|
|
@ -6,85 +6,218 @@ var crypto = require('crypto'); |
|
|
|
// prime256v1 (ANSI X9.62 named elliptic curve)
|
|
|
|
var OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase(); |
|
|
|
|
|
|
|
var ECDSACSR = {}; |
|
|
|
var ECDSA = {}; |
|
|
|
var DER = {}; |
|
|
|
var PEM = {}; |
|
|
|
var ASN1; |
|
|
|
var Hex = {}; |
|
|
|
var AB = {}; |
|
|
|
|
|
|
|
//
|
|
|
|
// A dumbed-down, minimal ASN.1 packer
|
|
|
|
// CSR - the main event
|
|
|
|
//
|
|
|
|
|
|
|
|
// Almost every ASN.1 type that's important for CSR
|
|
|
|
// can be represented generically with only a few rules.
|
|
|
|
function ASN1(/*type, hexstrings...*/) { |
|
|
|
var args = Array.prototype.slice.call(arguments); |
|
|
|
var typ = args.shift(); |
|
|
|
var str = args.join('').replace(/\s+/g, '').toLowerCase(); |
|
|
|
var len = (str.length/2); |
|
|
|
var lenlen = 0; |
|
|
|
var hex = typ; |
|
|
|
ECDSACSR.create = function createEcCsr(keypem, domains) { |
|
|
|
var pemblock = PEM.parseBlock(keypem); |
|
|
|
var ecpub = PEM.parseEcPubkey(pemblock.der); |
|
|
|
var request = ECDSACSR.request(ecpub, domains); |
|
|
|
return AB.fromHex(ECDSACSR.sign(keypem, request)); |
|
|
|
}; |
|
|
|
|
|
|
|
// We can't have an odd number of hex chars
|
|
|
|
if (len !== Math.round(len)) { |
|
|
|
throw new Error("invalid hex"); |
|
|
|
ECDSACSR.request = function createCsrBodyEc(xy, domains) { |
|
|
|
var publen = xy.x.byteLength; |
|
|
|
var compression = '04'; |
|
|
|
var hxy = ''; |
|
|
|
// 04 == x+y, 02 == x-only
|
|
|
|
if (xy.y) { |
|
|
|
publen += xy.y.byteLength; |
|
|
|
} else { |
|
|
|
// Note: I don't intend to support compression - it isn't used by most
|
|
|
|
// libraries and it requir more dependencies for bigint ops to deflate.
|
|
|
|
// This is more just a placeholder. It won't work right now anyway
|
|
|
|
// because compression requires an exta bit stored (odd vs even), which
|
|
|
|
// I haven't learned yet, and I'm not sure if it's allowed at all
|
|
|
|
compression = '02'; |
|
|
|
} |
|
|
|
hxy += Hex.fromAB(xy.x); |
|
|
|
if (xy.y) { hxy += Hex.fromAB(xy.y); } |
|
|
|
|
|
|
|
// The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc)
|
|
|
|
// The second byte is either the size of the value, or the size of its size
|
|
|
|
// Sorry for the mess, but it is what it is
|
|
|
|
return ASN1('30' |
|
|
|
|
|
|
|
// 1. If the second byte is < 0x80 (128) it is considered the size
|
|
|
|
// 2. If it is > 0x80 then it describes the number of bytes of the size
|
|
|
|
// ex: 0x82 means the next 2 bytes describe the size of the value
|
|
|
|
// 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file)
|
|
|
|
// Version (0)
|
|
|
|
, ASN1.UInt('00') |
|
|
|
|
|
|
|
if (len > 127) { |
|
|
|
lenlen += 1; |
|
|
|
while (len > 255) { |
|
|
|
lenlen += 1; |
|
|
|
len = len >> 8; |
|
|
|
} |
|
|
|
} |
|
|
|
// CN / Subject
|
|
|
|
, ASN1('30' |
|
|
|
, ASN1('31' |
|
|
|
, ASN1('30' |
|
|
|
// object id (commonName)
|
|
|
|
, ASN1('06', '55 04 03') |
|
|
|
, ASN1('0C', Hex.fromString(domains[0]))))) |
|
|
|
|
|
|
|
if (lenlen) { hex += numToHex(0x80 + lenlen); } |
|
|
|
return hex + numToHex(str.length/2) + str; |
|
|
|
} |
|
|
|
// EC P-256 Public Key
|
|
|
|
, ASN1('30' |
|
|
|
, ASN1('30' |
|
|
|
// 1.2.840.10045.2.1 ecPublicKey
|
|
|
|
// (ANSI X9.62 public key type)
|
|
|
|
, ASN1('06', '2A 86 48 CE 3D 02 01') |
|
|
|
// 1.2.840.10045.3.1.7 prime256v1
