2898 lines
89 KiB
JavaScript
2898 lines
89 KiB
JavaScript
// Copyright 2015-2019 AJ ONeal. All rights reserved
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
;(function (exports) {
|
|
|
|
var Enc = exports.Enc = {};
|
|
|
|
Enc.bufToBin = function (buf) {
|
|
var bin = '';
|
|
// cannot use .map() because Uint8Array would return only 0s
|
|
buf.forEach(function (ch) {
|
|
bin += String.fromCharCode(ch);
|
|
});
|
|
return bin;
|
|
};
|
|
|
|
Enc.bufToHex = function toHex(u8) {
|
|
var hex = [];
|
|
var i, h;
|
|
var len = (u8.byteLength || u8.length);
|
|
|
|
for (i = 0; i < len; i += 1) {
|
|
h = u8[i].toString(16);
|
|
if (h.length % 2) { h = '0' + h; }
|
|
hex.push(h);
|
|
}
|
|
|
|
return hex.join('').toLowerCase();
|
|
};
|
|
|
|
Enc.urlBase64ToBase64 = function urlsafeBase64ToBase64(str) {
|
|
var r = str % 4;
|
|
if (2 === r) {
|
|
str += '==';
|
|
} else if (3 === r) {
|
|
str += '=';
|
|
}
|
|
return str.replace(/-/g, '+').replace(/_/g, '/');
|
|
};
|
|
|
|
Enc.base64ToBuf = function (b64) {
|
|
return Enc.binToBuf(atob(b64));
|
|
};
|
|
Enc.binToBuf = function (bin) {
|
|
var arr = bin.split('').map(function (ch) {
|
|
return ch.charCodeAt(0);
|
|
});
|
|
return 'undefined' !== typeof Uint8Array ? new Uint8Array(arr) : arr;
|
|
};
|
|
Enc.bufToHex = function (u8) {
|
|
var hex = [];
|
|
var i, h;
|
|
var len = (u8.byteLength || u8.length);
|
|
|
|
for (i = 0; i < len; i += 1) {
|
|
h = u8[i].toString(16);
|
|
if (h.length % 2) { h = '0' + h; }
|
|
hex.push(h);
|
|
}
|
|
|
|
return hex.join('').toLowerCase();
|
|
};
|
|
Enc.numToHex = function (d) {
|
|
d = d.toString(16);
|
|
if (d.length % 2) {
|
|
return '0' + d;
|
|
}
|
|
return d;
|
|
};
|
|
|
|
Enc.bufToUrlBase64 = function (u8) {
|
|
return Enc.base64ToUrlBase64(Enc.bufToBase64(u8));
|
|
};
|
|
|
|
Enc.base64ToUrlBase64 = function (str) {
|
|
return str.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
|
|
};
|
|
|
|
Enc.bufToBase64 = function (u8) {
|
|
var bin = '';
|
|
u8.forEach(function (i) {
|
|
bin += String.fromCharCode(i);
|
|
});
|
|
return btoa(bin);
|
|
};
|
|
|
|
Enc.hexToBuf = function (hex) {
|
|
var arr = [];
|
|
hex.match(/.{2}/g).forEach(function (h) {
|
|
arr.push(parseInt(h, 16));
|
|
});
|
|
return 'undefined' !== typeof Uint8Array ? new Uint8Array(arr) : arr;
|
|
};
|
|
|
|
Enc.numToHex = function (d) {
|
|
d = d.toString(16);
|
|
if (d.length % 2) {
|
|
return '0' + d;
|
|
}
|
|
return d;
|
|
};
|
|
|
|
|
|
//
|
|
// JWK to SSH (tested working)
|
|
//
|
|
Enc.base64ToHex = function (b64) {
|
|
var bin = atob(Enc.urlBase64ToBase64(b64));
|
|
return Enc.binToHex(bin);
|
|
};
|
|
|
|
Enc.binToHex = function (bin) {
|
|
return bin.split('').map(function (ch) {
|
|
var h = ch.charCodeAt(0).toString(16);
|
|
if (h.length % 2) { h = '0' + h; }
|
|
return h;
|
|
}).join('');
|
|
};
|
|
// TODO are there any nuance differences here?
|
|
Enc.utf8ToHex = Enc.binToHex;
|
|
|
|
Enc.hexToBase64 = function (hex) {
|
|
return btoa(Enc.hexToBin(hex));
|
|
};
|
|
|
|
Enc.hexToBin = function (hex) {
|
|
return hex.match(/.{2}/g).map(function (h) {
|
|
return String.fromCharCode(parseInt(h, 16));
|
|
}).join('');
|
|
};
|
|
|
|
Enc.urlBase64ToBase64 = function urlsafeBase64ToBase64(str) {
|
|
var r = str % 4;
|
|
if (2 === r) {
|
|
str += '==';
|
|
} else if (3 === r) {
|
|
str += '=';
|
|
}
|
|
return str.replace(/-/g, '+').replace(/_/g, '/');
|
|
};
|
|
|
|
|
|
}('undefined' !== typeof exports ? module.exports : window ));
|
|
;(function (exports) {
|
|
'use strict';
|
|
|
|
if (!exports.ASN1) { exports.ASN1 = {}; }
|
|
if (!exports.Enc) { exports.Enc = {}; }
|
|
if (!exports.PEM) { exports.PEM = {}; }
|
|
|
|
var ASN1 = exports.ASN1;
|
|
var Enc = exports.Enc;
|
|
var PEM = exports.PEM;
|
|
|
|
//
|
|
// Packer
|
|
//
|
|
|
|
// Almost every ASN.1 type that's important for CSR
|
|
// can be represented generically with only a few rules.
|
|
exports.ASN1 = function ASN1(/*type, hexstrings...*/) {
|
|
var args = Array.prototype.slice.call(arguments);
|
|
var typ = args.shift();
|
|
var str = args.join('').replace(/\s+/g, '').toLowerCase();
|
|
var len = (str.length/2);
|
|
var lenlen = 0;
|
|
var hex = typ;
|
|
|
|
// We can't have an odd number of hex chars
|
|
if (len !== Math.round(len)) {
|
|
throw new Error("invalid hex");
|
|
}
|
|
|
|
// The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc)
|
|
// The second byte is either the size of the value, or the size of its size
|
|
|
|
// 1. If the second byte is < 0x80 (128) it is considered the size
|
|
// 2. If it is > 0x80 then it describes the number of bytes of the size
|
|
// ex: 0x82 means the next 2 bytes describe the size of the value
|
|
// 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file)
|
|
|
|
if (len > 127) {
|
|
lenlen += 1;
|
|
while (len > 255) {
|
|
lenlen += 1;
|
|
len = len >> 8;
|
|
}
|
|
}
|
|
|
|
if (lenlen) { hex += Enc.numToHex(0x80 + lenlen); }
|
|
return hex + Enc.numToHex(str.length/2) + str;
|
|
};
|
|
|
|
// The Integer type has some special rules
|
|
ASN1.UInt = function UINT() {
|
|
var str = Array.prototype.slice.call(arguments).join('');
|
|
var first = parseInt(str.slice(0, 2), 16);
|
|
|
|
// If the first byte is 0x80 or greater, the number is considered negative
|
|
// Therefore we add a '00' prefix if the 0x80 bit is set
|
|
if (0x80 & first) { str = '00' + str; }
|
|
|
|
return ASN1('02', str);
|
|
};
|
|
|
|
// The Bit String type also has a special rule
|
|
ASN1.BitStr = function BITSTR() {
|
|
var str = Array.prototype.slice.call(arguments).join('');
|
|
// '00' is a mask of how many bits of the next byte to ignore
|
|
return ASN1('03', '00' + str);
|
|
};
|
|
|
|
ASN1.pack = function (arr) {
|
|
var typ = Enc.numToHex(arr[0]);
|
|
var str = '';
|
|
if (Array.isArray(arr[1])) {
|
|
arr[1].forEach(function (a) {
|
|
str += ASN1.pack(a);
|
|
});
|
|
} else if ('string' === typeof arr[1]) {
|
|
str = arr[1];
|
|
} else {
|
|
throw new Error("unexpected array");
|
|
}
|
|
if ('03' === typ) {
|
|
return ASN1.BitStr(str);
|
|
} else if ('02' === typ) {
|
|
return ASN1.UInt(str);
|
|
} else {
|
|
return ASN1(typ, str);
|
|
}
|
|
};
|
|
Object.keys(ASN1).forEach(function (k) {
|
|
exports.ASN1[k] = ASN1[k];
|
|
});
|
|
ASN1 = exports.ASN1;
|
|
|
|
PEM.packBlock = function (opts) {
|
|
// TODO allow for headers?
