753 lines
19 KiB
JavaScript
753 lines
19 KiB
JavaScript
|
// Copyright 2017 Joyent, Inc.
|
||
|
|
||
|
module.exports = {
|
||
|
read: read,
|
||
|
verify: verify,
|
||
|
sign: sign,
|
||
|
signAsync: signAsync,
|
||
|
write: write
|
||
|
};
|
||
|
|
||
|
var assert = require('assert-plus');
|
||
|
var asn1 = require('asn1');
|
||
|
var Buffer = require('safer-buffer').Buffer;
|
||
|
var algs = require('../algs');
|
||
|
var utils = require('../utils');
|
||
|
var Key = require('../key');
|
||
|
var PrivateKey = require('../private-key');
|
||
|
var pem = require('./pem');
|
||
|
var Identity = require('../identity');
|
||
|
var Signature = require('../signature');
|
||
|
var Certificate = require('../certificate');
|
||
|
var pkcs8 = require('./pkcs8');
|
||
|
|
||
|
/*
|
||
|
* This file is based on RFC5280 (X.509).
|
||
|
*/
|
||
|
|
||
|
/* Helper to read in a single mpint */
|
||
|
function readMPInt(der, nm) {
|
||
|
assert.strictEqual(der.peek(), asn1.Ber.Integer,
|
||
|
nm + ' is not an Integer');
|
||
|
return (utils.mpNormalize(der.readString(asn1.Ber.Integer, true)));
|
||
|
}
|
||
|
|
||
|
function verify(cert, key) {
|
||
|
var sig = cert.signatures.x509;
|
||
|
assert.object(sig, 'x509 signature');
|
||
|
|
||
|
var algParts = sig.algo.split('-');
|
||
|
if (algParts[0] !== key.type)
|
||
|
return (false);
|
||
|
|
||
|
var blob = sig.cache;
|
||
|
if (blob === undefined) {
|
||
|
var der = new asn1.BerWriter();
|
||
|
writeTBSCert(cert, der);
|
||
|
blob = der.buffer;
|
||
|
}
|
||
|
|
||
|
var verifier = key.createVerify(algParts[1]);
|
||
|
verifier.write(blob);
|
||
|
return (verifier.verify(sig.signature));
|
||
|
}
|
||
|
|
||
|
function Local(i) {
|
||
|
return (asn1.Ber.Context | asn1.Ber.Constructor | i);
|
||
|
}
|
||
|
|
||
|
function Context(i) {
|
||
|
return (asn1.Ber.Context | i);
|
||
|
}
|
||
|
|
||
|
var SIGN_ALGS = {
|
||
|
'rsa-md5': '1.2.840.113549.1.1.4',
|
||
|
'rsa-sha1': '1.2.840.113549.1.1.5',
|
||
|
'rsa-sha256': '1.2.840.113549.1.1.11',
|
||
|
'rsa-sha384': '1.2.840.113549.1.1.12',
|
||
|
'rsa-sha512': '1.2.840.113549.1.1.13',
|
||
|
'dsa-sha1': '1.2.840.10040.4.3',
|
||
|
'dsa-sha256': '2.16.840.1.101.3.4.3.2',
|
||
|
'ecdsa-sha1': '1.2.840.10045.4.1',
|
||
|
'ecdsa-sha256': '1.2.840.10045.4.3.2',
|
||
|
'ecdsa-sha384': '1.2.840.10045.4.3.3',
|
||
|
'ecdsa-sha512': '1.2.840.10045.4.3.4',
|
||
|
'ed25519-sha512': '1.3.101.112'
|
||
|
};
|
||
|
Object.keys(SIGN_ALGS).forEach(function (k) {
|
||
|
SIGN_ALGS[SIGN_ALGS[k]] = k;
|
||
|
});
|
||
|
SIGN_ALGS['1.3.14.3.2.3'] = 'rsa-md5';
|
||
|
SIGN_ALGS['1.3.14.3.2.29'] = 'rsa-sha1';
|
||
|
|
||
|
var EXTS = {
|
||
|
'issuerKeyId': '2.5.29.35',
|
||
|
'altName': '2.5.29.17',
|
||
|
'basicConstraints': '2.5.29.19',
|
||
|
'keyUsage': '2.5.29.15',
|
||
|
'extKeyUsage': '2.5.29.37'
|
||
|
};
|
||
|
|
||
|
function read(buf, options) {
|
||
|
if (typeof (buf) === 'string') {
|
||
|
buf = Buffer.from(buf, 'binary');
|
||
|
}
|
||
|
assert.buffer(buf, 'buf');
|
||
|
|
||
|
var der = new asn1.BerReader(buf);
|
||
|
|
||
|
der.readSequence();
|
||
|
if (Math.abs(der.length - der.remain) > 1) {
|
||
|
