||
| //region Work with IPv6 addresses | ||
| if((nameView.length === 16) && (constraintView.length === 32)) | ||
| { | ||
| for(let i = 0; i < 16; i++) | ||
| { | ||
| if((nameView[i] ^ constraintView[i]) & constraintView[i + 16]) | ||
| return false; | ||
| } | ||
| return true; | ||
| } | ||
| //endregion | ||
| return false; | ||
| } | ||
| function compareDirectoryName(name, constraint) | ||
| { | ||
| /// <summary>Compare two directoryName values</summary> | ||
| /// <param name="name" type="in_window.org.pkijs.simpl.RDN">directoryName from name</param> | ||
| /// <param name="constraint" type="in_window.org.pkijs.simpl.RDN">Constraint for directoryName from name</param> | ||
| /// <param name="any" type="Boolean">Boolean flag - should be comparision interrupted after first match or we need to match all "constraints" parts</param> | ||
| /// <returns type="Boolean">Boolean result - valid or invalid the "name" against the "constraint"</returns> | ||
| //region Initial check | ||
| if((name.typesAndValues.length === 0) || (constraint.typesAndValues.length === 0)) | ||
| return true; | ||
| if(name.typesAndValues.length < constraint.typesAndValues.length) | ||
| return false; | ||
| //endregion | ||
| //region Initial variables | ||
| let result = true; | ||
| let nameStart = 0; | ||
| //endregion | ||
| for(let i = 0; i < constraint.typesAndValues.length; i++) | ||
| { | ||
| let localResult = false; | ||
| for(let j = nameStart; j < name.typesAndValues.length; j++) | ||
| { | ||
| localResult = name.typesAndValues[j].isEqual(constraint.typesAndValues[i]); | ||
| if(name.typesAndValues[j].type === constraint.typesAndValues[i].type) | ||
| result = result && localResult; | ||
| if(localResult === true) | ||
| { | ||
| if((nameStart === 0) || (nameStart === j)) | ||
| { | ||
| nameStart = j + 1; | ||
| break; | ||
| } | ||
| else // Structure of "name" must be the same with "constraint" | ||
| return false; | ||
| } | ||
| } | ||
| if(localResult === false) | ||
| return false; | ||
| } | ||
| return (nameStart === 0) ? false : result; | ||
| } | ||
| //endregion | ||
| try | ||
@@ -1250,259 +1504,2 @@ { | ||
| //region Work with name constraints | ||
| //region Auxiliary functions for name constraints checking | ||
| function compareDNSName(name, constraint) | ||
| { | ||
| /// <summary>Compare two dNSName values</summary> | ||
| /// <param name="name" type="String">DNS from name</param> | ||
| /// <param name="constraint" type="String">Constraint for DNS from name</param> | ||
| /// <returns type="Boolean">Boolean result - valid or invalid the "name" against the "constraint"</returns> | ||
| //region Make a "string preparation" for both name and constrain | ||
| const namePrepared = stringPrep(name); | ||
| const constraintPrepared = stringPrep(constraint); | ||
| //endregion | ||
| //region Make a "splitted" versions of "constraint" and "name" | ||
| const nameSplitted = namePrepared.split("."); | ||
| const constraintSplitted = constraintPrepared.split("."); | ||
| //endregion | ||
| //region Length calculation and additional check | ||
| const nameLen = nameSplitted.length; | ||
| const constrLen = constraintSplitted.length; | ||
| if((nameLen === 0) || (constrLen === 0) || (nameLen < constrLen)) | ||
| return false; | ||
| //endregion | ||
| //region Check that no part of "name" has zero length | ||
| for(let i = 0; i < nameLen; i++) | ||
| { | ||
| if(nameSplitted[i].length === 0) | ||
| return false; | ||
| } | ||
| //endregion | ||
| //region Check that no part of "constraint" has zero length | ||
| for(let i = 0; i < constrLen; i++) | ||
| { | ||
| if(constraintSplitted[i].length === 0) | ||
| { | ||
| if(i === 0) | ||
| { | ||
| if(constrLen === 1) | ||
| return false; | ||
| continue; | ||
| } | ||
| return false; | ||
| } | ||
| } | ||
| //endregion | ||
| //region Check that "name" has a tail as "constraint" | ||
| for(let i = 0; i < constrLen; i++) | ||
| { | ||
| if(constraintSplitted[constrLen - 1 - i].length === 0) | ||
| continue; | ||
| if(nameSplitted[nameLen - 1 - i].localeCompare(constraintSplitted[constrLen - 1 - i]) !== 0) | ||
| return false; | ||
| } | ||
| //endregion | ||
| return true; | ||
| } | ||
| function compareRFC822Name(name, constraint) | ||
| { | ||
| /// <summary>Compare two rfc822Name values</summary> | ||
| /// <param name="name" type="String">E-mail address from name</param> | ||
| /// <param name="constraint" type="String">Constraint for e-mail address from name</param> | ||
| /// <returns type="Boolean">Boolean result - valid or invalid the "name" against the "constraint"</returns> | ||
| //region Make a "string preparation" for both name and constrain | ||
