'use strict'; var crypto = require('crypto'); var fs = require('fs'); var pubkey = require('./pubkey.js'); var keyname = process.argv[2]; var dername = process.argv[3]; var keypem = fs.readFileSync(keyname); var csrFull = fs.readFileSync(dername); var csrFull = csrFull.buffer.slice(csrFull.byteOffset, csrFull.byteOffset + csrFull.byteLength); // these are static ASN.1 segments // The head specifies that there will be 3 segments and a content length // (those segments will be content, signature header, and signature) var csrHead = '30 82 {0seq0len}'.replace(/\s+/g, ''); // The tail specifies the RSA256 signature header (and is followed by the signature var csrRsaFoot = ( '30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B' + '05 00' + '03 82 01 01 00' ).replace(/\s+/g, ''); var csrDomains = '82 {dlen} {domain.tld}'; // 2+n bytes (type 82?) /* var csrRsaContent = '30 82 {1.1.0seqlen}' // 7+n 4 bytes, sequence + '02 01 00' // 3 3 bytes, int 0 + '30 {3.2.0seqlen}' // 13+n 2 bytes, sequence + '31 {4.3.0setlen}' // 11+n 2 bytes, set + '30 {5.4.0seqlen}' // 9+n 2 bytes, sequence + '06 03 55 04 03' // 7+n 5 bytes, object id (commonName) + '0C {dlen} {domain.tld}' // 2+n 2+n bytes, utf8string + '30 82 {8.2.2seqlen}' // 19 4 bytes, sequence + '30 0D' // 15 2 bytes, sequence + '06 09 2A 86 48 86 F7 0D 01 01 01' // 13 11 bytes, rsaEncryption (PKCS #1) + '05 00' // 2 2 bytes, null (why?) + '03 82 {12.3.0bslen} 00' // +18+m 5 bytes, bit string [01 0F] + '30 82 {13.4.0seqlen}' // +13+m 4 bytes, sequence + '02 82 {klen} 00 {key}' // +9+m 4+1+n bytes, int (RSA Pub Key) + '02 03 {mod}' // +5 5 bytes, key and modules [01 00 01] + 'A0 {16.2.3ellen}' // 30+n 2 bytes, ?? [4B] + '30 {17.3.9seqlen}' // 28+n 2 bytes, sequence + '06 09 2A 86 48 86 F7 0D 01 09 0E' // 26+n 11 bytes, object id (extensionRequest (PKCS #9 via CRMF)) + '31 {19.5.0setlen}' // 15+n 2 bytes, set + '30 {20.6.0seqlen}' // 13+n 2 bytes, sequence + '30 {21.7.0seqlen}' // 11+n 2 bytes, sequence + '06 03 55 1D 11' // 9+n 5 bytes, object id (subjectAltName (X.509 extension)) + '04 {23.8.0octlen}' // 4+n 2 bytes, octet string + '30 {24.9.0seqlen}' // 2+n 2 bytes, sequence + '{altnames}' // n n bytes ; */ function privateToPub(pem) { var pubbuf; var key = pubkey.parsePem(pem); if ('RSA' !== key.typ) { throw new Error(key.typ + " not supported"); } if (key.pub) { pubbuf = pubkey.readPubkey(key.der); } else { pubbuf = pubkey.readPrivkey(key.der); } //console.log(pubbuf.byteLength, pubkey.toHex(pubbuf)); var der = pubkey.toRsaPub(pubbuf); var b64 = pubkey.toBase64(der); return pubkey.formatAsPublicPem(b64); } function strToHex(str) { return str.split('').map(function (ch) { var h = ch.charCodeAt(0).toString(16); if (2 === h.length) { return h; } return '0' + h; }).join(''); } function pubToPem(pubbuf) { var der = pubkey.toRsaPub(pubbuf); var b64 = pubkey.toBase64(der); return pubkey.formatAsPublicPem(b64); } var sigend = (csrFull.byteLength - (2048 / 8)); var sig = csrFull.slice(sigend); console.log(); console.log(); console.log('csr (' + csrFull.byteLength + ')'); console.log(pubkey.toHex(csrFull)); console.log(); // First 4 bytes define Segment, segment length, and content length console.log(sigend, csrRsaFoot, csrRsaFoot.length/2); var csrbody = csrFull.slice(4, sigend - (csrRsaFoot.length/2)); console.log('csr body (' + csrbody.byteLength + ')'); console.log(pubkey.toHex(csrbody)); console.log(); var csrpub = csrFull.slice(63 + 5, 63 + 5 + 256); console.log('csr pub (' + csrpub.byteLength + ')'); console.log(pubkey.toHex(csrpub)); console.log(); console.log('sig (' + sig.byteLength + ')'); console.log(pubkey.toHex(sig)); console.log(); var csrpem = pubToPem(csrpub); console.log(csrpem); console.log(); var prvpem = privateToPub(keypem); console.log(prvpem); console.log(); if (csrpem === prvpem) { console.log("Public Keys Match"); } else { throw new Error("public key read from keyfile doesn't match public key read from CSR"); } function h(d) { d = d.toString(16); if (d.length % 2) { return '0' + d; } return d; } function fromHex(hex) { if ('undefined' !== typeof Buffer) { return Buffer.from(hex, 'hex'); } var ab = new ArrayBuffer(hex.length/2); var i; var j; ab = new Uint8Array(ab); for (i = 0, j = 0; i < (hex.length/2); i += 1) { ab[i] = parseInt(hex.slice(j, j+1), 16); j += 2; } return ab.buffer; } function createCsrBodyRsa(domains, csrpub) { var altnames = domains.map(function (d) { return csrDomains.replace(/{dlen}/, h(d.length)).replace(/{domain\.tld}/, strToHex(d)); }).join('').replace(/\s+/g, ''); var publen = csrpub.byteLength; var sublen = domains[0].length; var sanlen = (altnames.length/2); var body = [ '30 82 {1.1.0seqlen}' // 4 bytes, sequence .replace(/{[^}]+}/, h( 3 + 13 + sublen + 38 + publen + 30 + sanlen )) // #0 Total 3 , '02 01 00' // 3 bytes, int 0 // #1 Total 2+11+n , '30 {3.2.0seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(2+2+5+2+sublen)) , '31 {4.3.0setlen}' // 2 bytes, set .replace(/{[^}]+}/, h(2+5+2+sublen)) , '30 {5.4.0seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(5+2+sublen)) , '06 03 55 04 03' // 5 bytes, object id (commonName) , '0C {dlen} {domain.tld}' // 2+n bytes, utf8string .replace(/{dlen}/, h(sublen)) .replace(/{domain\.tld}/, strToHex(domains[0])) // #2 Total 4+28+n+1+5 , '30 82 {8.2.2seqlen}' // 4 bytes, sequence .replace(/{[^}]+}/, h(2+11+2+4+1+4+4+publen+1+5)) , '30 0D' // 2 bytes, sequence , '06 09 2A 86 48 86 F7 0D 01 01 01' // 11 bytes, rsaEncryption (PKCS #1) , '05 00' // 2 bytes, null (why?) , '03 82 {12.3.0bslen} 00' // 4+1 bytes, bit string [01 0F] .replace(/{[^}]+}/, h(1+4+4+publen+1+5)) , '30 82 {13.4.0seqlen}' // 4 bytes, sequence .replace(/{[^}]+}/, h(4+publen+1+5)) , '02 82 {klen} 00 {key}' // 4+n bytes, int (RSA Pub Key) .replace(/{klen}/, h(publen+1)) .replace(/{key}/, pubkey.toHex(csrpub)) , '02 03 {mod}' // 5 bytes, key and modules [01 00 01] .replace(/{mod}/, '01 00 01') // #3 Total 2+28+n , 'A0 {16.2.3ellen}' // 2 bytes, ?? [4B] .replace(/{[^}]+}/, h(2+11+2+2+2+5+2+2+sanlen)) , '30 {17.3.9seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(11+2+2+2+5+2+2+sanlen)) , '06 09 2A 86 48 86 F7 0D 01 09 0E' // 11 bytes, object id (extensionRequest (PKCS #9 via CRMF)) , '31 {19.5.0setlen}' // 2 bytes, set .replace(/{[^}]+}/, h(2+2+5+2+2+sanlen)) , '30 {20.6.0seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(2+5+2+2+sanlen)) , '30 {21.7.0seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(5+2+2+sanlen)) , '06 03 55 1D 11' // 5 bytes, object id (subjectAltName (X.509 extension)) , '04 {23.8.0octlen}' // 2 bytes, octet string .replace(/{[^}]+}/, h(2+sanlen)) , '30 {24.9.0seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(sanlen)) , '{altnames}' // n (elements of sequence) .replace(/{altnames}/, altnames) ]; body = body.join('').replace(/\s+/g, ''); return fromHex(body); } function createCsrBodyEc(domains, csrpub) { var altnames = domains.map(function (d) { return csrDomains.replace(/{dlen}/, h(d.length)).replace(/{domain\.tld}/, strToHex(d)); }).join('').replace(/\s+/g, ''); var publen = csrpub.byteLength; var sublen = domains[0].length; var sanlen = (altnames.length/2); var body = [ '30 82 {1.1.0seqlen}' // 4 bytes, sequence .replace(/{[^}]+}/, h( 3 + 13 + sublen + 38 + publen + 30 + sanlen )) // #0 Total 3 , '02 01 00' // 3 bytes, int 0 // #1 Total 2+11+n , '30 {3.2.0seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(2+2+5+2+sublen)) , '31 {4.3.0setlen}' // 2 bytes, set .replace(/{[^}]+}/, h(2+5+2+sublen)) , '30 {5.4.0seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(5+2+sublen)) , '06 03 55 04 03' // 5 bytes, object id (commonName) , '0C {dlen} {domain.tld}' // 2+n bytes, utf8string .replace(/{dlen}/, h(sublen)) .replace(/{domain\.tld}/, strToHex(domains[0])) // #2 Total 4+28+n+1+5 , '30 82 {8.2.2seqlen}' // 4 bytes, sequence .replace(/{[^}]+}/, h(2+11+2+4+1+4+4+publen+1+5)) , '30 0D' // 2 bytes, sequence , '06 09 2A 86 48 86 F7 0D 01 01 01' // 11 bytes, rsaEncryption (PKCS #1) , '05 00' // 2 bytes, null (why?) , '03 82 {12.3.0bslen} 00' // 4+1 bytes, bit string [01 0F] .replace(/{[^}]+}/, h(1+4+4+publen+1+5)) , '30 82 {13.4.0seqlen}' // 4 bytes, sequence .replace(/{[^}]+}/, h(4+publen+1+5)) , '02 82 {klen} 00 {key}' // 4+n bytes, int (RSA Pub Key) .replace(/{klen}/, h(publen+1)) .replace(/{key}/, pubkey.toHex(csrpub)) , '02 03 {mod}' // 5 bytes, key and modules [01 00 01] .replace(/{mod}/, '01 00 01') // #3 Total 2+28+n , 'A0 {16.2.3ellen}' // 2 bytes, ?? [4B] .replace(/{[^}]+}/, h(2+11+2+2+2+5+2+2+sanlen)) , '30 {17.3.9seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(11+2+2+2+5+2+2+sanlen)) , '06 09 2A 86 48 86 F7 0D 01 09 0E' // 11 bytes, object id (extensionRequest (PKCS #9 via CRMF)) , '31 {19.5.0setlen}' // 2 bytes, set .replace(/{[^}]+}/, h(2+2+5+2+2+sanlen)) , '30 {20.6.0seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(2+5+2+2+sanlen)) , '30 {21.7.0seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(5+2+2+sanlen)) , '06 03 55 1D 11' // 5 bytes, object id (subjectAltName (X.509 extension)) , '04 {23.8.0octlen}' // 2 bytes, octet