throw (new Error('DER sequence does not contain whole byte ' +
|
||
|
'stream'));
|
||
|
}
|
||
|
|
||
|
var tbsStart = der.offset;
|
||
|
der.readSequence();
|
||
|
var sigOffset = der.offset + der.length;
|
||
|
var tbsEnd = sigOffset;
|
||
|
|
||
|
if (der.peek() === Local(0)) {
|
||
|
der.readSequence(Local(0));
|
||
|
var version = der.readInt();
|
||
|
assert.ok(version <= 3,
|
||
|
'only x.509 versions up to v3 supported');
|
||
|
}
|
||
|
|
||
|
var cert = {};
|
||
|
cert.signatures = {};
|
||
|
var sig = (cert.signatures.x509 = {});
|
||
|
sig.extras = {};
|
||
|
|
||
|
cert.serial = readMPInt(der, 'serial');
|
||
|
|
||
|
der.readSequence();
|
||
|
var after = der.offset + der.length;
|
||
|
var certAlgOid = der.readOID();
|
||
|
var certAlg = SIGN_ALGS[certAlgOid];
|
||
|
if (certAlg === undefined)
|
||
|
throw (new Error('unknown signature algorithm ' + certAlgOid));
|
||
|
|
||
|
der._offset = after;
|
||
|
cert.issuer = Identity.parseAsn1(der);
|
||
|
|
||
|
der.readSequence();
|
||
|
cert.validFrom = readDate(der);
|
||
|
cert.validUntil = readDate(der);
|
||
|
|
||
|
cert.subjects = [Identity.parseAsn1(der)];
|
||
|
|
||
|
der.readSequence();
|
||
|
after = der.offset + der.length;
|
||
|
cert.subjectKey = pkcs8.readPkcs8(undefined, 'public', der);
|
||
|
der._offset = after;
|
||
|
|
||
|
/* issuerUniqueID */
|
||
|
if (der.peek() === Local(1)) {
|
||
|
der.readSequence(Local(1));
|
||
|
sig.extras.issuerUniqueID =
|
||
|
buf.slice(der.offset, der.offset + der.length);
|
||
|
der._offset += der.length;
|
||
|
}
|
||
|
|
||
|
/* subjectUniqueID */
|
||
|
if (der.peek() === Local(2)) {
|
||
|
der.readSequence(Local(2));
|
||
|
sig.extras.subjectUniqueID =
|
||
|
buf.slice(der.offset, der.offset + der.length);
|
||
|
der._offset += der.length;
|
||
|
}
|
||
|
|
||
|
/* extensions */
|
||
|
if (der.peek() === Local(3)) {
|
||
|
der.readSequence(Local(3));
|
||
|
var extEnd = der.offset + der.length;
|
||
|
der.readSequence();
|
||
|
|
||
|
while (der.offset < extEnd)
|
||
|
readExtension(cert, buf, der);
|
||
|
|
||
|
assert.strictEqual(der.offset, extEnd);
|
||
|
}
|
||
|
|
||
|
assert.strictEqual(der.offset, sigOffset);
|
||
|
|
||
|
der.readSequence();
|
||
|
after = der.offset + der.length;
|
||
|
var sigAlgOid = der.readOID();
|
||
|
var sigAlg = SIGN_ALGS[sigAlgOid];
|
||
|
if (sigAlg === undefined)
|
||
|
throw (new Error('unknown signature algorithm ' + sigAlgOid));
|
||
|
der._offset = after;
|
||
|
|
||
|
var sigData = der.readString(asn1.Ber.BitString, true);
|
||
|
if (sigData[0] === 0)
|
||
|
sigData = sigData.slice(1);
|
||
|
var algParts = sigAlg.split('-');
|
||
|
|
||
|
sig.signature = Signature.parse(sigData, algParts[0], 'asn1');
|
||
|
sig.signature.hashAlgorithm = algParts[1];
|
||
|
sig.algo = sigAlg;
|
||
|
sig.cache = buf.slice(tbsStart, tbsEnd);
|
||
|
|
||
|
return (new Certificate(cert));
|
||
|
}
|
||
|
|
||
|
function readDate(der) {
|
||
|
if (der.peek() === asn1.Ber.UTCTime) {
|
||
|
return (utcTimeToDate(der.readString(asn1.Ber.UTCTime)));
|
||
|
} else if (der.peek() === asn1.Ber.GeneralizedTime) {
|
||
|
return (gTimeToDate(der.readString(asn1.Ber.GeneralizedTime)));