| const namePrepared = stringPrep(name); | ||
| const constraintPrepared = stringPrep(constraint); | ||
| //endregion | ||
| //region Make a "splitted" versions of "constraint" and "name" | ||
| const nameSplitted = namePrepared.split("@"); | ||
| const constraintSplitted = constraintPrepared.split("@"); | ||
| //endregion | ||
| //region Splitted array length checking | ||
| if((nameSplitted.length === 0) || (constraintSplitted.length === 0) || (nameSplitted.length < constraintSplitted.length)) | ||
| return false; | ||
| //endregion | ||
| if(constraintSplitted.length === 1) | ||
| { | ||
| const result = compareDNSName(nameSplitted[1], constraintSplitted[0]); | ||
| if(result) | ||
| { | ||
| //region Make a "splitted" versions of domain name from "constraint" and "name" | ||
| const ns = nameSplitted[1].split("."); | ||
| const cs = constraintSplitted[0].split("."); | ||
| //endregion | ||
| if(cs[0].length === 0) | ||
| return true; | ||
| return ns.length === cs.length; | ||
| } | ||
| return false; | ||
| } | ||
| return (namePrepared.localeCompare(constraintPrepared) === 0); | ||
| } | ||
| function compareUniformResourceIdentifier(name, constraint) | ||
| { | ||
| /// <summary>Compare two uniformResourceIdentifier values</summary> | ||
| /// <param name="name" type="String">uniformResourceIdentifier from name</param> | ||
| /// <param name="constraint" type="String">Constraint for uniformResourceIdentifier from name</param> | ||
| /// <returns type="Boolean">Boolean result - valid or invalid the "name" against the "constraint"</returns> | ||
| //region Make a "string preparation" for both name and constrain | ||
| let namePrepared = stringPrep(name); | ||
| const constraintPrepared = stringPrep(constraint); | ||
| //endregion | ||
| //region Find out a major URI part to compare with | ||
| const ns = namePrepared.split("/"); | ||
| const cs = constraintPrepared.split("/"); | ||
| if(cs.length > 1) // Malformed constraint | ||
| return false; | ||
| if(ns.length > 1) // Full URI string | ||
| { | ||
| for(let i = 0; i < ns.length; i++) | ||
| { | ||
| if((ns[i].length > 0) && (ns[i].charAt(ns[i].length - 1) !== ":")) | ||
| { | ||
| const nsPort = ns[i].split(":"); | ||
| namePrepared = nsPort[0]; | ||
| break; | ||
| } | ||
| } | ||
| } | ||
| //endregion | ||
| const result = compareDNSName(namePrepared, constraintPrepared); | ||
| if(result) | ||
| { | ||
| //region Make a "splitted" versions of "constraint" and "name" | ||
| const nameSplitted = namePrepared.split("."); | ||
| const constraintSplitted = constraintPrepared.split("."); | ||
| //endregion | ||
| if(constraintSplitted[0].length === 0) | ||
| return true; | ||
| return nameSplitted.length === constraintSplitted.length; | ||
| } | ||
| return false; | ||
| } | ||
| function compareIPAddress(name, constraint) | ||
| { | ||
| /// <summary>Compare two iPAddress values</summary> | ||
| /// <param name="name" type="in_window.org.pkijs.asn1.OCTETSTRING">iPAddress from name</param> | ||
| /// <param name="constraint" type="in_window.org.pkijs.asn1.OCTETSTRING">Constraint for iPAddress from name</param> | ||
| /// <returns type="Boolean">Boolean result - valid or invalid the "name" against the "constraint"</returns> | ||
| //region Common variables | ||
| const nameView = new Uint8Array(name.valueBlock.valueHex); | ||
| const constraintView = new Uint8Array(constraint.valueBlock.valueHex); | ||
| //endregion | ||
| //region Work with IPv4 addresses | ||
| if((nameView.length === 4) && (constraintView.length === 8)) | ||
| { | ||
| for(let i = 0; i < 4; i++) | ||
| { | ||
| if((nameView[i] ^ constraintView[i]) & constraintView[i + 4]) | ||
| return false; | ||
| } | ||
| return true; | ||
| } | ||
| //endregion | ||
| //region Work with IPv6 addresses | ||
| if((nameView.length === 16) && (constraintView.length === 32)) | ||
| { | ||
| for(let i = 0; i < 16; i++) | ||
| { | ||
| if((nameView[i] ^ constraintView[i]) & constraintView[i + 16]) | ||
| return false; | ||
| } | ||
| return true; | ||
| } | ||
| //endregion | ||
| return false; | ||
| } | ||
| function compareDirectoryName(name, constraint) | ||
| { | ||
| /// <summary>Compare two directoryName values</summary> | ||
| /// <param name="name" type="in_window.org.pkijs.simpl.RDN">directoryName from name</param> | ||
| /// <param name="constraint" type="in_window.org.pkijs.simpl.RDN">Constraint for directoryName from name</param> | ||
| /// <param name="any" type="Boolean">Boolean flag - should be comparision interrupted after first match or we need to match all "constraints" parts</param> | ||
| /// <returns type="Boolean">Boolean result - valid or invalid the "name" against the "constraint"</returns> | ||
| //region Initial check | ||