|
|
return '-----BEGIN ' + opts.type + '-----\n'
|
|
+ Enc.bufToBase64(opts.bytes).match(/.{1,64}/g).join('\n') + '\n'
|
|
+ '-----END ' + opts.type + '-----'
|
|
;
|
|
};
|
|
|
|
Enc.bufToBase64 = function (u8) {
|
|
var bin = '';
|
|
u8.forEach(function (i) {
|
|
bin += String.fromCharCode(i);
|
|
});
|
|
return btoa(bin);
|
|
};
|
|
|
|
Enc.hexToBuf = function (hex) {
|
|
var arr = [];
|
|
hex.match(/.{2}/g).forEach(function (h) {
|
|
arr.push(parseInt(h, 16));
|
|
});
|
|
return 'undefined' !== typeof Uint8Array ? new Uint8Array(arr) : arr;
|
|
};
|
|
|
|
Enc.numToHex = function (d) {
|
|
d = d.toString(16);
|
|
if (d.length % 2) {
|
|
return '0' + d;
|
|
}
|
|
return d;
|
|
};
|
|
|
|
}('undefined' !== typeof window ? window : module.exports));
|
|
(function (exports) {
|
|
'use strict';
|
|
|
|
var x509 = exports.x509 = {};
|
|
var ASN1 = exports.ASN1;
|
|
var Enc = exports.Enc;
|
|
|
|
// 1.2.840.10045.3.1.7
|
|
// prime256v1 (ANSI X9.62 named elliptic curve)
|
|
var OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase();
|
|
// 1.3.132.0.34
|
|
// secp384r1 (SECG (Certicom) named elliptic curve)
|
|
var OBJ_ID_EC_384 = '06 05 2B81040022'.replace(/\s+/g, '').toLowerCase();
|
|
// 1.2.840.10045.2.1
|
|
// ecPublicKey (ANSI X9.62 public key type)
|
|
var OBJ_ID_EC_PUB = '06 07 2A8648CE3D0201'.replace(/\s+/g, '').toLowerCase();
|
|
|
|
x509.parseSec1 = function parseEcOnlyPrivkey(u8, jwk) {
|
|
var index = 7;
|
|
var len = 32;
|
|
var olen = OBJ_ID_EC.length / 2;
|
|
|
|
if ("P-384" === jwk.crv) {
|
|
olen = OBJ_ID_EC_384.length / 2;
|
|
index = 8;
|
|
len = 48;
|
|
}
|
|
if (len !== u8[index - 1]) {
|
|
throw new Error("Unexpected bitlength " + len);
|
|
}
|
|
|
|
// private part is d
|
|
var d = u8.slice(index, index + len);
|
|
// compression bit index
|
|
var ci = index + len + 2 + olen + 2 + 3;
|
|
var c = u8[ci];
|
|
var x, y;
|
|
|
|
if (0x04 === c) {
|
|
y = u8.slice(ci + 1 + len, ci + 1 + len + len);
|
|
} else if (0x02 !== c) {
|
|
throw new Error("not a supported EC private key");
|
|
}
|
|
x = u8.slice(ci + 1, ci + 1 + len);
|
|
|
|
return {
|
|
kty: jwk.kty
|
|
, crv: jwk.crv
|
|
, d: Enc.bufToUrlBase64(d)
|
|
//, dh: Enc.bufToHex(d)
|
|
, x: Enc.bufToUrlBase64(x)
|
|
//, xh: Enc.bufToHex(x)
|
|
, y: Enc.bufToUrlBase64(y)
|
|
//, yh: Enc.bufToHex(y)
|
|
};
|
|
};
|
|
|
|
x509.packPkcs1 = function (jwk) {
|
|
var n = ASN1.UInt(Enc.base64ToHex(jwk.n));
|
|
var e = ASN1.UInt(Enc.base64ToHex(jwk.e));
|
|
|
|
if (!jwk.d) {
|
|
return Enc.hexToBuf(ASN1('30', n, e));
|
|
}
|
|
|
|
return Enc.hexToBuf(ASN1('30'
|
|
, ASN1.UInt('00')
|
|
, n
|
|
, e
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.d))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.p))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.q))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.dp))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.dq))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.qi))
|
|
));
|
|
};
|
|
|
|
x509.parsePkcs8 = function parseEcPkcs8(u8, jwk) {
|
|
var index = 24 + (OBJ_ID_EC.length / 2);
|
|
var len = 32;
|
|
if ("P-384" === jwk.crv) {
|
|
index = 24 + (OBJ_ID_EC_384.length / 2) + 2;
|
|
len = 48;
|
|
}
|
|
|
|
//console.log(index, u8.slice(index));
|
|
if (0x04 !== u8[index]) {
|
|
//console.log(jwk);
|
|
throw new Error("privkey not found");
|
|
}
|
|
var d = u8.slice(index + 2, index + 2 + len);
|
|
var ci = index + 2 + len + 5;
|
|
var xi = ci + 1;
|
|
var x = u8.slice(xi, xi + len);
|
|
var yi = xi + len;
|
|
var y;
|
|
if (0x04 === u8[ci]) {
|
|
y = u8.slice(yi, yi + len);
|
|
} else if (0x02 !== u8[ci]) {
|
|
throw new Error("invalid compression bit (expected 0x04 or 0x02)");
|
|
}
|
|
|
|
return {
|
|
kty: jwk.kty
|
|
, crv: jwk.crv
|
|
, d: Enc.bufToUrlBase64(d)
|
|
//, dh: Enc.bufToHex(d)
|
|
, x: Enc.bufToUrlBase64(x)
|
|
//, xh: Enc.bufToHex(x)
|
|
, y: Enc.bufToUrlBase64(y)
|
|
//, yh: Enc.bufToHex(y)
|
|
};
|
|
};
|
|
|
|
x509.parseSpki = function parsePem(u8, jwk) {
|
|
var ci = 16 + OBJ_ID_EC.length / 2;
|
|
var len = 32;
|
|
|
|
if ("P-384" === jwk.crv) {
|
|
ci = 16 + OBJ_ID_EC_384.length / 2;
|
|
len = 48;
|
|
}
|
|
|
|
var c = u8[ci];
|
|
var xi = ci + 1;
|
|
var x = u8.slice(xi, xi + len);
|
|
var yi = xi + len;
|
|
var y;
|
|
if (0x04 === c) {
|
|
y = u8.slice(yi, yi + len);
|
|
} else if (0x02 !== c) {
|
|
throw new Error("not a supported EC private key");
|
|
}
|
|
|
|
return {
|
|
kty: jwk.kty
|
|
, crv: jwk.crv
|
|
, x: Enc.bufToUrlBase64(x)
|
|
//, xh: Enc.bufToHex(x)
|
|
, y: Enc.bufToUrlBase64(y)
|
|
//, yh: Enc.bufToHex(y)
|
|
};
|
|
};
|
|
x509.parsePkix = x509.parseSpki;
|
|
|
|
x509.packSec1 = function (jwk) {
|
|
var d = Enc.base64ToHex(jwk.d);
|
|
var x = Enc.base64ToHex(jwk.x);
|
|
var y = Enc.base64ToHex(jwk.y);
|
|
var objId = ('P-256' === jwk.crv) ? OBJ_ID_EC : OBJ_ID_EC_384;
|
|
return Enc.hexToBuf(
|
|
ASN1('30'
|
|
, ASN1.UInt('01')
|
|
, ASN1('04', d)
|
|
, ASN1('A0', objId)
|
|
, ASN1('A1', ASN1.BitStr('04' + x + y)))
|
|
);
|
|
};
|
|
/**
|
|
* take a private jwk and creates a der from it
|
|
* @param {*} jwk
|
|
*/
|
|
x509.packPkcs8 = function (jwk) {
|
|
if ('RSA' === jwk.kty) {
|
|
if (!jwk.d) {
|
|
// Public RSA
|
|
return Enc.hexToBuf(ASN1('30'
|
|
, ASN1('30'
|
|
, ASN1('06', '2a864886f70d010101')
|
|
, ASN1('05')
|
|
)
|
|
, ASN1.BitStr(ASN1('30'
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.n))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.e))
|
|
))
|
|
));
|
|
}
|
|
|
|
// Private RSA
|
|
return Enc.hexToBuf(ASN1('30'
|
|
, ASN1.UInt('00')
|
|
, ASN1('30'
|
|
, ASN1('06', '2a864886f70d010101')
|
|
, ASN1('05')
|
|
)
|
|
, ASN1('04'
|
|
, ASN1('30'
|
|
, ASN1.UInt('00')
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.n))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.e))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.d))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.p))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.q))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.dp))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.dq))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.qi))
|
|
)
|
|
)
|
|
));
|
|
}
|
|
|
|
var d = Enc.base64ToHex(jwk.d);
|
|
var x = Enc.base64ToHex(jwk.x);
|
|
var y = Enc.base64ToHex(jwk.y);
|
|
var objId = ('P-256' === jwk.crv) ? OBJ_ID_EC : OBJ_ID_EC_384;
|
|
return Enc.hexToBuf(
|
|
ASN1('30'
|
|
, ASN1.UInt('00')
|
|
, ASN1('30'
|
|
, OBJ_ID_EC_PUB
|
|
, objId
|
|
)
|
|
, ASN1('04'
|
|
, ASN1('30'
|
|
, ASN1.UInt('01')
|
|
, ASN1('04', d)
|
|
, ASN1('A1', ASN1.BitStr('04' + x + y)))))
|
|
);
|
|
};
|
|
x509.packSpki = function (jwk) {
|
|
if (/EC/i.test(jwk.kty)) {
|
|
return x509.packSpkiEc(jwk);
|
|
}
|
|
return x509.packSpkiRsa(jwk);
|
|
};
|
|
x509.packSpkiRsa = function (jwk) {
|
|
if (!jwk.d) {
|
|
// Public RSA
|
|
return Enc.hexToBuf(ASN1('30'
|
|
, ASN1('30'
|
|
, ASN1('06', '2a864886f70d010101')
|
|
, ASN1('05')
|
|
)
|
|
, ASN1.BitStr(ASN1('30'
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.n))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.e))
|
|
))
|
|
));
|
|
}
|
|
|
|
// Private RSA
|
|
return Enc.hexToBuf(ASN1('30'
|
|
, ASN1.UInt('00')
|
|
, ASN1('30'
|
|
, ASN1('06', '2a864886f70d010101')
|
|
, ASN1('05')
|
|
)
|
|
, ASN1('04'
|
|
, ASN1('30'
|
|
, ASN1.UInt('00')
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.n))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.e))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.d))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.p))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.q))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.dp))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.dq))
|
|
, ASN1.UInt(Enc.base64ToHex(jwk.qi))
|
|
)
|
|
)
|
|
));
|
|
};
|
|
x509.packSpkiEc = function (jwk) {
|
|
var x = Enc.base64ToHex(jwk.x);
|
|
var y = Enc.base64ToHex(jwk.y);
|
|
var objId = ('P-256' === jwk.crv) ? OBJ_ID_EC : OBJ_ID_EC_384;
|
|
return Enc.hexToBuf(
|
|
ASN1('30'
|
|
, ASN1('30'
|
|
, OBJ_ID_EC_PUB
|
|
, objId
|
|
)
|
|
, ASN1.BitStr('04' + x + y))
|
|
);
|
|
};
|
|
x509.packPkix = x509.packSpki;
|
|
|
|
}('undefined' !== typeof module ? module.exports : window));