string .replace(/{[^}]+}/, h(2+sanlen)) , '30 {24.9.0seqlen}' // 2 bytes, sequence .replace(/{[^}]+}/, h(sanlen)) , '{altnames}' // n (elements of sequence) .replace(/{altnames}/, altnames) ]; body = body.join('').replace(/\s+/g, ''); return fromHex(body); } function createCsr(domains, keypem) { // TODO get pub from priv var body = createCsrBodyRsa(domains, csrpub); var sign = crypto.createSign('SHA256'); sign.write(new Uint8Array(body)); sign.end(); var sig = sign.sign(keypem); var len = body.byteLength + (csrRsaFoot.length/2) + sig.byteLength; console.log('headlen', h(len)); var head = csrHead.replace(/{[^}]+}/, h(len)); var ab = new Uint8Array(new ArrayBuffer(4 + len)); var i = 0; fromHex(head).forEach(function (b) { ab[i] = b; i += 1; }); body.forEach(function (b) { ab[i] = b; i += 1; }); fromHex(csrRsaFoot).forEach(function (b) { ab[i] = b; i += 1; }); new Uint8Array(sig).forEach(function (b) { ab[i] = b; i += 1; }); var pem = pubkey.formatAsPublicPem(pubkey.toBase64(ab)); return pem; } //var pem = createCsr([ 'example.com', 'www.example.com', 'api.example.com' ], keypem); var pem = createCsr([ 'whatever.net', 'api.whatever.net' ], keypem); console.log('pem:'); console.log(pem); return; function signagain(csrbody) { var longEnough = csrbody.byteLength > 256; if (!longEnough) { return false; } var domains = [ 'example.com', 'www.example.com', 'api.example.com' ]; var body = createCsrBodyRsa(domains); var sign = crypto.createSign('SHA256'); sign.write(new Uint8Array(body)); sign.end(); var sig2 = sign.sign(keypem); var hexsig = pubkey.toHex(sig); var hexsig2 = pubkey.toHex(sig2); console.log('hexsig:'); console.log(hexsig); if (hexsig2 !== hexsig) { throw new Error("sigs didn't match"); } console.log('Winner winner!', csrbody.byteLength); console.log(pubkey.toHex(csrbody)); console.log(); console.log('Test:', body.byteLength); console.log(pubkey.toHex(body)); console.log(); var len = body.byteLength + (csrRsaFoot.length/2) + sig.byteLength; console.log('headlen', h(len)); var head = csrHead.replace(/{[^}]+}/, h(len)); var ab = new Uint8Array(new ArrayBuffer(4 + len)); var i = 0; fromHex(head).forEach(function (b) { ab[i] = b; i += 1; }); body.forEach(function (b) { ab[i] = b; i += 1; }); fromHex(csrRsaFoot).forEach(function (b) { ab[i] = b; i += 1; }); new Uint8Array(sig2).forEach(function (b) { ab[i] = b; i += 1; }); console.log("Whole enchilada:", pubkey.toHex(ab.buffer) === pubkey.toHex(csrFull)); console.log(pubkey.toHex(ab.buffer)); console.log(); // subject + 2-byte altname headers + altnames themselves + public key //var extralen = domains[0].length + (domains.length * 2) + domains.join('').length + csrpub.byteLength; //var foot = csrRsaFoot.replace(/xxxx/g, (csrpub.byteLength + 1)); //var head = csrHead.replace(/xxxx/); return false; } console.log(); console.log("CSR"); console.log(pubkey.toHex(csrFull)); console.log(); console.log(pubkey.toHex(csrbody.slice(0, csrbody.byteLength - sig.byteLength))); console.log(); console.log(); //signagain(csrbody);