@ne1410s/crypto
Version:
Lightweight ES5 script to provide crypto utilities
367 lines (354 loc) • 18.2 kB
JavaScript
;
var asn1js = require('asn1js');
var ne_text = require('@ne1410s/text');
function _interopNamespaceDefault(e) {
var n = Object.create(null);
if (e) {
Object.keys(e).forEach(function (k) {
if (k !== 'default') {
var d = Object.getOwnPropertyDescriptor(e, k);
Object.defineProperty(n, k, d.get ? d : {
enumerable: true,
get: function () { return e[k]; }
});
}
});
}
n.default = e;
return Object.freeze(n);
}
var asn1js__namespace = /*#__PURE__*/_interopNamespaceDefault(asn1js);
var ne_text__namespace = /*#__PURE__*/_interopNamespaceDefault(ne_text);
/******************************************************************************
Copyright (c) Microsoft Corporation.
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
***************************************************************************** */
/* global Reflect, Promise, SuppressedError, Symbol, Iterator */
function __awaiter(thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
}
function __generator(thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (g && (g = 0, op[0] && (_ = 0)), _) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
}
typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
var e = new Error(message);
return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
};
var crypto = require('node:crypto');
var pkijs = require('pkijs');
pkijs.setEngine('OpenSSL', crypto, new pkijs.CryptoEngine({ name: '', crypto: crypto, subtle: crypto.subtle }));
var DEF_ALGO = {
name: 'RSASSA-PKCS1-v1_5',
modulusLength: 2048,
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: { name: 'SHA-256' },
};
function randomString() {
return __awaiter(this, void 0, void 0, function () {
var bytes;
return __generator(this, function (_a) {
bytes = new Uint8Array(24);
crypto.getRandomValues(bytes);
return [2 /*return*/, ne_text__namespace.bufferToBase64Url(bytes.buffer)];
});
});
}
function gen() {
return __awaiter(this, void 0, void 0, function () {
var keys;
var _a;
return __generator(this, function (_b) {
switch (_b.label) {
case 0: return [4 /*yield*/, crypto.subtle.generateKey(DEF_ALGO, true, ['sign'])];
case 1:
keys = _b.sent();
_a = {};
return [4 /*yield*/, crypto.subtle.exportKey('jwk', keys.publicKey)];
case 2:
_a.publicJwk = _b.sent();
return [4 /*yield*/, crypto.subtle.exportKey('jwk', keys.privateKey)];
case 3: return [2 /*return*/, (_a.privateJwk = _b.sent(),
_a)];
}
});
});
}
function sign(text, privateJwk) {
return __awaiter(this, void 0, void 0, function () {
var cKey, buffer, signed;
return __generator(this, function (_a) {
switch (_a.label) {
case 0: return [4 /*yield*/, crypto.subtle.importKey('jwk', privateJwk, DEF_ALGO, true, ['sign'])];
case 1:
cKey = _a.sent(), buffer = ne_text__namespace.textToBuffer(text);
return [4 /*yield*/, crypto.subtle.sign(DEF_ALGO.name, cKey, buffer)];
case 2:
signed = _a.sent();
return [2 /*return*/, ne_text__namespace.bufferToBase64Url(signed)];
}
});
});
}
function digest(text) {
return __awaiter(this, void 0, void 0, function () {
var buffer, digest;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
buffer = ne_text__namespace.textToBuffer(text);
return [4 /*yield*/, crypto.subtle.digest('SHA-256', buffer)];
case 1:
digest = _a.sent();
return [2 /*return*/, ne_text__namespace.bufferToBase64Url(digest)];
}
});
});
}
//https://github.com/PeculiarVentures/PKI.js/blob/master/examples/PKCS10ComplexExample/es6.js
function csr(params) {
return __awaiter(this, void 0, void 0, function () {
var pkcs10, keys, publicKey, toDigest, pubkeyhash_sha1, privateKey, pkcs10_schema, pkcs10_encoded, exportedPkcs8;
var _a;
return __generator(this, function (_b) {
switch (_b.label) {
case 0:
pkcs10 = new pkijs.CertificationRequest();
pkcs10.version = 0;
pkcs10.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: '2.5.4.3', // CN=
value: new asn1js__namespace.PrintableString({ value: params.domains[0] }),
}));
if (params.country) {
pkcs10.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: '2.5.4.6', // C=
value: new asn1js__namespace.PrintableString({ value: params.country }),
}));
}
if (params.town) {
pkcs10.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: '2.5.4.7', // L=
value: new asn1js__namespace.PrintableString({ value: params.town }),
}));
}
if (params.county) {
pkcs10.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: '2.5.4.8', // S=
value: new asn1js__namespace.PrintableString({ value: params.county }),
}));
}
if (params.company) {
pkcs10.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: '2.5.4.10', // O=
value: new asn1js__namespace.PrintableString({ value: params.company }),
}));
}
if (params.department) {
pkcs10.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: '2.5.4.11', // OU=