|
|
|
|
// (ANSI X9.62 named elliptic curve)
|
|
|
|
, ASN1('06', '2A 86 48 CE 3D 03 01 07') |
|
|
|
) |
|
|
|
, ASN1.BitStr(compression + hxy)) |
|
|
|
|
|
|
|
// CSR Extension Subject Alternative Names
|
|
|
|
, ASN1('A0' |
|
|
|
, ASN1('30' |
|
|
|
// (extensionRequest (PKCS #9 via CRMF))
|
|
|
|
, ASN1('06', '2A 86 48 86 F7 0D 01 09 0E') |
|
|
|
, ASN1('31' |
|
|
|
, ASN1('30' |
|
|
|
, ASN1('30' |
|
|
|
// (subjectAltName (X.509 extension))
|
|
|
|
, ASN1('06', '55 1D 11') |
|
|
|
, ASN1('04' |
|
|
|
, ASN1('30', domains.map(function (d) { |
|
|
|
return ASN1('82', Hex.fromString(d)); |
|
|
|
}).join('')))))))) |
|
|
|
); |
|
|
|
}; |
|
|
|
|
|
|
|
// The Integer type has some special rules
|
|
|
|
ASN1.UInt = function UINT() { |
|
|
|
var str = Array.prototype.slice.call(arguments).join(''); |
|
|
|
var first = parseInt(str.slice(0, 2), 16); |
|
|
|
ECDSACSR.sign = function csrEcSig(keypem, request) { |
|
|
|
var sig = ECDSA.sign(keypem, AB.fromHex(request)); |
|
|
|
var rLen = sig.r.byteLength; |
|
|
|
var rc = ''; |
|
|
|
var sLen = sig.s.byteLength; |
|
|
|
var sc = ''; |
|
|
|
|
|
|
|
// If the first byte is 0x80 or greater, the number is considered negative
|
|
|
|
// Therefore we add a '00' prefix if the 0x80 bit is set
|
|
|
|
if (0x80 & first) { str = '00' + str; } |
|
|
|
if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; } |
|
|
|
if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; } |
|
|
|
|
|
|
|
return ASN1('02', str); |
|
|
|
return ASN1('30' |
|
|
|
// The Full CSR Request Body
|
|
|
|
, request |
|
|
|
|
|
|
|
// The Signature Type
|
|
|
|
, ASN1('30' |
|
|
|
// 1.2.840.10045.4.3.2 ecdsaWithSHA256
|
|
|
|
// (ANSI X9.62 ECDSA algorithm with SHA256)
|
|
|
|
, ASN1('06', '2A 86 48 CE 3D 04 03 02') |
|
|
|
) |
|
|
|
|
|
|
|
// The Signature, embedded in a Bit Stream
|
|
|
|
, ASN1.BitStr( |
|
|
|
// As far as I can tell this is a completely separate ASN.1 structure
|
|
|
|
// that just so happens to be embedded in a Bit String of another ASN.1
|
|
|
|
ASN1('30' |
|
|
|
, ASN1.UInt(Hex.fromAB(sig.r)) |
|
|
|
, ASN1.UInt(Hex.fromAB(sig.s)))) |
|
|
|
); |
|
|
|
}; |
|
|
|
|
|
|
|
// The Bit String type also has a special rule
|
|
|
|
ASN1.BitStr = function BITSTR() { |
|
|
|
var str = Array.prototype.slice.call(arguments).join(''); |
|
|
|
// '00' is a mask of how many bits of the next byte to ignore
|
|
|
|
return ASN1('03', '00' + str); |
|
|
|
//
|
|
|
|
// ECDSA
|
|
|
|
//
|
|
|
|
|
|
|
|
// Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a
|
|
|
|
ECDSA.sign = function signEc(keypem, ab) { |
|
|
|
// Signer is a stream
|
|
|
|
var sign = crypto.createSign('SHA256'); |
|
|
|
sign.write(new Uint8Array(ab)); |
|
|
|
sign.end(); |
|
|
|
|
|
|
|
// The signature is ASN1 encoded
|
|
|
|
var sig = sign.sign(keypem); |
|
|
|
|
|
|
|
// Convert to a JavaScript ArrayBuffer just because
|
|
|
|
sig = new Uint8Array(sig.buffer.slice(sig.byteOffset, sig.byteOffset + sig.byteLength)); |
|
|
|
|
|
|
|
// The first two bytes '30 xx' signify SEQUENCE and LENGTH
|
|
|
|
// The sequence length byte will be a single byte because the signature is less that 128 bytes (0x80, 1024-bit)
|
|
|
|
// (this would not be true for P-521, but I'm not supporting that yet)
|
|
|
|
// The 3rd byte will be '02', signifying INTEGER
|
|
|
|
// The 4th byte will tell us the length of 'r' (which, on occassion, will be less than the full 255 bytes)