|
|
/*global Promise*/
|
|
(function (exports) {
|
|
'use strict';
|
|
|
|
var EC = exports.Eckles = {};
|
|
var x509 = exports.x509;
|
|
if ('undefined' !== typeof module) { module.exports = EC; }
|
|
var PEM = exports.PEM;
|
|
var SSH = exports.SSH;
|
|
var Enc = {};
|
|
var textEncoder = new TextEncoder();
|
|
|
|
EC._stance = "We take the stance that if you're knowledgeable enough to"
|
|
+ " properly and securely use non-standard crypto then you shouldn't need Bluecrypt anyway.";
|
|
EC._universal = "Bluecrypt only supports crypto with standard cross-browser and cross-platform support.";
|
|
EC.generate = function (opts) {
|
|
var wcOpts = {};
|
|
if (!opts) { opts = {}; }
|
|
if (!opts.kty) { opts.kty = 'EC'; }
|
|
|
|
// ECDSA has only the P curves and an associated bitlength
|
|
wcOpts.name = 'ECDSA';
|
|
if (!opts.namedCurve) {
|
|
opts.namedCurve = 'P-256';
|
|
}
|
|
wcOpts.namedCurve = opts.namedCurve; // true for supported curves
|
|
if (/256/.test(wcOpts.namedCurve)) {
|
|
wcOpts.namedCurve = 'P-256';
|
|
wcOpts.hash = { name: "SHA-256" };
|
|
} else if (/384/.test(wcOpts.namedCurve)) {
|
|
wcOpts.namedCurve = 'P-384';
|
|
wcOpts.hash = { name: "SHA-384" };
|
|
} else {
|
|
return Promise.Reject(new Error("'" + wcOpts.namedCurve + "' is not an NIST approved ECDSA namedCurve. "
|
|
+ " Please choose either 'P-256' or 'P-384'. "
|
|
+ EC._stance));
|
|
}
|
|
|
|
var extractable = true;
|
|
return window.crypto.subtle.generateKey(
|
|
wcOpts
|
|
, extractable
|
|
, [ 'sign', 'verify' ]
|
|
).then(function (result) {
|
|
return window.crypto.subtle.exportKey(
|
|
"jwk"
|
|
, result.privateKey
|
|
).then(function (privJwk) {
|
|
privJwk.key_ops = undefined;
|
|
privJwk.ext = undefined;
|
|
return {
|
|
private: privJwk
|
|
, public: EC.neuter({ jwk: privJwk })
|
|
};
|
|
});
|
|
});
|
|
};
|
|
|
|
EC.export = function (opts) {
|
|
return Promise.resolve().then(function () {
|
|
if (!opts || !opts.jwk || 'object' !== typeof opts.jwk) {
|
|
throw new Error("must pass { jwk: jwk } as a JSON object");
|
|
}
|
|
var jwk = JSON.parse(JSON.stringify(opts.jwk));
|
|
var format = opts.format;
|
|
if (opts.public || -1 !== [ 'spki', 'pkix', 'ssh', 'rfc4716' ].indexOf(format)) {
|
|
jwk.d = null;
|
|
}
|
|
if ('EC' !== jwk.kty) {
|
|
throw new Error("options.jwk.kty must be 'EC' for EC keys");
|
|
}
|
|
if (!jwk.d) {
|
|
if (!format || -1 !== [ 'spki', 'pkix' ].indexOf(format)) {
|
|
format = 'spki';
|
|
} else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) {
|
|
format = 'ssh';
|
|
} else {
|
|
throw new Error("options.format must be 'spki' or 'ssh' for public EC keys, not ("
|
|
+ typeof format + ") " + format);
|
|
}
|
|
} else {
|
|
if (!format || 'sec1' === format) {
|
|
format = 'sec1';
|
|
} else if ('pkcs8' !== format) {
|
|
throw new Error("options.format must be 'sec1' or 'pkcs8' for private EC keys, not '" + format + "'");
|
|
}
|
|
}
|
|
if (-1 === [ 'P-256', 'P-384' ].indexOf(jwk.crv)) {
|
|
throw new Error("options.jwk.crv must be either P-256 or P-384 for EC keys, not '" + jwk.crv + "'");
|
|
}
|
|
if (!jwk.y) {
|
|
throw new Error("options.jwk.y must be a urlsafe base64-encoded either P-256 or P-384");
|
|
}
|
|
|
|
if ('sec1' === format) {
|
|
return PEM.packBlock({ type: "EC PRIVATE KEY", bytes: x509.packSec1(jwk) });
|
|
} else if ('pkcs8' === format) {
|
|
return PEM.packBlock({ type: "PRIVATE KEY", bytes: x509.packPkcs8(jwk) });
|
|
} else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) {
|
|
return PEM.packBlock({ type: "PUBLIC KEY", bytes: x509.packSpki(jwk) });
|
|
} else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) {
|
|
return SSH.packSsh(jwk);
|
|
} else {
|
|
throw new Error("Sanity Error: reached unreachable code block with format: " + format);
|
|
}
|
|
});
|
|
};
|
|
EC.pack = function (opts) {
|
|
return Promise.resolve().then(function () {
|
|
return EC.exportSync(opts);
|
|
});
|
|
};
|
|
|
|
// Chopping off the private parts is now part of the public API.
|
|
// I thought it sounded a little too crude at first, but it really is the best name in every possible way.
|
|
EC.neuter = function (opts) {
|
|
// trying to find the best balance of an immutable copy with custom attributes
|
|
var jwk = {};
|
|
Object.keys(opts.jwk).forEach(function (k) {
|
|
if ('undefined' === typeof opts.jwk[k]) { return; }
|
|
// ignore EC private parts
|
|
if ('d' === k) { return; }
|
|
jwk[k] = JSON.parse(JSON.stringify(opts.jwk[k]));
|
|
});
|
|
return jwk;
|
|
};
|
|
|
|
// https://stackoverflow.com/questions/42588786/how-to-fingerprint-a-jwk
|
|
EC.__thumbprint = function (jwk) {
|
|
// Use the same entropy for SHA as for key
|
|
var alg = 'SHA-256';
|
|
if (/384/.test(jwk.crv)) {
|
|
alg = 'SHA-384';
|
|
}
|
|
return window.crypto.subtle.digest(
|
|
{ name: alg }
|
|
, textEncoder.encode('{"crv":"' + jwk.crv + '","kty":"EC","x":"' + jwk.x + '","y":"' + jwk.y + '"}')
|
|
).then(function (hash) {
|
|
return Enc.bufToUrlBase64(new Uint8Array(hash));
|
|
});
|
|
};
|
|
|
|
EC.thumbprint = function (opts) {
|
|
return Promise.resolve().then(function () {
|
|
var jwk;
|
|
if ('EC' === opts.kty) {
|
|
jwk = opts;
|
|
} else if (opts.jwk) {
|
|
jwk = opts.jwk;
|
|
} else {
|
|
return EC.import(opts).then(function (jwk) {
|
|
return EC.__thumbprint(jwk);
|
|
});
|
|
}
|
|
return EC.__thumbprint(jwk);
|
|
});
|
|
};
|
|
|
|
Enc.bufToUrlBase64 = function (u8) {
|
|
return Enc.bufToBase64(u8)
|
|
.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
|
|
};
|
|
|
|
Enc.bufToBase64 = function (u8) {
|
|
var bin = '';
|
|
u8.forEach(function (i) {
|
|
bin += String.fromCharCode(i);
|
|
});
|
|
return btoa(bin);
|
|
};
|
|
|
|
}('undefined' !== typeof module ? module.exports : window));
|
|
/*global Promise*/
|
|
(function (exports) {
|
|
'use strict';
|
|
|
|
var RSA = exports.Rasha = {};
|
|
var x509 = exports.x509;
|
|
if ('undefined' !== typeof module) { module.exports = RSA; }
|
|
var PEM = exports.PEM;
|
|
var SSH = exports.SSH;
|
|
var Enc = {};
|
|
var textEncoder = new TextEncoder();
|
|
|
|
RSA._stance = "We take the stance that if you're knowledgeable enough to"
|
|
+ " properly and securely use non-standard crypto then you shouldn't need Bluecrypt anyway.";
|
|
RSA._universal = "Bluecrypt only supports crypto with standard cross-browser and cross-platform support.";
|
|
RSA.generate = function (opts) {
|
|
var wcOpts = {};
|
|
if (!opts) { opts = {}; }
|
|
if (!opts.kty) { opts.kty = 'RSA'; }
|
|
|
|
// Support PSS? I don't think it's used for Let's Encrypt
|
|
wcOpts.name = 'RSASSA-PKCS1-v1_5';
|
|
if (!opts.modulusLength) {
|
|
opts.modulusLength = 2048;
|
|
}
|
|
wcOpts.modulusLength = opts.modulusLength;
|
|
if (wcOpts.modulusLength >= 2048 && wcOpts.modulusLength < 3072) {
|
|
// erring on the small side... for no good reason
|
|
wcOpts.hash = { name: "SHA-256" };
|
|
} else if (wcOpts.modulusLength >= 3072 && wcOpts.modulusLength < 4096) {
|
|
wcOpts.hash = { name: "SHA-384" };
|
|
} else if (wcOpts.modulusLength < 4097) {
|
|
wcOpts.hash = { name: "SHA-512" };
|
|
} else {
|
|
// Public key thumbprints should be paired with a hash of similar length,
|
|
// so anything above SHA-512's keyspace would be left under-represented anyway.
|
|
return Promise.Reject(new Error("'" + wcOpts.modulusLength + "' is not within the safe and universally"
|
|
+ " acceptable range of 2048-4096. Typically you should pick 2048, 3072, or 4096, though other values"
|
|
+ " divisible by 8 are allowed. " + RSA._stance));
|
|
}
|
|
// TODO maybe allow this to be set to any of the standard values?
|
|
wcOpts.publicExponent = new Uint8Array([0x01, 0x00, 0x01]);
|
|
|
|
var extractable = true;
|
|
return window.crypto.subtle.generateKey(
|
|
wcOpts
|
|
, extractable
|
|
, [ 'sign', 'verify' ]
|
|
).then(function (result) {
|
|
return window.crypto.subtle.exportKey(
|
|
"jwk"
|
|
, result.privateKey
|
|
).then(function (privJwk) {
|
|
return {
|
|
private: privJwk
|
|
, public: RSA.neuter({ jwk: privJwk })
|
|
};
|
|
});
|
|
});
|
|
};
|
|
|
|
// Chopping off the private parts is now part of the public API.
|
|
// I thought it sounded a little too crude at first, but it really is the best name in every possible way.
