node-opcua-crypto
Version:
Crypto tools for Node-OPCUA
1,014 lines (992 loc) • 242 kB
JavaScript
"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { newObj[key] = obj[key]; } } } newObj.default = obj; return newObj; } } function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; } var _class; var _class2; var _class3;var __defProp = Object.defineProperty;
var __export = (target, all) => {
for (var name in all)
__defProp(target, name, { get: all[name], enumerable: true });
};
// source/common.ts
var _crypto2 = require('crypto'); var _crypto3 = _interopRequireDefault(_crypto2);
var KeyObjectOrig = _crypto3.default.KeyObject;
var { createPrivateKey: createPrivateKeyFromNodeJSCrypto } = _crypto3.default;
function isKeyObject(mayBeKeyObject) {
if (KeyObjectOrig) {
return mayBeKeyObject instanceof KeyObjectOrig;
}
return typeof mayBeKeyObject === "object" && typeof mayBeKeyObject.type === "string";
}
var CertificatePurpose = /* @__PURE__ */ ((CertificatePurpose2) => {
CertificatePurpose2[CertificatePurpose2["NotSpecified"] = 0] = "NotSpecified";
CertificatePurpose2[CertificatePurpose2["ForCertificateAuthority"] = 1] = "ForCertificateAuthority";
CertificatePurpose2[CertificatePurpose2["ForApplication"] = 2] = "ForApplication";
CertificatePurpose2[CertificatePurpose2["ForUserAuthentication"] = 3] = "ForUserAuthentication";
return CertificatePurpose2;
})(CertificatePurpose || {});
// source/crypto_explore_certificate.ts
var _assert = require('assert'); var _assert2 = _interopRequireDefault(_assert);
// source/asn1.ts
// source/oid_map.ts
var oid_map = {
"0.9.2342.19200300.100.1.1": { d: "userID", c: "Some oddball X.500 attribute collection" },
"0.9.2342.19200300.100.1.3": { d: "rfc822Mailbox", c: "Some oddball X.500 attribute collection" },
"0.9.2342.19200300.100.1.25": { d: "domainComponent", c: "Men are from Mars, this OID is from Pluto" },
"1.2.840.10045.2": { d: "publicKeyType", c: "ANSI X9.62" },
"1.2.840.10045.2.1": { d: "ecPublicKey", c: "ANSI X9.62 public key type" },
"1.2.840.10045.3.0.1": { d: "c2pnb163v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.2": { d: "c2pnb163v2", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.3": { d: "c2pnb163v3", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.5": { d: "c2tnb191v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.6": { d: "c2tnb191v2", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.7": { d: "c2tnb191v3", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.10": { d: "c2pnb208w1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.11": { d: "c2tnb239v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.12": { d: "c2tnb239v2", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.13": { d: "c2tnb239v3", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.16": { d: "c2pnb272w1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.18": { d: "c2tnb359v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.19": { d: "c2pnb368w1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.0.20": { d: "c2tnb431r1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.1": { d: "prime192v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.2": { d: "prime192v2", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.3": { d: "prime192v3", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.4": { d: "prime239v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.5": { d: "prime239v2", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.6": { d: "prime239v3", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.10045.3.1.7": { d: "prime256v1", c: "ANSI X9.62 named elliptic curve" },
"1.2.840.113549.1.1": { d: "pkcs-1", c: "", w: false },
"1.2.840.113549.1.1.1": { d: "rsaEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.2": { d: "md2WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.3": { d: "md4WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.4": { d: "md5WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.5": { d: "sha1WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.7": { d: "rsaOAEP", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.8": { d: "pkcs1-MGF", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.9": { d: "rsaOAEP-pSpecified", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.10": { d: "rsaPSS", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.11": { d: "sha256WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.12": { d: "sha384WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.13": { d: "sha512WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.1.14": { d: "sha224WithRSAEncryption", c: "PKCS #1", w: false },
"1.2.840.113549.1.9.1": {
d: "emailAddress",
c: "PKCS #9. Deprecated, use an altName extension instead",
w: false
},
"1.2.840.113549.1.9.2": { d: "unstructuredName", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.3": { d: "contentType", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.4": { d: "messageDigest", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.5": { d: "signingTime", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.6": { d: "countersignature", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.7": { d: "challengePassword", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.8": { d: "unstructuredAddress", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.9": { d: "extendedCertificateAttributes", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.10": { d: "issuerAndSerialNumber", c: "PKCS #9 experimental", w: true },
"1.2.840.113549.1.9.11": { d: "passwordCheck", c: "PKCS #9 experimental", w: true },
"1.2.840.113549.1.9.12": { d: "publicKey", c: "PKCS #9 experimental", w: true },
"1.2.840.113549.1.9.13": { d: "signingDescription", c: "PKCS #9", w: false },
"1.2.840.113549.1.9.14": { d: "extensionRequest", c: "PKCS #9 via CRMF", w: false },