|
|
|
|
var rIndex = 3; |
|
|
|
var rLen = sig[rIndex]; |
|
|
|
var rEnd = rIndex + 1 + rLen; |
|
|
|
var sIndex = rEnd + 1; |
|
|
|
var sLen = sig[sIndex]; |
|
|
|
var sEnd = sIndex + 1 + sLen; |
|
|
|
var r = sig.slice(rIndex + 1, rEnd); |
|
|
|
var s = sig.slice(sIndex + 1, sEnd); // this should be end-of-file
|
|
|
|
|
|
|
|
// ASN1 INTEGER types use the high-order bit to signify a negative number,
|
|
|
|
// hence a leading '00' is used for numbers that begin with '80' or greater
|
|
|
|
// which is why r length is sometimes a byte longer than its bit length
|
|
|
|
if (0 === s[0]) { s = s.slice(1); } |
|
|
|
if (0 === r[0]) { r = r.slice(1); } |
|
|
|
|
|
|
|
return { raw: sig.buffer, r: r.buffer, s: s.buffer }; |
|
|
|
}; |
|
|
|
|
|
|
|
//
|
|
|
|
// DER
|
|
|
|
//
|
|
|
|
|
|
|
|
DER.toCSR = function createEcCsrPem(der) { |
|
|
|
var pem = PEM._format(AB.toBase64(der)); |
|
|
|
return '-----BEGIN CERTIFICATE REQUEST-----\n' + pem + '-----END CERTIFICATE REQUEST-----'; |
|
|
|
}; |
|
|
|
|
|
|
|
function fromBase64(b64) { |
|
|
|
var buf; |
|
|
|
var ab; |
|
|
|
if ('undefined' === typeof atob) { |
|
|
|
buf = Buffer.from(b64, 'base64'); |
|
|
|
return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength); |
|
|
|
//
|
|
|
|
// PEM
|
|
|
|
//
|
|
|
|
|
|
|
|
// Just for error checking
|
|
|
|
PEM.from = function ensurePem(key) { |
|
|
|
if (!key) { throw new Error("no private key given"); } |
|
|
|
// whether PEM or DER, convert to Uint8Array
|
|
|
|
if ('string' === typeof key) { key = AB.utf8ToUint8Array(key); } |
|
|
|
|
|
|
|
// for consistency
|
|
|
|
if (key instanceof Buffer) { key = new Uint8Array(key.buffer.slice(key.byteOffset, key.byteOffset + key.byteLength)); } |
|
|
|
|
|
|
|
// just as a sanity check
|
|
|
|
if (key instanceof Array) { |
|
|
|
key = Uint8Array.from(key); |
|
|
|
if (!key.every(function (el) { |
|
|
|
return ('number' === typeof el) && (el >= 0) && (el <= 255); |
|
|
|
})) { |
|
|
|
throw new Error("key was an array, but not an array of ints between 0 and 255"); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
// no matter which path we take, we should arrive at a Uint8Array
|
|
|
|
if (!(key instanceof Uint8Array)) { |
|
|
|
throw new Error("typeof key is '" + typeof key + "', not any of the supported types: utf8 string," |
|
|
|
+ " binary string, node Buffer, Uint8Array, or Array of ints between 0 and 255"); |
|
|
|
} |
|
|
|
buf = atob(b64); |
|
|
|
ab = new ArrayBuffer(buf.length); |
|
|
|
ab = new Uint8Array(ab); |
|
|
|
buf.split('').forEach(function (ch, i) { |
|
|
|
ab[i] = ch.charCodeAt(0); |
|
|
|
}); |
|
|
|
return ab.buffer; |
|
|
|
} |
|
|
|
|
|
|
|
function parsePem(pem) { |
|
|
|
// if DER, convert to PEM
|
|
|
|
if ((0x30 === key[0]) && (0x80 & key[1])) { |
|
|
|
key = AB.toBase64(key); |
|
|
|
} |
|
|
|
key = [].map.call(key, function (i) { |
|
|
|
return String.fromCharCode(i); |
|
|
|
}).join(''); |
|
|
|
if ('M' === key[0]) { |
|
|
|
key = '-----BEGIN EC PRIVATE KEY-----\n' + key + '-----END EC PRIVATE KEY-----'; |
|
|
|
} |
|
|
|
if ('-' === key[0]) { |
|
|
|
return key; |
|
|
|
} else { |
|
|
|
throw new Error("key does not appear to be in PEM formt (does not begin with either '-' or 'M')," |
|
|
|
+ " nor DER format (does not begin with 0x308X)"); |
|
|
|
} |
|
|
|
}; |
|
|
|
|
|
|
|
PEM.parseBlock = function parsePem(pem) { |
