node-opcua-crypto
Version:
Crypto tools for Node-OPCUA
1,073 lines (1,063 loc) • 221 kB
JavaScript
var __defProp = Object.defineProperty;
var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
}) : x)(function(x) {
if (typeof require !== "undefined") return require.apply(this, arguments);
throw Error('Dynamic require of "' + x + '" is not supported');
});
var __export = (target, all) => {
for (var name in all)
__defProp(target, name, { get: all[name], enumerable: true });
};
// ../../node_modules/tsup/assets/esm_shims.js
import { fileURLToPath } from "url";
import path from "path";
var getFilename = () => fileURLToPath(import.meta.url);
var getDirname = () => path.dirname(getFilename());
var __dirname = /* @__PURE__ */ getDirname();
// source/asn1.ts
import assert from "assert";
// source/oid_map.ts
var oid_map = {
"0.9.2342.19200300.100.1.1": { d: "userID", c: "Some oddball X.500 attribute collection" },
"0.9.2342.19200300.100.1.3": { d: "rfc822Mailbox", c: "Some oddball X.500 attribute collection" },
"0.9.2342.19200300.100.1.25": { d: "domainComponent", c: "Men are from Mars, this OID is from Pluto" },
"1.2.840.10045.2": { d: "publicKeyType", c: "ANSI X9.62" },
"1.2.840.10045.2.1": { d: "ecPublicKey", c: "ANSI X9.62 public key type" },
"1.2.840.10045.3.0.1": { d: "c2pnb163v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.2": { d: "c2pnb163v2", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.3": { d: "c2pnb163v3", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.5": { d: "c2tnb191v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.6": { d: "c2tnb191v2", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.7": { d: "c2tnb191v3", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.10": { d: "c2pnb208w1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.11": { d: "c2tnb239v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.12": { d: "c2tnb239v2", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.13": { d: "c2tnb239v3", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.16": { d: "c2pnb272w1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.18": { d: "c2tnb359v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.19": { d: "c2pnb368w1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.20": { d: "c2tnb431r1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.1": { d: "prime192v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.2": { d: "prime192v2", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.3": { d: "prime192v3", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.4": { d: "prime239v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.5": { d: "prime239v2", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.6": { d: "prime239v3", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.7": { d: "prime256v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.113549.1.1": { d: "pkcs-1", c: "", w: false },
"1.2.840.113549.1.1.1": { d: "rsaEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.2": { d: "md2WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.3": { d: "md4WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.4": { d: "md5WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.5": { d: "sha1WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.7": { d: "rsaOAEP", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.8": { d: "pkcs1-MGF", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.9": { d: "rsaOAEP-pSpecified", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.10": { d: "rsaPSS", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.11": { d: "sha256WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.12": { d: "sha384WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.13": { d: "sha512WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.14": { d: "sha224WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.9.1": {
d: "emailAddress",
c: "PKCS #9. Deprecated, use an altName extension instead",
w: false
},
"1.2.840.113549.1.9.2": { d: "unstructuredName", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.3": { d: "contentType", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.4": { d: "messageDigest", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.5": { d: "signingTime", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.6": { d: "countersignature", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.7": { d: "challengePassword", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.8": { d: "unstructuredAddress", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.9": { d: "extendedCertificateAttributes", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.10": { d: "issuerAndSerialNumber", c: "PKCS #9 experimental", w: true },
"1.2.840.113549.1.9.11": { d: "passwordCheck", c: "PKCS #9 experimental", w: true },
"1.2.840.113549.1.9.12": { d: "publicKey", c: "PKCS #9 experimental", w: true },
"1.2.840.113549.1.9.13": { d: "signingDescription", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.14": { d: "extensionRequest", c: "PKCS #9 via CRMF", w: false },
"1.3.6.1.4.1.311.2.1.21": { d: "1.3.6.1.4.1.311.2.1.21", c: "SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID" },
"1.3.6.1.4.1.311.2.1.22": { d: "1.3.6.1.4.1.311.2.1.22", c: "SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID" },
"1.3.6.1.4.1.311.10.3.1": { d: "1.3.6.1.4.1.311.10.3.1", c: "Signer of CTLs -- szOID_KP_CTL_USAGE_SIGNING" },
"1.3.6.1.4.1.311.10.3.4": { d: "1.3.6.1.4.1.311.10.3.4", c: "szOID_EFS_RECOVERY (Encryption File System)" },
"1.3.6.1.4.1.311.20.2.3": { d: "1.3.6.1.4.1.311.20.2.3", c: "id-on-personalData" },
"1.3.6.1.5.5.7.3.17": { d: "1.3.6.1.5.5.7.3.17", c: "Internet Key Exchange (IKE)" },