"1.3.6.1.4.1.311.2.1.21": { d: "1.3.6.1.4.1.311.2.1.21", c: "SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID" },
"1.3.6.1.4.1.311.2.1.22": { d: "1.3.6.1.4.1.311.2.1.22", c: "SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID" },
"1.3.6.1.4.1.311.10.3.1": { d: "1.3.6.1.4.1.311.10.3.1", c: "Signer of CTLs -- szOID_KP_CTL_USAGE_SIGNING" },
"1.3.6.1.4.1.311.10.3.4": { d: "1.3.6.1.4.1.311.10.3.4", c: "szOID_EFS_RECOVERY (Encryption File System)" },
"1.3.6.1.4.1.311.20.2.3": { d: "1.3.6.1.4.1.311.20.2.3", c: "id-on-personalData" },
"1.3.6.1.5.5.7.3.17": { d: "1.3.6.1.5.5.7.3.17", c: "Internet Key Exchange (IKE)" },
"1.3.6.1.5.5.7.3.1": { d: "serverAuth", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.2": { d: "clientAuth", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.3": { d: "codeSigning", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.4": { d: "emailProtection", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.5": { d: "ipsecEndSystem", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.6": { d: "ipsecTunnel", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.7": { d: "ipsecUser", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.8": { d: "timeStamping", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.9": { d: "ocspSigning", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.10": { d: "dvcs", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.11": { d: "sbgpCertAAServerAuth", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.13": { d: "eapOverPPP", c: "PKIX key purpose" },
"1.3.6.1.5.5.7.3.14": { d: "eapOverLAN", c: "PKIX key purpose" },
"1.3.36.3.3.2.8.1.1.1": { d: "brainpoolP160r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.2": { d: "brainpoolP160t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.3": { d: "brainpoolP192r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.4": { d: "brainpoolP192t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.5": { d: "brainpoolP224r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.6": { d: "brainpoolP224t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.7": { d: "brainpoolP256r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.8": { d: "brainpoolP256t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.9": { d: "brainpoolP320r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.10": { d: "brainpoolP320t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.11": { d: "brainpoolP384r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.12": { d: "brainpoolP384t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.13": { d: "brainpoolP512r1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"1.3.36.3.3.2.8.1.1.14": { d: "brainpoolP512t1", c: "ECC Brainpool Standard Curves and Curve Generation" },
"2.5.4.0": { d: "objectClass", c: "X.520 DN component", w: false },
"2.5.4.1": { d: "aliasedEntryName", c: "X.520 DN component", w: false },
"2.5.4.2": { d: "knowledgeInformation", c: "X.520 DN component", w: false },
"2.5.4.3": { d: "commonName", c: "X.520 DN component", w: false },
"2.5.4.4": { d: "surname", c: "X.520 DN component", w: false },
"2.5.4.5": { d: "serialNumber", c: "X.520 DN component", w: false },
"2.5.4.6": { d: "countryName", c: "X.520 DN component", w: false },
"2.5.4.7": { d: "localityName", c: "X.520 DN component", w: false },
"2.5.4.7.1": { d: "collectiveLocalityName", c: "X.520 DN component", w: false },
"2.5.4.8": { d: "stateOrProvinceName", c: "X.520 DN component", w: false },
"2.5.4.8.1": { d: "collectiveStateOrProvinceName", c: "X.520 DN component", w: false },
"2.5.4.9": { d: "streetAddress", c: "X.520 DN component", w: false },
"2.5.4.9.1": { d: "collectiveStreetAddress", c: "X.520 DN component", w: false },
"2.5.4.10": { d: "organizationName", c: "X.520 DN component", w: false },
"2.5.4.10.1": { d: "collectiveOrganizationName", c: "X.520 DN component", w: false },
"2.5.4.11": { d: "organizationalUnitName", c: "X.520 DN component", w: false },
"2.5.4.11.1": { d: "collectiveOrganizationalUnitName", c: "X.520 DN component", w: false },
"2.5.4.12": { d: "title", c: "X.520 DN component", w: false },
"2.5.4.13": { d: "description", c: "X.520 DN component", w: false },
"2.5.4.14": { d: "searchGuide", c: "X.520 DN component", w: false },
"2.5.4.15": { d: "businessCategory", c: "X.520 DN component", w: false },
"2.5.4.16": { d: "postalAddress", c: "X.520 DN component", w: false },
"2.5.4.16.1": { d: "collectivePostalAddress", c: "X.520 DN component", w: false },
"2.5.4.17": { d: "postalCode", c: "X.520 DN component", w: false },
"2.5.4.17.1": { d: "collectivePostalCode", c: "X.520 DN component", w: false },
"2.5.4.18": { d: "postOfficeBox", c: "X.520 DN component", w: false },
"2.5.4.18.1": { d: "collectivePostOfficeBox", c: "X.520 DN component", w: false },
"2.5.4.19": { d: "physicalDeliveryOfficeName", c: "X.520 DN component", w: false },
"2.5.4.19.1": { d: "collectivePhysicalDeliveryOfficeName", c: "X.520 DN component", w: false },
"2.5.4.20": { d: "telephoneNumber", c: "X.520 DN component", w: false },
"2.5.4.20.1": { d: "collectiveTelephoneNumber", c: "X.520 DN component", w: false },
"2.5.4.21": { d: "telexNumber", c: "X.520 DN component", w: false },
"2.5.4.21.1": { d: "collectiveTelexNumber", c: "X.520 DN component", w: false },
"2.5.4.22": { d: "teletexTerminalIdentifier", c: "X.520 DN component", w: false },
"2.5.4.22.1": { d: "collectiveTeletexTerminalIdentifier", c: "X.520 DN component", w: false },
"2.5.4.23": { d: "facsimileTelephoneNumber", c: "X.520 DN component", w: false },
"2.5.4.23.1": { d: "collectiveFacsimileTelephoneNumber", c: "X.520 DN component", w: false },
"2.5.4.24": { d: "x121Address", c: "X.520 DN component", w: false },
"2.5.4.25": { d: "internationalISDNNumber", c: "X.520 DN component", w: false },