|
|
|
var typ; |
|
|
|
var pub; |
|
|
|
var crv; |
|
|
|
var der = fromBase64(pem.split(/\n/).filter(function (line, i) { |
|
|
|
var der = AB.fromBase64(pem.split(/\n/).filter(function (line, i) { |
|
|
|
if (0 === i) { |
|
|
|
if (/ PUBLIC /.test(line)) { |
|
|
|
pub = true; |
|
|
@ -99,52 +232,30 @@ function parsePem(pem) { |
|
|
|
}).join('')); |
|
|
|
|
|
|
|
if (!typ || 'EC' === typ) { |
|
|
|
var hex = toHex(der).toLowerCase(); |
|
|
|
var hex = Hex.fromAB(der).toLowerCase(); |
|
|
|
if (-1 !== hex.indexOf(OBJ_ID_EC)) { |
|
|
|
typ = 'EC'; |
|
|
|
crv = 'P-256'; |
|
|
|
} else { |
|
|
|
// TODO more than just P-256
|
|
|
|
// TODO support P-384 as well (but probably nothing else)
|
|
|
|
console.warn("unsupported ec curve"); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
return { typ: typ, pub: pub, der: der, crv: crv }; |
|
|
|
} |
|
|
|
}; |
|
|
|
|
|
|
|
function toHex(ab) { |
|
|
|
var hex = []; |
|
|
|
var u8 = new Uint8Array(ab); |
|
|
|
var size = u8.byteLength; |
|
|
|
var i; |
|
|
|
var h; |
|
|
|
for (i = 0; i < size; i += 1) { |
|
|
|
h = u8[i].toString(16); |
|
|
|
if (2 === h.length) { |
|
|
|
hex.push(h); |
|
|
|
} else { |
|
|
|
hex.push('0' + h); |
|
|
|
} |
|
|
|
} |
|
|
|
return hex.join(''); |
|
|
|
} |
|
|
|
PEM._format = function formatAsPem(str) { |
|
|
|
var finalString = ''; |
|
|
|
|
|
|
|
function fromHex(hex) { |
|
|
|
if ('undefined' !== typeof Buffer) { |
|
|
|
return Buffer.from(hex, 'hex'); |
|
|
|
} |
|
|
|
var ab = new ArrayBuffer(hex.length/2); |
|
|
|
var i; |
|
|
|
var j; |
|
|
|
ab = new Uint8Array(ab); |
|
|
|
for (i = 0, j = 0; i < (hex.length/2); i += 1) { |
|
|
|
ab[i] = parseInt(hex.slice(j, j+1), 16); |
|
|
|
j += 2; |
|
|
|
while (str.length > 0) { |
|
|
|
finalString += str.substring(0, 64) + '\n'; |
|
|
|
str = str.substring(64); |
|
|
|
} |
|
|
|
return ab.buffer; |
|
|
|
} |
|
|
|
return finalString; |
|
|
|
}; |
|
|
|
|
|
|
|
function readEcPubkey(der) { |
|
|
|
PEM.parseEcPubkey = function readEcPubkey(der) { |
|
|
|
// the key is the last 520 bits of both the private key and the public key
|
|
|
|
// he 3 bits prior identify the key as
|
|
|
|
var x, y; |
|
|
@ -152,11 +263,11 @@ function readEcPubkey(der) { |
|
|
|
var keylen = 32; |
|
|
|
var offset = 64; |
|
|
|
var headerSize = 4; |
|
|
|
var header = toHex(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); |
|
|
|
var header = Hex.fromAB(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); |
|
|
|
|
|
|
|
if ('03420004' !== header) { |
|
|
|
offset = 32; |
|
|
|
header = toHex(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); |
|
|
|
header = Hex.fromAB(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); |
|
|
|
if ('03420002' !== header) { |
|
|
|
throw new Error("not a valid EC P-256 key (expected 0x0342004 or 0x0342002 as pub key preamble, but found " + header + ")"); |
|
|
|
} |
|
|
@ -174,46 +285,88 @@ function readEcPubkey(der) { |
|
|
|
x: x |
|
|
|
, y: y || null |
|
|
|
}; |
|
|
|
} |
|
|
|
}; |
|
|
|
|
|
|
|
function formatAsPem(str) { |
|
|
|
var finalString = ''; |
|
|
|
//
|
|
|
|
// A dumbed-down, minimal ASN.1 packer
|
|
|
|
//
|
|
|
|
|
|
|
|
while (str.length > 0) { |
|
|
|
finalString += str.substring(0, 64) + '\n'; |
|
|
|
str = str.substring(64); |
|
|
|
// Almost every ASN.1 type that's important for CSR
|
|
|
|
// can be represented generically with only a few rules.