"1.3.6.1.5.5.7.3.1": { d: "serverAuth", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.2": { d: "clientAuth", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.3": { d: "codeSigning", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.4": { d: "emailProtection", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.5": { d: "ipsecEndSystem", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.6": { d: "ipsecTunnel", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.7": { d: "ipsecUser", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.8": { d: "timeStamping", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.9": { d: "ocspSigning", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.10": { d: "dvcs", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.11": { d: "sbgpCertAAServerAuth", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.13": { d: "eapOverPPP", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.14": { d: "eapOverLAN", c: "PKIX key purpose" },
"1.3.36.3.3.2.8.1.1.1": { d: "brainpoolP160r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.2": { d: "brainpoolP160t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.3": { d: "brainpoolP192r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.4": { d: "brainpoolP192t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.5": { d: "brainpoolP224r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.6": { d: "brainpoolP224t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.7": { d: "brainpoolP256r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.8": { d: "brainpoolP256t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.9": { d: "brainpoolP320r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.10": { d: "brainpoolP320t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.11": { d: "brainpoolP384r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.12": { d: "brainpoolP384t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.13": { d: "brainpoolP512r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.14": { d: "brainpoolP512t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"2.5.4.0": { d: "objectClass", c: "X.520 DN component", w: false },
"2.5.4.1": { d: "aliasedEntryName", c: "X.520 DN component", w: false },
"2.5.4.2": { d: "knowledgeInformation", c: "X.520 DN component", w: false },
"2.5.4.3": { d: "commonName", c: "X.520 DN component", w: false },
"2.5.4.4": { d: "surname", c: "X.520 DN component", w: false },
"2.5.4.5": { d: "serialNumber", c: "X.520 DN component", w: false },
"2.5.4.6": { d: "countryName", c: "X.520 DN component", w: false },
"2.5.4.7": { d: "localityName", c: "X.520 DN component", w: false },
"2.5.4.7.1": { d: "collectiveLocalityName", c: "X.520 DN component", w: false },
"2.5.4.8": { d: "stateOrProvinceName", c: "X.520 DN component", w: false },
"2.5.4.8.1": { d: "collectiveStateOrProvinceName", c: "X.520 DN component", w: false },
"2.5.4.9": { d: "streetAddress", c: "X.520 DN component", w: false },
"2.5.4.9.1": { d: "collectiveStreetAddress", c: "X.520 DN component", w: false },
"2.5.4.10": { d: "organizationName", c: "X.520 DN component", w: false },
"2.5.4.10.1": { d: "collectiveOrganizationName", c: "X.520 DN component", w: false },
"2.5.4.11": { d: "organizationalUnitName", c: "X.520 DN component", w: false },
"2.5.4.11.1": { d: "collectiveOrganizationalUnitName", c: "X.520 DN component", w: false },
"2.5.4.12": { d: "title", c: "X.520 DN component", w: false },
"2.5.4.13": { d: "description", c: "X.520 DN component", w: false },
"2.5.4.14": { d: "searchGuide", c: "X.520 DN component", w: false },
"2.5.4.15": { d: "businessCategory", c: "X.520 DN component", w: false },
"2.5.4.16": { d: "postalAddress", c: "X.520 DN component", w: false },
"2.5.4.16.1": { d: "collectivePostalAddress", c: "X.520 DN component", w: false },
"2.5.4.17": { d: "postalCode", c: "X.520 DN component", w: false },
"2.5.4.17.1": { d: "collectivePostalCode", c: "X.520 DN component", w: false },
"2.5.4.18": { d: "postOfficeBox", c: "X.520 DN component", w: false },
"2.5.4.18.1": { d: "collectivePostOfficeBox", c: "X.520 DN component", w: false },
"2.5.4.19": { d: "physicalDeliveryOfficeName", c: "X.520 DN component", w: false },
"2.5.4.19.1": { d: "collectivePhysicalDeliveryOfficeName", c: "X.520 DN component", w: false },
"2.5.4.20": { d: "telephoneNumber", c: "X.520 DN component", w: false },
"2.5.4.20.1": { d: "collectiveTelephoneNumber", c: "X.520 DN component", w: false },
"2.5.4.21": { d: "telexNumber", c: "X.520 DN component", w: false },
"2.5.4.21.1": { d: "collectiveTelexNumber", c: "X.520 DN component", w: false },
"2.5.4.22": { d: "teletexTerminalIdentifier", c: "X.520 DN component", w: false },
"2.5.4.22.1": { d: "collectiveTeletexTerminalIdentifier", c: "X.520 DN component", w: false },
"2.5.4.23": { d: "facsimileTelephoneNumber", c: "X.520 DN component", w: false },
"2.5.4.23.1": { d: "collectiveFacsimileTelephoneNumber", c: "X.520 DN component", w: false },
"2.5.4.24": { d: "x121Address", c: "X.520 DN component", w: false },
"2.5.4.25": { d: "internationalISDNNumber", c: "X.520 DN component", w: false },
"2.5.4.25.1": { d: "collectiveInternationalISDNNumber", c: "X.520 DN component", w: false },
"2.5.4.26": { d: "registeredAddress", c: "X.520 DN component", w: false },
"2.5.4.27": { d: "destinationIndicator", c: "X.520 DN component", w: false },
"2.5.4.28": { d: "preferredDeliveryMehtod", c: "X.520 DN component", w: false },
"2.5.4.29": { d: "presentationAddress", c: "X.520 DN component", w: false },
"2.5.4.30": { d: "supportedApplicationContext", c: "X.520 DN component", w: false },
"2.5.4.31": { d: "member", c: "X.520 DN component", w: false },
"2.5.4.32": { d: "owner", c: "X.520 DN component", w: false },
"2.5.4.33": { d: "roleOccupant", c: "X.520 DN component", w: false },
"2.5.4.34": { d: "seeAlso", c: "X.520 DN component", w: false },
"2.5.4.35": { d: "userPassword", c: "X.520 DN component", w: false },