|
||
|
} else {
|
||
|
throw (new Error('Unsupported date format'));
|
||
|
}
|
||
|
}
|
||
|
|
||
|
function writeDate(der, date) {
|
||
|
if (date.getUTCFullYear() >= 2050 || date.getUTCFullYear() < 1950) {
|
||
|
der.writeString(dateToGTime(date), asn1.Ber.GeneralizedTime);
|
||
|
} else {
|
||
|
der.writeString(dateToUTCTime(date), asn1.Ber.UTCTime);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* RFC5280, section 4.2.1.6 (GeneralName type) */
|
||
|
var ALTNAME = {
|
||
|
OtherName: Local(0),
|
||
|
RFC822Name: Context(1),
|
||
|
DNSName: Context(2),
|
||
|
X400Address: Local(3),
|
||
|
DirectoryName: Local(4),
|
||
|
EDIPartyName: Local(5),
|
||
|
URI: Context(6),
|
||
|
IPAddress: Context(7),
|
||
|
OID: Context(8)
|
||
|
};
|
||
|
|
||
|
/* RFC5280, section 4.2.1.12 (KeyPurposeId) */
|
||
|
var EXTPURPOSE = {
|
||
|
'serverAuth': '1.3.6.1.5.5.7.3.1',
|
||
|
'clientAuth': '1.3.6.1.5.5.7.3.2',
|
||
|
'codeSigning': '1.3.6.1.5.5.7.3.3',
|
||
|
|
||
|
/* See https://github.com/joyent/oid-docs/blob/master/root.md */
|
||
|
'joyentDocker': '1.3.6.1.4.1.38678.1.4.1',
|
||
|
'joyentCmon': '1.3.6.1.4.1.38678.1.4.2'
|
||
|
};
|
||
|
var EXTPURPOSE_REV = {};
|
||
|
Object.keys(EXTPURPOSE).forEach(function (k) {
|
||
|
EXTPURPOSE_REV[EXTPURPOSE[k]] = k;
|
||
|
});
|
||
|
|
||
|
var KEYUSEBITS = [
|
||
|
'signature', 'identity', 'keyEncryption',
|
||
|
'encryption', 'keyAgreement', 'ca', 'crl'
|
||
|
];
|
||
|
|
||
|
function readExtension(cert, buf, der) {
|
||
|
der.readSequence();
|
||
|
var after = der.offset + der.length;
|
||
|
var extId = der.readOID();
|
||
|
var id;
|
||
|
var sig = cert.signatures.x509;
|
||
|
if (!sig.extras.exts)
|
||
|
sig.extras.exts = [];
|
||
|
|
||
|
var critical;
|
||
|
if (der.peek() === asn1.Ber.Boolean)
|
||
|
critical = der.readBoolean();
|
||
|
|
||
|
switch (extId) {
|
||
|
case (EXTS.basicConstraints):
|
||
|
der.readSequence(asn1.Ber.OctetString);
|
||
|
der.readSequence();
|
||
|
var bcEnd = der.offset + der.length;
|
||
|
var ca = false;
|
||
|
if (der.peek() === asn1.Ber.Boolean)
|
||
|
ca = der.readBoolean();
|
||
|
if (cert.purposes === undefined)
|
||
|
cert.purposes = [];
|
||
|
if (ca === true)
|
||
|
cert.purposes.push('ca');
|
||
|
var bc = { oid: extId, critical: critical };
|
||
|
if (der.offset < bcEnd && der.peek() === asn1.Ber.Integer)
|
||
|
bc.pathLen = der.readInt();
|
||
|
sig.extras.exts.push(bc);
|
||
|
break;
|
||
|
case (EXTS.extKeyUsage):
|
||
|
der.readSequence(asn1.Ber.OctetString);
|
||
|
der.readSequence();
|
||
|
if (cert.purposes === undefined)
|
||
|
cert.purposes = [];
|
||
|
var ekEnd = der.offset + der.length;
|
||
|
while (der.offset < ekEnd) {
|
||
|
var oid = der.readOID();
|
||
|
cert.purposes.push(EXTPURPOSE_REV[oid] || oid);
|
||
|
}
|
||
|
/*
|
||
|
* This is a bit of a hack: in the case where we have a cert
|
||
|
* that's only allowed to do serverAuth or clientAuth (and not
|
||
|
* the other), we want to make sure all our Subjects are of
|
||
|
* the right type. But we already parsed our Subjects and
|
||
|
* decided if they were hosts or users earlier (since it appears
|
||
|
* first in the cert).