|
|
RSA.neuter = function (opts) {
|
|
// trying to find the best balance of an immutable copy with custom attributes
|
|
var jwk = {};
|
|
Object.keys(opts.jwk).forEach(function (k) {
|
|
if ('undefined' === typeof opts.jwk[k]) { return; }
|
|
// ignore RSA private parts
|
|
if (-1 !== ['d', 'p', 'q', 'dp', 'dq', 'qi'].indexOf(k)) { return; }
|
|
jwk[k] = JSON.parse(JSON.stringify(opts.jwk[k]));
|
|
});
|
|
return jwk;
|
|
};
|
|
|
|
// https://stackoverflow.com/questions/42588786/how-to-fingerprint-a-jwk
|
|
RSA.__thumbprint = function (jwk) {
|
|
// Use the same entropy for SHA as for key
|
|
var len = Math.floor(jwk.n.length * 0.75);
|
|
var alg = 'SHA-256';
|
|
// TODO this may be a bug
|
|
// need to confirm that the padding is no more or less than 1 byte
|
|
if (len >= 511) {
|
|
alg = 'SHA-512';
|
|
} else if (len >= 383) {
|
|
alg = 'SHA-384';
|
|
}
|
|
return window.crypto.subtle.digest(
|
|
{ name: alg }
|
|
, textEncoder.encode('{"e":"' + jwk.e + '","kty":"RSA","n":"' + jwk.n + '"}')
|
|
).then(function (hash) {
|
|
return Enc.bufToUrlBase64(new Uint8Array(hash));
|
|
});
|
|
};
|
|
|
|
RSA.thumbprint = function (opts) {
|
|
return Promise.resolve().then(function () {
|
|
var jwk;
|
|
if ('EC' === opts.kty) {
|
|
jwk = opts;
|
|
} else if (opts.jwk) {
|
|
jwk = opts.jwk;
|
|
} else {
|
|
return RSA.import(opts).then(function (jwk) {
|
|
return RSA.__thumbprint(jwk);
|
|
});
|
|
}
|
|
return RSA.__thumbprint(jwk);
|
|
});
|
|
};
|
|
|
|
RSA.export = function (opts) {
|
|
return Promise.resolve().then(function () {
|
|
if (!opts || !opts.jwk || 'object' !== typeof opts.jwk) {
|
|
throw new Error("must pass { jwk: jwk }");
|
|
}
|
|
var jwk = JSON.parse(JSON.stringify(opts.jwk));
|
|
var format = opts.format;
|
|
var pub = opts.public;
|
|
if (pub || -1 !== [ 'spki', 'pkix', 'ssh', 'rfc4716' ].indexOf(format)) {
|
|
jwk = RSA.neuter({ jwk: jwk });
|
|
}
|
|
if ('RSA' !== jwk.kty) {
|
|
throw new Error("options.jwk.kty must be 'RSA' for RSA keys");
|
|
}
|
|
if (!jwk.p) {
|
|
// TODO test for n and e
|
|
pub = true;
|
|
if (!format || 'pkcs1' === format) {
|
|
format = 'pkcs1';
|
|
} else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) {
|
|
format = 'spki';
|
|
} else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) {
|
|
format = 'ssh';
|
|
} else {
|
|
throw new Error("options.format must be 'spki', 'pkcs1', or 'ssh' for public RSA keys, not ("
|
|
+ typeof format + ") " + format);
|
|
}
|
|
} else {
|
|
// TODO test for all necessary keys (d, p, q ...)
|
|
if (!format || 'pkcs1' === format) {
|
|
format = 'pkcs1';
|
|
} else if ('pkcs8' !== format) {
|
|
throw new Error("options.format must be 'pkcs1' or 'pkcs8' for private RSA keys");
|
|
}
|
|
}
|
|
|
|
if ('pkcs1' === format) {
|
|
if (jwk.d) {
|
|
return PEM.packBlock({ type: "RSA PRIVATE KEY", bytes: x509.packPkcs1(jwk) });
|
|
} else {
|
|
return PEM.packBlock({ type: "RSA PUBLIC KEY", bytes: x509.packPkcs1(jwk) });
|
|
}
|
|
} else if ('pkcs8' === format) {
|
|
return PEM.packBlock({ type: "PRIVATE KEY", bytes: x509.packPkcs8(jwk) });
|
|
} else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) {
|
|
return PEM.packBlock({ type: "PUBLIC KEY", bytes: x509.packSpki(jwk) });
|
|
} else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) {
|
|
return SSH.pack({ jwk: jwk, comment: opts.comment });
|
|
} else {
|
|
throw new Error("Sanity Error: reached unreachable code block with format: " + format);
|
|
}
|
|
});
|
|
};
|
|
RSA.pack = function (opts) {
|
|
// wrapped in a promise for API compatibility
|
|
// with the forthcoming browser version
|
|
// (and potential future native node capability)
|
|
return Promise.resolve().then(function () {
|
|
return RSA.export(opts);
|
|
});
|
|
};
|
|
|
|
Enc.bufToUrlBase64 = function (u8) {
|
|
return Enc.bufToBase64(u8)
|
|
.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
|
|
};
|
|
|
|
Enc.bufToBase64 = function (u8) {
|
|
var bin = '';
|
|
u8.forEach(function (i) {
|
|
bin += String.fromCharCode(i);
|
|
});
|
|
return btoa(bin);
|
|
};
|
|
|
|
}('undefined' !== typeof module ? module.exports : window));
|
|
/*global Promise*/
|
|
(function (exports) {
|
|
'use strict';
|
|
|
|
var Keypairs = exports.Keypairs = {};
|
|
var Rasha = exports.Rasha;
|
|
var Eckles = exports.Eckles;
|
|
var Enc = exports.Enc || {};
|
|
|
|
Keypairs._stance = "We take the stance that if you're knowledgeable enough to"
|
|
+ " properly and securely use non-standard crypto then you shouldn't need Bluecrypt anyway.";
|
|
Keypairs._universal = "Bluecrypt only supports crypto with standard cross-browser and cross-platform support.";
|
|
Keypairs.generate = function (opts) {
|
|
opts = opts || {};
|
|
var p;
|
|
if (!opts.kty) { opts.kty = opts.type; }
|
|
if (!opts.kty) { opts.kty = 'EC'; }
|
|
if (/^EC/i.test(opts.kty)) {
|
|
p = Eckles.generate(opts);
|
|
} else if (/^RSA$/i.test(opts.kty)) {
|
|
p = Rasha.generate(opts);
|
|
} else {
|
|
return Promise.Reject(new Error("'" + opts.kty + "' is not a well-supported key type."
|
|
+ Keypairs._universal
|
|
+ " Please choose 'EC', or 'RSA' if you have good reason to."));
|
|
}
|
|
return p.then(function (pair) {
|
|
return Keypairs.thumbprint({ jwk: pair.public }).then(function (thumb) {
|
|
pair.private.kid = thumb; // maybe not the same id on the private key?
|
|
pair.public.kid = thumb;
|
|
return pair;
|
|
});
|
|
});
|
|
};
|
|
|
|
Keypairs.export = function (opts) {
|
|
return Eckles.export(opts).catch(function (err) {
|
|
return Rasha.export(opts).catch(function () {
|
|
return Promise.reject(err);
|
|
});
|
|
});
|
|
};
|
|
|
|
|
|
/**
|
|
* Chopping off the private parts is now part of the public API.
|
|
* I thought it sounded a little too crude at first, but it really is the best name in every possible way.
|
|
*/
|
|
Keypairs.neuter = function (opts) {
|
|
/** trying to find the best balance of an immutable copy with custom attributes */
|
|
var jwk = {};
|
|
Object.keys(opts.jwk).forEach(function (k) {
|
|
if ('undefined' === typeof opts.jwk[k]) { return; }
|
|
// ignore RSA and EC private parts
|
|
if (-1 !== ['d', 'p', 'q', 'dp', 'dq', 'qi'].indexOf(k)) { return; }
|
|
jwk[k] = JSON.parse(JSON.stringify(opts.jwk[k]));
|
|
});
|
|
return jwk;
|
|
};
|
|
|
|
Keypairs.thumbprint = function (opts) {
|
|
return Promise.resolve().then(function () {
|
|
if (/EC/i.test(opts.jwk.kty)) {
|
|
return Eckles.thumbprint(opts);
|
|
} else {
|
|
return Rasha.thumbprint(opts);
|
|
}
|
|
});
|
|
};
|
|
|
|
Keypairs.publish = function (opts) {
|
|
if ('object' !== typeof opts.jwk || !opts.jwk.kty) { throw new Error("invalid jwk: " + JSON.stringify(opts.jwk)); }
|
|
|
|
/** returns a copy */
|
|
var jwk = Keypairs.neuter(opts);
|
|
|
|
if (jwk.exp) {
|
|
jwk.exp = setTime(jwk.exp);
|
|
} else {
|
|
if (opts.exp) { jwk.exp = setTime(opts.exp); }
|
|
else if (opts.expiresIn) { jwk.exp = Math.round(Date.now()/1000) + opts.expiresIn; }
|
|
else if (opts.expiresAt) { jwk.exp = opts.expiresAt; }
|
|
}
|
|
if (!jwk.use && false !== jwk.use) { jwk.use = "sig"; }
|
|
|
|
if (jwk.kid) { return Promise.resolve(jwk); }
|
|
return Keypairs.thumbprint({ jwk: jwk }).then(function (thumb) { jwk.kid = thumb; return jwk; });
|
|
};
|
|
|
|
// JWT a.k.a. JWS with Claims using Compact Serialization
|
|
Keypairs.signJwt = function (opts) {
|
|
return Keypairs.thumbprint({ jwk: opts.jwk }).then(function (thumb) {
|
|
var header = opts.header || {};
|
|
var claims = JSON.parse(JSON.stringify(opts.claims || {}));
|
|
header.typ = 'JWT';
|
|
|
|
if (!header.kid) { header.kid = thumb; }
|
|
if (!header.alg && opts.alg) { header.alg = opts.alg; }
|
|
if (!claims.iat && (false === claims.iat || false === opts.iat)) {
|
|
claims.iat = undefined;
|
|
} else if (!claims.iat) {
|
|
claims.iat = Math.round(Date.now()/1000);
|
|
}
|
|
|
|
if (opts.exp) {
|
|
claims.exp = setTime(opts.exp);
|
|
} else if (!claims.exp && (false === claims.exp || false === opts.exp)) {
|
|
claims.exp = undefined;
|
|
} else if (!claims.exp) {
|
|
throw new Error("opts.claims.exp should be the expiration date as seconds, human form (i.e. '1h' or '15m') or false");
|
|
}
|
|
|
|
if (opts.iss) { claims.iss = opts.iss; }
|
|
if (!claims.iss && (false === claims.iss || false === opts.iss)) {
|
|
claims.iss = undefined;
|
|
} else if (!claims.iss) {
|
|
throw new Error("opts.claims.iss should be in the form of https://example.com/, a secure OIDC base url");
|
|
}
|
|
|
|
return Keypairs.signJws({
|
|
jwk: opts.jwk
|
|
, pem: opts.pem
|
|
, protected: header
|
|
, header: undefined
|
|
, payload: claims
|
|
}).then(function (jws) {
|
|
return [ jws.protected, jws.payload, jws.signature ].join('.');
|
|
});
|
|
});
|
|
};
|
|
|
|
Keypairs.signJws = function (opts) {
|
|
return Keypairs.thumbprint(opts).then(function (thumb) {
|
|
|
|
function alg() {
|
|
if (!opts.jwk) {
|
|
throw new Error("opts.jwk must exist and must declare 'typ'");
|
|
}
|
|
if (opts.jwk.alg) { return opts.jwk.alg; }
|
|
var typ = ('RSA' === opts.jwk.kty) ? "RS" : "ES";
|
|
return typ + Keypairs._getBits(opts);
|
|
}
|
|
|
|
function sign() {
|
|
var protect = opts.protected;
|
|
var payload = opts.payload;
|
|
|
|
// Compute JWS signature
|
|
var protectedHeader = "";
|
|
// Because unprotected headers are allowed, regrettably...