"2.5.4.36": { d: "userCertificate", c: "X.520 DN component", w: false },
"2.5.4.37": { d: "caCertificate", c: "X.520 DN component", w: false },
"2.5.4.38": { d: "authorityRevocationList", c: "X.520 DN component", w: false },
"2.5.4.39": { d: "certificateRevocationList", c: "X.520 DN component", w: false },
"2.5.4.40": { d: "crossCertificatePair", c: "X.520 DN component", w: false },
"2.5.4.41": { d: "name", c: "X.520 DN component", w: false },
"2.5.4.42": { d: "givenName", c: "X.520 DN component", w: false },
"2.5.4.43": { d: "initials", c: "X.520 DN component", w: false },
"2.5.4.44": { d: "generationQualifier", c: "X.520 DN component", w: false },
"2.5.4.45": { d: "uniqueIdentifier", c: "X.520 DN component", w: false },
"2.5.4.46": { d: "dnQualifier", c: "X.520 DN component", w: false },
"2.5.4.47": { d: "enhancedSearchGuide", c: "X.520 DN component", w: false },
"2.5.4.48": { d: "protocolInformation", c: "X.520 DN component", w: false },
"2.5.4.49": { d: "distinguishedName", c: "X.520 DN component", w: false },
"2.5.4.50": { d: "uniqueMember", c: "X.520 DN component", w: false },
"2.5.4.51": { d: "houseIdentifier", c: "X.520 DN component", w: false },
"2.5.4.52": { d: "supportedAlgorithms", c: "X.520 DN component", w: false },
"2.5.4.53": { d: "deltaRevocationList", c: "X.520 DN component", w: false },
"2.5.4.54": { d: "dmdName", c: "X.520 DN component", w: false },
"2.5.4.55": { d: "clearance", c: "X.520 DN component", w: false },
"2.5.4.56": { d: "defaultDirQop", c: "X.520 DN component", w: false },
"2.5.4.57": { d: "attributeIntegrityInfo", c: "X.520 DN component", w: false },
"2.5.4.58": { d: "attributeCertificate", c: "X.520 DN component", w: false },
"2.5.4.59": { d: "attributeCertificateRevocationList", c: "X.520 DN component", w: false },
"2.5.4.60": { d: "confKeyInfo", c: "X.520 DN component", w: false },
"2.5.4.61": { d: "aACertificate", c: "X.520 DN component", w: false },
"2.5.4.62": { d: "attributeDescriptorCertificate", c: "X.520 DN component", w: false },
"2.5.4.63": { d: "attributeAuthorityRevocationList", c: "X.520 DN component", w: false },
"2.5.4.64": { d: "familyInformation", c: "X.520 DN component", w: false },
"2.5.4.65": { d: "pseudonym", c: "X.520 DN component", w: false },
"2.5.4.66": { d: "communicationsService", c: "X.520 DN component", w: false },
"2.5.4.67": { d: "communicationsNetwork", c: "X.520 DN component", w: false },
"2.5.4.68": { d: "certificationPracticeStmt", c: "X.520 DN component", w: false },
"2.5.4.69": { d: "certificatePolicy", c: "X.520 DN component", w: false },
"2.5.4.70": { d: "pkiPath", c: "X.520 DN component", w: false },
"2.5.4.71": { d: "privPolicy", c: "X.520 DN component", w: false },
"2.5.4.72": { d: "role", c: "X.520 DN component", w: false },
"2.5.4.73": { d: "delegationPath", c: "X.520 DN component", w: false },
"2.5.4.74": { d: "protPrivPolicy", c: "X.520 DN component", w: false },
"2.5.4.75": { d: "xMLPrivilegeInfo", c: "X.520 DN component", w: false },
"2.5.4.76": { d: "xmlPrivPolicy", c: "X.520 DN component", w: false },
"2.5.4.82": { d: "permission", c: "X.520 DN component", w: false },
"2.5.6.0": { d: "top", c: "X.520 objectClass", w: false },
"2.5.6.1": { d: "alias", c: "X.520 objectClass", w: false },
"2.5.6.2": { d: "country", c: "X.520 objectClass", w: false },
"2.5.6.3": { d: "locality", c: "X.520 objectClass", w: false },
"2.5.6.4": { d: "organization", c: "X.520 objectClass", w: false },
"2.5.6.5": { d: "organizationalUnit", c: "X.520 objectClass", w: false },
"2.5.6.6": { d: "person", c: "X.520 objectClass", w: false },
"2.5.6.7": { d: "organizationalPerson", c: "X.520 objectClass", w: false },
"2.5.6.8": { d: "organizationalRole", c: "X.520 objectClass", w: false },
"2.5.6.9": { d: "groupOfNames", c: "X.520 objectClass", w: false },
"2.5.6.10": { d: "residentialPerson", c: "X.520 objectClass", w: false },
"2.5.6.11": { d: "applicationProcess", c: "X.520 objectClass", w: false },
"2.5.6.12": { d: "applicationEntity", c: "X.520 objectClass", w: false },
"2.5.6.13": { d: "dSA", c: "X.520 objectClass", w: false },
"2.5.6.14": { d: "device", c: "X.520 objectClass", w: false },
"2.5.6.15": { d: "strongAuthenticationUser", c: "X.520 objectClass", w: false },
"2.5.6.16": { d: "certificateAuthority", c: "X.520 objectClass", w: false },
"2.5.6.17": { d: "groupOfUniqueNames", c: "X.520 objectClass", w: false },
"2.5.6.21": { d: "pkiUser", c: "X.520 objectClass", w: false },
"2.5.6.22": { d: "pkiCA", c: "X.520 objectClass", w: false },
"2.5.29.1": { d: "authorityKeyIdentifier", c: "X.509 extension. Deprecated, use 2 5 29 35 instead", w: true },
"2.5.29.2": { d: "keyAttributes", c: "X.509 extension. Obsolete, use keyUsage/extKeyUsage instead", w: true },
"2.5.29.3": { d: "certificatePolicies", c: "X.509 extension. Deprecated, use 2 5 29 32 instead", w: true },
"2.5.29.4": {
d: "keyUsageRestriction",
c: "X.509 extension. Obsolete, use keyUsage/extKeyUsage instead",
w: true
},
"2.5.29.5": { d: "policyMapping", c: "X.509 extension. Deprecated, use 2 5 29 33 instead", w: true },
"2.5.29.6": { d: "subtreesConstraint", c: "X.509 extension. Obsolete, use nameConstraints instead", w: true },
"2.5.29.7": { d: "subjectAltName", c: "X.509 extension. Deprecated, use 2 5 29 17 instead", w: true },
"2.5.29.8": { d: "issuerAltName", c: "X.509 extension. Deprecated, use 2 5 29 18 instead", w: true },
"2.5.29.9": { d: "subjectDirectoryAttributes", c: "X.509 extension", w: false },
"2.5.29.10": { d: "basicConstraints", c: "X.509 extension. Deprecated, use 2 5 29 19 instead", w: true },
"2.5.29.11": { d: "nameConstraints", c: "X.509 extension. Deprecated, use 2 5 29 30 instead", w: true },
"2.5.29.12": { d: "policyConstraints", c: "X.509 extension. Deprecated, use 2 5 29 36 instead", w: true },
"2.5.29.13": { d: "basicConstraints", c: "X.509 extension. Deprecated, use 2 5 29 19 instead", w: true },