"2.5.4.25.1": { d: "collectiveInternationalISDNNumber", c: "X.520 DN component", w: false },
"2.5.4.26": { d: "registeredAddress", c: "X.520 DN component", w: false },
"2.5.4.27": { d: "destinationIndicator", c: "X.520 DN component", w: false },
"2.5.4.28": { d: "preferredDeliveryMehtod", c: "X.520 DN component", w: false },
"2.5.4.29": { d: "presentationAddress", c: "X.520 DN component", w: false },
"2.5.4.30": { d: "supportedApplicationContext", c: "X.520 DN component", w: false },
"2.5.4.31": { d: "member", c: "X.520 DN component", w: false },
"2.5.4.32": { d: "owner", c: "X.520 DN component", w: false },
"2.5.4.33": { d: "roleOccupant", c: "X.520 DN component", w: false },
"2.5.4.34": { d: "seeAlso", c: "X.520 DN component", w: false },
"2.5.4.35": { d: "userPassword", c: "X.520 DN component", w: false },
"2.5.4.36": { d: "userCertificate", c: "X.520 DN component", w: false },
"2.5.4.37": { d: "caCertificate", c: "X.520 DN component", w: false },
"2.5.4.38": { d: "authorityRevocationList", c: "X.520 DN component", w: false },
"2.5.4.39": { d: "certificateRevocationList", c: "X.520 DN component", w: false },
"2.5.4.40": { d: "crossCertificatePair", c: "X.520 DN component", w: false },
"2.5.4.41": { d: "name", c: "X.520 DN component", w: false },
"2.5.4.42": { d: "givenName", c: "X.520 DN component", w: false },
"2.5.4.43": { d: "initials", c: "X.520 DN component", w: false },
"2.5.4.44": { d: "generationQualifier", c: "X.520 DN component", w: false },
"2.5.4.45": { d: "uniqueIdentifier", c: "X.520 DN component", w: false },
"2.5.4.46": { d: "dnQualifier", c: "X.520 DN component", w: false },
"2.5.4.47": { d: "enhancedSearchGuide", c: "X.520 DN component", w: false },
"2.5.4.48": { d: "protocolInformation", c: "X.520 DN component", w: false },
"2.5.4.49": { d: "distinguishedName", c: "X.520 DN component", w: false },
"2.5.4.50": { d: "uniqueMember", c: "X.520 DN component", w: false },
"2.5.4.51": { d: "houseIdentifier", c: "X.520 DN component", w: false },
"2.5.4.52": { d: "supportedAlgorithms", c: "X.520 DN component", w: false },
"2.5.4.53": { d: "deltaRevocationList", c: "X.520 DN component", w: false },
"2.5.4.54": { d: "dmdName", c: "X.520 DN component", w: false },
"2.5.4.55": { d: "clearance", c: "X.520 DN component", w: false },
"2.5.4.56": { d: "defaultDirQop", c: "X.520 DN component", w: false },
"2.5.4.57": { d: "attributeIntegrityInfo", c: "X.520 DN component", w: false },
"2.5.4.58": { d: "attributeCertificate", c: "X.520 DN component", w: false },
"2.5.4.59": { d: "attributeCertificateRevocationList", c: "X.520 DN component", w: false },
"2.5.4.60": { d: "confKeyInfo", c: "X.520 DN component", w: false },
"2.5.4.61": { d: "aACertificate", c: "X.520 DN component", w: false },
"2.5.4.62": { d: "attributeDescriptorCertificate", c: "X.520 DN component", w: false },
"2.5.4.63": { d: "attributeAuthorityRevocationList", c: "X.520 DN component", w: false },
"2.5.4.64": { d: "familyInformation", c: "X.520 DN component", w: false },
"2.5.4.65": { d: "pseudonym", c: "X.520 DN component", w: false },
"2.5.4.66": { d: "communicationsService", c: "X.520 DN component", w: false },
"2.5.4.67": { d: "communicationsNetwork", c: "X.520 DN component", w: false },
"2.5.4.68": { d: "certificationPracticeStmt", c: "X.520 DN component", w: false },
"2.5.4.69": { d: "certificatePolicy", c: "X.520 DN component", w: false },
"2.5.4.70": { d: "pkiPath", c: "X.520 DN component", w: false },
"2.5.4.71": { d: "privPolicy", c: "X.520 DN component", w: false },
"2.5.4.72": { d: "role", c: "X.520 DN component", w: false },
"2.5.4.73": { d: "delegationPath", c: "X.520 DN component", w: false },
"2.5.4.74": { d: "protPrivPolicy", c: "X.520 DN component", w: false },
"2.5.4.75": { d: "xMLPrivilegeInfo", c: "X.520 DN component", w: false },
"2.5.4.76": { d: "xmlPrivPolicy", c: "X.520 DN component", w: false },
"2.5.4.82": { d: "permission", c: "X.520 DN component", w: false },
"2.5.6.0": { d: "top", c: "X.520 objectClass", w: false },
"2.5.6.1": { d: "alias", c: "X.520 objectClass", w: false },
"2.5.6.2": { d: "country", c: "X.520 objectClass", w: false },
"2.5.6.3": { d: "locality", c: "X.520 objectClass", w: false },
"2.5.6.4": { d: "organization", c: "X.520 objectClass", w: false },
"2.5.6.5": { d: "organizationalUnit", c: "X.520 objectClass", w: false },
"2.5.6.6": { d: "person", c: "X.520 objectClass", w: false },
"2.5.6.7": { d: "organizationalPerson", c: "X.520 objectClass", w: false },
"2.5.6.8": { d: "organizationalRole", c: "X.520 objectClass", w: false },
"2.5.6.9": { d: "groupOfNames", c: "X.520 objectClass", w: false },
"2.5.6.10": { d: "residentialPerson", c: "X.520 objectClass", w: false },
"2.5.6.11": { d: "applicationProcess", c: "X.520 objectClass", w: false },
"2.5.6.12": { d: "applicationEntity", c: "X.520 objectClass", w: false },
"2.5.6.13": { d: "dSA", c: "X.520 objectClass", w: false },
"2.5.6.14": { d: "device", c: "X.520 objectClass", w: false },
"2.5.6.15": { d: "strongAuthenticationUser", c: "X.520 objectClass", w: false },
"2.5.6.16": { d: "certificateAuthority", c: "X.520 objectClass", w: false },
"2.5.6.17": { d: "groupOfUniqueNames", c: "X.520 objectClass", w: false },
"2.5.6.21": { d: "pkiUser", c: "X.520 objectClass", w: false },
"2.5.6.22": { d: "pkiCA", c: "X.520 objectClass", w: false },
"2.5.29.1": { d: "authorityKeyIdentifier", c: "X.509 extension. Deprecated, use 2 5 29 35 instead", w: true },
"2.5.29.2": { d: "keyAttributes", c: "X.509 extension. Obsolete, use keyUsage/extKeyUsage instead", w: true },
"2.5.29.3": { d: "certificatePolicies", c: "X.509 extension. Deprecated, use 2 5 29 32 instead", w: true },
"2.5.29.4": {
d: "keyUsageRestriction",
c: "X.509 extension. Obsolete, use keyUsage/extKeyUsage instead",
w: true
},
"2.5.29.5": { d: "policyMapping", c: "X.509 extension. Deprecated, use 2 5 29 33 instead", w: true },