|
|
// https://stackoverflow.com/a/46288694
|
|
if (false !== protect) {
|
|
if (!protect) { protect = {}; }
|
|
if (!protect.alg) { protect.alg = alg(); }
|
|
// There's a particular request where ACME / Let's Encrypt explicitly doesn't use a kid
|
|
if (false === protect.kid) { protect.kid = undefined; }
|
|
else if (!protect.kid) { protect.kid = thumb; }
|
|
protectedHeader = JSON.stringify(protect);
|
|
}
|
|
|
|
// Trying to detect if it's a plain object (not Buffer, ArrayBuffer, Array, Uint8Array, etc)
|
|
if (payload && ('string' !== typeof payload)
|
|
&& ('undefined' === typeof payload.byteLength)
|
|
&& ('undefined' === typeof payload.buffer)
|
|
) {
|
|
payload = JSON.stringify(payload);
|
|
}
|
|
// Converting to a buffer, even if it was just converted to a string
|
|
if ('string' === typeof payload) {
|
|
payload = Enc.binToBuf(payload);
|
|
}
|
|
|
|
// node specifies RSA-SHAxxx even when it's actually ecdsa (it's all encoded x509 shasums anyway)
|
|
var protected64 = Enc.strToUrlBase64(protectedHeader);
|
|
var payload64 = Enc.bufToUrlBase64(payload);
|
|
var msg = protected64 + '.' + payload64;
|
|
|
|
return Keypairs._sign(opts, msg).then(function (buf) {
|
|
var signedMsg = {
|
|
protected: protected64
|
|
, payload: payload64
|
|
, signature: Enc.bufToUrlBase64(buf)
|
|
};
|
|
|
|
return signedMsg;
|
|
});
|
|
}
|
|
|
|
if (opts.jwk) {
|
|
return sign();
|
|
} else {
|
|
return Keypairs.import({ pem: opts.pem }).then(function (pair) {
|
|
opts.jwk = pair.private;
|
|
return sign();
|
|
});
|
|
}
|
|
});
|
|
};
|
|
|
|
Keypairs._sign = function (opts, payload) {
|
|
return Keypairs._import(opts).then(function (privkey) {
|
|
if ('string' === typeof payload) {
|
|
payload = (new TextEncoder()).encode(payload);
|
|
}
|
|
return window.crypto.subtle.sign(
|
|
{ name: Keypairs._getName(opts)
|
|
, hash: { name: 'SHA-' + Keypairs._getBits(opts) }
|
|
}
|
|
, privkey
|
|
, payload
|
|
).then(function (signature) {
|
|
signature = new Uint8Array(signature); // ArrayBuffer -> u8
|
|
// This will come back into play for CSRs, but not for JOSE
|
|
if ('EC' === opts.jwk.kty && /x509|asn1/i.test(opts.format)) {
|
|
return Keypairs._ecdsaJoseSigToAsn1Sig(signature);
|
|
} else {
|
|
// jose/jws/jwt
|
|
return signature;
|
|
}
|
|
});
|
|
});
|
|
};
|
|
Keypairs._getBits = function (opts) {
|
|
if (opts.alg) { return opts.alg.replace(/[a-z\-]/ig, ''); }
|
|
// base64 len to byte len
|
|
var len = Math.floor((opts.jwk.n||'').length * 0.75);
|
|
|
|
// TODO this may be a bug
|
|
// need to confirm that the padding is no more or less than 1 byte
|
|
if (/521/.test(opts.jwk.crv) || len >= 511) {
|
|
return '512';
|
|
} else if (/384/.test(opts.jwk.crv) || len >= 383) {
|
|
return '384';
|
|
}
|
|
|
|
return '256';
|
|
};
|
|
Keypairs._getName = function (opts) {
|
|
if (/EC/i.test(opts.jwk.kty)) {
|
|
return 'ECDSA';
|
|
} else {
|
|
return 'RSASSA-PKCS1-v1_5';
|
|
}
|
|
};
|
|
Keypairs._import = function (opts) {
|
|
return Promise.resolve().then(function () {
|
|
var ops;
|
|
// all private keys just happen to have a 'd'
|
|
if (opts.jwk.d) {
|
|
ops = [ 'sign' ];
|
|
} else {
|
|
ops = [ 'verify' ];
|
|
}
|
|
// gotta mark it as extractable, as if it matters
|
|
opts.jwk.ext = true;
|
|
opts.jwk.key_ops = ops;
|
|
|
|
return window.crypto.subtle.importKey(
|
|
"jwk"
|
|
, opts.jwk
|
|
, { name: Keypairs._getName(opts)
|
|
, namedCurve: opts.jwk.crv
|
|
, hash: { name: 'SHA-' + Keypairs._getBits(opts) } }
|
|
, true
|
|
, ops
|
|
).then(function (privkey) {
|
|
delete opts.jwk.ext;
|
|
return privkey;
|
|
});
|
|
});
|
|
};
|
|
// ECDSA JOSE / JWS / JWT signatures differ from "normal" ASN1/X509 ECDSA signatures
|
|
// https://tools.ietf.org/html/rfc7518#section-3.4
|
|
Keypairs._ecdsaJoseSigToAsn1Sig = function (bufsig) {
|
|
// it's easier to do the manipulation in the browser with an array
|
|
bufsig = Array.from(bufsig);
|
|
var hlen = bufsig.length / 2; // should be even
|
|
var r = bufsig.slice(0, hlen);
|
|
var s = bufsig.slice(hlen);
|
|
// unpad positive ints less than 32 bytes wide
|
|
while (!r[0]) { r = r.slice(1); }
|
|
while (!s[0]) { s = s.slice(1); }
|
|
// pad (or re-pad) ambiguously non-negative BigInts, up to 33 bytes wide
|
|
if (0x80 & r[0]) { r.unshift(0); }
|
|
if (0x80 & s[0]) { s.unshift(0); }
|
|
|
|
var len = 2 + r.length + 2 + s.length;
|
|
var head = [0x30];
|
|
// hard code 0x80 + 1 because it won't be longer than
|
|
// two SHA512 plus two pad bytes (130 bytes <= 256)
|
|
if (len >= 0x80) { head.push(0x81); }
|
|
head.push(len);
|
|
|
|
return Uint8Array.from(head.concat([0x02, r.length], r, [0x02, s.length], s));
|
|
};
|
|
|
|
function setTime(time) {
|
|
if ('number' === typeof time) { return time; }
|
|
|
|
var t = time.match(/^(\-?\d+)([dhms])$/i);
|
|
if (!t || !t[0]) {
|
|
throw new Error("'" + time + "' should be datetime in seconds or human-readable format (i.e. 3d, 1h, 15m, 30s");
|
|
}
|
|
|
|
var now = Math.round(Date.now()/1000);
|
|
var num = parseInt(t[1], 10);
|
|
var unit = t[2];
|
|
var mult = 1;
|
|
switch(unit) {
|
|
// fancy fallthrough, what fun!
|
|
case 'd':
|
|
mult *= 24;
|
|
/*falls through*/
|
|
case 'h':
|
|
mult *= 60;
|
|
/*falls through*/
|
|
case 'm':
|
|
mult *= 60;
|
|
/*falls through*/
|
|
case 's':
|
|
mult *= 1;
|
|
}
|
|
|
|
return now + (mult * num);
|
|
}
|
|
|
|
Enc.hexToBuf = function (hex) {
|
|
var arr = [];
|
|
hex.match(/.{2}/g).forEach(function (h) {
|
|
arr.push(parseInt(h, 16));
|
|
});
|
|
return 'undefined' !== typeof Uint8Array ? new Uint8Array(arr) : arr;
|
|
};
|
|
Enc.strToUrlBase64 = function (str) {
|
|
return Enc.bufToUrlBase64(Enc.binToBuf(str));
|
|
};
|
|
Enc.binToBuf = function (bin) {
|
|
var arr = bin.split('').map(function (ch) {
|
|
return ch.charCodeAt(0);
|
|
});
|
|
return 'undefined' !== typeof Uint8Array ? new Uint8Array(arr) : arr;
|
|
};
|
|
|
|
}('undefined' !== typeof module ? module.exports : window));
|
|
// Copyright 2018 AJ ONeal. All rights reserved
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
;(function (exports) {
|
|
'use strict';
|
|
|
|
if (!exports.ASN1) { exports.ASN1 = {}; }
|
|
if (!exports.Enc) { exports.Enc = {}; }
|
|
if (!exports.PEM) { exports.PEM = {}; }
|
|
|
|
var ASN1 = exports.ASN1;
|
|
var Enc = exports.Enc;
|
|
var PEM = exports.PEM;
|
|
|
|
//
|
|
// Parser
|
|
//
|
|
|
|
// Although I've only seen 9 max in https certificates themselves,
|
|
// but each domain list could have up to 100
|
|
ASN1.ELOOPN = 102;
|
|
ASN1.ELOOP = "uASN1.js Error: iterated over " + ASN1.ELOOPN + "+ elements (probably a malformed file)";
|
|
// I've seen https certificates go 29 deep
|
|
ASN1.EDEEPN = 60;
|
|
ASN1.EDEEP = "uASN1.js Error: element nested " + ASN1.EDEEPN + "+ layers deep (probably a malformed file)";
|
|
// Container Types are Sequence 0x30, Container Array? (0xA0, 0xA1)
|
|
// Value Types are Boolean 0x01, Integer 0x02, Null 0x05, Object ID 0x06, String 0x0C, 0x16, 0x13, 0x1e Value Array? (0x82)
|
|
// Bit String (0x03) and Octet String (0x04) may be values or containers
|
|
// Sometimes Bit String is used as a container (RSA Pub Spki)
|
|
ASN1.CTYPES = [ 0x30, 0x31, 0xa0, 0xa1 ];
|
|
ASN1.VTYPES = [ 0x01, 0x02, 0x05, 0x06, 0x0c, 0x82 ];
|
|
ASN1.parse = function parseAsn1Helper(buf) {
|
|
//var ws = ' ';
|
|
function parseAsn1(buf, depth, eager) {
|
|
if (depth.length >= ASN1.EDEEPN) { throw new Error(ASN1.EDEEP); }
|
|
|
|
var index = 2; // we know, at minimum, data starts after type (0) and lengthSize (1)
|
|
var asn1 = { type: buf[0], lengthSize: 0, length: buf[1] };
|
|
var child;
|
|
var iters = 0;
|
|
var adjust = 0;
|
|
var adjustedLen;
|
|
|
|
// Determine how many bytes the length uses, and what it is
|
|
if (0x80 & asn1.length) {
|
|
asn1.lengthSize = 0x7f & asn1.length;
|
|
// I think that buf->hex->int solves the problem of Endianness... not sure
|
|
asn1.length = parseInt(Enc.bufToHex(buf.slice(index, index + asn1.lengthSize)), 16);
|
|
index += asn1.lengthSize;
|
|
}
|
|
|
|
// High-order bit Integers have a leading 0x00 to signify that they are positive.