"2.5.29.14": { d: "subjectKeyIdentifier", c: "X.509 extension", w: false },
"2.5.29.15": { d: "keyUsage", c: "X.509 extension", w: false },
"2.5.29.16": { d: "privateKeyUsagePeriod", c: "X.509 extension", w: false },
"2.5.29.17": { d: "subjectAltName", c: "X.509 extension", w: false },
"2.5.29.18": { d: "issuerAltName", c: "X.509 extension", w: false },
"2.5.29.19": { d: "basicConstraints", c: "X.509 extension", w: false },
"2.5.29.20": { d: "cRLNumber", c: "X.509 extension", w: false },
"2.5.29.21": { d: "cRLReason", c: "X.509 extension", w: false },
"2.5.29.22": { d: "expirationDate", c: "X.509 extension. Deprecated, alternative OID uncertain", w: true },
"2.5.29.23": { d: "instructionCode", c: "X.509 extension", w: false },
"2.5.29.24": { d: "invalidityDate", c: "X.509 extension", w: false },
"2.5.29.25": { d: "cRLDistributionPoints", c: "X.509 extension. Deprecated, use 2 5 29 31 instead", w: true },
"2.5.29.26": {
d: "issuingDistributionPoint",
c: "X.509 extension. Deprecated, use 2 5 29 28 instead",
w: true
},
"2.5.29.27": { d: "deltaCRLIndicator", c: "X.509 extension", w: false },
"2.5.29.28": { d: "issuingDistributionPoint", c: "X.509 extension", w: false },
"2.5.29.29": { d: "certificateIssuer", c: "X.509 extension", w: false },
"2.5.29.30": { d: "nameConstraints", c: "X.509 extension", w: false },
"2.5.29.31": { d: "cRLDistributionPoints", c: "X.509 extension", w: false },
"2.5.29.32": { d: "certificatePolicies", c: "X.509 extension", w: false },
"2.5.29.32.0": { d: "anyPolicy", c: "X.509 certificate policy", w: false },
"2.5.29.33": { d: "policyMappings", c: "X.509 extension", w: false },
"2.5.29.34": { d: "policyConstraints", c: "X.509 extension. Deprecated, use 2 5 29 36 instead", w: true },
"2.5.29.35": { d: "authorityKeyIdentifier", c: "X.509 extension", w: false },
"2.5.29.36": { d: "policyConstraints", c: "X.509 extension", w: false },
"2.5.29.37": { d: "extKeyUsage", c: "X.509 extension", w: false },
"2.5.29.37.0": { d: "anyExtendedKeyUsage", c: "X.509 extended key usage", w: false },
"2.5.29.38": { d: "authorityAttributeIdentifier", c: "X.509 extension", w: false },
"2.5.29.39": { d: "roleSpecCertIdentifier", c: "X.509 extension", w: false },
"2.5.29.40": { d: "cRLStreamIdentifier", c: "X.509 extension", w: false },
"2.5.29.41": { d: "basicAttConstraints", c: "X.509 extension", w: false },
"2.5.29.42": { d: "delegatedNameConstraints", c: "X.509 extension", w: false },
"2.5.29.43": { d: "timeSpecification", c: "X.509 extension", w: false },
"2.5.29.44": { d: "cRLScope", c: "X.509 extension", w: false },
"2.5.29.45": { d: "statusReferrals", c: "X.509 extension", w: false },
"2.5.29.46": { d: "freshestCRL", c: "X.509 extension", w: false },
"2.5.29.47": { d: "orderedList", c: "X.509 extension", w: false },
"2.5.29.48": { d: "attributeDescriptor", c: "X.509 extension", w: false },
"2.5.29.49": { d: "userNotice", c: "X.509 extension", w: false },
"2.5.29.50": { d: "sOAIdentifier", c: "X.509 extension", w: false },
"2.5.29.51": { d: "baseUpdateTime", c: "X.509 extension", w: false },
"2.5.29.52": { d: "acceptableCertPolicies", c: "X.509 extension", w: false },
"2.5.29.53": { d: "deltaInfo", c: "X.509 extension", w: false },
"2.5.29.54": { d: "inhibitAnyPolicy", c: "X.509 extension", w: false },
"2.5.29.55": { d: "targetInformation", c: "X.509 extension", w: false },
"2.5.29.56": { d: "noRevAvail", c: "X.509 extension", w: false },
"2.5.29.57": { d: "acceptablePrivilegePolicies", c: "X.509 extension", w: false },
"2.5.29.58": { d: "toBeRevoked", c: "X.509 extension", w: false },
"2.5.29.59": { d: "revokedGroups", c: "X.509 extension", w: false },
"2.5.29.60": { d: "expiredCertsOnCRL", c: "X.509 extension", w: false },
"2.5.29.61": { d: "indirectIssuer", c: "X.509 extension", w: false },
"2.5.29.62": { d: "noAssertion", c: "X.509 extension", w: false },
"2.5.29.63": { d: "aAissuingDistributionPoint", c: "X.509 extension", w: false },
"2.5.29.64": { d: "issuedOnBehalfOf", c: "X.509 extension", w: false },
"2.5.29.65": { d: "singleUse", c: "X.509 extension", w: false },
"2.5.29.66": { d: "groupAC", c: "X.509 extension", w: false },
"2.5.29.67": { d: "allowedAttAss", c: "X.509 extension", w: false },
"2.5.29.68": { d: "attributeMappings", c: "X.509 extension", w: false },
"2.5.29.69": { d: "holderNameConstraints", c: "X.509 extension", w: false },
// Netscape certificate type
// An X.509 v3 certificate extension used to identify whether
// the certificate subject is an SSL client, …
"2.16.840.1.113730.1": { d: "certExtension", c: "Netscape" },
"2.16.840.1.113730.1.1": { d: "netscapeCertType", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.2": { d: "netscapeBaseUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.3": { d: "netscapeRevocationUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.4": { d: "netscapeCaRevocationUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.7": { d: "netscapeCertRenewalUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.8": { d: "netscapeCaPolicyUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.9": { d: "HomePageUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.10": { d: "EntityLogo", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.11": { d: "UserPicture", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.12": { d: "netscapeSslServerName", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.13": { d: "netscapeComment", c: "Netscape certificate extension" },
done: { d: "", c: "" }
};
// source/asn1.ts
var TagType = /* @__PURE__ */ ((TagType2) => {
TagType2[TagType2["BOOLEAN"] = 1] = "BOOLEAN";
TagType2[TagType2["INTEGER"] = 2] = "INTEGER";
TagType2[TagType2["BIT_STRING"] = 3] = "BIT_STRING";
TagType2[TagType2["OCTET_STRING"] = 4] = "OCTET_STRING";
TagType2[TagType2["NULL"] = 5] = "NULL";