"2.5.29.6": { d: "subtreesConstraint", c: "X.509 extension. Obsolete, use nameConstraints instead", w: true },
"2.5.29.7": { d: "subjectAltName", c: "X.509 extension. Deprecated, use 2 5 29 17 instead", w: true },
"2.5.29.8": { d: "issuerAltName", c: "X.509 extension. Deprecated, use 2 5 29 18 instead", w: true },
"2.5.29.9": { d: "subjectDirectoryAttributes", c: "X.509 extension", w: false },
"2.5.29.10": { d: "basicConstraints", c: "X.509 extension. Deprecated, use 2 5 29 19 instead", w: true },
"2.5.29.11": { d: "nameConstraints", c: "X.509 extension. Deprecated, use 2 5 29 30 instead", w: true },
"2.5.29.12": { d: "policyConstraints", c: "X.509 extension. Deprecated, use 2 5 29 36 instead", w: true },
"2.5.29.13": { d: "basicConstraints", c: "X.509 extension. Deprecated, use 2 5 29 19 instead", w: true },
"2.5.29.14": { d: "subjectKeyIdentifier", c: "X.509 extension", w: false },
"2.5.29.15": { d: "keyUsage", c: "X.509 extension", w: false },
"2.5.29.16": { d: "privateKeyUsagePeriod", c: "X.509 extension", w: false },
"2.5.29.17": { d: "subjectAltName", c: "X.509 extension", w: false },
"2.5.29.18": { d: "issuerAltName", c: "X.509 extension", w: false },
"2.5.29.19": { d: "basicConstraints", c: "X.509 extension", w: false },
"2.5.29.20": { d: "cRLNumber", c: "X.509 extension", w: false },
"2.5.29.21": { d: "cRLReason", c: "X.509 extension", w: false },
"2.5.29.22": { d: "expirationDate", c: "X.509 extension. Deprecated, alternative OID uncertain", w: true },
"2.5.29.23": { d: "instructionCode", c: "X.509 extension", w: false },
"2.5.29.24": { d: "invalidityDate", c: "X.509 extension", w: false },
"2.5.29.25": { d: "cRLDistributionPoints", c: "X.509 extension. Deprecated, use 2 5 29 31 instead", w: true },
"2.5.29.26": {
d: "issuingDistributionPoint",
c: "X.509 extension. Deprecated, use 2 5 29 28 instead",
w: true
},
"2.5.29.27": { d: "deltaCRLIndicator", c: "X.509 extension", w: false },
"2.5.29.28": { d: "issuingDistributionPoint", c: "X.509 extension", w: false },
"2.5.29.29": { d: "certificateIssuer", c: "X.509 extension", w: false },
"2.5.29.30": { d: "nameConstraints", c: "X.509 extension", w: false },
"2.5.29.31": { d: "cRLDistributionPoints", c: "X.509 extension", w: false },
"2.5.29.32": { d: "certificatePolicies", c: "X.509 extension", w: false },
"2.5.29.32.0": { d: "anyPolicy", c: "X.509 certificate policy", w: false },
"2.5.29.33": { d: "policyMappings", c: "X.509 extension", w: false },
"2.5.29.34": { d: "policyConstraints", c: "X.509 extension. Deprecated, use 2 5 29 36 instead", w: true },
"2.5.29.35": { d: "authorityKeyIdentifier", c: "X.509 extension", w: false },
"2.5.29.36": { d: "policyConstraints", c: "X.509 extension", w: false },
"2.5.29.37": { d: "extKeyUsage", c: "X.509 extension", w: false },
"2.5.29.37.0": { d: "anyExtendedKeyUsage", c: "X.509 extended key usage", w: false },
"2.5.29.38": { d: "authorityAttributeIdentifier", c: "X.509 extension", w: false },
"2.5.29.39": { d: "roleSpecCertIdentifier", c: "X.509 extension", w: false },
"2.5.29.40": { d: "cRLStreamIdentifier", c: "X.509 extension", w: false },
"2.5.29.41": { d: "basicAttConstraints", c: "X.509 extension", w: false },
"2.5.29.42": { d: "delegatedNameConstraints", c: "X.509 extension", w: false },
"2.5.29.43": { d: "timeSpecification", c: "X.509 extension", w: false },
"2.5.29.44": { d: "cRLScope", c: "X.509 extension", w: false },
"2.5.29.45": { d: "statusReferrals", c: "X.509 extension", w: false },
"2.5.29.46": { d: "freshestCRL", c: "X.509 extension", w: false },
"2.5.29.47": { d: "orderedList", c: "X.509 extension", w: false },
"2.5.29.48": { d: "attributeDescriptor", c: "X.509 extension", w: false },
"2.5.29.49": { d: "userNotice", c: "X.509 extension", w: false },
"2.5.29.50": { d: "sOAIdentifier", c: "X.509 extension", w: false },
"2.5.29.51": { d: "baseUpdateTime", c: "X.509 extension", w: false },
"2.5.29.52": { d: "acceptableCertPolicies", c: "X.509 extension", w: false },
"2.5.29.53": { d: "deltaInfo", c: "X.509 extension", w: false },
"2.5.29.54": { d: "inhibitAnyPolicy", c: "X.509 extension", w: false },
"2.5.29.55": { d: "targetInformation", c: "X.509 extension", w: false },
"2.5.29.56": { d: "noRevAvail", c: "X.509 extension", w: false },
"2.5.29.57": { d: "acceptablePrivilegePolicies", c: "X.509 extension", w: false },
"2.5.29.58": { d: "toBeRevoked", c: "X.509 extension", w: false },
"2.5.29.59": { d: "revokedGroups", c: "X.509 extension", w: false },
"2.5.29.60": { d: "expiredCertsOnCRL", c: "X.509 extension", w: false },
"2.5.29.61": { d: "indirectIssuer", c: "X.509 extension", w: false },
"2.5.29.62": { d: "noAssertion", c: "X.509 extension", w: false },
"2.5.29.63": { d: "aAissuingDistributionPoint", c: "X.509 extension", w: false },
"2.5.29.64": { d: "issuedOnBehalfOf", c: "X.509 extension", w: false },
"2.5.29.65": { d: "singleUse", c: "X.509 extension", w: false },
"2.5.29.66": { d: "groupAC", c: "X.509 extension", w: false },
"2.5.29.67": { d: "allowedAttAss", c: "X.509 extension", w: false },
"2.5.29.68": { d: "attributeMappings", c: "X.509 extension", w: false },
"2.5.29.69": { d: "holderNameConstraints", c: "X.509 extension", w: false },
// Netscape certificate type
// An X.509 v3 certificate extension used to identify whether
// the certificate subject is an SSL client, …
"2.16.840.1.113730.1": { d: "certExtension", c: "Netscape" },
"2.16.840.1.113730.1.1": { d: "netscapeCertType", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.2": { d: "netscapeBaseUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.3": { d: "netscapeRevocationUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.4": { d: "netscapeCaRevocationUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.7": { d: "netscapeCertRenewalUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.8": { d: "netscapeCaPolicyUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.9": { d: "HomePageUrl", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.10": { d: "EntityLogo", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.11": { d: "UserPicture", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.12": { d: "netscapeSslServerName", c: "Netscape certificate extension" },