|
|
// Bit Streams use the first byte to signify padding, which x.509 doesn't use.
|
|
if (0x00 === buf[index] && (0x02 === asn1.type || 0x03 === asn1.type)) {
|
|
// However, 0x00 on its own is a valid number
|
|
if (asn1.length > 1) {
|
|
index += 1;
|
|
adjust = -1;
|
|
}
|
|
}
|
|
adjustedLen = asn1.length + adjust;
|
|
|
|
//console.warn(depth.join(ws) + '0x' + Enc.numToHex(asn1.type), index, 'len:', asn1.length, asn1);
|
|
|
|
function parseChildren(eager) {
|
|
asn1.children = [];
|
|
//console.warn('1 len:', (2 + asn1.lengthSize + asn1.length), 'idx:', index, 'clen:', 0);
|
|
while (iters < ASN1.ELOOPN && index < (2 + asn1.length + asn1.lengthSize)) {
|
|
iters += 1;
|
|
depth.length += 1;
|
|
child = parseAsn1(buf.slice(index, index + adjustedLen), depth, eager);
|
|
depth.length -= 1;
|
|
// The numbers don't match up exactly and I don't remember why...
|
|
// probably something with adjustedLen or some such, but the tests pass
|
|
index += (2 + child.lengthSize + child.length);
|
|
//console.warn('2 len:', (2 + asn1.lengthSize + asn1.length), 'idx:', index, 'clen:', (2 + child.lengthSize + child.length));
|
|
if (index > (2 + asn1.lengthSize + asn1.length)) {
|
|
if (!eager) { console.error(JSON.stringify(asn1, ASN1._replacer, 2)); }
|
|
throw new Error("Parse error: child value length (" + child.length
|
|
+ ") is greater than remaining parent length (" + (asn1.length - index)
|
|
+ " = " + asn1.length + " - " + index + ")");
|
|
}
|
|
asn1.children.push(child);
|
|
//console.warn(depth.join(ws) + '0x' + Enc.numToHex(asn1.type), index, 'len:', asn1.length, asn1);
|
|
}
|
|
if (index !== (2 + asn1.lengthSize + asn1.length)) {
|
|
//console.warn('index:', index, 'length:', (2 + asn1.lengthSize + asn1.length));
|
|
throw new Error("premature end-of-file");
|
|
}
|
|
if (iters >= ASN1.ELOOPN) { throw new Error(ASN1.ELOOP); }
|
|
|
|
delete asn1.value;
|
|
return asn1;
|
|
}
|
|
|
|
// Recurse into types that are _always_ containers
|
|
if (-1 !== ASN1.CTYPES.indexOf(asn1.type)) { return parseChildren(eager); }
|
|
|
|
// Return types that are _always_ values
|
|
asn1.value = buf.slice(index, index + adjustedLen);
|
|
if (-1 !== ASN1.VTYPES.indexOf(asn1.type)) { return asn1; }
|
|
|
|
// For ambigious / unknown types, recurse and return on failure
|
|
// (and return child array size to zero)
|
|
try { return parseChildren(true); }
|
|
catch(e) { asn1.children.length = 0; return asn1; }
|
|
}
|
|
|
|
var asn1 = parseAsn1(buf, []);
|
|
var len = buf.byteLength || buf.length;
|
|
if (len !== 2 + asn1.lengthSize + asn1.length) {
|
|
throw new Error("Length of buffer does not match length of ASN.1 sequence.");
|
|
}
|
|
return asn1;
|
|
};
|
|
ASN1._replacer = function (k, v) {
|
|
if ('type' === k) { return '0x' + Enc.numToHex(v); }
|
|
if (v && 'value' === k) { return '0x' + Enc.bufToHex(v.data || v); }
|
|
return v;
|
|
};
|
|
|
|
// don't replace the full parseBlock, if it exists
|
|
PEM.parseBlock = PEM.parseBlock || function (str) {
|
|
var der = str.split(/\n/).filter(function (line) {
|
|
return !/-----/.test(line);
|
|
}).join('');
|
|
return { bytes: Enc.base64ToBuf(der) };
|
|
};
|
|
|
|
Enc.base64ToBuf = function (b64) {
|
|
return Enc.binToBuf(atob(b64));
|
|
};
|
|
Enc.binToBuf = function (bin) {
|
|
var arr = bin.split('').map(function (ch) {
|
|
return ch.charCodeAt(0);
|
|
});
|
|
return 'undefined' !== typeof Uint8Array ? new Uint8Array(arr) : arr;
|
|
};
|
|
Enc.bufToHex = function (u8) {
|
|
var hex = [];
|
|
var i, h;
|
|
var len = (u8.byteLength || u8.length);
|
|
|
|
for (i = 0; i < len; i += 1) {
|
|
h = u8[i].toString(16);
|
|
if (h.length % 2) { h = '0' + h; }
|
|
hex.push(h);
|
|
}
|
|
|
|
return hex.join('').toLowerCase();
|
|
};
|
|
Enc.numToHex = function (d) {
|
|
d = d.toString(16);
|
|
if (d.length % 2) {
|
|
return '0' + d;
|
|
}
|
|
return d;
|
|
};
|
|
|
|
}('undefined' !== typeof window ? window : module.exports));
|
|
// Copyright 2018-present AJ ONeal. All rights reserved
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
(function (exports) {
|
|
'use strict';
|
|
/*global Promise*/
|
|
|
|
var ASN1 = exports.ASN1;
|
|
var Enc = exports.Enc;
|
|
var PEM = exports.PEM;
|
|
var X509 = exports.x509;
|
|
var Keypairs = exports.Keypairs;
|
|
|
|
// TODO find a way that the prior node-ish way of `module.exports = function () {}` isn't broken
|
|
var CSR = exports.CSR = function (opts) {
|
|
// We're using a Promise here to be compatible with the browser version
|
|
// which will probably use the webcrypto API for some of the conversions
|
|
return CSR._prepare(opts).then(function (opts) {
|
|
return CSR.create(opts).then(function (bytes) {
|
|
return CSR._encode(opts, bytes);
|
|
});
|
|
});
|
|
};
|
|
|
|
CSR._prepare = function (opts) {
|
|
return Promise.resolve().then(function () {
|
|
var Keypairs;
|
|
opts = JSON.parse(JSON.stringify(opts));
|
|
|
|
// We do a bit of extra error checking for user convenience
|
|
if (!opts) { throw new Error("You must pass options with key and domains to rsacsr"); }
|
|
if (!Array.isArray(opts.domains) || 0 === opts.domains.length) {
|
|
new Error("You must pass options.domains as a non-empty array");
|
|
}
|
|
|
|
// I need to check that 例.中国 is a valid domain name
|
|
if (!opts.domains.every(function (d) {
|
|
// allow punycode? xn--
|
|
if ('string' === typeof d /*&& /\./.test(d) && !/--/.test(d)*/) {
|
|
return true;
|
|
}
|
|
})) {
|
|
throw new Error("You must pass options.domains as strings");
|
|
}
|
|
|
|
if (opts.jwk) { return opts; }
|
|
if (opts.key && opts.key.kty) {
|
|
opts.jwk = opts.key;
|
|
return opts;
|
|
}
|
|
if (!opts.pem && !opts.key) {
|
|
throw new Error("You must pass options.key as a JSON web key");
|
|
}
|
|
|
|
Keypairs = exports.Keypairs;
|
|
if (!exports.Keypairs) {
|
|
throw new Error("Keypairs.js is an optional dependency for PEM-to-JWK.\n"
|
|
+ "Install it if you'd like to use it:\n"
|
|
+ "\tnpm install --save rasha\n"
|
|
+ "Otherwise supply a jwk as the private key."