|
||
|
*
|
||
|
* So we go through and mutate them into the right kind here if
|
||
|
* it doesn't match. This might not be hugely beneficial, as it
|
||
|
* seems that single-purpose certs are not often seen in the
|
||
|
* wild.
|
||
|
*/
|
||
|
if (cert.purposes.indexOf('serverAuth') !== -1 &&
|
||
|
cert.purposes.indexOf('clientAuth') === -1) {
|
||
|
cert.subjects.forEach(function (ide) {
|
||
|
if (ide.type !== 'host') {
|
||
|
ide.type = 'host';
|
||
|
ide.hostname = ide.uid ||
|
||
|
ide.email ||
|
||
|
ide.components[0].value;
|
||
|
}
|
||
|
});
|
||
|
} else if (cert.purposes.indexOf('clientAuth') !== -1 &&
|
||
|
cert.purposes.indexOf('serverAuth') === -1) {
|
||
|
cert.subjects.forEach(function (ide) {
|
||
|
if (ide.type !== 'user') {
|
||
|
ide.type = 'user';
|
||
|
ide.uid = ide.hostname ||
|
||
|
ide.email ||
|
||
|
ide.components[0].value;
|
||
|
}
|
||
|
});
|
||
|
}
|
||
|
sig.extras.exts.push({ oid: extId, critical: critical });
|
||
|
break;
|
||
|
case (EXTS.keyUsage):
|
||
|
der.readSequence(asn1.Ber.OctetString);
|
||
|
var bits = der.readString(asn1.Ber.BitString, true);
|
||
|
var setBits = readBitField(bits, KEYUSEBITS);
|
||
|
setBits.forEach(function (bit) {
|
||
|
if (cert.purposes === undefined)
|
||
|
cert.purposes = [];
|
||
|
if (cert.purposes.indexOf(bit) === -1)
|
||
|
cert.purposes.push(bit);
|
||
|
});
|
||
|
sig.extras.exts.push({ oid: extId, critical: critical,
|
||
|
bits: bits });
|
||
|
break;
|
||
|
case (EXTS.altName):
|
||
|
der.readSequence(asn1.Ber.OctetString);
|
||
|
der.readSequence();
|
||
|
var aeEnd = der.offset + der.length;
|
||
|
while (der.offset < aeEnd) {
|
||
|
switch (der.peek()) {
|
||
|
case ALTNAME.OtherName:
|
||
|
case ALTNAME.EDIPartyName:
|
||
|
der.readSequence();
|
||
|
der._offset += der.length;
|
||
|
break;
|
||
|
case ALTNAME.OID:
|
||
|
der.readOID(ALTNAME.OID);
|
||
|
break;
|
||
|
case ALTNAME.RFC822Name:
|
||
|
/* RFC822 specifies email addresses */
|
||
|
var email = der.readString(ALTNAME.RFC822Name);
|
||
|
id = Identity.forEmail(email);
|
||
|
if (!cert.subjects[0].equals(id))
|
||
|
cert.subjects.push(id);
|
||
|
break;
|
||
|
case ALTNAME.DirectoryName:
|
||
|
der.readSequence(ALTNAME.DirectoryName);
|
||
|
id = Identity.parseAsn1(der);
|
||
|
if (!cert.subjects[0].equals(id))
|
||
|
cert.subjects.push(id);
|
||
|
break;
|
||
|
case ALTNAME.DNSName:
|
||
|
var host = der.readString(
|
||
|
ALTNAME.DNSName);
|
||
|
id = Identity.forHost(host);
|
||
|
if (!cert.subjects[0].equals(id))
|
||
|
cert.subjects.push(id);
|
||
|
break;
|
||
|
default:
|
||
|
der.readString(der.peek());
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
sig.extras.exts.push({ oid: extId, critical: critical });
|
||
|
break;
|
||
|
default:
|
||
|
sig.extras.exts.push({
|
||
|
oid: extId,
|
||
|
critical: critical,
