From cf5b75a49b1923248ea7cf559a132804d282d2bb Mon Sep 17 00:00:00 2001 From: Etienne Rossignon Date: Sun, 13 Oct 2024 22:10:14 +0200 Subject: [PATCH] refactor asn1 support --- packages/node-opcua-crypto/source/asn1.ts | 85 +++++--------- .../source/crypto_explore_certificate.ts | 107 +++++++++--------- .../source/directory_name.ts | 33 ++++++ .../source/explore_certificate.ts | 2 +- .../explore_certificate_revocation_list.ts | 53 ++++----- .../explore_certificate_signing_request.ts | 19 +++- .../source/explore_private_key.ts | 9 +- packages/node-opcua-crypto/source/index.ts | 2 - .../node-opcua-crypto/source/index_web.ts | 5 + .../source/verify_certificate_signature.ts | 2 +- 10 files changed, 166 insertions(+), 151 deletions(-) create mode 100644 packages/node-opcua-crypto/source/directory_name.ts diff --git a/packages/node-opcua-crypto/source/asn1.ts b/packages/node-opcua-crypto/source/asn1.ts index fb05dbe..50da4cc 100644 --- a/packages/node-opcua-crypto/source/asn1.ts +++ b/packages/node-opcua-crypto/source/asn1.ts @@ -1,6 +1,6 @@ import assert from "assert"; import { oid_map } from "./oid_map.js"; - +import { DirectoryName } from "./directory_name.js"; // https://github.com/lapo-luchini/asn1js/blob/master/asn1.js export enum TagType { BOOLEAN = 0x01, @@ -107,9 +107,9 @@ export interface BitString { debug?: any; } -export function _readBitString(buffer: Buffer, block: BlockInfo): BitString { +export function readBitString(buffer: Buffer, block: BlockInfo): BitString { assert(block.tag === TagType.BIT_STRING); - const data = _getBlock(buffer, block); + const data = getBlock(buffer, block); // number of skipped bits const ignore_bits = data.readUInt8(0); @@ -133,7 +133,7 @@ export function formatBuffer2DigitHexWithColum(buffer: Buffer): string { .replace(/^(00:)*/, ""); } -export function _readOctetString(buffer: Buffer, block: BlockInfo): Buffer { +export function readOctetString(buffer: Buffer, block: BlockInfo): Buffer { assert(block.tag === TagType.OCTET_STRING); const tag = readTag(buffer, block.position); assert(tag.tag === TagType.OCTET_STRING); @@ -144,7 +144,7 @@ export function _readOctetString(buffer: Buffer, block: BlockInfo): Buffer { return b; } -export function _getBlock(buffer: Buffer, block: BlockInfo): Buffer { +export function getBlock(buffer: Buffer, block: BlockInfo): Buffer { const start = block.position; const end = block.position + block.length; return buffer.subarray(start, end); @@ -154,15 +154,15 @@ export interface AlgorithmIdentifier { identifier: string; } -export function _readIntegerAsByteString(buffer: Buffer, block: BlockInfo): Buffer { - return _getBlock(buffer, block); +export function readIntegerAsByteString(buffer: Buffer, block: BlockInfo): Buffer { + return getBlock(buffer, block); } -export function _readListOfInteger(buffer: Buffer): Buffer[] { +export function readListOfInteger(buffer: Buffer): Buffer[] { const block = readTag(buffer, 0); const inner_blocks = readStruct(buffer, block); return inner_blocks.map((innerBlock: BlockInfo) => { - return _readIntegerAsByteString(buffer, innerBlock); + return readIntegerAsByteString(buffer, innerBlock); }); } @@ -197,7 +197,7 @@ function parseOID(buffer: Buffer, start: number, end: number): string { return s; } -export function _readObjectIdentifier(buffer: Buffer, block: BlockInfo): { oid: string; name: string } { +export function readObjectIdentifier(buffer: Buffer, block: BlockInfo): { oid: string; name: string } { assert(block.tag === TagType.OBJECT_IDENTIFIER); const b = buffer.subarray(block.position, block.position + block.length); const oid = parseOID(b, 0, block.length); @@ -210,28 +210,28 @@ export function _readObjectIdentifier(buffer: Buffer, block: BlockInfo): { oid: export function readAlgorithmIdentifier(buffer: Buffer, block: BlockInfo): AlgorithmIdentifier { const inner_blocks = readStruct(buffer, block); return { - identifier: _readObjectIdentifier(buffer, inner_blocks[0]).name, + identifier: readObjectIdentifier(buffer, inner_blocks[0]).name, }; } -export function _readECCAlgorithmIdentifier(buffer: Buffer, block: BlockInfo): AlgorithmIdentifier { +export function readECCAlgorithmIdentifier(buffer: Buffer, block: BlockInfo): AlgorithmIdentifier { const inner_blocks = readStruct(buffer, block); return { - identifier: _readObjectIdentifier(buffer, inner_blocks[1]).name, // difference with RSA as algorithm is second element of nested block + identifier: readObjectIdentifier(buffer, inner_blocks[1]).name, // difference with RSA as algorithm is second element of nested block }; } export type SignatureValue = string; export function readSignatureValueBin(buffer: Buffer, block: BlockInfo): Buffer { - return _readBitString(buffer, block).data; + return readBitString(buffer, block).data; } export function readSignatureValue(buffer: Buffer, block: BlockInfo): SignatureValue { return readSignatureValueBin(buffer, block).toString("hex"); } -export function _readLongIntegerValue(buffer: Buffer, block: BlockInfo): Buffer { +export function readLongIntegerValue(buffer: Buffer, block: BlockInfo): Buffer { assert(block.tag === TagType.INTEGER, "expecting a INTEGER tag"); const pos = block.position; const nbBytes = block.length; @@ -239,7 +239,7 @@ export function _readLongIntegerValue(buffer: Buffer, block: BlockInfo): Buffer return buf; } -export function _readIntegerValue(buffer: Buffer, block: BlockInfo): number { +export function readIntegerValue(buffer: Buffer, block: BlockInfo): number { assert(block.tag === TagType.INTEGER, "expecting a INTEGER tag"); let pos = block.position; const nbBytes = block.length; @@ -252,7 +252,7 @@ export function _readIntegerValue(buffer: Buffer, block: BlockInfo): number { return value; } -export function _readBooleanValue(buffer: Buffer, block: BlockInfo): boolean { +export function readBooleanValue(buffer: Buffer, block: BlockInfo): boolean { assert(block.tag === TagType.BOOLEAN, "expecting a BOOLEAN tag. got " + TagType[block.tag]); const pos = block.position; const nbBytes = block.length; @@ -261,9 +261,9 @@ export function _readBooleanValue(buffer: Buffer, block: BlockInfo): boolean { return value as boolean; } -export function _readVersionValue(buffer: Buffer, block: BlockInfo): number { +export function readVersionValue(buffer: Buffer, block: BlockInfo): number { block = readTag(buffer, block.position); - return _readIntegerValue(buffer, block); + return readIntegerValue(buffer, block); } /* @@ -292,7 +292,7 @@ function convertGeneralizedTime(str: string): Date { } function _readBMPString(buffer: Buffer, block: BlockInfo): string { - const strBuff = _getBlock(buffer, block); + const strBuff = getBlock(buffer, block); let str = ""; for (let i = 0; i < strBuff.length; i += 2) { const word = strBuff.readUInt16BE(i); @@ -343,10 +343,10 @@ function convertUTCTime(str: string): Date { return new Date(Date.UTC(year, month, day, hours, mins, secs)); } -export function _readValue(buffer: Buffer, block: BlockInfo): any { +export function readValue(buffer: Buffer, block: BlockInfo): any { switch (block.tag) { case TagType.BOOLEAN: - return _readBooleanValue(buffer, block); + return readBooleanValue(buffer, block); case TagType.BMPString: return _readBMPString(buffer, block); case TagType.PrintableString: @@ -354,51 +354,24 @@ export function _readValue(buffer: Buffer, block: BlockInfo): any { case TagType.UTF8String: case TagType.NumericString: case TagType.IA5String: - return _getBlock(buffer, block).toString("ascii"); + return getBlock(buffer, block).toString("ascii"); case TagType.UTCTime: - return convertUTCTime(_getBlock(buffer, block).toString("ascii")); + return convertUTCTime(getBlock(buffer, block).toString("ascii")); case TagType.GeneralizedTime: - return convertGeneralizedTime(_getBlock(buffer, block).toString("ascii")); + return convertGeneralizedTime(getBlock(buffer, block).toString("ascii")); default: throw new Error("Invalid tag 0x" + block.tag.toString(16) + ""); //xx return " ??? <" + block.tag + ">"; } } -export interface DirectoryName { - stateOrProvinceName?: string; - localityName?: string; - organizationName?: string; - organizationUnitName?: string; - commonName?: string; - countryName?: string; -} + export function compactDirectoryName(d: DirectoryName): string { return JSON.stringify(d); } -export function _readDirectoryName(buffer: Buffer, block: BlockInfo): DirectoryName { - // AttributeTypeAndValue ::= SEQUENCE { - // type ATTRIBUTE.