|
|
|
|
ASN1 = function ASN1(/*type, hexstrings...*/) { |
|
|
|
var args = Array.prototype.slice.call(arguments); |
|
|
|
var typ = args.shift(); |
|
|
|
var str = args.join('').replace(/\s+/g, '').toLowerCase(); |
|
|
|
var len = (str.length/2); |
|
|
|
var lenlen = 0; |
|
|
|
var hex = typ; |
|
|
|
|
|
|
|
// We can't have an odd number of hex chars
|
|
|
|
if (len !== Math.round(len)) { |
|
|
|
throw new Error("invalid hex"); |
|
|
|
} |
|
|
|
return finalString; |
|
|
|
} |
|
|
|
|
|
|
|
function toBase64(der) { |
|
|
|
if ('undefined' === typeof btoa) { |
|
|
|
return Buffer.from(der).toString('base64'); |
|
|
|
// The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc)
|
|
|
|
// The second byte is either the size of the value, or the size of its size
|
|
|
|
|
|
|
|
// 1. If the second byte is < 0x80 (128) it is considered the size
|
|
|
|
// 2. If it is > 0x80 then it describes the number of bytes of the size
|
|
|
|
// ex: 0x82 means the next 2 bytes describe the size of the value
|
|
|
|
// 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file)
|
|
|
|
|
|
|
|
if (len > 127) { |
|
|
|
lenlen += 1; |
|
|
|
while (len > 255) { |
|
|
|
lenlen += 1; |
|
|
|
len = len >> 8; |
|
|
|
} |
|
|
|
} |
|
|
|
var chs = []; |
|
|
|
der.forEach(function (b) { |
|
|
|
chs.push(String.fromCharCode(b)); |
|
|
|
}); |
|
|
|
return btoa(chs.join('')); |
|
|
|
} |
|
|
|
|
|
|
|
function csrEcSig(r, s) { |
|
|
|
return [ |
|
|
|
ASN1('30' |
|
|
|
// 1.2.840.10045.4.3.2 ecdsaWithSHA256
|
|
|
|
// (ANSI X9.62 ECDSA algorithm with SHA256)
|
|
|
|
, ASN1('06', '2A 86 48 CE 3D 04 03 02') |
|
|
|
) |
|
|
|
, ASN1.BitStr( |
|
|
|
ASN1('30' |
|
|
|
, ASN1.UInt(toHex(r)) |
|
|
|
, ASN1.UInt(toHex(s)) |
|
|
|
) |
|
|
|
) |
|
|
|
].join(''); |
|
|
|
} |
|
|
|
|
|
|
|
function strToHex(str) { |
|
|
|
if (lenlen) { hex += Hex.fromInt(0x80 + lenlen); } |
|
|
|
return hex + Hex.fromInt(str.length/2) + str; |
|
|
|
}; |
|
|
|
|
|
|
|
// The Integer type has some special rules
|
|
|
|
ASN1.UInt = function UINT() { |
|
|
|
var str = Array.prototype.slice.call(arguments).join(''); |
|
|
|
var first = parseInt(str.slice(0, 2), 16); |
|
|
|
|
|
|
|
// If the first byte is 0x80 or greater, the number is considered negative
|
|
|
|
// Therefore we add a '00' prefix if the 0x80 bit is set
|
|
|
|
if (0x80 & first) { str = '00' + str; } |
|
|
|
|
|
|
|
return ASN1('02', str); |
|
|
|
}; |
|
|
|
|
|
|
|
// The Bit String type also has a special rule
|
|
|
|
ASN1.BitStr = function BITSTR() { |
|
|
|
var str = Array.prototype.slice.call(arguments).join(''); |
|
|
|
// '00' is a mask of how many bits of the next byte to ignore
|
|
|
|
return ASN1('03', '00' + str); |
|
|
|
}; |
|
|
|
|
|
|
|
//
|
|
|
|
// Hex, Base64, Buffer, String
|
|
|
|
//
|
|
|
|
|
|
|
|
Hex.fromAB = function toHex(ab) { |
|
|
|
var hex = []; |
|
|
|
var u8 = new Uint8Array(ab); |
|
|
|
var size = u8.byteLength; |
|
|
|
var i; |
|
|
|
var h; |
|
|
|
for (i = 0; i < size; i += 1) { |
|
|
|
h = u8[i].toString(16); |
|
|
|
if (2 === h.length) { |
|
|
|
hex.push(h); |
|
|
|
} else { |
|
|
|
hex.push('0' + h); |
|
|
|
} |
|
|
|
} |
|
|
|
return hex.join(''); |
|
|
|
}; |
|
|
|
|