"2.16.840.1.113730.1.13": { d: "netscapeComment", c: "Netscape certificate extension" },
done: { d: "", c: "" }
};
// source/asn1.ts
var TagType = /* @__PURE__ */ ((TagType2) => {
TagType2[TagType2["BOOLEAN"] = 1] = "BOOLEAN";
TagType2[TagType2["INTEGER"] = 2] = "INTEGER";
TagType2[TagType2["BIT_STRING"] = 3] = "BIT_STRING";
TagType2[TagType2["OCTET_STRING"] = 4] = "OCTET_STRING";
TagType2[TagType2["NULL"] = 5] = "NULL";
TagType2[TagType2["OBJECT_IDENTIFIER"] = 6] = "OBJECT_IDENTIFIER";
TagType2[TagType2["UTF8String"] = 12] = "UTF8String";
TagType2[TagType2["NumericString"] = 18] = "NumericString";
TagType2[TagType2["PrintableString"] = 19] = "PrintableString";
TagType2[TagType2["TeletexString"] = 20] = "TeletexString";
TagType2[TagType2["IA5String"] = 22] = "IA5String";
TagType2[TagType2["UTCTime"] = 23] = "UTCTime";
TagType2[TagType2["GeneralizedTime"] = 24] = "GeneralizedTime";
TagType2[TagType2["GraphicString"] = 25] = "GraphicString";
TagType2[TagType2["VisibleString"] = 26] = "VisibleString";
TagType2[TagType2["GeneralString"] = 27] = "GeneralString";
TagType2[TagType2["UniversalString"] = 28] = "UniversalString";
TagType2[TagType2["BMPString"] = 30] = "BMPString";
TagType2[TagType2["SEQUENCE"] = 48] = "SEQUENCE";
TagType2[TagType2["SET"] = 49] = "SET";
TagType2[TagType2["CONTEXT_SPECIFIC0"] = 160] = "CONTEXT_SPECIFIC0";
TagType2[TagType2["CONTEXT_SPECIFIC1"] = 161] = "CONTEXT_SPECIFIC1";
TagType2[TagType2["CONTEXT_SPECIFIC2"] = 162] = "CONTEXT_SPECIFIC2";
TagType2[TagType2["CONTEXT_SPECIFIC3"] = 163] = "CONTEXT_SPECIFIC3";
TagType2[TagType2["A4"] = 164] = "A4";
return TagType2;
})(TagType || {});
function readTag(buf, pos) {
const start = pos;
if (buf.length <= pos) {
throw new Error(`Invalid position : buf.length=${buf.length} pos=${pos}`);
}
const tag = buf.readUInt8(pos);
pos += 1;
let length = buf.readUInt8(pos);
pos += 1;
if (length > 127) {
const nbBytes = length & 127;
length = 0;
for (let i = 0; i < nbBytes; i++) {
length = length * 256 + buf.readUInt8(pos);
pos += 1;
}
}
return { start, tag, position: pos, length };
}
function readStruct(buf, blockInfo) {
const length = blockInfo.length;
let cursor = blockInfo.position;
const end = blockInfo.position + length;
const blocks = [];
while (cursor < end) {
const inner = readTag(buf, cursor);
cursor = inner.position + inner.length;
blocks.push(inner);
}
return blocks;
}
function parseBitString(buffer, start, end, maxLength) {
const unusedBit = buffer.readUInt8(start), lenBit = (end - start - 1 << 3) - unusedBit, intro = `(${lenBit} bit)
`;
let s = "", skip = unusedBit;
for (let i = end - 1; i > start; --i) {
const b = buffer.readUInt8(i);
for (let j = skip; j < 8; ++j) {
s += b >> j & 1 ? "1" : "0";
}
skip = 0;
_assert2.default.call(void 0, s.length <= maxLength);
}
return intro + s;
}
function readBitString(buffer, block) {
_assert2.default.call(void 0, block.tag === 3 /* BIT_STRING */);
const data = getBlock(buffer, block);
const ignore_bits = data.readUInt8(0);
return {
lengthInBits: data.length * 8 - ignore_bits,
lengthInBytes: data.length - 1,
data: data.subarray(1),
debug: parseBitString(buffer, block.position, block.length + block.position, 4 * 16 * 1024)
};
}
function formatBuffer2DigitHexWithColum(buffer) {
const value = [];
for (let i = 0; i < buffer.length; i++) {
value.push(`00${buffer.readUInt8(i).toString(16)}`.substr(-2, 2));
}
return value.join(":").toUpperCase().replace(/^(00:)*/, "");
}
function readOctetString(buffer, block) {
_assert2.default.call(void 0, block.tag === 4 /* OCTET_STRING */);
const tag = readTag(buffer, block.position);
_assert2.default.call(void 0, tag.tag === 4 /* OCTET_STRING */);
const nbBytes = tag.length;
const pos = tag.position;
const b = buffer.subarray(pos, pos + nbBytes);
return b;
}
function getBlock(buffer, block) {
const start = block.position;
const end = block.position + block.length;
return buffer.subarray(start, end);
}
function readIntegerAsByteString(buffer, block) {
return getBlock(buffer, block);
}
function readListOfInteger(buffer) {
const block = readTag(buffer, 0);
const inner_blocks = readStruct(buffer, block);
return inner_blocks.map((innerBlock) => {
return readIntegerAsByteString(buffer, innerBlock);
});
}
function parseOID(buffer, start, end) {
let s = "", n = 0, bits = 0;
for (let i = start; i < end; ++i) {
const v = buffer.readUInt8(i);
n = n * 128 + (v & 127);
bits += 7;
if (!(v & 128)) {
if (s === "") {
const m = n < 80 ? n < 40 ? 0 : 1 : 2;
s = `${m}.${n - m * 40}`;
} else {
s += `.${n.toString()}`;
}
n = 0;
bits = 0;
}
}
_assert2.default.call(void 0, bits === 0);
return s;
}
function readObjectIdentifier(buffer, block) {
_assert2.default.call(void 0, block.tag === 6 /* OBJECT_IDENTIFIER */);
const b = buffer.subarray(block.position, block.position + block.length);
const oid = parseOID(b, 0, block.length);
return {
oid,
name: oid_map[oid] ? oid_map[oid].d : oid
};
}
function readAlgorithmIdentifier(buffer, block) {
const inner_blocks = readStruct(buffer, block);
return {
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name
};
}
function readECCAlgorithmIdentifier(buffer, block) {
const inner_blocks = readStruct(buffer, block);
return {
identifier: readObjectIdentifier(buffer, inner_blocks[1]).name
// difference with RSA as algorithm is second element of nested block
};
}
function readSignatureValueBin(buffer, block) {
return readBitString(buffer, block).data;
}