|
|
);
|
|
}
|
|
|
|
return Keypairs.import({ pem: opts.pem || opts.key }).then(function (pair) {
|
|
opts.jwk = pair.private;
|
|
return opts;
|
|
});
|
|
});
|
|
};
|
|
|
|
CSR._encode = function (opts, bytes) {
|
|
if ('der' === (opts.encoding||'').toLowerCase()) {
|
|
return bytes;
|
|
}
|
|
return PEM.packBlock({
|
|
type: "CERTIFICATE REQUEST"
|
|
, bytes: bytes /* { jwk: jwk, domains: opts.domains } */
|
|
});
|
|
};
|
|
|
|
CSR.create = function createCsr(opts) {
|
|
var hex = CSR.request(opts.jwk, opts.domains);
|
|
return CSR._sign(opts.jwk, hex).then(function (csr) {
|
|
return Enc.hexToBuf(csr);
|
|
});
|
|
};
|
|
|
|
//
|
|
// EC / RSA
|
|
//
|
|
CSR.request = function createCsrBodyEc(jwk, domains) {
|
|
var asn1pub;
|
|
if (/^EC/i.test(jwk.kty)) {
|
|
asn1pub = X509.packCsrEcPublicKey(jwk);
|
|
} else {
|
|
asn1pub = X509.packCsrRsaPublicKey(jwk);
|
|
}
|
|
return X509.packCsr(asn1pub, domains);
|
|
};
|
|
|
|
CSR._sign = function csrEcSig(jwk, request) {
|
|
// Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a
|
|
// TODO will have to convert web ECDSA signatures to PEM ECDSA signatures (but RSA should be the same)
|
|
// TODO have a consistent non-private way to sign
|
|
return Keypairs._sign({ jwk: jwk, format: 'x509' }, Enc.hexToBuf(request)).then(function (sig) {
|
|
return CSR._toDer({ request: request, signature: sig, kty: jwk.kty });
|
|
});
|
|
};
|
|
|
|
CSR._toDer = function encode(opts) {
|
|
var sty;
|
|
if (/^EC/i.test(opts.kty)) {
|
|
// 1.2.840.10045.4.3.2 ecdsaWithSHA256 (ANSI X9.62 ECDSA algorithm with SHA256)
|
|
sty = ASN1('30', ASN1('06', '2a8648ce3d040302'));
|
|
} else {
|
|
// 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
|
|
sty = ASN1('30', ASN1('06', '2a864886f70d01010b'), ASN1('05'));
|
|
}
|
|
return ASN1('30'
|
|
// The Full CSR Request Body
|
|
, opts.request
|
|
// The Signature Type
|
|
, sty
|
|
// The Signature
|
|
, ASN1.BitStr(Enc.bufToHex(opts.signature))
|
|
);
|
|
};
|
|
|
|
X509.packCsr = function (asn1pubkey, domains) {
|
|
return ASN1('30'
|
|
// Version (0)
|
|
, ASN1.UInt('00')
|
|
|
|
// 2.5.4.3 commonName (X.520 DN component)
|
|
, ASN1('30', ASN1('31', ASN1('30', ASN1('06', '550403'), ASN1('0c', Enc.utf8ToHex(domains[0])))))
|
|
|
|
// Public Key (RSA or EC)
|
|
, asn1pubkey
|
|
|
|
// Request Body
|
|
, ASN1('a0'
|
|
, ASN1('30'
|
|
// 1.2.840.113549.1.9.14 extensionRequest (PKCS #9 via CRMF)
|
|
, ASN1('06', '2a864886f70d01090e')
|
|
, ASN1('31'
|
|
, ASN1('30'
|
|
, ASN1('30'
|
|
// 2.5.29.17 subjectAltName (X.509 extension)
|
|
, ASN1('06', '551d11')
|
|
, ASN1('04'
|
|
, ASN1('30', domains.map(function (d) {
|
|
return ASN1('82', Enc.utf8ToHex(d));
|
|
}).join(''))))))))
|
|
);
|
|
};
|
|
|
|
// TODO finish this later
|
|
// we want to parse the domains, the public key, and verify the signature
|
|
CSR._info = function (der) {
|
|
// standard base64 PEM
|
|
if ('string' === typeof der && '-' === der[0]) {
|
|
der = PEM.parseBlock(der).bytes;
|
|
}
|
|
// jose urlBase64 not-PEM
|
|
if ('string' === typeof der) {
|
|
der = Enc.base64ToBuf(der);
|
|
}
|
|
// not supporting binary-encoded bas64
|
|
var c = ASN1.parse(der);
|
|
var kty;
|
|
// A cert has 3 parts: cert, signature meta, signature
|
|
if (c.children.length !== 3) {
|
|
throw new Error("doesn't look like a certificate request: expected 3 parts of header");
|
|
}
|
|
var sig = c.children[2];
|
|
if (sig.children.length) {
|
|
// ASN1/X509 EC
|
|
sig = sig.children[0];
|
|
sig = ASN1('30', ASN1.UInt(Enc.bufToHex(sig.children[0].value)), ASN1.UInt(Enc.bufToHex(sig.children[1].value)));
|
|
sig = Enc.hexToBuf(sig);
|
|
kty = 'EC';
|
|
} else {
|
|
// Raw RSA Sig
|
|
sig = sig.value;
|
|
kty = 'RSA';
|
|
}
|
|
//c.children[1]; // signature type
|
|
var req = c.children[0];
|
|
// TODO utf8
|
|
if (4 !== req.children.length) {
|
|
throw new Error("doesn't look like a certificate request: expected 4 parts to request");
|
|
}
|
|
// 0 null
|
|
// 1 commonName / subject
|
|
var sub = Enc.bufToBin(req.children[1].children[0].children[0].children[1].value);
|
|
// 3 public key (type, key)
|
|
//console.log('oid', Enc.bufToHex(req.children[2].children[0].children[0].value));
|
|
var pub;
|
|
// TODO reuse ASN1 parser for these?
|
|
if ('EC' === kty) {
|
|
// throw away compression byte
|
|
pub = req.children[2].children[1].value.slice(1);
|
|
pub = { kty: kty, x: pub.slice(0, 32), y: pub.slice(32) };
|
|
while (0 === pub.x[0]) { pub.x = pub.x.slice(1); }
|
|
while (0 === pub.y[0]) { pub.y = pub.y.slice(1); }
|
|
if ((pub.x.length || pub.x.byteLength) > 48) {
|
|
pub.crv = 'P-521';
|
|
} else if ((pub.x.length || pub.x.byteLength) > 32) {
|
|
pub.crv = 'P-384';
|
|
} else {
|
|
pub.crv = 'P-256';
|
|
}
|
|
pub.x = Enc.bufToUrlBase64(pub.x);
|
|
pub.y = Enc.bufToUrlBase64(pub.y);
|
|
} else {
|
|
pub = req.children[2].children[1].children[0];
|
|
pub = { kty: kty, n: pub.children[0].value, e: pub.children[1].value };
|
|
while (0 === pub.n[0]) { pub.n = pub.n.slice(1); }
|
|
while (0 === pub.e[0]) { pub.e = pub.e.slice(1); }
|
|
pub.n = Enc.bufToUrlBase64(pub.n);
|
|
pub.e = Enc.bufToUrlBase64(pub.e);
|
|
}
|
|
// 4 extensions
|
|
var domains = req.children[3].children.filter(function (seq) {
|
|
// 1.2.840.113549.1.9.14 extensionRequest (PKCS #9 via CRMF)
|
|
if ('2a864886f70d01090e' === Enc.bufToHex(seq.children[0].value)) {
|
|
return true;
|
|
}
|
|
}).map(function (seq) {
|
|
return seq.children[1].children[0].children.filter(function (seq2) {
|
|
// subjectAltName (X.509 extension)
|
|
if ('551d11' === Enc.bufToHex(seq2.children[0].value)) {
|
|
return true;
|
|
}
|
|
}).map(function (seq2) {
|
|
return seq2.children[1].children[0].children.map(function (name) {
|
|
// TODO utf8
|
|
return Enc.bufToBin(name.value);
|
|
});
|
|
})[0];
|
|
})[0];
|
|
|
|
return {
|
|
subject: sub
|
|
, altnames: domains
|
|
, jwk: pub
|
|
, signature: sig
|
|
};
|
|
};
|
|
|
|
X509.packCsrRsaPublicKey = function (jwk) {
|
|
// Sequence the key
|
|
var n = ASN1.UInt(Enc.base64ToHex(jwk.n));
|
|
var e = ASN1.UInt(Enc.base64ToHex(jwk.e));
|
|
var asn1pub = ASN1('30', n, e);
|
|
|
|
// Add the CSR pub key header
|
|
return ASN1('30', ASN1('30', ASN1('06', '2a864886f70d010101'), ASN1('05')), ASN1.BitStr(asn1pub));
|
|
};
|
|
|
|
X509.packCsrEcPublicKey = function (jwk) {
|
|
var ecOid = X509._oids[jwk.crv];
|
|
if (!ecOid) {
|
|
throw new Error("Unsupported namedCurve '" + jwk.crv + "'. Supported types are " + Object.keys(X509._oids));
|
|
}
|
|
var cmp = '04'; // 04 == x+y, 02 == x-only
|
|
var hxy = '';
|
|
// Placeholder. I'm not even sure if compression should be supported.