|
|
|
Hex.fromString = function strToHex(str) { |
|
|
|
var escstr = encodeURIComponent(str); |
|
|
|
// replaces any uri escape sequence, such as %0A,
|
|
|
|
// with binary escape, such as 0x0A
|
|
|
@ -225,175 +378,20 @@ function strToHex(str) { |
|
|
|
if (2 === h.length) { return h; } |
|
|
|
return '0' + h; |
|
|
|
}).join(''); |
|
|
|
} |
|
|
|
}; |
|
|
|
|
|
|
|
function numToHex(d) { |
|
|
|
Hex.fromInt = function numToHex(d) { |
|
|
|
d = d.toString(16); |
|
|
|
if (d.length % 2) { |
|
|
|
return '0' + d; |
|
|
|
} |
|
|
|
return d; |
|
|
|
} |
|
|
|
|
|
|
|
function fromHex(hex) { |
|
|
|
if ('undefined' !== typeof Buffer) { |
|
|
|
return Buffer.from(hex, 'hex'); |
|
|
|
} |
|
|
|
var ab = new ArrayBuffer(hex.length/2); |
|
|
|
var i; |
|
|
|
var j; |
|
|
|
ab = new Uint8Array(ab); |
|
|
|
for (i = 0, j = 0; i < (hex.length/2); i += 1) { |
|
|
|
ab[i] = parseInt(hex.slice(j, j+1), 16); |
|
|
|
j += 2; |
|
|
|
} |
|
|
|
return ab.buffer; |
|
|
|
} |
|
|
|
|
|
|
|
function createCsrBodyEc(domains, xy) { |
|
|
|
var publen = xy.x.byteLength; |
|
|
|
var compression = '04'; |
|
|
|
var hxy = ''; |
|
|
|
// 04 == x+y, 02 == x-only
|
|
|
|
if (xy.y) { |
|
|
|
publen += xy.y.byteLength; |
|
|
|
} else { |
|
|
|
// Note: I don't intend to support compression - it isn't used by most
|
|
|
|
// libraries and it requir more dependencies for bigint ops to deflate.
|
|
|
|
// This is more just a placeholder. It won't work right now anyway
|
|
|
|
// because compression requires an exta bit stored (odd vs even), which
|
|
|
|
// I haven't learned yet, and I'm not sure if it's allowed at all
|
|
|
|
compression = '02'; |
|
|
|
} |
|
|
|
hxy += toHex(xy.x); |
|
|
|
if (xy.y) { |
|
|
|
hxy += toHex(xy.y); |
|
|
|
} |
|
|
|
|
|
|
|
var version = ASN1.UInt('00'); |
|
|
|
var subject = ASN1('30' |
|
|
|
, ASN1('31' |
|
|
|
, ASN1('30' |
|
|
|
// object id (commonName)
|
|
|
|
, ASN1('06', '55 04 03') |
|
|
|
, ASN1('0C', strToHex(domains[0]))))); |
|
|
|
var pubkey = ASN1('30' |
|
|
|
, ASN1('30' |
|
|
|
// 1.2.840.10045.2.1 ecPublicKey
|
|
|
|
// (ANSI X9.62 public key type)
|
|
|
|
, ASN1('06', '2A 86 48 CE 3D 02 01') |
|
|
|
// 1.2.840.10045.3.1.7 prime256v1
|
|
|
|
// (ANSI X9.62 named elliptic curve)
|
|
|
|
, ASN1('06', '2A 86 48 CE 3D 03 01 07') |
|
|
|
) |
|
|
|
, ASN1.BitStr(compression + hxy)); |
|
|
|
var altnames = ASN1('A0' |
|
|
|
, ASN1('30' |
|
|
|
// (extensionRequest (PKCS #9 via CRMF))
|
|
|
|
, ASN1('06', '2A 86 48 86 F7 0D 01 09 0E') |
|
|
|
, ASN1('31' |
|
|
|
, ASN1('30' |
|
|
|
, ASN1('30' |
|
|
|
// (subjectAltName (X.509 extension))
|
|
|
|
, ASN1('06', '55 1D 11') |
|
|
|
, ASN1('04' |
|
|
|
, ASN1('30', domains.map(function (d) { |
|
|
|
return ASN1('82', strToHex(d)); |
|
|
|
}).join('')))))))); |
|
|
|
var body = ASN1('30' |
|
|
|
|
|
|
|
// #0 Total 3
|
|
|
|
, version |
|
|
|
|
|
|
|
// Subject
|
|
|
|
// #1 Total 2+11+n
|
|
|
|
, subject |
|
|
|
|
|
|
|
// P-256 Public Key
|
|
|
|
// #2 Total 2+25+xy
|
|
|
|
, pubkey |
|
|
|
|
|
|
|
// Altnames
|
|
|
|
// #3 Total 2+28+n
|
|
|
|
, altnames |
|
|
|
); |
|
|
|
|
|
|
|
return body; |
|
|
|
} |
|
|
|
|
|
|
|
// https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a