&id({SupportedAttributes}), - // value ATTRIBUTE.&Type({SupportedAttributes}{@type}), - const set_blocks = readStruct(buffer, block); - const names: DirectoryName = {}; - for (const set_block of set_blocks) { - assert(set_block.tag === 0x31); - const blocks = readStruct(buffer, set_block); - assert(blocks.length === 1); - assert(blocks[0].tag === 0x30); - - const sequenceBlock = readStruct(buffer, blocks[0]); - assert(sequenceBlock.length === 2); - - const type = _readObjectIdentifier(buffer, sequenceBlock[0]); - (names as any)[type.name] = _readValue(buffer, sequenceBlock[1]); - } - return names; -} -export function _findBlockAtIndex(blocks: BlockInfo[], index: number): BlockInfo | null { +export function findBlockAtIndex(blocks: BlockInfo[], index: number): BlockInfo | null { const tmp = blocks.filter((b: BlockInfo) => b.tag === 0xa0 + index || b.tag === 0x80 + index); if (tmp.length === 0) { return null; @@ -406,6 +379,6 @@ export function _findBlockAtIndex(blocks: BlockInfo[], index: number): BlockInfo return tmp[0]; } -export function _readTime(buffer: Buffer, block: BlockInfo): any { - return _readValue(buffer, block); +export function readTime(buffer: Buffer, block: BlockInfo): any { + return readValue(buffer, block); } diff --git a/packages/node-opcua-crypto/source/crypto_explore_certificate.ts b/packages/node-opcua-crypto/source/crypto_explore_certificate.ts index ae52a67..b1ff1db 100644 --- a/packages/node-opcua-crypto/source/crypto_explore_certificate.ts +++ b/packages/node-opcua-crypto/source/crypto_explore_certificate.ts @@ -57,31 +57,30 @@ import assert from "assert"; import { - _readBitString, + AlgorithmIdentifier, BlockInfo, + SignatureValue, TagType, - readTag, - _getBlock, - readStruct, + findBlockAtIndex, formatBuffer2DigitHexWithColum, - _readOctetString, - AlgorithmIdentifier, - _readListOfInteger, - _readObjectIdentifier, + getBlock, readAlgorithmIdentifier, - _readECCAlgorithmIdentifier, - _readBooleanValue, - _readIntegerValue, - _readLongIntegerValue, - _readVersionValue, - SignatureValue, + readBitString, + readBooleanValue, + readECCAlgorithmIdentifier, + readIntegerValue, + readListOfInteger, + readLongIntegerValue, + readObjectIdentifier, + readOctetString, readSignatureValue, - DirectoryName, - _readValue, - _readTime, - _findBlockAtIndex, - _readDirectoryName, + readStruct, + readTag, + readTime, + readValue, + readVersionValue, } from "./asn1.js"; +import { DirectoryName, readDirectoryName } from "./directory_name.js"; import { Certificate } from "./common.js"; import { PublicKeyLength } from "./explore_certificate.js"; import { makeSHA1Thumbprint } from "./crypto_utils.js"; @@ -102,8 +101,8 @@ function _readAttributeTypeAndValue(buffer: Buffer, block: BlockInfo): Attribute inner_blocks = readStruct(buffer, inner_blocks[0]); const data = { - identifier: _readObjectIdentifier(buffer, inner_blocks[0]).name, - value: _readValue(buffer, inner_blocks[1]), + identifier: readObjectIdentifier(buffer, inner_blocks[0]).name, + value: readValue(buffer, inner_blocks[1]), }; const result: AttributeTypeAndValue = {}; @@ -140,8 +139,8 @@ export interface Validity { function _readValidity(buffer: Buffer, block: BlockInfo): Validity { const inner_blocks = readStruct(buffer, block); return { - notBefore: _readTime(buffer, inner_blocks[0]), - notAfter: _readTime(buffer, inner_blocks[1]), + notBefore: readTime(buffer, inner_blocks[0]), + notAfter: readTime(buffer, inner_blocks[1]), }; } @@ -166,23 +165,23 @@ function _readAuthorityKeyIdentifier(buffer: Buffer): AuthorityKeyIdentifier { const block_info = readTag(buffer, 0); const blocks = readStruct(buffer, block_info); - const keyIdentifier_block = _findBlockAtIndex(blocks, 0); - const authorityCertIssuer_block = _findBlockAtIndex(blocks, 1); - const