| if((name.typesAndValues.length === 0) || (constraint.typesAndValues.length === 0)) | ||
| return true; | ||
| if(name.typesAndValues.length < constraint.typesAndValues.length) | ||
| return false; | ||
| //endregion | ||
| //region Initial variables | ||
| let result = true; | ||
| let nameStart = 0; | ||
| //endregion | ||
| for(let i = 0; i < constraint.typesAndValues.length; i++) | ||
| { | ||
| let localResult = false; | ||
| for(let j = nameStart; j < name.typesAndValues.length; j++) | ||
| { | ||
| localResult = name.typesAndValues[j].isEqual(constraint.typesAndValues[i]); | ||
| if(name.typesAndValues[j].type === constraint.typesAndValues[i].type) | ||
| result = result && localResult; | ||
| if(localResult === true) | ||
| { | ||
| if((nameStart === 0) || (nameStart === j)) | ||
| { | ||
| nameStart = j + 1; | ||
| break; | ||
| } | ||
| else // Structure of "name" must be the same with "constraint" | ||
| return false; | ||
| } | ||
| } | ||
| if(localResult === false) | ||
| return false; | ||
| } | ||
| return (nameStart === 0) ? false : result; | ||
| } | ||
| //endregion | ||
| //region Check a result from "policy checking" part | ||
@@ -1509,0 +1506,0 @@ if(policyResult.result === false) |
@@ -364,10 +364,10 @@ import * as asn1js from "asn1js"; | ||
| return crypto.digest({ | ||
| name: hashFunction | ||
| }, | ||
| combinedBuffer) | ||
| name: hashFunction | ||
| }, | ||
| combinedBuffer) | ||
| .then(result => | ||
| ({ | ||
| counter: Counter, | ||
| result | ||
| })); | ||
| ({ | ||
| counter: Counter, | ||
| result | ||
| })); | ||
| //endregion | ||
@@ -374,0 +374,0 @@ } |
@@ -454,3 +454,3 @@ import * as asn1js from "asn1js"; | ||
| version: 3, | ||
| // "originator" will be calculated in "encrypt" function because ephemeral key would be generated there | ||
| // "originator" will be calculated in "encrypt" function because ephemeral key would be generated there | ||
| ukm: new asn1js.OctetString({ valueHex: ukmBuffer }), | ||
@@ -552,5 +552,5 @@ keyEncryptionAlgorithm: new AlgorithmIdentifier({ | ||
| algorithmId: kekOID, | ||
| /* | ||
| For AES-KW params are NULL, but for other algorithm could another situation. | ||
| */ | ||
| /* | ||
| For AES-KW params are NULL, but for other algorithm could another situation. | ||
| */ | ||
| algorithmParams: encryptionParameters.keyEncryptionAlgorithmParams | ||
@@ -624,5 +624,5 @@ }), | ||
| algorithmId: kekOID, | ||
| /* | ||
| For AES-KW params are NULL, but for other algorithm could be another situation. | ||
| */ | ||
| /* | ||
| For AES-KW params are NULL, but for other algorithm could be another situation. | ||
| */ | ||
| algorithmParams: encryptionParameters.keyEncryptionAlgorithmParams | ||
@@ -701,4 +701,4 @@ }), | ||
| }, | ||
| sessionKey, | ||
| contentView); | ||
| sessionKey, | ||
| contentView); | ||
| }, error => | ||
@@ -709,10 +709,10 @@ Promise.reject(error)); | ||
| sequence = sequence.then(result => | ||
| { | ||
| //region Create output OCTETSTRING with encrypted content | ||
| { | ||
| //region Create output OCTETSTRING with encrypted content | ||
| encryptedContent = result; | ||
| //endregion | ||
| //endregion | ||
| return crypto.exportKey("raw", sessionKey); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ).then(result => | ||
@@ -789,12 +789,13 @@ { | ||
| //endregion | ||
| //region Generate ephemeral ECDH key | ||
| currentSequence = currentSequence.then(result => | ||
| crypto.generateKey({ | ||
| name: "ECDH", | ||
| namedCurve: result | ||
| }, | ||
| true, | ||
| ["deriveBits"]), | ||
| error => | ||
| Promise.reject(error) | ||
| crypto.generateKey({ | ||
| name: "ECDH", | ||
| namedCurve: result | ||
| }, | ||
| true, | ||
| ["deriveBits"]), | ||
| error => | ||
| Promise.reject(error) | ||
| ); | ||
@@ -804,3 +805,3 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| { | ||
| ecdhPublicKey = result.publicKey; | ||
@@ -811,5 +812,6 @@ ecdhPrivateKey = result.privateKey; | ||
| }, | ||
| error => | ||
| Promise.reject(error)); | ||
| error => | ||
| Promise.reject(error)); | ||
| //endregion | ||
| //region Import recipient's public key | ||
@@ -837,7 +839,8 @@ currentSequence = currentSequence.then(result => | ||
| }, | ||
| ecdhPrivateKey, | ||
| recipientCurveLength), | ||
| error => | ||
| Promise.reject(error)); | ||
| ecdhPrivateKey, | ||
| recipientCurveLength), | ||
| error => | ||
| Promise.reject(error)); | ||
| //endregion | ||
| //region Apply KDF function to shared secret | ||
@@ -897,5 +900,5 @@ currentSequence = currentSequence.then(result => | ||
| currentSequence = currentSequence.then(result => | ||
| crypto.importKey("raw", result, { name: "AES-KW" }, true, ["wrapKey"]), | ||
| error => | ||