function readSignatureValue(buffer, block) {
return readSignatureValueBin(buffer, block).toString("hex");
}
function readLongIntegerValue(buffer, block) {
_assert2.default.call(void 0, block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
const pos = block.position;
const nbBytes = block.length;
const buf = buffer.subarray(pos, pos + nbBytes);
return buf;
}
function readIntegerValue(buffer, block) {
_assert2.default.call(void 0, block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
let pos = block.position;
const nbBytes = block.length;
_assert2.default.call(void 0, nbBytes < 4);
let value = 0;
for (let i = 0; i < nbBytes; i++) {
value = value * 256 + buffer.readUInt8(pos);
pos += 1;
}
return value;
}
function readBooleanValue(buffer, block) {
_assert2.default.call(void 0, block.tag === 1 /* BOOLEAN */, `expecting a BOOLEAN tag. got ${TagType[block.tag]}`);
const pos = block.position;
const nbBytes = block.length;
_assert2.default.call(void 0, nbBytes < 4);
const value = !!buffer.readUInt8(pos);
return value;
}
function readVersionValue(buffer, block) {
block = readTag(buffer, block.position);
return readIntegerValue(buffer, block);
}
function convertGeneralizedTime(str) {
const year = parseInt(str.substr(0, 4), 10);
const month = parseInt(str.substr(4, 2), 10) - 1;
const day = parseInt(str.substr(6, 2), 10);
const hours = parseInt(str.substr(8, 2), 10);
const mins = parseInt(str.substr(10, 2), 10);
const secs = parseInt(str.substr(12, 2), 10);
return new Date(Date.UTC(year, month, day, hours, mins, secs));
}
function _readBMPString(buffer, block) {
const strBuff = getBlock(buffer, block);
let str = "";
for (let i = 0; i < strBuff.length; i += 2) {
const word = strBuff.readUInt16BE(i);
str += String.fromCharCode(word);
}
return str;
}
function convertUTCTime(str) {
let year = parseInt(str.substr(0, 2), 10);
const month = parseInt(str.substr(2, 2), 10) - 1;
const day = parseInt(str.substr(4, 2), 10);
const hours = parseInt(str.substr(6, 2), 10);
const mins = parseInt(str.substr(8, 2), 10);
const secs = parseInt(str.substr(10, 2), 10);
year += year >= 50 ? 1900 : 2e3;
return new Date(Date.UTC(year, month, day, hours, mins, secs));
}
function readValue(buffer, block) {
switch (block.tag) {
case 1 /* BOOLEAN */:
return readBooleanValue(buffer, block);
case 30 /* BMPString */:
return _readBMPString(buffer, block);
case 19 /* PrintableString */:
case 20 /* TeletexString */:
case 12 /* UTF8String */:
case 18 /* NumericString */:
case 22 /* IA5String */:
return getBlock(buffer, block).toString("ascii");
case 23 /* UTCTime */:
return convertUTCTime(getBlock(buffer, block).toString("ascii"));
case 24 /* GeneralizedTime */:
return convertGeneralizedTime(getBlock(buffer, block).toString("ascii"));
default:
throw new Error(`Invalid tag 0x${block.tag.toString(16)}`);
}
}
function findBlockAtIndex(blocks, index) {
const tmp = blocks.filter((b) => b.tag === 160 + index || b.tag === 128 + index);
if (tmp.length === 0) {
return null;
}
return tmp[0];
}
function readTime(buffer, block) {
return readValue(buffer, block);
}
// source/crypto_utils.ts
var _constants = require('constants'); var _constants2 = _interopRequireDefault(_constants);
// source/buffer_utils.ts
var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (size) => {
return new Buffer(size);
};
// source/hexy.ts
function hexy(buffer, { width, format } = {}) {
width = width || 80;
if (format === "twos") {
width = 26 * 3;
}
const regex = new RegExp(`.{1,${width}}`, "g");
const regexTwos = new RegExp(`.{1,${2}}`, "g");
let fullHex = buffer.toString("hex");
if (format === "twos") {
fullHex = _optionalChain([fullHex, 'access', _ => _.match, 'call', _2 => _2(regexTwos), 'optionalAccess', _3 => _3.join, 'call', _4 => _4(" ")]) || "";
}
return _optionalChain([fullHex, 'access', _5 => _5.match, 'call', _6 => _6(regex), 'optionalAccess', _7 => _7.join, 'call', _8 => _8("\n")]) || "";
}
// source/crypto_utils.ts
var PEM_REGEX = /^(-----BEGIN (.*)-----\r?\n([/+=a-zA-Z0-9\r\n]*)\r?\n-----END \2-----\r?\n?)/gm;
var PEM_TYPE_REGEX = /^(-----BEGIN (.*)-----)/m;
function identifyPemType(rawKey) {
if (Array.isArray(rawKey)) {
return void 0;
}
if (Buffer.isBuffer(rawKey)) {
rawKey = rawKey.toString("utf8");
}
const match = PEM_TYPE_REGEX.exec(rawKey);
return !match ? void 0 : match[2];
}
function removeTrailingLF(str) {
const tmp = str.replace(/(\r|\n)+$/m, "").replace(/\r\n/gm, "\n");
return tmp;
}
function toPem(raw_key, pem) {
_assert2.default.call(void 0, raw_key, "expecting a key");
_assert2.default.call(void 0, typeof pem === "string");
if (Array.isArray(raw_key)) {
return raw_key.map((cert) => toPem(cert, pem)).join("\n");
}
let pemType = identifyPemType(raw_key);
if (pemType) {
return Buffer.isBuffer(raw_key) ? removeTrailingLF(raw_key.toString("utf8")) : removeTrailingLF(raw_key);
} else {
pemType = pem;
_assert2.default.call(void 0, ["CERTIFICATE REQUEST", "CERTIFICATE", "RSA PRIVATE KEY", "PUBLIC KEY", "X509 CRL"].indexOf(pemType) >= 0);
const buffer = raw_key;
if (pemType === "CERTIFICATE" && buffer.length > 0) {
try {
const parts = split_der(buffer);
if (parts.length > 1) {
return parts.map((cert) => toPem(cert, pem)).join("\n");
}
} catch (_err) {
}
}
const b = buffer.toString("base64");
const strBody = _optionalChain([b, 'access', _9 => _9.match, 'call', _10 => _10(/.{1,64}/g), 'optionalAccess', _11 => _11.join, 'call', _12 => _12("\n")]) || "";
return `-----BEGIN ${pemType}-----
${strBody}
-----END ${pemType}-----`;
}
}
function convertPEMtoDER(raw_key) {
let match;
let _pemType;
let base64str;
const parts = [];
PEM_REGEX.lastIndex = 0;
match = PEM_REGEX.exec(raw_key);
while (match !== null) {
_pemType = match[2];
base64str = match[3];
base64str = base64str.replace(/\r?\n/g, "");
parts.push(Buffer.from(base64str, "base64"));