TagType2[TagType2["OBJECT_IDENTIFIER"] = 6] = "OBJECT_IDENTIFIER";
TagType2[TagType2["UTF8String"] = 12] = "UTF8String";
TagType2[TagType2["NumericString"] = 18] = "NumericString";
TagType2[TagType2["PrintableString"] = 19] = "PrintableString";
TagType2[TagType2["TeletexString"] = 20] = "TeletexString";
TagType2[TagType2["IA5String"] = 22] = "IA5String";
TagType2[TagType2["UTCTime"] = 23] = "UTCTime";
TagType2[TagType2["GeneralizedTime"] = 24] = "GeneralizedTime";
TagType2[TagType2["GraphicString"] = 25] = "GraphicString";
TagType2[TagType2["VisibleString"] = 26] = "VisibleString";
TagType2[TagType2["GeneralString"] = 27] = "GeneralString";
TagType2[TagType2["UniversalString"] = 28] = "UniversalString";
TagType2[TagType2["BMPString"] = 30] = "BMPString";
TagType2[TagType2["SEQUENCE"] = 48] = "SEQUENCE";
TagType2[TagType2["SET"] = 49] = "SET";
TagType2[TagType2["CONTEXT_SPECIFIC0"] = 160] = "CONTEXT_SPECIFIC0";
TagType2[TagType2["CONTEXT_SPECIFIC1"] = 161] = "CONTEXT_SPECIFIC1";
TagType2[TagType2["CONTEXT_SPECIFIC2"] = 162] = "CONTEXT_SPECIFIC2";
TagType2[TagType2["CONTEXT_SPECIFIC3"] = 163] = "CONTEXT_SPECIFIC3";
TagType2[TagType2["A4"] = 164] = "A4";
return TagType2;
})(TagType || {});
function readTag(buf, pos) {
const start = pos;
if (buf.length <= pos) {
throw new Error("Invalid position : buf.length=" + buf.length + " pos =" + pos);
}
const tag = buf.readUInt8(pos);
pos += 1;
let length = buf.readUInt8(pos);
pos += 1;
if (length > 127) {
const nbBytes = length & 127;
length = 0;
for (let i = 0; i < nbBytes; i++) {
length = length * 256 + buf.readUInt8(pos);
pos += 1;
}
}
return { start, tag, position: pos, length };
}
function readStruct(buf, blockInfo) {
const length = blockInfo.length;
let cursor = blockInfo.position;
const end = blockInfo.position + length;
const blocks = [];
while (cursor < end) {
const inner = readTag(buf, cursor);
cursor = inner.position + inner.length;
blocks.push(inner);
}
return blocks;
}
function parseBitString(buffer, start, end, maxLength) {
const unusedBit = buffer.readUInt8(start), lenBit = (end - start - 1 << 3) - unusedBit, intro = "(" + lenBit + " bit)\n";
let s = "", skip = unusedBit;
for (let i = end - 1; i > start; --i) {
const b = buffer.readUInt8(i);
for (let j = skip; j < 8; ++j) {
s += b >> j & 1 ? "1" : "0";
}
skip = 0;
assert(s.length <= maxLength);
}
return intro + s;
}
function readBitString(buffer, block) {
assert(block.tag === 3 /* BIT_STRING */);
const data = getBlock(buffer, block);
const ignore_bits = data.readUInt8(0);
return {
lengthInBits: data.length * 8 - ignore_bits,
lengthInBytes: data.length - 1,
data: data.subarray(1),
debug: parseBitString(buffer, block.position, block.length + block.position, 4 * 16 * 1024)
};
}
function formatBuffer2DigitHexWithColum(buffer) {
const value = [];
for (let i = 0; i < buffer.length; i++) {
value.push(("00" + buffer.readUInt8(i).toString(16)).substr(-2, 2));
}
return value.join(":").toUpperCase().replace(/^(00:)*/, "");
}
function readOctetString(buffer, block) {
assert(block.tag === 4 /* OCTET_STRING */);
const tag = readTag(buffer, block.position);
assert(tag.tag === 4 /* OCTET_STRING */);
const nbBytes = tag.length;
const pos = tag.position;
const b = buffer.subarray(pos, pos + nbBytes);
return b;
}
function getBlock(buffer, block) {
const start = block.position;
const end = block.position + block.length;
return buffer.subarray(start, end);
}
function readIntegerAsByteString(buffer, block) {
return getBlock(buffer, block);
}
function readListOfInteger(buffer) {
const block = readTag(buffer, 0);
const inner_blocks = readStruct(buffer, block);
return inner_blocks.map((innerBlock) => {
return readIntegerAsByteString(buffer, innerBlock);
});
}
function parseOID(buffer, start, end) {
let s = "", n = 0, bits = 0;
for (let i = start; i < end; ++i) {
const v = buffer.readUInt8(i);
n = n * 128 + (v & 127);
bits += 7;
if (!(v & 128)) {
if (s === "") {
const m = n < 80 ? n < 40 ? 0 : 1 : 2;
s = m + "." + (n - m * 40);
} else {
s += "." + n.toString();
}
n = 0;
bits = 0;
}
}
assert(bits === 0);
return s;
}
function readObjectIdentifier(buffer, block) {
assert(block.tag === 6 /* OBJECT_IDENTIFIER */);
const b = buffer.subarray(block.position, block.position + block.length);
const oid = parseOID(b, 0, block.length);
return {
oid,
name: oid_map[oid] ? oid_map[oid].d : oid
};
}
function readAlgorithmIdentifier(buffer, block) {
const inner_blocks = readStruct(buffer, block);
return {
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name
};
}
function readECCAlgorithmIdentifier(buffer, block) {
const inner_blocks = readStruct(buffer, block);
return {
identifier: readObjectIdentifier(buffer, inner_blocks[1]).name
// difference with RSA as algorithm is second element of nested block
};
}
function readSignatureValueBin(buffer, block) {
return readBitString(buffer, block).data;
}
function readSignatureValue(buffer, block) {
return readSignatureValueBin(buffer, block).toString("hex");
}
function readLongIntegerValue(buffer, block) {
assert(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
const pos = block.position;
const nbBytes = block.length;
const buf = buffer.subarray(pos, pos + nbBytes);
return buf;
}
function readIntegerValue(buffer, block) {
assert(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
let pos = block.position;
const nbBytes = block.length;
assert(nbBytes < 4);
let value = 0;
for (let i = 0; i < nbBytes; i++) {
value = value * 256 + buffer.readUInt8(pos);
pos += 1;
}
return value;
}
function readBooleanValue(buffer, block) {
assert(block.tag === 1 /* BOOLEAN */, "expecting a BOOLEAN tag. got " + TagType[block.tag]);
const pos = block.position;
const nbBytes = block.length;
assert(nbBytes < 4);
const value = buffer.readUInt8(pos) ? true : false;
return value;
}
function readVersionValue(buffer, block) {