|
||
|
data: der.readString(asn1.Ber.OctetString, true)
|
||
|
});
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
der._offset = after;
|
||
|
}
|
||
|
|
||
|
var UTCTIME_RE =
|
||
|
/^([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})?Z$/;
|
||
|
function utcTimeToDate(t) {
|
||
|
var m = t.match(UTCTIME_RE);
|
||
|
assert.ok(m, 'timestamps must be in UTC');
|
||
|
var d = new Date();
|
||
|
|
||
|
var thisYear = d.getUTCFullYear();
|
||
|
var century = Math.floor(thisYear / 100) * 100;
|
||
|
|
||
|
var year = parseInt(m[1], 10);
|
||
|
if (thisYear % 100 < 50 && year >= 60)
|
||
|
year += (century - 1);
|
||
|
else
|
||
|
year += century;
|
||
|
d.setUTCFullYear(year, parseInt(m[2], 10) - 1, parseInt(m[3], 10));
|
||
|
d.setUTCHours(parseInt(m[4], 10), parseInt(m[5], 10));
|
||
|
if (m[6] && m[6].length > 0)
|
||
|
d.setUTCSeconds(parseInt(m[6], 10));
|
||
|
return (d);
|
||
|
}
|
||
|
|
||
|
var GTIME_RE =
|
||
|
/^([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})?Z$/;
|
||
|
function gTimeToDate(t) {
|
||
|
var m = t.match(GTIME_RE);
|
||
|
assert.ok(m);
|
||
|
var d = new Date();
|
||
|
|
||
|
d.setUTCFullYear(parseInt(m[1], 10), parseInt(m[2], 10) - 1,
|
||
|
parseInt(m[3], 10));
|
||
|
d.setUTCHours(parseInt(m[4], 10), parseInt(m[5], 10));
|
||
|
if (m[6] && m[6].length > 0)
|
||
|
d.setUTCSeconds(parseInt(m[6], 10));
|
||
|
return (d);
|
||
|
}
|
||
|
|
||
|
function zeroPad(n, m) {
|
||
|
if (m === undefined)
|
||
|
m = 2;
|
||
|
var s = '' + n;
|
||
|
while (s.length < m)
|
||
|
s = '0' + s;
|
||
|
return (s);
|
||
|
}
|
||
|
|
||
|
function dateToUTCTime(d) {
|
||
|
var s = '';
|
||
|
s += zeroPad(d.getUTCFullYear() % 100);
|
||
|
s += zeroPad(d.getUTCMonth() + 1);
|
||
|
s += zeroPad(d.getUTCDate());
|
||
|
s += zeroPad(d.getUTCHours());
|
||
|
s += zeroPad(d.getUTCMinutes());
|
||
|
s += zeroPad(d.getUTCSeconds());
|
||
|
s += 'Z';
|
||
|
return (s);
|
||
|
}
|
||
|
|
||
|
function dateToGTime(d) {
|
||
|
var s = '';
|
||
|
s += zeroPad(d.getUTCFullYear(), 4);
|
||
|
s += zeroPad(d.getUTCMonth() + 1);
|
||
|
s += zeroPad(d.getUTCDate());
|
||
|
s += zeroPad(d.getUTCHours());
|
||
|
s += zeroPad(d.getUTCMinutes());
|
||
|
s += zeroPad(d.getUTCSeconds());
|
||
|
s += 'Z';
|
||
|
return (s);
|
||
|
}
|
||
|
|
||
|
function sign(cert, key) {
|
||
|
if (cert.signatures.x509 === undefined)
|
||
|
cert.signatures.x509 = {};
|
||
|
var sig = cert.signatures.x509;
|
||
|
|
||
|
sig.algo = key.type + '-' + key.defaultHashAlgorithm();
|
||
|
if (SIGN_ALGS[sig.algo] === undefined)
|
||
|
return (false);
|
||
|
|
||
|
var der = new asn1.BerWriter();
|
||
|
writeTBSCert(cert, der);
|
||
|
var blob = der.buffer;
|
||
|
sig.cache = blob;
|
||
|
|
||
|
var signer = key.createSign();
|
||
|
signer.write(blob);
|
||
|
cert.signatures.x509.signature = signer.sign();
