WIP Building out all features necessary for Let's Encrypt #6
|
@ -110,15 +110,12 @@ CSR._sign = function csrEcSig(jwk, request) {
|
|||
|
||||
CSR._toDer = function encode(opts) {
|
||||
var sty;
|
||||
var sig;
|
||||
if (/^EC/i.test(opts.kty)) {
|
||||
// 1.2.840.10045.4.3.2 ecdsaWithSHA256 (ANSI X9.62 ECDSA algorithm with SHA256)
|
||||
sty = ASN1('30', ASN1('06', '2a8648ce3d040302'));
|
||||
sig = ASN1.BitStr(ASN1('30', Enc.bufToHex(opts.signature)));
|
||||
} else {
|
||||
// 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
|
||||
sty = ASN1('30', ASN1('06', '2a864886f70d01010b'), ASN1('05'));
|
||||
sig = ASN1.BitStr(Enc.bufToHex(opts.signature));
|
||||
}
|
||||
return ASN1('30'
|
||||
// The Full CSR Request Body
|
||||
|
@ -126,7 +123,7 @@ CSR._toDer = function encode(opts) {
|
|||
// The Signature Type
|
||||
, sty
|
||||
// The Signature
|
||||
, sig
|
||||
, ASN1.BitStr(Enc.bufToHex(opts.signature))
|
||||
);
|
||||
};
|
||||
|
||||
|
|
|
@ -219,10 +219,12 @@ Keypairs._sign = function (opts, payload) {
|
|||
).then(function (signature) {
|
||||
signature = new Uint8Array(signature); // ArrayBuffer -> u8
|
||||
// This will come back into play for CSRs, but not for JOSE
|
||||
if ('EC' === opts.jwk.kty && /x509/i.test(opts.format)) {
|
||||
signature = Keypairs._ecdsaJoseSigToAsn1Sig(signature);
|
||||
if ('EC' === opts.jwk.kty && /x509|asn1/i.test(opts.format)) {
|
||||
return Keypairs._ecdsaJoseSigToAsn1Sig(signature);
|
||||
} else {
|
||||
// jose/jws/jwt
|
||||
return signature;
|
||||
}
|
||||
return signature;
|
||||
});
|
||||
});
|
||||
};
|
||||
|
@ -298,7 +300,7 @@ Keypairs._ecdsaJoseSigToAsn1Sig = function (bufsig) {
|
|||
if (len >= 0x80) { head.push(0x81); }
|
||||
head.push(len);
|
||||
|
||||
return Uint8Array.from(head.concat([0x02, r.length], r, [0x02, s.byteLength], s));
|
||||
return Uint8Array.from(head.concat([0x02, r.length], r, [0x02, s.length], s));
|
||||
};
|
||||
|
||||
function setTime(time) {
|
||||
|
|
Loading…
Reference in New Issue