block = readTag(buffer, block.position);
return readIntegerValue(buffer, block);
}
function convertGeneralizedTime(str) {
const year = parseInt(str.substr(0, 4), 10);
const month = parseInt(str.substr(4, 2), 10) - 1;
const day = parseInt(str.substr(6, 2), 10);
const hours = parseInt(str.substr(8, 2), 10);
const mins = parseInt(str.substr(10, 2), 10);
const secs = parseInt(str.substr(12, 2), 10);
return new Date(Date.UTC(year, month, day, hours, mins, secs));
}
function _readBMPString(buffer, block) {
const strBuff = getBlock(buffer, block);
let str = "";
for (let i = 0; i < strBuff.length; i += 2) {
const word = strBuff.readUInt16BE(i);
str += String.fromCharCode(word);
}
return str;
}
function convertUTCTime(str) {
let year = parseInt(str.substr(0, 2), 10);
const month = parseInt(str.substr(2, 2), 10) - 1;
const day = parseInt(str.substr(4, 2), 10);
const hours = parseInt(str.substr(6, 2), 10);
const mins = parseInt(str.substr(8, 2), 10);
const secs = parseInt(str.substr(10, 2), 10);
year += year >= 50 ? 1900 : 2e3;
return new Date(Date.UTC(year, month, day, hours, mins, secs));
}
function readValue(buffer, block) {
switch (block.tag) {
case 1 /* BOOLEAN */:
return readBooleanValue(buffer, block);
case 30 /* BMPString */:
return _readBMPString(buffer, block);
case 19 /* PrintableString */:
case 20 /* TeletexString */:
case 12 /* UTF8String */:
case 18 /* NumericString */:
case 22 /* IA5String */:
return getBlock(buffer, block).toString("ascii");
case 23 /* UTCTime */:
return convertUTCTime(getBlock(buffer, block).toString("ascii"));
case 24 /* GeneralizedTime */:
return convertGeneralizedTime(getBlock(buffer, block).toString("ascii"));
default:
throw new Error("Invalid tag 0x" + block.tag.toString(16));
}
}
function findBlockAtIndex(blocks, index) {
const tmp = blocks.filter((b) => b.tag === 160 + index || b.tag === 128 + index);
if (tmp.length === 0) {
return null;
}
return tmp[0];
}
function readTime(buffer, block) {
return readValue(buffer, block);
}
// source/crypto_utils.ts
import constants from "constants";
import assert4 from "assert";
import {
createHash,
createSign,
createVerify,
publicEncrypt as publicEncrypt1,
privateDecrypt as privateDecrypt1
} from "crypto";
import pkg_hexy from "hexy";
// source/buffer_utils.ts
var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (size) => {
return new Buffer(size);
};
// source/crypto_explore_certificate.ts
import assert3 from "assert";
// source/directory_name.ts
import assert2 from "assert";
function readDirectoryName(buffer, block) {
const set_blocks = readStruct(buffer, block);
const names = {};
for (const set_block of set_blocks) {
assert2(set_block.tag === 49);
const blocks = readStruct(buffer, set_block);
assert2(blocks.length === 1);
assert2(blocks[0].tag === 48);
const sequenceBlock = readStruct(buffer, blocks[0]);
assert2(sequenceBlock.length === 2);
const type = readObjectIdentifier(buffer, sequenceBlock[0]);
names[type.name] = readValue(buffer, sequenceBlock[1]);
}
return names;
}
// source/crypto_explore_certificate.ts
var doDebug = false;
function _readAttributeTypeAndValue(buffer, block) {
let inner_blocks = readStruct(buffer, block);
inner_blocks = readStruct(buffer, inner_blocks[0]);
const data = {
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name,
value: readValue(buffer, inner_blocks[1])
};
const result = {};
for (const [key, value] of Object.entries(data)) {
result[key] = value;
}
return result;
}
function _readRelativeDistinguishedName(buffer, block) {
const inner_blocks = readStruct(buffer, block);
const data = inner_blocks.map((block2) => _readAttributeTypeAndValue(buffer, block2));
const result = {};
for (const e of data) {
result[e.identifier] = e.value;
}
return result;
}
function _readName(buffer, block) {
return _readRelativeDistinguishedName(buffer, block);
}
function _readValidity(buffer, block) {
const inner_blocks = readStruct(buffer, block);
return {
notBefore: readTime(buffer, inner_blocks[0]),
notAfter: readTime(buffer, inner_blocks[1])
};
}
function _readAuthorityKeyIdentifier(buffer) {
const block_info = readTag(buffer, 0);
const blocks = readStruct(buffer, block_info);
const keyIdentifier_block = findBlockAtIndex(blocks, 0);
const authorityCertIssuer_block = findBlockAtIndex(blocks, 1);
const authorityCertSerialNumber_block = findBlockAtIndex(blocks, 2);
function _readAuthorityCertIssuer(block) {
const inner_blocks = readStruct(buffer, block);
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
if (directoryName_block) {
const a = readStruct(buffer, directoryName_block);
return readDirectoryName(buffer, a[0]);
} else {
throw new Error("Invalid _readAuthorityCertIssuer");
}
}
function _readAuthorityCertIssuerFingerPrint(block) {
const inner_blocks = readStruct(buffer, block);
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
if (!directoryName_block) {
return "";
}
const a = readStruct(buffer, directoryName_block);
if (a.length < 1) {
return "";
}
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, a[0]))) : "";
}
const authorityCertIssuer = authorityCertIssuer_block ? _readAuthorityCertIssuer(authorityCertIssuer_block) : null;
const authorityCertIssuerFingerPrint = authorityCertIssuer_block ? _readAuthorityCertIssuerFingerPrint(authorityCertIssuer_block) : "";
return {
authorityCertIssuer,
authorityCertIssuerFingerPrint,
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, authorityCertSerialNumber_block)) : null,
// can be null for self-signed cert
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, keyIdentifier_block)) : null
// can be null for self-signed certf
};
}
function readBasicConstraint2_5_29_19(buffer, block) {
const block_info = readTag(buffer, 0);
const inner_blocks = readStruct(buffer, block_info).slice(0, 2);
let cA = false;
let pathLengthConstraint = 0;
let breakControl = 0;