| Promise.reject(error) | ||
| crypto.importKey("raw", result, { name: "AES-KW" }, true, ["wrapKey"]), | ||
| error => | ||
| Promise.reject(error) | ||
| ); | ||
@@ -911,4 +914,4 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| //region OriginatorIdentifierOrKey | ||
| { | ||
| //region OriginatorIdentifierOrKey | ||
| const asn1 = asn1js.fromBER(exportedECDHPublicKey); | ||
@@ -919,3 +922,3 @@ | ||
| originator.value = new OriginatorPublicKey({ schema: asn1.result }); | ||
| // There is option when we can stay with ECParameters, but here index prefer to avoid the params | ||
| // There is option when we can stay with ECParameters, but here index prefer to avoid the params | ||
| if("algorithmParams" in originator.value.algorithm) | ||
@@ -925,12 +928,12 @@ delete originator.value.algorithm.algorithmParams; | ||
| _this.recipientInfos[index].value.originator = originator; | ||
| //endregion | ||
| //endregion | ||
| //region RecipientEncryptedKey | ||
| /* | ||
| We will not support using of same ephemeral key for many recipients | ||
| */ | ||
| //region RecipientEncryptedKey | ||
| /* | ||
| We will not support using of same ephemeral key for many recipients | ||
| */ | ||
| _this.recipientInfos[index].value.recipientEncryptedKeys.encryptedKeys[0].encryptedKey = new asn1js.OctetString({ valueHex: result }); | ||
| //endregion | ||
| //endregion | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -976,15 +979,16 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| crypto.encrypt(result.algorithm, result, exportedSessionKey), | ||
| error => | ||
| Promise.reject(error) | ||
| crypto.encrypt(result.algorithm, result, exportedSessionKey), | ||
| error => | ||
| Promise.reject(error) | ||
| ); | ||
| //endregion | ||
| //region Append all neccessary data to current CMS_RECIPIENT_INFO object | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| //region RecipientEncryptedKey | ||
| { | ||
| //region RecipientEncryptedKey | ||
| _this.recipientInfos[index].value.encryptedKey = new asn1js.OctetString({ valueHex: result }); | ||
| //endregion | ||
| //endregion | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1005,4 +1009,4 @@ //endregion | ||
| currentSequence = currentSequence.then(() => | ||
| { | ||
| //region Get WebCrypto form of "keyEncryptionAlgorithm" | ||
| { | ||
| //region Get WebCrypto form of "keyEncryptionAlgorithm" | ||
| kekAlgorithm = getAlgorithmByOID(_this.recipientInfos[index].value.keyEncryptionAlgorithm.algorithmId); | ||
@@ -1014,15 +1018,16 @@ if(("name" in kekAlgorithm) === false) | ||
| return crypto.importKey("raw", | ||
| new Uint8Array(_this.recipientInfos[index].value.preDefinedKEK), | ||
| kekAlgorithm, | ||
| true, | ||
| ["wrapKey"]); // Too specific for AES-KW | ||
| new Uint8Array(_this.recipientInfos[index].value.preDefinedKEK), | ||
| kekAlgorithm, | ||
| true, | ||
| ["wrapKey"]); // Too specific for AES-KW | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
| //endregion | ||
| //region Wrap previously exported session key | ||
| currentSequence = currentSequence.then(result => | ||
| crypto.wrapKey("raw", sessionKey, result, kekAlgorithm), | ||
| error => | ||
| Promise.reject(error) | ||
| crypto.wrapKey("raw", sessionKey, result, kekAlgorithm), | ||
| error => | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1032,8 +1037,8 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| //region RecipientEncryptedKey | ||
| { | ||
| //region RecipientEncryptedKey | ||
| _this.recipientInfos[index].value.encryptedKey = new asn1js.OctetString({ valueHex: result }); | ||
| //endregion | ||
| //endregion | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1055,3 +1060,3 @@ //endregion | ||
| currentSequence = currentSequence.then(() => | ||
| { | ||
| { | ||
| if(("keyDerivationAlgorithm" in _this.recipientInfos[index].value) === false) | ||
@@ -1064,13 +1069,13 @@ return Promise.reject("Please append encoded \"keyDerivationAlgorithm\""); | ||
| try | ||
| { | ||
| pbkdf2Params = new PBKDF2Params({ schema: _this.recipientInfos[index].value.keyDerivationAlgorithm.algorithmParams }); | ||
| } | ||
| catch(ex) | ||
| { | ||
| return Promise.reject("Incorrectly encoded \"keyDerivationAlgorithm\""); | ||
| } | ||
| { | ||
| pbkdf2Params = new PBKDF2Params({ schema: _this.recipientInfos[index].value.keyDerivationAlgorithm.algorithmParams }); | ||
| } | ||
| catch(ex) | ||
| { | ||
| return Promise.reject("Incorrectly encoded \"keyDerivationAlgorithm\""); | ||
| } | ||
| return Promise.resolve(); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1080,12 +1085,12 @@ //endregion | ||
| currentSequence = currentSequence.then(() => | ||
| { | ||
| { | ||