|
||
|
|
||
|
return (true);
|
||
|
}
|
||
|
|
||
|
function signAsync(cert, signer, done) {
|
||
|
if (cert.signatures.x509 === undefined)
|
||
|
cert.signatures.x509 = {};
|
||
|
var sig = cert.signatures.x509;
|
||
|
|
||
|
var der = new asn1.BerWriter();
|
||
|
writeTBSCert(cert, der);
|
||
|
var blob = der.buffer;
|
||
|
sig.cache = blob;
|
||
|
|
||
|
signer(blob, function (err, signature) {
|
||
|
if (err) {
|
||
|
done(err);
|
||
|
return;
|
||
|
}
|
||
|
sig.algo = signature.type + '-' + signature.hashAlgorithm;
|
||
|
if (SIGN_ALGS[sig.algo] === undefined) {
|
||
|
done(new Error('Invalid signing algorithm "' +
|
||
|
sig.algo + '"'));
|
||
|
return;
|
||
|
}
|
||
|
sig.signature = signature;
|
||
|
done();
|
||
|
});
|
||
|
}
|
||
|
|
||
|
function write(cert, options) {
|
||
|
var sig = cert.signatures.x509;
|
||
|
assert.object(sig, 'x509 signature');
|
||
|
|
||
|
var der = new asn1.BerWriter();
|
||
|
der.startSequence();
|
||
|
if (sig.cache) {
|
||
|
der._ensure(sig.cache.length);
|
||
|
sig.cache.copy(der._buf, der._offset);
|
||
|
der._offset += sig.cache.length;
|
||
|
} else {
|
||
|
writeTBSCert(cert, der);
|
||
|
}
|
||
|
|
||
|
der.startSequence();
|
||
|
der.writeOID(SIGN_ALGS[sig.algo]);
|
||
|
if (sig.algo.match(/^rsa-/))
|
||
|
der.writeNull();
|
||
|
der.endSequence();
|
||
|
|
||
|
var sigData = sig.signature.toBuffer('asn1');
|
||
|
var data = Buffer.alloc(sigData.length + 1);
|
||
|
data[0] = 0;
|
||
|
sigData.copy(data, 1);
|
||
|
der.writeBuffer(data, asn1.Ber.BitString);
|
||
|
der.endSequence();
|
||
|
|
||
|
return (der.buffer);
|
||
|
}
|
||
|
|
||
|
function writeTBSCert(cert, der) {
|
||
|
var sig = cert.signatures.x509;
|
||
|
assert.object(sig, 'x509 signature');
|
||
|
|
||
|
der.startSequence();
|
||
|
|
||
|
der.startSequence(Local(0));
|
||
|
der.writeInt(2);
|
||
|
der.endSequence();
|
||
|
|
||
|
der.writeBuffer(utils.mpNormalize(cert.serial), asn1.Ber.Integer);
|
||
|
|
||
|
der.startSequence();
|
||
|
der.writeOID(SIGN_ALGS[sig.algo]);
|
||
|
if (sig.algo.match(/^rsa-/))
|
||
|
der.writeNull();
|
||
|
der.endSequence();
|
||
|
|
||
|
cert.issuer.toAsn1(der);
|
||
|
|
||
|
der.startSequence();
|
||
|
writeDate(der, cert.validFrom);
|
||
|
writeDate(der, cert.validUntil);
|
||
|
der.endSequence();
|
||
|
|
||
|
var subject = cert.subjects[0];
|
||
|
var altNames = cert.subjects.slice(1);
|
||
|
subject.toAsn1(der);
|
||
|
|
||
|
pkcs8.writePkcs8(der, cert.subjectKey);
|
||
|
|
||
|
if (sig.extras && sig.extras.issuerUniqueID) {
|
||
|
der.writeBuffer(sig.extras.issuerUniqueID, Local(1));
|
||
|
}
|
||
|
|
||
|
if (sig.extras && sig.extras.subjectUniqueID) {
|
||
|
der.writeBuffer(sig.extras.subjectUniqueID, Local(2));
|
||
|
}
|
||
|
|
||
|
if (altNames.length > 0 || subject.type === 'host' ||
|
||
|