for (const inner_block of inner_blocks) {
switch (inner_block.tag) {
case 1 /* BOOLEAN */:
cA = readBooleanValue(buffer, inner_block);
break;
case 2 /* INTEGER */:
pathLengthConstraint = readIntegerValue(buffer, inner_block);
breakControl = 1;
break;
}
if (breakControl) {
break;
}
}
return { critical: true, cA, pathLengthConstraint };
}
function _readGeneralNames(buffer, block) {
const _data = {
1: { name: "rfc822Name", type: "IA5String" },
2: { name: "dNSName", type: "IA5String" },
3: { name: "x400Address", type: "ORAddress" },
4: { name: "directoryName", type: "Name" },
5: { name: "ediPartyName", type: "EDIPartyName" },
6: { name: "uniformResourceIdentifier", type: "IA5String" },
7: { name: "iPAddress", type: "OCTET_STRING" },
8: { name: "registeredID", type: "OBJECT_IDENTIFIER" },
32: { name: "otherName", type: "AnotherName" }
};
const blocks = readStruct(buffer, block);
function _readFromType(buffer2, block2, type) {
switch (type) {
case "IA5String":
return buffer2.subarray(block2.position, block2.position + block2.length).toString("ascii");
default:
return buffer2.subarray(block2.position, block2.position + block2.length).toString("hex");
}
}
const n = {};
for (const block2 of blocks) {
assert3((block2.tag & 128) === 128);
const t2 = block2.tag & 127;
const type = _data[t2];
if (!type) {
console.log("_readGeneralNames: INVALID TYPE => " + t2 + " 0x" + t2.toString(16));
continue;
}
if (t2 == 32) {
n[type.name] = n[type.name] || [];
const blocks2 = readStruct(buffer, block2);
const name = readObjectIdentifier(buffer, blocks2[0]).name;
const buf = getBlock(buffer, blocks2[1]);
const b = readTag(buf, 0);
const nn = readValue(buf, b);
const data = {
identifier: name,
value: nn
};
n[type.name].push(data.value);
} else {
n[type.name] = n[type.name] || [];
n[type.name].push(_readFromType(buffer, block2, type.type));
}
}
return n;
}
function _readSubjectAltNames(buffer) {
const block_info = readTag(buffer, 0);
return _readGeneralNames(buffer, block_info);
}
function readKeyUsage(oid, buffer) {
const block_info = readTag(buffer, 0);
let b2 = 0;
let b3 = 0;
if (block_info.length > 1) {
b2 = buffer[block_info.position + 1];
b3 = block_info.length > 2 ? buffer[block_info.position + 2] : 0;
}
return {
// tslint:disable-next-line: no-bitwise
digitalSignature: (b2 & 128) === 128,
// tslint:disable-next-line: no-bitwise
nonRepudiation: (b2 & 64) === 64,
// tslint:disable-next-line: no-bitwise
keyEncipherment: (b2 & 32) === 32,
// tslint:disable-next-line: no-bitwise
dataEncipherment: (b2 & 16) === 16,
// tslint:disable-next-line: no-bitwise
keyAgreement: (b2 & 8) === 8,
// tslint:disable-next-line: no-bitwise
keyCertSign: (b2 & 4) === 4,
// tslint:disable-next-line: no-bitwise
cRLSign: (b2 & 2) === 2,
// tslint:disable-next-line: no-bitwise
encipherOnly: (b2 & 1) === 1,
// tslint:disable-next-line: no-bitwise
decipherOnly: (b3 & 128) === 128
};
}
function readExtKeyUsage(oid, buffer) {
assert3(oid === "2.5.29.37");
const block_info = readTag(buffer, 0);
const inner_blocks = readStruct(buffer, block_info);
const extKeyUsage = {
serverAuth: false,
clientAuth: false,
codeSigning: false,
emailProtection: false,
timeStamping: false,
ipsecEndSystem: false,
ipsecTunnel: false,
ipsecUser: false,
ocspSigning: false
};
for (const block of inner_blocks) {
const identifier = readObjectIdentifier(buffer, block);
extKeyUsage[identifier.name] = true;
}
return extKeyUsage;
}
function _readSubjectPublicKey(buffer) {
const block_info = readTag(buffer, 0);
const blocks = readStruct(buffer, block_info);
return {
modulus: buffer.subarray(blocks[0].position + 1, blocks[0].position + blocks[0].length)
};
}
function readExtension(buffer, block) {
const inner_blocks = readStruct(buffer, block);
if (inner_blocks.length === 3) {
assert3(inner_blocks[1].tag === 1 /* BOOLEAN */);
inner_blocks[1] = inner_blocks[2];
}
const identifier = readObjectIdentifier(buffer, inner_blocks[0]);
const buf = getBlock(buffer, inner_blocks[1]);
let value = null;
switch (identifier.name) {
case "subjectKeyIdentifier":
value = formatBuffer2DigitHexWithColum(readOctetString(buffer, inner_blocks[1]));
break;
case "subjectAltName":
value = _readSubjectAltNames(buf);
break;
case "authorityKeyIdentifier":
value = _readAuthorityKeyIdentifier(buf);
break;
case "basicConstraints":
value = readBasicConstraint2_5_29_19(buf, inner_blocks[1]);
break;
case "certExtension":
value = "basicConstraints ( not implemented yet) " + buf.toString("hex");
break;
case "extKeyUsage":
value = readExtKeyUsage(identifier.oid, buf);
break;
case "keyUsage":
value = readKeyUsage(identifier.oid, buf);
break;
default:
value = "Unknown " + identifier.name + buf.toString("hex");
}
return {
identifier,
value
};
}
function _readExtensions(buffer, block) {
assert3(block.tag === 163);
let inner_blocks = readStruct(buffer, block);
inner_blocks = readStruct(buffer, inner_blocks[0]);
const extensions = inner_blocks.map((block2) => readExtension(buffer, block2));
const result = {};
for (const e of extensions) {
result[e.identifier.name] = e.value;
}
return result;
}
function _readSubjectPublicKeyInfo(buffer, block) {
const inner_blocks = readStruct(buffer, block);
const algorithm = readAlgorithmIdentifier(buffer, inner_blocks[0]);
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
const data = subjectPublicKey.data;
const values = readListOfInteger(data);
return {
algorithm: algorithm.identifier,
keyLength: values[0].length - 1,
subjectPublicKey: _readSubjectPublicKey(subjectPublicKey.data)
//xx values: values,
//xx values_length : values.map(function (a){ return a.length; })
};
}
function _readSubjectECCPublicKeyInfo(buffer, block) {
const inner_blocks = readStruct(buffer, block);
const algorithm = readECCAlgorithmIdentifier(buffer, inner_blocks[0]);
const subjectPublicKey = readBitString(buffer, inner_blocks[1]);