|
|
|
|
function signEc(keypem, ab) { |
|
|
|
// Signer is a stream
|
|
|
|
var sign = crypto.createSign('SHA256'); |
|
|
|
sign.write(new Uint8Array(ab)); |
|
|
|
sign.end(); |
|
|
|
|
|
|
|
// The signature is ASN1 encoded
|
|
|
|
var sig = sign.sign(keypem); |
|
|
|
|
|
|
|
// Convert to a JavaScript ArrayBuffer just because
|
|
|
|
sig = new Uint8Array(sig.buffer.slice(sig.byteOffset, sig.byteOffset + sig.byteLength)); |
|
|
|
|
|
|
|
// The first two bytes '30 xx' signify SEQUENCE and LENGTH
|
|
|
|
// The sequence length byte will be a single byte because the signature is less that 128 bytes (0x80, 1024-bit)
|
|
|
|
// (this would not be true for P-521, but I'm not supporting that yet)
|
|
|
|
// The 3rd byte will be '02', signifying INTEGER
|
|
|
|
// The 4th byte will tell us the length of 'r' (which, on occassion, will be less than the full 255 bytes)
|
|
|
|
var rIndex = 3; |
|
|
|
var rLen = sig[rIndex]; |
|
|
|
var rEnd = rIndex + 1 + rLen; |
|
|
|
var sIndex = rEnd + 1; |
|
|
|
var sLen = sig[sIndex]; |
|
|
|
var sEnd = sIndex + 1 + sLen; |
|
|
|
var r = sig.slice(rIndex + 1, rEnd); |
|
|
|
var s = sig.slice(sIndex + 1, sEnd); // this should be end-of-file
|
|
|
|
|
|
|
|
// ASN1 INTEGER types use the high-order bit to signify a negative number,
|
|
|
|
// hence a leading '00' is used for numbers that begin with '80' or greater
|
|
|
|
// which is why r length is sometimes a byte longer than its bit length
|
|
|
|
if (0 === s[0]) { s = s.slice(1); } |
|
|
|
if (0 === r[0]) { r = r.slice(1); } |
|
|
|
|
|
|
|
return { raw: sig.buffer, r: r.buffer, s: s.buffer }; |
|
|
|
} |
|
|
|
|
|
|
|
function createEcCsr(domains, keypem, ecpub) { |
|
|
|
// TODO get pub from priv
|
|
|
|
|
|
|
|
var csrBody = createCsrBodyEc(domains, ecpub); |
|
|
|
var sig = signEc(keypem, fromHex(csrBody)); |
|
|
|
var rLen = sig.r.byteLength; |
|
|
|
var rc = ''; |
|
|
|
var sLen = sig.s.byteLength; |
|
|
|
var sc = ''; |
|
|
|
|
|
|
|
if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; } |
|
|
|
if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; } |
|
|
|
|
|
|
|
var csrSig = csrEcSig(sig.r, sig.s); |
|
|
|
|
|
|
|
/* |
|
|
|
console.log('sig:', sig.raw.byteLength, toHex(sig.raw)); |
|
|
|
console.log('r:', sig.r.byteLength, toHex(sig.r)); |
|
|
|
console.log('s:', sig.s.byteLength, toHex(sig.s)); |
|
|
|
console.log('csr sig:', csrSig.length / 2, csrSig); |
|
|
|
console.log('csrBodyLen + csrSigLen', numToHex(len)); |
|
|
|
*/ |
|
|
|
return fromHex(ASN1('30', csrBody, csrSig)); |
|
|
|
} |
|
|
|
|
|
|
|
function createEcCsrPem(domains, keypem) { |
|
|
|
var pemblock = parsePem(keypem); |
|
|
|
var ecpub = readEcPubkey(pemblock.der); |
|
|
|
var ab = createEcCsr(domains, keypem, ecpub); |
|
|
|
var pem = formatAsPem(toBase64(ab)); |
|
|
|
return '-----BEGIN CERTIFICATE REQUEST-----\n' + pem + '-----END CERTIFICATE REQUEST-----'; |
|
|
|
} |
|
|
|
}; |
|
|
|
|
|
|
|
// Taken from Unibabel
|
|
|
|
// https://git.coolaj86.com/coolaj86/unibabel.js#readme
|
|
|
|
// https://coolaj86.com/articles/base64-unicode-utf-8-javascript-and-you/
|
|
|
|
function utf8ToUint8Array(str) { |
|
|
|