authorityCertSerialNumber_block = _findBlockAtIndex(blocks, 2); + const keyIdentifier_block = findBlockAtIndex(blocks, 0); + const authorityCertIssuer_block = findBlockAtIndex(blocks, 1); + const authorityCertSerialNumber_block = findBlockAtIndex(blocks, 2); function _readAuthorityCertIssuer(block: BlockInfo): DirectoryName { const inner_blocks = readStruct(buffer, block); - const directoryName_block = _findBlockAtIndex(inner_blocks, 4); + const directoryName_block = findBlockAtIndex(inner_blocks, 4); if (directoryName_block) { const a = readStruct(buffer, directoryName_block); - return _readDirectoryName(buffer, a[0]); + return readDirectoryName(buffer, a[0]); } else { throw new Error("Invalid _readAuthorityCertIssuer"); } } function _readAuthorityCertIssuerFingerPrint(block: BlockInfo): string { const inner_blocks = readStruct(buffer, block); - const directoryName_block = _findBlockAtIndex(inner_blocks, 4)!; + const directoryName_block = findBlockAtIndex(inner_blocks, 4)!; if (!directoryName_block) { return ""; } @@ -190,7 +189,7 @@ function _readAuthorityKeyIdentifier(buffer: Buffer): AuthorityKeyIdentifier { if (a.length < 1) { return ""; } - return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, a[0]))) : ""; + return directoryName_block ? formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, a[0]))) : ""; } const authorityCertIssuer = authorityCertIssuer_block ? _readAuthorityCertIssuer(authorityCertIssuer_block) : null; @@ -202,9 +201,9 @@ function _readAuthorityKeyIdentifier(buffer: Buffer): AuthorityKeyIdentifier { authorityCertIssuer, authorityCertIssuerFingerPrint, serial: authorityCertSerialNumber_block - ? formatBuffer2DigitHexWithColum(_getBlock(buffer, authorityCertSerialNumber_block!)) + ? formatBuffer2DigitHexWithColum(getBlock(buffer, authorityCertSerialNumber_block!)) : null, // can be null for self-signed cert - keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(_getBlock(buffer, keyIdentifier_block!)) : null, // can be null for self-signed certf + keyIdentifier: keyIdentifier_block ? formatBuffer2DigitHexWithColum(getBlock(buffer, keyIdentifier_block!)) : null, // can be null for self-signed certf }; } @@ -245,10 +244,10 @@ function readBasicConstraint2_5_29_19(buffer: Buffer, block: BlockInfo): BasicCo for (const inner_block of inner_blocks) { switch (inner_block.tag) { case TagType.BOOLEAN: - cA = _readBooleanValue(buffer, inner_block); + cA = readBooleanValue(buffer, inner_block); break; case TagType.INTEGER: - pathLengthConstraint = _readIntegerValue(buffer, inner_block); + pathLengthConstraint = readIntegerValue(buffer, inner_block); breakControl = 1; break; } @@ -314,10 +313,10 @@ function _readGeneralNames(buffer: Buffer, block: BlockInfo) { n[type.name] = n[type.name] || []; const blocks2 = readStruct(buffer, block); - const name = _readObjectIdentifier(buffer, blocks2[0]).name; - const buf = _getBlock(buffer, blocks2[1]); + const name = readObjectIdentifier(buffer, blocks2[0]).name; + const buf = getBlock(buffer, blocks2[1]); const b = readTag(buf, 0); - const nn = _readValue(buf, b); + const nn = readValue(buf, b); // console.log(buf.toString("hex"), buf.toString("ascii")); // console.log("name = ", name, nn); const data = { @@ -419,7 +418,7 @@ function readExtKeyUsage(oid: string, buffer: Buffer): X509ExtKeyUsage { ocspSigning: false, }; for (const block of inner_blocks) { - const identifier = _readObjectIdentifier(buffer, block); + const identifier = readObjectIdentifier(buffer, block); (extKeyUsage as any)[identifier.name] = true; } /* @@ -481,7 +480,7 @@ function _readSubjectPublicKey(buffer: Buffer): SubjectPublicKey { -- by extnID } */ -export function _readExtension(buffer: Buffer, block: BlockInfo): { identifier: { oid: string; name: string }; value: any } { +export function readExtension(buffer: Buffer, block: BlockInfo): { identifier: { oid: string; name: string }; value: any } { const inner_blocks = readStruct(buffer, block); if (inner_blocks.length === 3) { @@ -489,8 +488,8 @@ export function _readExtension(buffer: Buffer, block: BlockInfo): { identifier: