xml-fiesta/lib/certificate.js

Electronic signed document XML Protocol for Node & Browser

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
var errors_1 = require("./errors");
var common_1 = require("./common");
var parseDate = function (certDate) {
    var parsed = certDate.match(/(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})Z/);
    parsed.shift(1);
    return new Date(Date.UTC(2000 + parseInt(parsed[0]), parseInt(parsed[1]) - 1, parsed[2], parsed[3], parsed[4], parsed[5]));
};
var jsrsasign = require('jsrsasign');
jsrsasign.X509.hex2dnobj = function (e) {
    var f = {};
    var c = jsrsasign.ASN1HEX.getPosArrayOfChildren_AtObj(e, 0);
    var d = 0;
    while (d < c.length) {
        var b = jsrsasign.ASN1HEX.getHexOfTLV_AtObj(e, c[d]);
        try {
            var rdn = jsrsasign.X509.hex2rdnobj(b);
            f[rdn[0]] = rdn[1];
        }
        catch (err) {
            console.error(err);
        }
        d++;
    }
    return f;
};
jsrsasign.X509.hex2rdnobj = function (a) {
    var f = jsrsasign.ASN1HEX.getDecendantHexTLVByNthList(a, 0, [0, 0]);
    var e = jsrsasign.ASN1HEX.getDecendantHexVByNthList(a, 0, [0, 1]);
    var c = '';
    try {
        c = jsrsasign.X509.DN_ATTRHEX[f];
    }
    catch (b) {
        c = f;
    }
    var d = jsrsasign.hextorstr(e);
    return [c, d];
};
jsrsasign.X509.prototype.getSubjectObject = function () {
    return jsrsasign.X509.hex2dnobj(jsrsasign.ASN1HEX.getDecendantHexTLVByNthList(this.hex, 0, [0, 5]));
};
jsrsasign.X509.DN_ATTRHEX = {
    '0603550406': 'C',
    '060355040a': 'O',
    '060355040b': 'OU',
    '0603550403': 'CN',
    '0603550405': 'serialNumber',
    '0603550408': 'ST',
    '0603550407': 'L',
    '060355042d': 'UI',
    '0603550409': 'street',
    '0603550429': 'name',
    '0603550411': 'postalCode',
    '06092a864886f70d010901': 'emailAddress',
    '06092a864886f70d010902': 'unstructuredName'
};
var certFirstBytes = '2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d49494';
var Certificate = (function () {
    function Certificate(binaryString, hexString) {
        var hex = binaryString ? jsrsasign.rstrtohex(binaryString) : hexString;
        this.binaryString = binaryString;
        if ((!binaryString && !hex) ||
            (binaryString && binaryString.length === 0) ||
            (hex &&
                !jsrsasign.ASN1HEX.isASN1HEX(hex) &&
                !hex.startsWith(certFirstBytes))) {
            throw new errors_1.CertificateError("The certificate is not valid.");
        }
        if (hex.startsWith(certFirstBytes)) {
            this.pem = jsrsasign.hextorstr(hex);
        }
        else {
            this.pem = jsrsasign.asn1.ASN1Util.getPEMStringFromHex(hex, "CERTIFICATE");
        }
        this.certificate = new jsrsasign.X509();
        this.certificate.readCertPEM(this.pem);
        this.hex = this.certificate.hex;
        this.subject = this.certificate.getSubjectObject();
    }
    Certificate.prototype.toBinaryString = function () {
        return this.binaryString;
    };
    Certificate.prototype.toHex = function () {
        return this.certificate.hex;
    };
    Certificate.prototype.toPem = function () {
        return this.pem;
    };
    Certificate.prototype.getX509 = function () {
        return this.certificate;
    };
    Certificate.prototype.getSerialNumberHex = function () {
        return this.certificate.getSerialNumberHex();
    };
    Certificate.prototype.getSerialNumber = function () {
        return common_1.hextoAscii(this.getSerialNumberHex());
    };
    Certificate.prototype.getSubject = function () {
        return this.subject;
    };
    Certificate.prototype.email = function () {
        return this.subject.emailAddress;
    };
    Certificate.prototype.owner = function () {
        return this.subject.name;
    };
    Certificate.prototype.owner_id = function () {
        var _a;
        var identifier = this.getUniqueIdentifier();
        return (_a = identifier) === null || _a === void 0 ? void 0 : _a[0];
    };
    Certificate.prototype.getUniqueIdentifier = function () {