match = PEM_REGEX.exec(raw_key);
}
return combine_der(parts);
}
function hexDump(buffer, width) {
if (!buffer) {
return "<>";
}
width = width || 32;
if (buffer.length > 1024) {
return `${hexy(buffer.subarray(0, 1024), { width, format: "twos" })}
.... ( ${buffer.length})`;
} else {
return hexy(buffer, { width, format: "twos" });
}
}
function makeMessageChunkSignature(chunk, options) {
const signer = _crypto2.createSign.call(void 0, options.algorithm);
signer.update(chunk);
const signature = signer.sign(options.privateKey.hidden);
_assert2.default.call(void 0, !options.signatureLength || signature.length === options.signatureLength);
return signature;
}
function verifyMessageChunkSignature(blockToVerify, signature, options) {
const verify = _crypto2.createVerify.call(void 0, options.algorithm);
verify.update(blockToVerify);
return verify.verify(options.publicKey, signature);
}
function makeSHA1Thumbprint(buffer) {
return _crypto2.createHash.call(void 0, "sha1").update(buffer).digest();
}
var RSA_PKCS1_OAEP_PADDING = _constants2.default.RSA_PKCS1_OAEP_PADDING;
var RSA_PKCS1_PADDING = _constants2.default.RSA_PKCS1_PADDING;
var PaddingAlgorithm = /* @__PURE__ */ ((PaddingAlgorithm2) => {
PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_OAEP_PADDING"] = 4] = "RSA_PKCS1_OAEP_PADDING";
PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_PADDING"] = 1] = "RSA_PKCS1_PADDING";
return PaddingAlgorithm2;
})(PaddingAlgorithm || {});
_assert2.default.call(void 0, 4 /* RSA_PKCS1_OAEP_PADDING */ === _constants2.default.RSA_PKCS1_OAEP_PADDING);
_assert2.default.call(void 0, 1 /* RSA_PKCS1_PADDING */ === _constants2.default.RSA_PKCS1_PADDING);
function publicEncrypt_native(buffer, publicKey, algorithm) {
if (algorithm === void 0) {
algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
}
return _crypto2.publicEncrypt.call(void 0,
{
key: publicKey,
padding: algorithm
},
buffer
);
}
function privateDecrypt_native(buffer, privateKey, algorithm) {
if (algorithm === void 0) {
algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
}
try {
return _crypto2.privateDecrypt.call(void 0,
{
key: privateKey.hidden,
padding: algorithm
},
buffer
);
} catch (_err) {
return Buffer.alloc(1);
}
}
var publicEncrypt = publicEncrypt_native;
var privateDecrypt = privateDecrypt_native;
function publicEncrypt_long(buffer, publicKey, blockSize, padding, paddingAlgorithm) {
if (paddingAlgorithm === void 0) {
paddingAlgorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
}
if (paddingAlgorithm === RSA_PKCS1_PADDING) {
padding = padding || 11;
if (padding !== 11) throw new Error("padding should be 11");
} else if (paddingAlgorithm === RSA_PKCS1_OAEP_PADDING) {
padding = padding || 42;
if (padding !== 42) throw new Error("padding should be 42");
} else {
throw new Error(`Invalid padding algorithm ${paddingAlgorithm}`);
}
const chunk_size = blockSize - padding;
const nbBlocks = Math.ceil(buffer.length / chunk_size);
const outputBuffer = createFastUninitializedBuffer(nbBlocks * blockSize);
for (let i = 0; i < nbBlocks; i++) {
const currentBlock = buffer.subarray(chunk_size * i, chunk_size * (i + 1));
const encrypted_chunk = publicEncrypt(currentBlock, publicKey, paddingAlgorithm);
if (encrypted_chunk.length !== blockSize) {
throw new Error(`publicEncrypt_long unexpected chunk length ${encrypted_chunk.length} expecting ${blockSize}`);
}
encrypted_chunk.copy(outputBuffer, i * blockSize);
}
return outputBuffer;
}
function privateDecrypt_long(buffer, privateKey, blockSize, paddingAlgorithm) {
paddingAlgorithm = paddingAlgorithm || RSA_PKCS1_OAEP_PADDING;
if (paddingAlgorithm !== RSA_PKCS1_PADDING && paddingAlgorithm !== RSA_PKCS1_OAEP_PADDING) {
throw new Error(`Invalid padding algorithm ${paddingAlgorithm}`);
}
const nbBlocks = Math.ceil(buffer.length / blockSize);
const outputBuffer = createFastUninitializedBuffer(nbBlocks * blockSize);
let total_length = 0;
for (let i = 0; i < nbBlocks; i++) {
const currentBlock = buffer.subarray(blockSize * i, Math.min(blockSize * (i + 1), buffer.length));
const decrypted_buf = privateDecrypt(currentBlock, privateKey, paddingAlgorithm);
decrypted_buf.copy(outputBuffer, total_length);
total_length += decrypted_buf.length;
}
return outputBuffer.subarray(0, total_length);
}
function coerceCertificatePem(certificate) {
if (Buffer.isBuffer(certificate)) {
certificate = toPem(certificate, "CERTIFICATE");
}
_assert2.default.call(void 0, typeof certificate === "string");
return certificate;
}
function extractPublicKeyFromCertificateSync(certificate) {
certificate = coerceCertificatePem(certificate);
const publicKeyObject = _crypto2.createPublicKey.call(void 0, certificate);
const publicKeyAsPem = publicKeyObject.export({ format: "pem", type: "spki" }).toString();
_assert2.default.call(void 0, typeof publicKeyAsPem === "string");
return publicKeyAsPem;
}
function extractPublicKeyFromCertificate(certificate, callback) {
let err1 = null;
let keyPem;
try {
keyPem = extractPublicKeyFromCertificateSync(certificate);
} catch (err) {
err1 = err;
}
setImmediate(() => {
callback(err1, keyPem);
});
}
// source/directory_name.ts
function readDirectoryName(buffer, block) {
const set_blocks = readStruct(buffer, block);
const names = {};
for (const set_block of set_blocks) {
_assert2.default.call(void 0, set_block.tag === 49);
const blocks = readStruct(buffer, set_block);
_assert2.default.call(void 0, blocks.length === 1);
_assert2.default.call(void 0, blocks[0].tag === 48);
const sequenceBlock = readStruct(buffer, blocks[0]);
_assert2.default.call(void 0, sequenceBlock.length === 2);
const type = readObjectIdentifier(buffer, sequenceBlock[0]);
names[type.name] = readValue(buffer, sequenceBlock[1]);
}
return names;
}
// source/crypto_explore_certificate.ts
var doDebug = false;
function _readAttributeTypeAndValue(buffer, block) {