value: new asn1js__namespace.PrintableString({ value: params.department }),
}));
}
return [4 /*yield*/, crypto.subtle.generateKey(DEF_ALGO, true, ['sign'])];
case 1:
keys = _b.sent();
publicKey = keys.publicKey;
return [4 /*yield*/, pkcs10.subjectPublicKeyInfo.importKey(publicKey)];
case 2:
_b.sent();
toDigest = pkcs10.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHex;
return [4 /*yield*/, crypto.subtle.digest('SHA-1', toDigest)];
case 3:
pubkeyhash_sha1 = _b.sent();
//pubkeyhash_sha256 = await crypto.subtle.digest('SHA-256', toDigest);
pkcs10.attributes = [];
pkcs10.attributes.push(new pkijs.Attribute({
type: '1.2.840.113549.1.9.14', // pkcs-9-at-extensionRequest
values: [
new pkijs.Extensions({
extensions: [
new pkijs.Extension({
extnID: '2.5.29.14',
critical: false,
extnValue: new asn1js__namespace.OctetString({ valueHex: pubkeyhash_sha1 }).toBER(false),
}),
new pkijs.Extension({
extnID: '2.5.29.17',
critical: false,
extnValue: new pkijs.GeneralNames({
names: params.domains.map(function (dom) {
return new pkijs.GeneralName({
type: 2,
value: dom,
});
}),
})
.toSchema()
.toBER(false),
}),
],
}).toSchema(),
],
}));
privateKey = keys.privateKey;
return [4 /*yield*/, pkcs10.sign(privateKey, 'SHA-256')];
case 4:
_b.sent(), pkcs10_schema = pkcs10.toSchema(), pkcs10_encoded = pkcs10_schema.toBER(false);
return [4 /*yield*/, crypto.subtle.exportKey('pkcs8', keys.privateKey)];
case 5:
exportedPkcs8 = _b.sent();
_a = {
pem: bufferToPem(pkcs10_encoded, 'CERTIFICATE REQUEST'),
der: ne_text__namespace.bufferToBase64Url(pkcs10_encoded),
pkcs8_pem: bufferToPem(exportedPkcs8, 'PRIVATE KEY'),
pkcs8_b64: ne_text__namespace.bufferToBase64(exportedPkcs8)
};
return [4 /*yield*/, crypto.subtle.exportKey('jwk', keys.privateKey)];
case 6:
_a.privateJwk = _b.sent();
return [4 /*yield*/, crypto.subtle.exportKey('jwk', keys.publicKey)];
case 7: return [2 /*return*/, (_a.publicJwk = _b.sent(),
_a)];
}
});
});
}
//https://github.com/PeculiarVentures/PKI.js/blob/master/examples/PKCS12SimpleExample/es6.js
function pfx(friendlyName_1, cert_b64_1, key_b64_1, password_1) {
return __awaiter(this, arguments, void 0, function (friendlyName, cert_b64, key_b64, password, hash) {
var asn1_cer, asn1_key, objc_cer, objc_key, pkcs12;
if (hash === void 0) { hash = 'SHA-256'; }
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
asn1_cer = asn1js__namespace.fromBER(ne_text__namespace.textToBuffer(ne_text__namespace.base64ToText(cert_b64))), asn1_key = asn1js__namespace.fromBER(ne_text__namespace.textToBuffer(ne_text__namespace.base64ToText(key_b64)));
objc_cer = new pkijs.Certificate({ schema: asn1_cer.result }), objc_key = new pkijs.PrivateKeyInfo({ schema: asn1_key.result });
pkcs12 = new pkijs.PFX({
parsedValue: {
integrityMode: 0, // Password-Based Integrity Mode
authenticatedSafe: new pkijs.AuthenticatedSafe({
parsedValue: {
safeContents: [
{
privacyMode: 0, // 'No Privacy' mode
value: new pkijs.SafeContents({
safeBags: [
new pkijs.SafeBag({
bagId: '1.2.840.113549.1.12.10.1.1',
bagValue: objc_key,
}),
new pkijs.SafeBag({
bagId: '1.2.840.113549.1.12.10.1.3',
bagValue: new pkijs.CertBag({
parsedValue: objc_cer,
}),
bagAttributes: [
new pkijs.Attribute({
type: '1.2.840.113549.1.9.20', // friendlyName
values: [new asn1js__namespace.BmpString({ value: friendlyName })],
}),
],
}),
],
}),
},
],
},
}),
},
});
return [4 /*yield*/, pkcs12.parsedValue.authenticatedSafe.makeInternalValues({
safeContents: [
{
/* Empty as 'No Privacy' for SafeContents */
},
],
})];
case 1:
_a.sent();
return [4 /*yield*/, pkcs12.makeInternalValues({
password: ne_text__namespace.textToBuffer(password),
iterations: 1000,
pbkdf2HashAlgorithm: hash,
hmacHashAlgorithm: hash,
})];
case 2:
_a.sent();
return [2 /*return*/, pkcs12.toSchema().toBER(false)];
}
});
});
}
function pemToBase64Parts(pem) {
return pem
.split(/-----[\w\s]+-----/)
.map(function (p) { return p.replace(/\s/g, ''); })
.filter(function (p) { return p; });
}
function base64ToPem(base64, title) {
var string_length = base64.length;
var result_string = '';
for (var i = 0, count = 0; i < string_length; i++, count++) {
if (count > 63) {
result_string += '\r\n';
count = 0;
}
result_string += base64[i];
}
title =
(title || '')
.replace(/[^\w\s]+/, '')
.trim()
.toUpperCase() || 'CERTIFICATE';
return "-----BEGIN ".concat(title, "-----\r\n").concat(result_string, "\r\n-----END ").concat(title, "-----\r\n");
}
function bufferToPem(pkcs10_buf, title) {
var base64 = ne_text__namespace.bufferToBase64(pkcs10_buf);
return base64ToPem(base64, title);
}
exports.base64ToPem = base64ToPem;
exports.bufferToPem = bufferToPem;
exports.csr = csr;
exports.digest = digest;
exports.gen = gen;
exports.pemToBase64Parts = pemToBase64Parts;
exports.pfx = pfx;
exports.randomString = randomString;
exports.sign = sign;