AB.utf8ToUint8Array = function (str) { |
|
|
|
var escstr = encodeURIComponent(str); |
|
|
|
// replaces any uri escape sequence, such as %0A,
|
|
|
|
// with binary escape, such as 0x0A
|
|
|
@ -406,49 +404,31 @@ function utf8ToUint8Array(str) { |
|
|
|
}); |
|
|
|
|
|
|
|
return buf; |
|
|
|
} |
|
|
|
|
|
|
|
function ensurePem(key) { |
|
|
|
if (!key) { throw new Error("no private key given"); } |
|
|
|
// whether PEM or DER, convert to Uint8Array
|
|
|
|
if ('string' === typeof key) { key = utf8ToUint8Array(key); } |
|
|
|
|
|
|
|
// for consistency
|
|
|
|
if (key instanceof Buffer) { key = new Uint8Array(key.buffer.slice(key.byteOffset, key.byteOffset + key.byteLength)); } |
|
|
|
}; |
|
|
|
|
|
|
|
// just as a sanity check
|
|
|
|
if (key instanceof Array) { |
|
|
|
key = Uint8Array.from(key); |
|
|
|
if (!key.every(function (el) { |
|
|
|
return ('number' === typeof el) && (el >= 0) && (el <= 255); |
|
|
|
})) { |
|
|
|
throw new Error("key was an array, but not an array of ints between 0 and 255"); |
|
|
|
} |
|
|
|
AB.fromHex = function fromHex(hex) { |
|
|
|
if ('undefined' !== typeof Buffer) { |
|
|
|
return Buffer.from(hex, 'hex'); |
|
|
|
} |
|
|
|
|
|
|
|
// no matter which path we take, we should arrive at a Uint8Array
|
|
|
|
if (!(key instanceof Uint8Array)) { |
|
|
|
throw new Error("typeof key is '" + typeof key + "', not any of the supported types: utf8 string," |
|
|
|
+ " binary string, node Buffer, Uint8Array, or Array of ints between 0 and 255"); |
|
|
|
var ab = new ArrayBuffer(hex.length/2); |
|
|
|
var i; |
|
|
|
var j; |
|
|
|
ab = new Uint8Array(ab); |
|
|
|
for (i = 0, j = 0; i < (hex.length/2); i += 1) { |
|
|
|
ab[i] = parseInt(hex.slice(j, j+1), 16); |
|
|
|
j += 2; |
|
|
|
} |
|
|
|
return ab.buffer; |
|
|
|
}; |
|
|
|
|
|
|
|
// if DER, convert to PEM
|
|
|
|
if ((0x30 === key[0]) && (0x80 & key[1])) { |
|
|
|
key = toBase64(key); |
|
|
|
} |
|
|
|
key = [].map.call(key, function (i) { |
|
|
|
return String.fromCharCode(i); |
|
|
|
}).join(''); |
|
|
|
if ('M' === key[0]) { |
|
|
|
key = '-----BEGIN EC PRIVATE KEY-----\n' + key + '-----END EC PRIVATE KEY-----'; |
|
|
|
} |
|
|
|
if ('-' === key[0]) { |
|
|
|
return key; |
|
|
|
} else { |
|
|
|
throw new Error("key does not appear to be in PEM formt (does not begin with either '-' or 'M')," |
|
|
|
+ " nor DER format (does not begin with 0x308X)"); |
|
|
|
} |
|
|
|
} |
|
|
|
AB.fromBase64 = function fromBase64(b64) { |
|
|
|
var buf = Buffer.from(b64, 'base64'); |
|
|
|
return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength); |
|
|
|
}; |
|
|
|
|
|
|
|
AB.toBase64 = function toBase64(der) { |
|
|
|
return Buffer.from(der).toString('base64'); |
|
|
|
}; |
|
|
|
|
|
|
|
/*global Promise*/ |
|
|
|
module.exports = function (opts) { |
|
|
@ -471,8 +451,7 @@ module.exports = function (opts) { |
|
|
|
})) { |
|
|
|
throw new Error("You must pass options.domains as utf8 strings (not punycode)"); |
|
|
|
} |
|
|
|
var key = ensurePem(opts.key); |
|
|
|
|
|
|
|
return createEcCsrPem(opts.domains, key); |
|
|
|
var key = PEM.from(opts.key); |
|
|
|
return DER.toCSR(ECDSACSR.create(key, opts.domains)); |
|
|
|
}); |
|
|
|
}; |
|
|
|