| const passwordView = new Uint8Array(_this.recipientInfos[index].value.password); | ||
| return crypto.importKey("raw", | ||
| passwordView, | ||
| "PBKDF2", | ||
| false, | ||
| ["deriveKey"]); | ||
| passwordView, | ||
| "PBKDF2", | ||
| false, | ||
| ["deriveKey"]); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1095,14 +1100,14 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| //region Get WebCrypto form of "keyEncryptionAlgorithm" | ||
| { | ||
| //region Get WebCrypto form of "keyEncryptionAlgorithm" | ||
| kekAlgorithm = getAlgorithmByOID(_this.recipientInfos[index].value.keyEncryptionAlgorithm.algorithmId); | ||
| if(("name" in kekAlgorithm) === false) | ||
| return Promise.reject(`Incorrect OID for "keyEncryptionAlgorithm": ${_this.recipientInfos[index].value.keyEncryptionAlgorithm.algorithmId}`); | ||
| //endregion | ||
| //region Get HMAC hash algorithm | ||
| //endregion | ||
| //region Get HMAC hash algorithm | ||
| let hmacHashAlgorithm = "SHA-1"; | ||
| if("prf" in pbkdf2Params) | ||
| { | ||
| { | ||
| const algorithm = getAlgorithmByOID(pbkdf2Params.prf.algorithmId); | ||
@@ -1114,11 +1119,11 @@ if(("name" in algorithm) === false) | ||
| } | ||
| //endregion | ||
| //region Get PBKDF2 "salt" value | ||
| //endregion | ||
| //region Get PBKDF2 "salt" value | ||
| const saltView = new Uint8Array(pbkdf2Params.salt.valueBlock.valueHex); | ||
| //endregion | ||
| //endregion | ||
| //region Get PBKDF2 iterations count | ||
| //region Get PBKDF2 iterations count | ||
| const iterations = pbkdf2Params.iterationCount; | ||
| //endregion | ||
| //endregion | ||
@@ -1133,8 +1138,8 @@ return crypto.deriveKey({ | ||
| }, | ||
| result, | ||
| kekAlgorithm, | ||
| true, | ||
| ["wrapKey"]); // Usages are too specific for KEK algorithm | ||
| result, | ||
| kekAlgorithm, | ||
| true, | ||
| ["wrapKey"]); // Usages are too specific for KEK algorithm | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1144,5 +1149,5 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| crypto.wrapKey("raw", sessionKey, result, kekAlgorithm), | ||
| error => | ||
| Promise.reject(error) | ||
| crypto.wrapKey("raw", sessionKey, result, kekAlgorithm), | ||
| error => | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1152,8 +1157,8 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| //region RecipientEncryptedKey | ||
| { | ||
| //region RecipientEncryptedKey | ||
| _this.recipientInfos[index].value.encryptedKey = new asn1js.OctetString({ valueHex: result }); | ||
| //endregion | ||
| //endregion | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1169,11 +1174,11 @@ //endregion | ||
| sequence = sequence.then(() => | ||
| { | ||
| for(let i = 0; i < this.recipientInfos.length; i++) | ||
| { | ||
| for(let i = 0; i < this.recipientInfos.length; i++) | ||
| { | ||
| //region Initial variables | ||
| //region Initial variables | ||
| let currentSequence = Promise.resolve(); | ||
| //endregion | ||
| //endregion | ||
| switch(this.recipientInfos[i].variant) | ||
| { | ||
| { | ||
| case 1: // KeyTransRecipientInfo | ||
@@ -1200,3 +1205,3 @@ currentSequence = SubKeyTransRecipientInfo(i); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1252,3 +1257,3 @@ //endregion | ||
| currentSequence = currentSequence.then(() => | ||
| { | ||
| { | ||
| if(("recipientCertificate" in decryptionParameters) === false) | ||
@@ -1268,3 +1273,3 @@ return Promise.reject("Parameter \"recipientCertificate\" is mandatory for \"KeyAgreeRecipientInfo\""); | ||
| switch(curveOID) | ||
| { | ||
| { | ||
| case "1.2.840.10045.3.1.7": | ||
@@ -1287,3 +1292,3 @@ recipientCurve = "P-256"; | ||
| return crypto.importKey("pkcs8", | ||
| decryptionParameters.recipientPrivateKey, | ||
| decryptionParameters.recipientPrivateKey, | ||
| { | ||
@@ -1293,7 +1298,7 @@ name: "ECDH", | ||
| }, | ||
| true, | ||
| ["deriveBits"] | ||
| ); | ||
| true, | ||
| ["deriveBits"] | ||
| ); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1303,16 +1308,16 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| { | ||
| ecdhPrivateKey = result; | ||
| //region Change "OriginatorPublicKey" if "curve" parameter absent | ||
| //region Change "OriginatorPublicKey" if "curve" parameter absent | ||
| if(("algorithmParams" in _this.recipientInfos[index].value.originator.value.algorithm) === false) | ||
| _this.recipientInfos[index].value.originator.value.algorithm.algorithmParams = new asn1js.ObjectIdentifier({ value: curveOID }); | ||
| //endregion | ||
| //region Create ArrayBuffer with sender's public key | ||
| //endregion | ||
| //region Create ArrayBuffer with sender's public key | ||
| const buffer = _this.recipientInfos[index].value.originator.value.toSchema().toBER(false); | ||
| //endregion | ||