inner_blocks[1] = inner_blocks[2]; } - const identifier = _readObjectIdentifier(buffer, inner_blocks[0]); - const buf = _getBlock(buffer, inner_blocks[1]); + const identifier = readObjectIdentifier(buffer, inner_blocks[0]); + const buf = getBlock(buffer, inner_blocks[1]); let value: string | null | any = null; switch (identifier.name) { case "subjectKeyIdentifier": @@ -508,7 +507,7 @@ export function _readExtension(buffer: Buffer, block: BlockInfo): { identifier: SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bit string bits). */ - value = formatBuffer2DigitHexWithColum(_readOctetString(buffer, inner_blocks[1])); + value = formatBuffer2DigitHexWithColum(readOctetString(buffer, inner_blocks[1])); break; case "subjectAltName": value = _readSubjectAltNames(buf); @@ -544,7 +543,7 @@ function _readExtensions(buffer: Buffer, block: BlockInfo): CertificateExtension let inner_blocks = readStruct(buffer, block); inner_blocks = readStruct(buffer, inner_blocks[0]); - const extensions = inner_blocks.map((block) => _readExtension(buffer, block)); + const extensions = inner_blocks.map((block) => readExtension(buffer, block)); const result: any = {}; for (const e of extensions) { @@ -584,11 +583,11 @@ function _readSubjectPublicKeyInfo(buffer: Buffer, block: BlockInfo): SubjectPub // algorithm identifier const algorithm = readAlgorithmIdentifier(buffer, inner_blocks[0]); //const parameters = _readBitString(buffer,inner_blocks[1]); - const subjectPublicKey = _readBitString(buffer, inner_blocks[1]); + const subjectPublicKey = readBitString(buffer, inner_blocks[1]); // read the 2 big integers of the key const data = subjectPublicKey.data; - const values = _readListOfInteger(data); + const values = readListOfInteger(data); // xx const value = _readListOfInteger(data); return { algorithm: algorithm.identifier, @@ -603,10 +602,10 @@ function _readSubjectECCPublicKeyInfo(buffer: Buffer, block: BlockInfo): Subject const inner_blocks = readStruct(buffer, block); // first parameter is the second element of the first block, which is why we have another algorithm - const algorithm = _readECCAlgorithmIdentifier(buffer, inner_blocks[0]); + const algorithm = readECCAlgorithmIdentifier(buffer, inner_blocks[0]); // the public key is already in bit format, we just need to read it - const subjectPublicKey = _readBitString(buffer, inner_blocks[1]); + const subjectPublicKey = readBitString(buffer, inner_blocks[1]); // take out the data which is the entirity of our public key const data = subjectPublicKey.data; @@ -669,28 +668,28 @@ export function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertifi // X509 Version 1: version = 1; - serialNumber = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, blocks[0])); + serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[0])); signature = readAlgorithmIdentifier(buffer, blocks[1]); issuer = _readName(buffer, blocks[2]); validity = _readValidity(buffer, blocks[3]); subject = _readName(buffer, blocks[4]); - subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[4]))); + subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[4]))); subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[5]); extensions = null; } else { // X509 Version 3: - const version_block = _findBlockAtIndex(blocks, 0); + const version_block = findBlockAtIndex(blocks, 0); if (!version_block) { throw new Error("cannot find version block"); } - version = _readVersionValue(buffer, version_block) + 1; - serialNumber = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, blocks[1])); + version = readVersionValue(buffer, version_block) + 1; + serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[1])); signature = readAlgorithmIdentifier(buffer, blocks[2]); issuer = _readName(buffer, blocks[3]); validity = _readValidity(buffer, blocks[4]); subject = _readName(buffer, blocks[5]); - subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[5]))); + subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[5]))); const inner_block = readStruct(buffer, blocks[6]); const what_type = readAlgorithmIdentifier(buffer, inner_block[0]).identifier; @@ -707,7 +706,7 @@ export function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertifi } } - const extensionBlock = _findBlockAtIndex(blocks, 3); + const extensionBlock = findBlockAtIndex(blocks, 3); if (!extensionBlock) { // tslint:disable-next-line: no-console doDebug && console.log("X509 certificate is invalid : cannot find extension block version =" + version_block); diff --git a/packages/node-opcua-crypto/source/directory_name.ts b/packages/node-opcua-crypto/source/directory_name.ts new file mode 100644 index 0000000..50aecbe --- /dev/null +++ b/packages/node-opcua-crypto/source/directory_name.ts @@ -0,0 +1,33 @@ +import assert from "assert"; +import { BlockInfo, readObjectIdentifier, readStruct, readValue } from "./asn1"; + +export interface DirectoryName { + stateOrProvinceName?: string; + localityName?: string; + organizationName?: string; + organizationUnitName?: string; + commonName?: string; + countryName?: string; +} + + +export function readDirectoryName(buffer: Buffer, block: BlockInfo): DirectoryName { + // AttributeTypeAndValue ::= SEQUENCE { + // type ATTRIBUTE.&id({SupportedAttributes}), + // value ATTRIBUTE.&Type({SupportedAttributes}{@type}), + const set_blocks = readStruct(buffer, block); + const names: DirectoryName = {}; + for (const set_block of set_blocks) { + assert(set_block.tag === 0x31); + const blocks = readStruct(buffer, set_block); + assert(blocks.length === 1); + assert(blocks[0].tag === 0x30); + + const sequenceBlock = readStruct(buffer, blocks[0]); + assert(sequenceBlock.length === 2); + + const type = readObjectIdentifier(buffer, sequenceBlock[0]); + (names as any)[type.name] = readValue(buffer, sequenceBlock[1]); + } + return names; +} diff --git a/packages/node-opcua-crypto/source/explore_certificate.ts b/packages/node-opcua-crypto/source/explore_certificate.ts index 3b07c01..e416602 100644 --- a/packages/node-opcua-crypto/source/explore_certificate.ts +++ b/packages/node-opcua-crypto/source/explore_certificate.ts @@ -27,7 +27,7 @@ import assert from "assert"; import { Certificate, CertificatePEM } from "./common.js"; import { exploreCertificate, SubjectPublicKey } from "./crypto_explore_certificate.js"; -import { DirectoryName } from "./asn1.js"; +import { DirectoryName } from "./directory_name.js"; import { convertPEMtoDER } from "./crypto_utils.js"; export type PublicKeyLength = 64 | 96 | 128 | 256 | 384 | 512; diff --git a/packages/node-opcua-crypto/source/explore_certificate_revocation_list.ts b/packages/node-opcua-crypto/source/explore_certificate_revocation_list.ts index 019a18a..84e6ea1 100644 --- a/packages/node-opcua-crypto/source/explore_certificate_revocation_list.ts +++ b/packages/node-opcua-crypto/source/explore_certificate_revocation_list.ts @@ -22,26 +22,21 @@ // --------------------------------------------------------------------------------------------------------------------- import { - readStruct, - readTag, - _readBitString, AlgorithmIdentifier, - readAlgorithmIdentifier, - readSignatureValue, - readSignatureValueBin, BlockInfo, - _readObjectIdentifier, - DirectoryName, - _readValue, - _readTime, - _readLongIntegerValue, - formatBuffer2DigitHexWithColum, - _getBlock, - _readDirectoryName, - _findBlockAtIndex, - _readIntegerValue, TagType, + findBlockAtIndex, + formatBuffer2DigitHexWithColum, + getBlock, + readAlgorithmIdentifier, + readIntegerValue, + readLongIntegerValue, + readSignatureValueBin, + readStruct, + readTag, + readTime, } from "./asn1.js"; +import { DirectoryName , readDirectoryName} from "./directory_name.js"; import { CertificateRevocationList } from "./common.js"; import { makeSHA1Thumbprint, convertPEMtoDER } from "./crypto_utils.js"; @@ -71,7 +66,7 @@ export interface CertificateRevocationListInfo { } export function readNameForCrl(buffer: Buffer, block: BlockInfo): DirectoryName { - return _readDirectoryName(buffer, block); + return readDirectoryName(buffer, block); } function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList { @@ -80,13 +75,13 @@ function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList { const hasOptionalVersion = blocks[0].tag === TagType.INTEGER; if (hasOptionalVersion) { - const version = _readIntegerValue(buffer, blocks[0]); + const version = readIntegerValue(buffer, blocks[0]); const signature = readAlgorithmIdentifier(buffer, blocks[1]); const issuer = readNameForCrl(buffer, blocks[2]); - const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[2]))); + const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[2]))); - const thisUpdate = _readTime(buffer, blocks[3]); - const nextUpdate = _readTime(buffer, blocks[4]); + const thisUpdate = readTime(buffer, blocks[3]); + const nextUpdate = readTime(buffer, blocks[4]); const revokedCertificates: RevokedCertificate[] = []; @@ -95,8 +90,8 @@ function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList { for (const r of list) { // sometime blocks[5] doesn't exits .. in this case const rr = readStruct(buffer, r); - const userCertificate = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, rr[0])); - const revocationDate = _readTime(buffer, rr[1]); + const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0])); + const revocationDate = readTime(buffer, rr[1]); revokedCertificates.push({ revocationDate, userCertificate, @@ -104,15 +99,15 @@ function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList { } } - const ext0 = _findBlockAtIndex(blocks, 0); + const ext0 = findBlockAtIndex(blocks, 0); return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates } as TBSCertList; } else { const signature = readAlgorithmIdentifier(buffer, blocks[0]); const issuer = readNameForCrl(buffer, blocks[1]); - const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[1]))); + const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[1]))); - const thisUpdate = _readTime(buffer, blocks[2]); - const nextUpdate = _readTime(buffer, blocks[3]); + const thisUpdate = readTime(buffer, blocks[2]); + const nextUpdate = readTime(buffer, blocks[3]); const revokedCertificates: RevokedCertificate[] = []; @@ -121,8 +116,8 @@ function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList { for (const r of list) { // sometime blocks[5] doesn't exits .. in this case const rr = readStruct(buffer, r); - const userCertificate = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, rr[0])); - const revocationDate = _readTime(buffer, rr[1]); + const userCertificate = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, rr[0])); + const revocationDate = readTime(buffer, rr[1]); revokedCertificates.push({ revocationDate, userCertificate, diff --git a/packages/node-opcua-crypto/source/explore_certificate_signing_request.ts b/packages/node-opcua-crypto/source/explore_certificate_signing_request.ts index 3797694..edfc59c 100644 --- a/packages/node-opcua-crypto/source/explore_certificate_signing_request.ts +++ b/packages/node-opcua-crypto/source/explore_certificate_signing_request.ts @@ -21,9 +21,16 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import { BlockInfo, readTag, _findBlockAtIndex, _getBlock, _readObjectIdentifier, readStruct, _readVersionValue } from "./asn1.js"; +import { + BlockInfo, + findBlockAtIndex, + getBlock, + readObjectIdentifier, + readStruct, + readTag, +} from "./asn1.js"; -import { BasicConstraints, X509KeyUsage, _readExtension } from "./crypto_explore_certificate.js"; +import { BasicConstraints, X509KeyUsage, readExtension } from "./crypto_explore_certificate.js"; export interface ExtensionRequest { basicConstraints: BasicConstraints; @@ -38,7 +45,7 @@ function _readExtensionRequest(buffer: Buffer): ExtensionRequest { const block = readTag(buffer, 0); const inner_blocks = readStruct(buffer, block); - const extensions = inner_blocks.map((block1) => _readExtension(buffer, block1)); + const extensions = inner_blocks.map((block1) => readExtension(buffer, block1)); const result: any = {}; for (const e of extensions) { @@ -51,17 +58,17 @@ function _readExtensionRequest(buffer: Buffer): ExtensionRequest { export function readCertificationRequestInfo(buffer: Buffer, block: BlockInfo): CertificateSigningRequestInfo { const blocks = readStruct(buffer, block); if (blocks.length === 4) { - const extensionRequestBlock = _findBlockAtIndex(blocks, 0); + const extensionRequestBlock = findBlockAtIndex(blocks, 0); if (!extensionRequestBlock) { throw new Error("cannot find extensionRequest block"); } const blocks1 = readStruct(buffer, extensionRequestBlock); const blocks2 = readStruct(buffer, blocks1[0]); - const identifier = _readObjectIdentifier(buffer, blocks2[0]); + const identifier = readObjectIdentifier(buffer, blocks2[0]); if (identifier.name !