        if (this.subject.UI) {
            return this.subject.UI.split(" / ");
        }
        else {
            return null;
        }
    };
    Certificate.prototype.getRSAPublicKey = function () {
        if (this.pubKey) {
            return this.pubKey;
        }
        return (this.pubKey = this.certificate.subjectPublicKeyRSA);
    };
    Certificate.prototype.verifyString = function (string, signedHexString, alg) {
        try {
            if (alg == null) {
                alg = "SHA256withRSA";
            }
            var sig = new jsrsasign.crypto.Signature({ alg: alg });
            sig.init(this.pem);
            sig.updateString(string);
            return sig.verify(signedHexString);
        }
        catch (error) {
            console.error(error);
            return false;
        }
    };
    Certificate.prototype.verifyHexString = function (hexString, signedHexString, alg) {
        try {
            if (alg == null) {
                alg = "SHA256withRSA";
            }
            var sig = new jsrsasign.crypto.Signature({ alg: alg });
            sig.init(this.pem);
            sig.updateHex(hexString);
            return sig.verify(signedHexString);
        }
        catch (error) {
            console.error(error);
            return false;
        }
    };
    Certificate.prototype.getUniqueIdentifierString = function (joinVal) {
        joinVal = joinVal ? joinVal : ", ";
        var identifiers = this.getUniqueIdentifier();
        return identifiers.join(joinVal);
    };
    Certificate.prototype.hasExpired = function () {
        var notAfter = parseDate(this.certificate.getNotAfter());
        var isExpired = notAfter.getTime() < new Date().getTime();
        if (isExpired) {
            console.error("Certificate: The certificate has expired", {
                notAfter: notAfter.toISOString(),
                currentTime: new Date().toISOString()
            });
        }
        return isExpired;
    };
    Certificate.prototype.isValidOn = function (date) {
        var notAfter = parseDate(this.certificate.getNotAfter());
        var notBefore = parseDate(this.certificate.getNotBefore());
        var isValid = (notAfter.getTime() >= date.getTime() &&
            date.getTime() >= notBefore.getTime());
        if (!isValid) {
            console.error("Certificate: The certificate is not valid on the given date", {
                notAfter: notAfter.toISOString(),
                notBefore: notBefore.toISOString(),
                givenDate: date.toISOString()
            });
        }
        return isValid;
    };
    Certificate.prototype.algorithm = function () {
        return this.certificate.getSignatureAlgorithmField();
    };
    Certificate.prototype.tbsCertificate = function () {
        return jsrsasign.ASN1HEX.getDecendantHexTLVByNthList(this.hex, 0, [0]);
    };
    Certificate.prototype.signature = function () {
        return jsrsasign.X509.getSignatureValueHex(this.hex);
    };
    Certificate.prototype.isCa = function (rootCaHex) {
        return this.hex === rootCaHex;
    };
    Certificate.prototype.validParent = function (rootCaPem, rootCaHex) {
        if (rootCaHex === void 0) { rootCaHex = null; }
        try {
            var rootCaCert = void 0;
            if (rootCaHex) {
                rootCaCert = new Certificate(null, rootCaHex);
            }
            else {
                rootCaCert = new jsrsasign.X509();
                rootCaCert.readCertPEM(rootCaPem);
                var rootCa = jsrsasign.X509.getExtBasicConstraints(rootCaCert.hex).cA;
                if (!rootCa)
                    return false;
                rootCaCert = new Certificate(null, rootCaCert.hex);
            }
            return rootCaCert.verifyHexString(this.tbsCertificate(), this.signature(), this.algorithm());
        }
        catch (error) {
            console.error(error);
            return false;
        }
    };
    return Certificate;
}());
exports.default = Certificate;
;
//# sourceMappingURL=certificate.js.map