| //endregion | ||
| return crypto.importKey("spki", | ||
| buffer, | ||
| buffer, | ||
| { | ||
@@ -1322,6 +1327,6 @@ name: "ECDH", | ||
| }, | ||
| true, | ||
| []); | ||
| true, | ||
| []); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1331,10 +1336,10 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| crypto.deriveBits({ | ||
| name: "ECDH", | ||
| public: result | ||
| }, | ||
| ecdhPrivateKey, | ||
| recipientCurveLength), | ||
| error => | ||
| Promise.reject(error) | ||
| crypto.deriveBits({ | ||
| name: "ECDH", | ||
| public: result | ||
| }, | ||
| ecdhPrivateKey, | ||
| recipientCurveLength), | ||
| error => | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1344,4 +1349,4 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| //region Get length of used AES-KW algorithm | ||
| { | ||
| //region Get length of used AES-KW algorithm | ||
| const aesKWAlgorithm = new AlgorithmIdentifier({ schema: _this.recipientInfos[index].value.keyEncryptionAlgorithm.algorithmParams }); | ||
@@ -1361,17 +1366,17 @@ | ||
| for(let j = 3; j >= 0; j--) | ||
| { | ||
| { | ||
| kwLengthView[j] = kwLength; | ||
| kwLength >>= 8; | ||
| } | ||
| //endregion | ||
| //region Create and encode "ECC-CMS-SharedInfo" structure | ||
| //endregion | ||
| //region Create and encode "ECC-CMS-SharedInfo" structure | ||
| const eccInfo = new ECCCMSSharedInfo({ | ||
| keyInfo: new AlgorithmIdentifier({ | ||
| algorithmId: aesKWAlgorithm.algorithmId, | ||
| /* | ||
| Initially RFC5753 says that AES algorithms have absent parameters. | ||
| But since early implementations all put NULL here. Thus, in order to be | ||
| "backward compatible", index also put NULL here. | ||
| */ | ||
| /* | ||
| Initially RFC5753 says that AES algorithms have absent parameters. | ||
| But since early implementations all put NULL here. Thus, in order to be | ||
| "backward compatible", index also put NULL here. | ||
| */ | ||
| algorithmParams: new asn1js.Null() | ||
@@ -1384,5 +1389,5 @@ }), | ||
| const encodedInfo = eccInfo.toSchema().toBER(false); | ||
| //endregion | ||
| //region Get SHA algorithm used together with ECDH | ||
| //endregion | ||
| //region Get SHA algorithm used together with ECDH | ||
| const ecdhAlgorithm = getAlgorithmByOID(_this.recipientInfos[index].value.keyEncryptionAlgorithm.algorithmId); | ||
@@ -1395,3 +1400,3 @@ if(("name" in ecdhAlgorithm) === false) | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1401,8 +1406,8 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| crypto.importKey("raw", | ||
| result, | ||
| { name: "AES-KW" }, | ||
| true, | ||
| ["unwrapKey"]), | ||
| error => Promise.reject(error) | ||
| crypto.importKey("raw", | ||
| result, | ||
| { name: "AES-KW" }, | ||
| true, | ||
| ["unwrapKey"]), | ||
| error => Promise.reject(error) | ||
| ); | ||
@@ -1412,4 +1417,4 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| //region Get WebCrypto form of content encryption algorithm | ||
| { | ||
| //region Get WebCrypto form of content encryption algorithm | ||
| const contentEncryptionAlgorithm = getAlgorithmByOID(_this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId); | ||
@@ -1421,10 +1426,10 @@ if(("name" in contentEncryptionAlgorithm) === false) | ||
| return crypto.unwrapKey("raw", | ||
| _this.recipientInfos[index].value.recipientEncryptedKeys.encryptedKeys[0].encryptedKey.valueBlock.valueHex, | ||
| result, | ||
| { name: "AES-KW" }, | ||
| contentEncryptionAlgorithm, | ||
| true, | ||
| ["decrypt"]); | ||
| _this.recipientInfos[index].value.recipientEncryptedKeys.encryptedKeys[0].encryptedKey.valueBlock.valueHex, | ||
| result, | ||
| { name: "AES-KW" }, | ||
| contentEncryptionAlgorithm, | ||
| true, | ||
| ["decrypt"]); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1444,3 +1449,3 @@ //endregion | ||
| currentSequence = currentSequence.then(() => | ||
| { | ||
| { | ||
| if(("recipientPrivateKey" in decryptionParameters) === false) | ||
@@ -1459,3 +1464,3 @@ return Promise.reject("Parameter \"recipientPrivateKey\" is mandatory for \"KeyTransRecipientInfo\""); | ||
| return crypto.importKey("pkcs8", | ||
| decryptionParameters.recipientPrivateKey, | ||
| decryptionParameters.recipientPrivateKey, | ||
| { | ||
@@ -1467,6 +1472,6 @@ name: "RSA-OAEP", | ||
| }, | ||
| true, | ||
| ["decrypt"]); | ||
| true, | ||
| ["decrypt"]); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1485,17 +1490,17 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| //region Get WebCrypto form of content encryption algorithm | ||
| { | ||
| //region Get WebCrypto form of content encryption algorithm | ||
| const contentEncryptionAlgorithm = getAlgorithmByOID(_this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId); | ||