let inner_blocks = readStruct(buffer, block);
inner_blocks = readStruct(buffer, inner_blocks[0]);
const data = {
identifier: readObjectIdentifier(buffer, inner_blocks[0]).name,
value: readValue(buffer, inner_blocks[1])
};
const result = {};
for (const [key, value] of Object.entries(data)) {
result[key] = value;
}
return result;
}
function _readRelativeDistinguishedName(buffer, block) {
const inner_blocks = readStruct(buffer, block);
const data = inner_blocks.map((block2) => _readAttributeTypeAndValue(buffer, block2));
const result = {};
for (const e of data) {
result[e.identifier] = e.value;
}
return result;
}
function _readName(buffer, block) {
return _readRelativeDistinguishedName(buffer, block);
}
function _readValidity(buffer, block) {
const inner_blocks = readStruct(buffer, block);
return {
notBefore: readTime(buffer, inner_blocks[0]),
notAfter: readTime(buffer, inner_blocks[1])
};
}
function _readAuthorityKeyIdentifier(buffer) {
const block_info = readTag(buffer, 0);
const blocks = readStruct(buffer, block_info);
const keyIdentifier_block = findBlockAtIndex(blocks, 0);
const authorityCertIssuer_block = findBlockAtIndex(blocks, 1);
const authorityCertSerialNumber_block = findBlockAtIndex(blocks, 2);
function _readAuthorityCertIssuer(block) {
const inner_blocks = readStruct(buffer, block);
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
if (directoryName_block) {
const a = readStruct(buffer, directoryName_block);
return readDirectoryName(buffer, a[0]);
} else {
throw new Error("Invalid _readAuthorityCertIssuer");
}
}
function _readAuthorityCertIssuerFingerPrint(block) {
const inner_blocks = readStruct(buffer, block);
const directoryName_block = findBlockAtIndex(inner_blocks, 4);
if (!directoryName_block) {
return "";
}
const a = readStruct(buffer, directoryName_block);
if (a.length < 1) {
return "";
}
return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, a[0]))) : "";
}
const authorityCertIssuer = authorityCertIssuer_block ? _readAuthorityCertIssuer(authorityCertIssuer_block) : null;
const authorityCertIssuerFingerPrint = authorityCertIssuer_block ? _readAuthorityCertIssuerFingerPrint(authorityCertIssuer_block) : "";
return {
authorityCertIssuer,
authorityCertIssuerFingerPrint,
serial: authorityCertSerialNumber_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, authorityCertSerialNumber_block)) : null,
// can be null for self-signed cert
keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, keyIdentifier_block)) : null
// can be null for self-signed certf
};
}
function readBasicConstraint2_5_29_19(buffer, _block) {
const block_info = readTag(buffer, 0);
const inner_blocks = readStruct(buffer, block_info).slice(0, 2);
let cA = false;
let pathLengthConstraint = 0;
let breakControl = 0;
for (const inner_block of inner_blocks) {
switch (inner_block.tag) {
case 1 /* BOOLEAN */:
cA = readBooleanValue(buffer, inner_block);
break;
case 2 /* INTEGER */:
pathLengthConstraint = readIntegerValue(buffer, inner_block);
breakControl = 1;
break;
}
if (breakControl) {
break;
}
}
return { critical: true, cA, pathLengthConstraint };
}
function _readGeneralNames(buffer, block) {
const _data = {
1: { name: "rfc822Name", type: "IA5String" },
2: { name: "dNSName", type: "IA5String" },
3: { name: "x400Address", type: "ORAddress" },
4: { name: "directoryName", type: "Name" },
5: { name: "ediPartyName", type: "EDIPartyName" },
6: { name: "uniformResourceIdentifier", type: "IA5String" },
7: { name: "iPAddress", type: "OCTET_STRING" },
8: { name: "registeredID", type: "OBJECT_IDENTIFIER" },
32: { name: "otherName", type: "AnotherName" }
};
const blocks = readStruct(buffer, block);
function _readFromType(buffer2, block2, type) {
switch (type) {
case "IA5String":
return buffer2.subarray(block2.position, block2.position + block2.length).toString("ascii");
default:
return buffer2.subarray(block2.position, block2.position + block2.length).toString("hex");
}
}
const n = {};
for (const block2 of blocks) {
_assert2.default.call(void 0, (block2.tag & 128) === 128);
const t2 = block2.tag & 127;
const type = _data[t2];
if (!type) {
console.log(`_readGeneralNames: INVALID TYPE => ${t2} 0x${t2.toString(16)}`);
continue;
}
if (t2 === 32) {
n[type.name] = n[type.name] || [];
const blocks2 = readStruct(buffer, block2);
const name = readObjectIdentifier(buffer, blocks2[0]).name;
const buf = getBlock(buffer, blocks2[1]);
const b = readTag(buf, 0);
const nn = readValue(buf, b);
const data = {
identifier: name,
value: nn
};
n[type.name].push(data.value);
} else {
n[type.name] = n[type.name] || [];
n[type.name].push(_readFromType(buffer, block2, type.type));
}
}
return n;
}
function _readSubjectAltNames(buffer) {
const block_info = readTag(buffer, 0);
return _readGeneralNames(buffer, block_info);
}
function readKeyUsage(_oid, buffer) {
const block_info = readTag(buffer, 0);
let b2 = 0;
let b3 = 0;
if (block_info.length > 1) {
b2 = buffer[block_info.position + 1];
b3 = block_info.length > 2 ? buffer[block_info.position + 2] : 0;
}
return {
// tslint:disable-next-line: no-bitwise
digitalSignature: (b2 & 128) === 128,
// tslint:disable-next-line: no-bitwise
nonRepudiation: (b2 & 64) === 64,
// tslint:disable-next-line: no-bitwise
keyEncipherment: (b2 & 32) === 32,
// tslint:disable-next-line: no-bitwise
dataEncipherment: (b2 & 16) === 16,
// tslint:disable-next-line: no-bitwise
keyAgreement: (b2 & 8) === 8,
// tslint:disable-next-line: no-bitwise
keyCertSign: (b2 & 4) === 4,
// tslint:disable-next-line: no-bitwise
cRLSign: (b2 & 2) === 2,
// tslint:disable-next-line: no-bitwise
encipherOnly: (b2 & 1) === 1,
// tslint:disable-next-line: no-bitwise
decipherOnly: (b3 & 128) === 128
};
}
function readExtKeyUsage(oid, buffer) {
_assert2.default.call(void 0, oid === "2.5.29.37");
const block_info = readTag(buffer, 0);
const inne