UNPKG

@1amageek/passkit

Version:

passkit.ts is Passkit generator

github.com/1amageek/passkit.ts

1amageek/passkit.ts

92 lines 4.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); const Crypto = require("crypto"); const forge = require("node-forge"); const fs = require("fs"); const path = require("path"); const index_1 = require("./index"); class Manifest { constructor() { this.data = {}; } addFile(buffer, filename, encoding) { return __awaiter(this, void 0, void 0, function* () { const hash = Crypto.createHash('sha1'); this.data[filename] = hash.update(buffer).digest('hex'); }); } toJSON() { return JSON.stringify(this.data); } sign() { return __awaiter(this, void 0, void 0, function* () { const wwdrPath = index_1.certificates.wwdr; const secretPath = index_1.certificates.secret; if (!wwdrPath) { throw new Error('[Passkit] error: wwdr path not found'); } if (!secretPath) { throw new Error('[Passkit] error: secret path not found'); } const signerCertData = fs.readFileSync(path.resolve(process.cwd(), secretPath), { encoding: 'utf8' }); const wwdrCertData = fs.readFileSync(path.resolve(process.cwd(), wwdrPath), { encoding: 'utf8' }); const password = index_1.certificates.options.password; const certificate = forge.pki.certificateFromPem(signerCertData); const wwdr = forge.pki.certificateFromPem(wwdrCertData); // getting signer private key const key = this._decodePrivateKey(signerCertData, password); // create PKCS#7 signed data const p7 = forge.pkcs7.createSignedData(); p7.content = this.toJSON(); p7.addCertificate(certificate); p7.addCertificate(wwdr); p7.addSigner({ key, certificate, digestAlgorithm: forge.pki.oids.sha1, authenticatedAttributes: [ { type: forge.pki.oids.contentType, value: forge.pki.oids.data, }, { type: forge.pki.oids.messageDigest, }, { type: forge.pki.oids.signingTime, }, ], }); p7.sign(); p7.contentInfo.value.pop(); return Buffer.from(forge.asn1.toDer(p7.toAsn1()).getBytes(), 'binary'); }); } _decodePrivateKey(keydata, password) { const pemMessages = forge.pem.decode(keydata); // getting signer private key const signerKeyMessage = pemMessages.find(message => message.type.includes('KEY')); if (!signerKeyMessage) { throw new Error('[Passkit] error: Invalid certificate, no key found'); } const key = forge.pki.decryptRsaPrivateKey(forge.pem.encode(signerKeyMessage), password); if (!key) { if ((signerKeyMessage.procType && signerKeyMessage.procType.type === 'ENCRYPTED') || signerKeyMessage.type.includes('ENCRYPTED')) { throw new Error('[Passkit] error: Unable to parse key, incorrect passphrase'); } } return forge.pki.privateKeyToPem(key); } } exports.default = Manifest; //# sourceMappingURL=manifest.js.map