== "extensionRequest") { throw new Error(" Cannot find extension Request in ASN1 block"); } - const buf = _getBlock(buffer, blocks2[1]); + const buf = getBlock(buffer, blocks2[1]); const extensionRequest = _readExtensionRequest(buf); diff --git a/packages/node-opcua-crypto/source/explore_private_key.ts b/packages/node-opcua-crypto/source/explore_private_key.ts index e93f1b7..780cf35 100644 --- a/packages/node-opcua-crypto/source/explore_private_key.ts +++ b/packages/node-opcua-crypto/source/explore_private_key.ts @@ -21,7 +21,12 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import { BlockInfo, readTag, TagType, _readIntegerAsByteString, readStruct } from "./asn1.js"; +import { + BlockInfo, + TagType, + readTag, + readStruct +} from "./asn1.js"; import { PrivateKey } from "./common.js"; import { convertPEMtoDER } from "./crypto_utils.js"; @@ -67,7 +72,7 @@ export function explorePrivateKey(privateKey2: PrivateKey): PrivateKeyInternals if (blocks.length === 9) { // alice_rsa - const version = f(privateKey, blocks[0]); // _readIntegerAsByteString(privateKey, blocks1[0]); + const version = f(privateKey, blocks[0]); const modulus = f(privateKey, blocks[1]); const publicExponent = f(privateKey, blocks[2]); const privateExponent = f(privateKey, blocks[3]); diff --git a/packages/node-opcua-crypto/source/index.ts b/packages/node-opcua-crypto/source/index.ts index 4d7ec49..915b243 100644 --- a/packages/node-opcua-crypto/source/index.ts +++ b/packages/node-opcua-crypto/source/index.ts @@ -25,5 +25,3 @@ * @module node_opcua_crypto */ export * from "./index_web.js"; -import { readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin } from "./asn1.js"; -export const asn1 = { readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin }; \ No newline at end of file diff --git a/packages/node-opcua-crypto/source/index_web.ts b/packages/node-opcua-crypto/source/index_web.ts index 01503b6..ec8959b 100644 --- a/packages/node-opcua-crypto/source/index_web.ts +++ b/packages/node-opcua-crypto/source/index_web.ts @@ -45,3 +45,8 @@ export * from "./x509/coerce_private_key.js"; export * from "./x509/create_certificate_signing_request.js"; export * from "./x509/create_key_pair.js"; export * from "./x509/create_self_signed_certificate.js"; +export { DirectoryName } from "./directory_name.js"; + +import { readDirectoryName } from "./directory_name.js"; +import { readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin } from "./asn1.js"; +export const asn1 = { readDirectoryName, readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin }; \ No newline at end of file diff --git a/packages/node-opcua-crypto/source/verify_certificate_signature.ts b/packages/node-opcua-crypto/source/verify_certificate_signature.ts index 5903332..762da05 100644 --- a/packages/node-opcua-crypto/source/verify_certificate_signature.ts +++ b/packages/node-opcua-crypto/source/verify_certificate_signature.ts @@ -33,7 +33,7 @@ import { createVerify } from "crypto"; import { Certificate } from "./common.js"; import { split_der, exploreCertificate } from "./crypto_explore_certificate.js"; import { toPem } from "./crypto_utils.js"; -import { readAlgorithmIdentifier, readSignatureValueBin, TagType, readTag, readStruct, _getBlock } from "./asn1.js"; +import { readAlgorithmIdentifier, readSignatureValueBin, readTag, readStruct } from "./asn1.js"; export function verifyCertificateOrClrSignature(certificateOrCrl: Buffer, parentCertificate: Certificate): boolean { const block_info = readTag(certificateOrCrl, 0);