diff --git a/lib/ecdsacsr.js b/lib/ecdsacsr.js index 729854d..a704d7a 100644 --- a/lib/ecdsacsr.js +++ b/lib/ecdsacsr.js @@ -6,7 +6,7 @@ var crypto = require('crypto'); // prime256v1 (ANSI X9.62 named elliptic curve) var OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase(); -function ANY() { +function ASN1() { var args = Array.prototype.slice.call(arguments); var typ = args.shift(); var str = args.join('').replace(/\s+/g, ''); @@ -33,27 +33,30 @@ function UINT() { // high-order bit means signed, negative // we want positive, so we pad with a leading '00' if (0x80 & first) { str = '00' + str; } - return ANY('02', str); + return ASN1('02', str); } function BITSTR() { var str = Array.prototype.slice.call(arguments).join(''); - var first = parseInt(str.slice(0, 2), 16); // '00' is a mask of how many bits of the next byte to ignore - return ANY('03', '00' + str); + return ASN1('03', '00' + str); } function SEQ() { - return ANY('30', Array.prototype.slice.call(arguments).join('')); + return ASN1('30', Array.prototype.slice.call(arguments).join('')); } +/* function SET() { - return ANY('31', Array.prototype.slice.call(arguments).join('')); + return ASN1('31', Array.prototype.slice.call(arguments).join('')); } +*/ function OBJID() { - return ANY('06', Array.prototype.slice.call(arguments).join('')); + return ASN1('06', Array.prototype.slice.call(arguments).join('')); } +/* function NULL() { return '0500'; } +*/ function fromBase64(b64) { var buf; @@ -295,42 +298,31 @@ function createCsrBodyEc(domains, xy) { // P-256 Public Key // #2 Total 2+25+xy - , '30 {+25+xy}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(2+9+10+3+1+publen)) - , '30 13' // 2 bytes, sequence + , ASN1('30' + , ASN1('30' // 1.2.840.10045.2.1 ecPublicKey // (ANSI X9.62 public key type) - , '06 07 2A 86 48 CE 3D 02 01' // 9 bytes, object id + , ASN1('06', '2A 86 48 CE 3D 02 01') // 1.2.840.10045.3.1.7 prime256v1 // (ANSI X9.62 named elliptic curve) - , '06 08 2A 86 48 CE 3D 03 01 07' // 10 bytes, object id - , '03 {xylen} 00 {xy}' // 3+1+n bytes - .replace(/{xylen}/, numToHex(publen+2)) - .replace(/{xy}/, compression + hxy) + , ASN1('06', '2A 86 48 CE 3D 03 01 07') + ) + , BITSTR(compression + hxy) + ) // Altnames // #3 Total 2+28+n - , 'A0 {+28}' // 2 bytes, ?? [4B] - .replace(/{[^}]+}/, numToHex(2+11+2+2+2+5+2+2+sanlen)) - , '30 {+26}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(11+2+2+2+5+2+2+sanlen)) + , ASN1('A0' + , ASN1('30' // (extensionRequest (PKCS #9 via CRMF)) - , '06 09 2A 86 48 86 F7 0D 01 09 0E' // 11 bytes, object id - , '31 {+13}' // 2 bytes, set - .replace(/{[^}]+}/, numToHex(2+2+5+2+2+sanlen)) - , '30 {+11}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(2+5+2+2+sanlen)) - , '30 {+9}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(5+2+2+sanlen)) - // (subjectAltName (X.509 extension)) - , '06 03 55 1D 11' // 5 bytes, object id - , '04 {+2}' // 2 bytes, octet string - .replace(/{[^}]+}/, numToHex(2+sanlen)) - , '30 {+n}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(sanlen)) - , '{altnames}' // n (elements of sequence) - .replace(/{altnames}/, altnames) - ]; + , ASN1('06', '2A 86 48 86 F7 0D 01 09 0E') + , ASN1('31' + , ASN1('30' + , ASN1('30' + // (subjectAltName (X.509 extension)) + , ASN1('06', '55 1D 11') + , ASN1('04' + , ASN1('30', altnames))))))) ]; body = body.join('').replace(/\s+/g, ''); return fromHex(body); }