| if(("name" in contentEncryptionAlgorithm) === false) | ||
| return Promise.reject(`Incorrect "contentEncryptionAlgorithm": ${_this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId}`); | ||
| //endregion | ||
| //endregion | ||
| return crypto.importKey("raw", | ||
| result, | ||
| contentEncryptionAlgorithm, | ||
| true, | ||
| ["decrypt"] | ||
| ); | ||
| result, | ||
| contentEncryptionAlgorithm, | ||
| true, | ||
| ["decrypt"] | ||
| ); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1516,19 +1521,19 @@ //endregion | ||
| currentSequence = currentSequence.then(() => | ||
| { | ||
| { | ||
| if(("preDefinedData" in decryptionParameters) === false) | ||
| return Promise.reject("Parameter \"preDefinedData\" is mandatory for \"KEKRecipientInfo\""); | ||
| //region Get WebCrypto form of "keyEncryptionAlgorithm" | ||
| //region Get WebCrypto form of "keyEncryptionAlgorithm" | ||
| kekAlgorithm = getAlgorithmByOID(_this.recipientInfos[index].value.keyEncryptionAlgorithm.algorithmId); | ||
| if(("name" in kekAlgorithm) === false) | ||
| return Promise.reject(`Incorrect OID for "keyEncryptionAlgorithm": ${_this.recipientInfos[index].value.keyEncryptionAlgorithm.algorithmId}`); | ||
| //endregion | ||
| //endregion | ||
| return crypto.importKey("raw", | ||
| decryptionParameters.preDefinedData, | ||
| kekAlgorithm, | ||
| true, | ||
| ["unwrapKey"]); // Too specific for AES-KW | ||
| decryptionParameters.preDefinedData, | ||
| kekAlgorithm, | ||
| true, | ||
| ["unwrapKey"]); // Too specific for AES-KW | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1538,18 +1543,18 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| //region Get WebCrypto form of content encryption algorithm | ||
| { | ||
| //region Get WebCrypto form of content encryption algorithm | ||
| const contentEncryptionAlgorithm = getAlgorithmByOID(_this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId); | ||
| if(("name" in contentEncryptionAlgorithm) === false) | ||
| return Promise.reject(`Incorrect "contentEncryptionAlgorithm": ${_this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId}`); | ||
| //endregion | ||
| //endregion | ||
| return crypto.unwrapKey("raw", | ||
| _this.recipientInfos[index].value.encryptedKey.valueBlock.valueHex, | ||
| result, | ||
| kekAlgorithm, | ||
| contentEncryptionAlgorithm, | ||
| true, | ||
| ["decrypt"]); | ||
| _this.recipientInfos[index].value.encryptedKey.valueBlock.valueHex, | ||
| result, | ||
| kekAlgorithm, | ||
| contentEncryptionAlgorithm, | ||
| true, | ||
| ["decrypt"]); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1571,3 +1576,3 @@ //endregion | ||
| currentSequence = currentSequence.then(() => | ||
| { | ||
| { | ||
| if(("preDefinedData" in decryptionParameters) === false) | ||
@@ -1583,17 +1588,17 @@ return Promise.reject("Parameter \"preDefinedData\" is mandatory for \"KEKRecipientInfo\""); | ||
| try | ||
| { | ||
| pbkdf2Params = new PBKDF2Params({ schema: _this.recipientInfos[index].value.keyDerivationAlgorithm.algorithmParams }); | ||
| } | ||
| catch(ex) | ||
| { | ||
| return Promise.reject("Incorrectly encoded \"keyDerivationAlgorithm\""); | ||
| } | ||
| { | ||
| pbkdf2Params = new PBKDF2Params({ schema: _this.recipientInfos[index].value.keyDerivationAlgorithm.algorithmParams }); | ||
| } | ||
| catch(ex) | ||
| { | ||
| return Promise.reject("Incorrectly encoded \"keyDerivationAlgorithm\""); | ||
| } | ||
| return crypto.importKey("raw", | ||
| decryptionParameters.preDefinedData, | ||
| "PBKDF2", | ||
| false, | ||
| ["deriveKey"]); | ||
| decryptionParameters.preDefinedData, | ||
| "PBKDF2", | ||
| false, | ||
| ["deriveKey"]); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1603,14 +1608,14 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| //region Get WebCrypto form of "keyEncryptionAlgorithm" | ||
| { | ||
| //region Get WebCrypto form of "keyEncryptionAlgorithm" | ||
| kekAlgorithm = getAlgorithmByOID(_this.recipientInfos[index].value.keyEncryptionAlgorithm.algorithmId); | ||
| if(("name" in kekAlgorithm) === false) | ||
| return Promise.reject(`Incorrect OID for "keyEncryptionAlgorithm": ${_this.recipientInfos[index].value.keyEncryptionAlgorithm.algorithmId}`); | ||
| //endregion | ||
| //region Get HMAC hash algorithm | ||
| //endregion | ||
| //region Get HMAC hash algorithm | ||
| let hmacHashAlgorithm = "SHA-1"; | ||
| if("prf" in pbkdf2Params) | ||
| { | ||
| { | ||
| const algorithm = getAlgorithmByOID(pbkdf2Params.prf.algorithmId); | ||
@@ -1622,11 +1627,11 @@ if(("name" in algorithm) === false) | ||
| } | ||
| //endregion | ||
| //region Get PBKDF2 "salt" value | ||
| //endregion | ||
| //region Get PBKDF2 "salt" value | ||