(cert.purposes !== undefined && cert.purposes.length > 0) ||
|
||
|
(sig.extras && sig.extras.exts)) {
|
||
|
der.startSequence(Local(3));
|
||
|
der.startSequence();
|
||
|
|
||
|
var exts = [];
|
||
|
if (cert.purposes !== undefined && cert.purposes.length > 0) {
|
||
|
exts.push({
|
||
|
oid: EXTS.basicConstraints,
|
||
|
critical: true
|
||
|
});
|
||
|
exts.push({
|
||
|
oid: EXTS.keyUsage,
|
||
|
critical: true
|
||
|
});
|
||
|
exts.push({
|
||
|
oid: EXTS.extKeyUsage,
|
||
|
critical: true
|
||
|
});
|
||
|
}
|
||
|
exts.push({ oid: EXTS.altName });
|
||
|
if (sig.extras && sig.extras.exts)
|
||
|
exts = sig.extras.exts;
|
||
|
|
||
|
for (var i = 0; i < exts.length; ++i) {
|
||
|
der.startSequence();
|
||
|
der.writeOID(exts[i].oid);
|
||
|
|
||
|
if (exts[i].critical !== undefined)
|
||
|
der.writeBoolean(exts[i].critical);
|
||
|
|
||
|
if (exts[i].oid === EXTS.altName) {
|
||
|
der.startSequence(asn1.Ber.OctetString);
|
||
|
der.startSequence();
|
||
|
if (subject.type === 'host') {
|
||
|
der.writeString(subject.hostname,
|
||
|
Context(2));
|
||
|
}
|
||
|
for (var j = 0; j < altNames.length; ++j) {
|
||
|
if (altNames[j].type === 'host') {
|
||
|
der.writeString(
|
||
|
altNames[j].hostname,
|
||
|
ALTNAME.DNSName);
|
||
|
} else if (altNames[j].type ===
|
||
|
'email') {
|
||
|
der.writeString(
|
||
|
altNames[j].email,
|
||
|
ALTNAME.RFC822Name);
|
||
|
} else {
|
||
|
/*
|
||
|
* Encode anything else as a
|
||
|
* DN style name for now.
|
||
|
*/
|
||
|
der.startSequence(
|
||
|
ALTNAME.DirectoryName);
|
||
|
altNames[j].toAsn1(der);
|
||
|
der.endSequence();
|
||
|
}
|
||
|
}
|
||
|
der.endSequence();
|
||
|
der.endSequence();
|
||
|
} else if (exts[i].oid === EXTS.basicConstraints) {
|
||
|
der.startSequence(asn1.Ber.OctetString);
|
||
|
der.startSequence();
|
||
|
var ca = (cert.purposes.indexOf('ca') !== -1);
|
||
|
var pathLen = exts[i].pathLen;
|
||
|
der.writeBoolean(ca);
|
||
|
if (pathLen !== undefined)
|
||
|
der.writeInt(pathLen);
|
||
|
der.endSequence();
|
||
|
der.endSequence();
|
||
|
} else if (exts[i].oid === EXTS.extKeyUsage) {
|
||
|
der.startSequence(asn1.Ber.OctetString);
|
||
|
der.startSequence();
|
||
|
cert.purposes.forEach(function (purpose) {
|
||
|
if (purpose === 'ca')
|
||
|
return;
|
||
|
if (KEYUSEBITS.indexOf(purpose) !== -1)
|
||
|
return;
|
||
|
var oid = purpose;
|
||
|
if (EXTPURPOSE[purpose] !== undefined)
|
||
|
oid = EXTPURPOSE[purpose];
|
||
|
der.writeOID(oid);
|
||
|
});
|
||
|
der.endSequence();
|
||
|
der.endSequence();
|
||
|
} else if (exts[i].oid === EXTS.keyUsage) {
|
||
|
der.startSequence(asn1.Ber.OctetString);
|
||
|
/*
|
||
|
* If we parsed this certificate from a byte
|
||
|
* stream (i.e. we didn't generate it in sshpk)
|
||
|
* then we'll have a ".bits" property on the
|
||
|
* ext with the original raw byte contents.