const data = subjectPublicKey.data;
return {
algorithm: algorithm.identifier,
keyLength: data.length - 1,
subjectPublicKey: {
modulus: data
}
};
}
function readTbsCertificate(buffer, block) {
const blocks = readStruct(buffer, block);
let version, serialNumber, signature, issuer, validity, subject, subjectFingerPrint, extensions;
let subjectPublicKeyInfo;
if (blocks.length === 6) {
version = 1;
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[0]));
signature = readAlgorithmIdentifier(buffer, blocks[1]);
issuer = _readName(buffer, blocks[2]);
validity = _readValidity(buffer, blocks[3]);
subject = _readName(buffer, blocks[4]);
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[4])));
subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[5]);
extensions = null;
} else {
const version_block = findBlockAtIndex(blocks, 0);
if (!version_block) {
throw new Error("cannot find version block");
}
version = readVersionValue(buffer, version_block) + 1;
serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[1]));
signature = readAlgorithmIdentifier(buffer, blocks[2]);
issuer = _readName(buffer, blocks[3]);
validity = _readValidity(buffer, blocks[4]);
subject = _readName(buffer, blocks[5]);
subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[5])));
const inner_block = readStruct(buffer, blocks[6]);
const what_type = readAlgorithmIdentifier(buffer, inner_block[0]).identifier;
switch (what_type) {
case "rsaEncryption": {
subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[6]);
break;
}
case "ecPublicKey":
default: {
subjectPublicKeyInfo = _readSubjectECCPublicKeyInfo(buffer, blocks[6]);
break;
}
}
const extensionBlock = findBlockAtIndex(blocks, 3);
if (!extensionBlock) {
doDebug && console.log("X509 certificate is invalid : cannot find extension block version =" + version_block);
extensions = null;
} else {
extensions = _readExtensions(buffer, extensionBlock);
}
}
return {
version,
serialNumber,
signature,
issuer,
validity,
subject,
subjectFingerPrint,
subjectPublicKeyInfo,
extensions
};
}
function exploreCertificate(certificate) {
assert3(Buffer.isBuffer(certificate));
if (!certificate._exploreCertificate_cache) {
const block_info = readTag(certificate, 0);
const blocks = readStruct(certificate, block_info);
certificate._exploreCertificate_cache = {
tbsCertificate: readTbsCertificate(certificate, blocks[0]),
signatureAlgorithm: readAlgorithmIdentifier(certificate, blocks[1]),
signatureValue: readSignatureValue(certificate, blocks[2])
};
}
return certificate._exploreCertificate_cache;
}
function split_der(certificateChain) {
const certificate_chain = [];
do {
const block_info = readTag(certificateChain, 0);
const length = block_info.position + block_info.length;
const der_certificate = certificateChain.subarray(0, length);
certificate_chain.push(der_certificate);
certificateChain = certificateChain.subarray(length);
} while (certificateChain.length > 0);
return certificate_chain;
}
function combine_der(certificates) {
for (const cert of certificates) {
const b = split_der(cert);
let sum = 0;
b.forEach((block) => {
const block_info = readTag(block, 0);
assert3(block_info.position + block_info.length === block.length);
sum += block.length;
});
assert3(sum === cert.length);
}
return Buffer.concat(certificates);
}
// source/crypto_utils.ts
import jsrsasign from "jsrsasign";
var { hexy } = pkg_hexy;
var PEM_REGEX = /^(-----BEGIN (.*)-----\r?\n([/+=a-zA-Z0-9\r\n]*)\r?\n-----END \2-----\r?\n?)/gm;
var PEM_TYPE_REGEX = /^(-----BEGIN (.*)-----)/m;
function identifyPemType(rawKey) {
if (Buffer.isBuffer(rawKey)) {
rawKey = rawKey.toString("utf8");
}
const match = PEM_TYPE_REGEX.exec(rawKey);
return !match ? void 0 : match[2];
}
function removeTrailingLF(str) {
const tmp = str.replace(/(\r|\n)+$/m, "").replace(/\r\n/gm, "\n");
return tmp;
}
function toPem(raw_key, pem) {
assert4(raw_key, "expecting a key");
assert4(typeof pem === "string");
let pemType = identifyPemType(raw_key);
if (pemType) {
return Buffer.isBuffer(raw_key) ? removeTrailingLF(raw_key.toString("utf8")) : removeTrailingLF(raw_key);
} else {
pemType = pem;
assert4(["CERTIFICATE REQUEST", "CERTIFICATE", "RSA PRIVATE KEY", "PUBLIC KEY", "X509 CRL"].indexOf(pemType) >= 0);
let b = raw_key.toString("base64");
let str = "-----BEGIN " + pemType + "-----\n";
while (b.length) {
str += b.substring(0, 64) + "\n";
b = b.substring(64);
}
str += "-----END " + pemType + "-----";
return str;
}
}
function convertPEMtoDER(raw_key) {
let match;
let pemType;
let base64str;
const parts = [];
PEM_REGEX.lastIndex = 0;
while ((match = PEM_REGEX.exec(raw_key)) !== null) {
pemType = match[2];
base64str = match[3];
base64str = base64str.replace(/\r?\n/g, "");
parts.push(Buffer.from(base64str, "base64"));
}
return combine_der(parts);
}
function hexDump(buffer, width) {
if (!buffer) {
return "<>";
}
width = width || 32;
if (buffer.length > 1024) {
return hexy(buffer.subarray(0, 1024), { width, format: "twos" }) + "\n .... ( " + buffer.length + ")";
} else {
return hexy(buffer, { width, format: "twos" });
}
}
function makeMessageChunkSignature(chunk, options) {
const signer = createSign(options.algorithm);
signer.update(chunk);
const signature = signer.sign(options.privateKey.hidden);
assert4(!options.signatureLength || signature.length === options.signatureLength);
return signature;
}
function verifyMessageChunkSignature(blockToVerify, signature, options) {
const verify = createVerify(options.algorithm);
verify.update(blockToVerify);
return verify.verify(options.publicKey, signature);
}
function makeSHA1Thumbprint(buffer) {
return createHash("sha1").update(buffer).digest();
}
var RSA_PKCS1_OAEP_PADDING = constants.RSA_PKCS1_OAEP_PADDING;
var RSA_PKCS1_PADDING = constants.RSA_PKCS1_PADDING;
var PaddingAlgorithm = /* @__PURE__ */ ((PaddingAlgorithm2) => {
PaddingAlgorithm2[Paddi