| const saltView = new Uint8Array(pbkdf2Params.salt.valueBlock.valueHex); | ||
| //endregion | ||
| //endregion | ||
| //region Get PBKDF2 iterations count | ||
| //region Get PBKDF2 iterations count | ||
| const iterations = pbkdf2Params.iterationCount; | ||
| //endregion | ||
| //endregion | ||
@@ -1641,8 +1646,8 @@ return crypto.deriveKey({ | ||
| }, | ||
| result, | ||
| kekAlgorithm, | ||
| true, | ||
| ["unwrapKey"]); // Usages are too specific for KEK algorithm | ||
| result, | ||
| kekAlgorithm, | ||
| true, | ||
| ["unwrapKey"]); // Usages are too specific for KEK algorithm | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1652,4 +1657,4 @@ //endregion | ||
| currentSequence = currentSequence.then(result => | ||
| { | ||
| //region Get WebCrypto form of content encryption algorithm | ||
| { | ||
| //region Get WebCrypto form of content encryption algorithm | ||
| const contentEncryptionAlgorithm = getAlgorithmByOID(_this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId); | ||
@@ -1661,10 +1666,10 @@ if(("name" in contentEncryptionAlgorithm) === false) | ||
| return crypto.unwrapKey("raw", | ||
| _this.recipientInfos[index].value.encryptedKey.valueBlock.valueHex, | ||
| result, | ||
| kekAlgorithm, | ||
| contentEncryptionAlgorithm, | ||
| true, | ||
| ["decrypt"]); | ||
| _this.recipientInfos[index].value.encryptedKey.valueBlock.valueHex, | ||
| result, | ||
| kekAlgorithm, | ||
| contentEncryptionAlgorithm, | ||
| true, | ||
| ["decrypt"]); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1680,9 +1685,9 @@ //endregion | ||
| sequence = sequence.then(() => | ||
| { | ||
| //region Initial variables | ||
| { | ||
| //region Initial variables | ||
| let currentSequence = Promise.resolve(); | ||
| //endregion | ||
| //endregion | ||
| switch(this.recipientInfos[recipientIndex].variant) | ||
| { | ||
| { | ||
| case 1: // KeyTransRecipientInfo | ||
@@ -1706,3 +1711,3 @@ currentSequence = SubKeyTransRecipientInfo(recipientIndex); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1714,14 +1719,14 @@ //endregion | ||
| { | ||
| //region Get WebCrypto form of content encryption algorithm | ||
| //region Get WebCrypto form of content encryption algorithm | ||
| const contentEncryptionAlgorithm = getAlgorithmByOID(this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId); | ||
| if(("name" in contentEncryptionAlgorithm) === false) | ||
| return Promise.reject(`Incorrect "contentEncryptionAlgorithm": ${this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId}`); | ||
| //endregion | ||
| //region Get "intialization vector" for content encryption algorithm | ||
| //endregion | ||
| //region Get "intialization vector" for content encryption algorithm | ||
| const ivBuffer = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmParams.valueBlock.valueHex; | ||
| const ivView = new Uint8Array(ivBuffer); | ||
| //endregion | ||
| //region Create correct data block for decryption | ||
| //endregion | ||
| //region Create correct data block for decryption | ||
| let dataBuffer = new ArrayBuffer(0); | ||
@@ -1732,7 +1737,7 @@ | ||
| else | ||
| { | ||
| { | ||
| for(const content of this.encryptedContentInfo.encryptedContent.valueBlock.value) | ||
| dataBuffer = utilConcatBuf(dataBuffer, content.valueBlock.valueHex); | ||
| } | ||
| //endregion | ||
| //endregion | ||
@@ -1743,6 +1748,6 @@ return crypto.decrypt({ | ||
| }, | ||
| result, | ||
| dataBuffer); | ||
| result, | ||
| dataBuffer); | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -1749,0 +1754,0 @@ //endregion |
@@ -214,3 +214,3 @@ import * as asn1js from "asn1js"; | ||
| sequence = sequence.then(() => | ||
| { | ||
| { | ||
| this.tbsRequest = new TBSRequest({ | ||
@@ -224,3 +224,3 @@ requestList: [ | ||
| }, error => | ||
| Promise.reject(error) | ||
| Promise.reject(error) | ||
| ); | ||
@@ -227,0 +227,0 @@ //endregion |
@@ -324,3 +324,3 @@ import * as asn1js from "asn1js"; | ||
| }, | ||
| error => Promise.reject(error) | ||
| error => Promise.reject(error) | ||
| ); | ||
@@ -327,0 +327,0 @@ //endregion |
@@ -285,9 +285,9 @@ import * as asn1js from "asn1js"; | ||
| try | ||
| { | ||
| _this.fromSchema(asn1.result); | ||
| } | ||
| catch(exception) | ||
| { | ||
| return Promise.reject("Error during initializing object from schema"); | ||
| } | ||
| { | ||
| _this.fromSchema(asn1.result); | ||
| } | ||
| catch(exception) | ||
| { | ||
| return Promise.reject("Error during initializing object from schema"); | ||
| } | ||
@@ -294,0 +294,0 @@ return undefined; |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
- decreased by-0.06%
4091327
- Number of package files
- decreased by-0.31%
325
- Lines of code
- decreased by-0.01%
61847
No dependency changes