|
||
|
*
|
||
|
* If we have this, use it here instead of
|
||
|
* regenerating it. This guarantees we output
|
||
|
* the same data we parsed, so signatures still
|
||
|
* validate.
|
||
|
*/
|
||
|
if (exts[i].bits !== undefined) {
|
||
|
der.writeBuffer(exts[i].bits,
|
||
|
asn1.Ber.BitString);
|
||
|
} else {
|
||
|
var bits = writeBitField(cert.purposes,
|
||
|
KEYUSEBITS);
|
||
|
der.writeBuffer(bits,
|
||
|
asn1.Ber.BitString);
|
||
|
}
|
||
|
der.endSequence();
|
||
|
} else {
|
||
|
der.writeBuffer(exts[i].data,
|
||
|
asn1.Ber.OctetString);
|
||
|
}
|
||
|
|
||
|
der.endSequence();
|
||
|
}
|
||
|
|
||
|
der.endSequence();
|
||
|
der.endSequence();
|
||
|
}
|
||
|
|
||
|
der.endSequence();
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Reads an ASN.1 BER bitfield out of the Buffer produced by doing
|
||
|
* `BerReader#readString(asn1.Ber.BitString)`. That function gives us the raw
|
||
|
* contents of the BitString tag, which is a count of unused bits followed by
|
||
|
* the bits as a right-padded byte string.
|
||
|
*
|
||
|
* `bits` is the Buffer, `bitIndex` should contain an array of string names
|
||
|
* for the bits in the string, ordered starting with bit #0 in the ASN.1 spec.
|
||
|
*
|
||
|
* Returns an array of Strings, the names of the bits that were set to 1.
|
||
|
*/
|
||
|
function readBitField(bits, bitIndex) {
|
||
|
var bitLen = 8 * (bits.length - 1) - bits[0];
|
||
|
var setBits = {};
|
||
|
for (var i = 0; i < bitLen; ++i) {
|
||
|
var byteN = 1 + Math.floor(i / 8);
|
||
|
var bit = 7 - (i % 8);
|
||
|
var mask = 1 << bit;
|
||
|
var bitVal = ((bits[byteN] & mask) !== 0);
|
||
|
var name = bitIndex[i];
|
||
|
if (bitVal && typeof (name) === 'string') {
|
||
|
setBits[name] = true;
|
||
|
}
|
||
|
}
|
||
|
return (Object.keys(setBits));
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* `setBits` is an array of strings, containing the names for each bit that
|
||
|
* sould be set to 1. `bitIndex` is same as in `readBitField()`.
|
||
|
*
|
||
|
* Returns a Buffer, ready to be written out with `BerWriter#writeString()`.
|
||
|
*/
|
||
|
function writeBitField(setBits, bitIndex) {
|
||
|
var bitLen = bitIndex.length;
|
||
|
var blen = Math.ceil(bitLen / 8);
|
||
|
var unused = blen * 8 - bitLen;
|
||
|
var bits = Buffer.alloc(1 + blen); // zero-filled
|
||
|
bits[0] = unused;
|
||
|
for (var i = 0; i < bitLen; ++i) {
|
||
|
var byteN = 1 + Math.floor(i / 8);
|
||
|
var bit = 7 - (i % 8);
|
||
|
var mask = 1 << bit;
|
||
|
var name = bitIndex[i];
|
||
|
if (name === undefined)
|
||
|
continue;
|
||
|
var bitVal = (setBits.indexOf(name) !== -1);
|
||
|
if (bitVal) {
|
||
|
bits[byteN] |= mask;
|
||
|
}
|
||
|
}
|
||
|
return (bits);
|
||
|
}
|