|
|
if (!jwk.y) { cmp = '02'; }
|
|
hxy += Enc.base64ToHex(jwk.x);
|
|
if (jwk.y) { hxy += Enc.base64ToHex(jwk.y); }
|
|
|
|
// 1.2.840.10045.2.1 ecPublicKey
|
|
return ASN1('30', ASN1('30', ASN1('06', '2a8648ce3d0201'), ASN1('06', ecOid)), ASN1.BitStr(cmp + hxy));
|
|
};
|
|
X509._oids = {
|
|
// 1.2.840.10045.3.1.7 prime256v1
|
|
// (ANSI X9.62 named elliptic curve) (06 08 - 2A 86 48 CE 3D 03 01 07)
|
|
'P-256': '2a8648ce3d030107'
|
|
// 1.3.132.0.34 P-384 (06 05 - 2B 81 04 00 22)
|
|
// (SEC 2 recommended EC domain secp256r1)
|
|
, 'P-384': '2b81040022'
|
|
// requires more logic and isn't a recommended standard
|
|
// 1.3.132.0.35 P-521 (06 05 - 2B 81 04 00 23)
|
|
// (SEC 2 alternate P-521)
|
|
//, 'P-521': '2B 81 04 00 23'
|
|
};
|
|
|
|
// don't replace the full parseBlock, if it exists
|
|
PEM.parseBlock = PEM.parseBlock || function (str) {
|
|
var der = str.split(/\n/).filter(function (line) {
|
|
return !/-----/.test(line);
|
|
}).join('');
|
|
return { bytes: Enc.base64ToBuf(der) };
|
|
};
|
|
|
|
}('undefined' === typeof window ? module.exports : window));
|
|
// Copyright 2018-present AJ ONeal. All rights reserved
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
(function (exports) {
|
|
'use strict';
|
|
/* globals Promise */
|
|
|
|
var ACME = exports.ACME = {};
|
|
//var Keypairs = exports.Keypairs || {};
|
|
//var CSR = exports.CSR;
|
|
var Enc = exports.Enc || {};
|
|
var Crypto = exports.Crypto || {};
|
|
|
|
ACME.formatPemChain = function formatPemChain(str) {
|
|
return str.trim().replace(/[\r\n]+/g, '\n').replace(/\-\n\-/g, '-\n\n-') + '\n';
|
|
};
|
|
ACME.splitPemChain = function splitPemChain(str) {
|
|
return str.trim().split(/[\r\n]{2,}/g).map(function (str) {
|
|
return str + '\n';
|
|
});
|
|
};
|
|
|
|
|
|
// http-01: GET https://example.org/.well-known/acme-challenge/{{token}} => {{keyAuth}}
|
|
// dns-01: TXT _acme-challenge.example.org. => "{{urlSafeBase64(sha256(keyAuth))}}"
|
|
ACME.challengePrefixes = {
|
|
'http-01': '/.well-known/acme-challenge'
|
|
, 'dns-01': '_acme-challenge'
|
|
};
|
|
ACME.challengeTests = {
|
|
'http-01': function (me, auth) {
|
|
return me.http01(auth).then(function (keyAuth) {
|
|
var err;
|
|
|
|
// TODO limit the number of bytes that are allowed to be downloaded
|
|
if (auth.keyAuthorization === (keyAuth||'').trim()) {
|
|
return true;
|
|
}
|
|
|
|
err = new Error(
|
|
"Error: Failed HTTP-01 Pre-Flight / Dry Run.\n"
|
|
+ "curl '" + auth.challengeUrl + "'\n"
|
|
+ "Expected: '" + auth.keyAuthorization + "'\n"
|
|
+ "Got: '" + keyAuth + "'\n"
|
|
+ "See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4"
|
|
);
|
|
err.code = 'E_FAIL_DRY_CHALLENGE';
|
|
return Promise.reject(err);
|
|
});
|
|
}
|
|
, 'dns-01': function (me, auth) {
|
|
// remove leading *. on wildcard domains
|
|
return me.dns01(auth).then(function (ans) {
|
|
var err;
|
|
|
|
if (ans.answer.some(function (txt) {
|
|
return auth.dnsAuthorization === txt.data[0];
|
|
})) {
|
|
return true;
|
|
}
|
|
|
|
err = new Error(
|
|
"Error: Failed DNS-01 Pre-Flight Dry Run.\n"
|
|
+ "dig TXT '" + auth.dnsHost + "' does not return '" + auth.dnsAuthorization + "'\n"
|
|
+ "See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4"
|
|
);
|
|
err.code = 'E_FAIL_DRY_CHALLENGE';
|
|
return Promise.reject(err);
|
|
});
|
|
}
|
|
};
|
|
|
|
ACME._directory = function (me) {
|
|
// GET-as-GET ok
|
|
return ACME._request(me, { method: 'GET', url: me.directoryUrl });
|
|
};
|
|
ACME._getNonce = function (me) {
|
|
// GET-as-GET, HEAD-as-HEAD ok
|
|
var nonce;
|
|
while (true) {
|
|
nonce = me._nonces.shift();
|
|
if (!nonce) { break; }
|
|
if (Date.now() - nonce.createdAt > (15 * 60 * 1000)) {
|
|
nonce = null;
|
|
} else {
|
|
break;
|
|
}
|
|
}
|
|
if (nonce) { return Promise.resolve(nonce.nonce); }
|
|
// GET-as-GET ok
|
|
return ACME._request(me, { method: 'HEAD', url: me._directoryUrls.newNonce }).then(function (resp) {
|
|
return resp.headers['replay-nonce'];
|
|
});
|
|
};
|
|
ACME._setNonce = function (me, nonce) {
|
|
me._nonces.unshift({ nonce: nonce, createdAt: Date.now() });
|
|
};
|
|
// ACME RFC Section 7.3 Account Creation
|
|
/*
|
|
{
|
|
"protected": base64url({
|
|
"alg": "ES256",
|
|
"jwk": {...},
|
|
"nonce": "6S8IqOGY7eL2lsGoTZYifg",
|
|
"url": "https://example.com/acme/new-account"
|
|
}),
|
|
"payload": base64url({
|
|
"termsOfServiceAgreed": true,
|
|
"onlyReturnExisting": false,
|
|
"contact": [
|
|
"mailto:cert-admin@example.com",
|
|
"mailto:admin@example.com"
|
|
]
|
|
}),
|
|
"signature": "RZPOnYoPs1PhjszF...-nh6X1qtOFPB519I"
|
|
}
|
|
*/
|
|
ACME._registerAccount = function (me, options) {
|
|
//#console.debug('[acme-v2] accounts.create');
|
|
|
|
function agree(tosUrl) {
|
|
var err;
|
|
if (me._tos !== tosUrl) {
|
|
err = new Error("You must agree to the ToS at '" + me._tos + "'");
|
|
err.code = "E_AGREE_TOS";
|
|
throw err;
|
|
}
|
|
|
|
return ACME._importKeypair(me, options.accountKey || options.accountKeypair).then(function (pair) {
|
|
var contact;
|
|
if (options.contact) {
|
|
contact = options.contact.slice(0);
|
|
} else if (options.email) {
|
|
contact = [ 'mailto:' + options.email ];
|
|
}
|
|
var body = {
|
|
termsOfServiceAgreed: tosUrl === me._tos
|
|
, onlyReturnExisting: false
|
|
, contact: contact
|
|
};
|
|
var pExt;
|
|
if (options.externalAccount) {
|
|
pExt = me.Keypairs.signJws({
|
|
// TODO is HMAC the standard, or is this arbitrary?
|
|
secret: options.externalAccount.secret
|
|
, protected: {
|
|
alg: options.externalAccount.alg || "HS256"
|
|
, kid: options.externalAccount.id
|
|
, url: me._directoryUrls.newAccount
|
|
}
|
|
, payload: Enc.binToBuf(JSON.stringify(pair.public))
|
|
}).then(function (jws) {
|
|
body.externalAccountBinding = jws;
|
|
return body;
|
|
});
|
|
} else {
|
|
pExt = Promise.resolve(body);
|
|
}
|
|
return pExt.then(function (body) {
|
|
var payload = JSON.stringify(body);
|
|
return ACME._jwsRequest(me, {
|
|
options: options
|
|
, url: me._directoryUrls.newAccount
|
|
, protected: { kid: false, jwk: pair.public }
|
|
, payload: Enc.binToBuf(payload)
|
|
}).then(function (resp) {
|
|
var account = resp.body;
|
|
|
|
if (2 !== Math.floor(resp.statusCode / 100)) {
|
|
throw new Error('account error: ' + JSON.stringify(resp.body));
|
|
}
|
|
|
|
var location = resp.headers.location;
|
|
// the account id url
|
|
options._kid = location;
|
|
//#console.debug('[DEBUG] new account location:');
|
|
//#console.debug(location);
|
|
//#console.debug(resp);
|
|
|
|
/*
|
|
{
|
|
contact: ["mailto:jon@example.com"],
|
|
orders: "https://some-url",
|
|
status: 'valid'
|
|
}
|
|
*/
|
|
if (!account) { account = { _emptyResponse: true }; }
|
|
// https://git.coolaj86.com/coolaj86/acme-v2.js/issues/8
|
|
if (!account.key) { account.key = {}; }
|
|
account.key.kid = options._kid;
|
|
return account;
|
|
});
|
|
});
|
|
});
|
|
}
|
|
|
|
return Promise.resolve().then(function () {
|
|
if (true === options.agreeToTerms) {
|
|
options.agreeToTerms = function (tos) { return tos; };
|
|
}
|
|
return options.agreeToTerms(me._tos);
|
|
}).then(agree);
|
|
};
|
|
/*
|
|
POST /acme/new-order HTTP/1.1
|
|
Host: example.com
|
|
Content-Type: application/jose+json
|
|
|
|
{
|
|
"protected": base64url({
|
|
"alg": "ES256",
|
|
"kid": "https://example.com/acme/acct/1",
|
|
"nonce": "5XJ1L3lEkMG7tR6pA00clA",
|
|
"url": "https://example.com/acme/new-order"
|
|
}),
|
|
"payload": base64url({
|
|
"identifiers": [{"type:"dns","value":"example.com"}],
|
|
"notBefore": "2016-01-01T00:00:00Z",
|
|
"notAfter": "2016-01-08T00:00:00Z"
|
|
}),
|
|
"signature": "H6ZXtGjTZyUnPeKn...wEA4TklBdh3e454g"
|
|
}
|
|
*/
|
|
ACME._getChallenges = function (me, options, authUrl) {
|
|
//#console.debug('\n[DEBUG] getChallenges\n');
|
|
return ACME._jwsRequest(me, {
|
|
options: options
|
|
, protected: { kid: options._kid }
|
|
, payload: ''
|
|
, url: authUrl
|
|
}).then(function (resp) {
|
|
// Pre-emptive rather than lazy for interfaces that need to show the challenges to the user first
|
|
return ACME._computeAuths(me, options, resp.body, false).then(function (auths) {
|
|
resp.body._rawChallenges = resp.body.challenges;
|
|
resp.body.challenges = auths;
|
|
return resp.body;
|
|
});
|
|
});
|
|
};
|
|
ACME._wait = function wait(ms) {
|
|
return new Promise(function (resolve) {
|
|
setTimeout(resolve, (ms || 1100));
|
|
});
|
|
};
|
|
|
|
ACME._testChallengeOptions = function () {
|
|
var chToken = ACME._prnd(16);
|
|
return [
|
|
{
|
|
"type": "http-01",
|
|
"status": "pending",
|
|
"url": "https://acme-staging-v02.example.com/0",
|
|
"token": "test-" + chToken + "-0"
|
|
}
|
|
, {
|
|
"type": "dns-01",
|
|
"status": "pending",
|
|
"url": "https://acme-staging-v02.example.com/1",
|
|
"token": "test-" + chToken + "-1",
|
|
"_wildcard": true
|
|
}
|
|
, {
|
|
"type": "tls-alpn-01",
|
|
"status": "pending",
|
|
"url": "https://acme-staging-v02.example.com/3",
|
|
"token": "test-" + chToken + "-3"
|
|
}
|
|
];
|
|
};
|
|
ACME._testChallenges = function (me, reals) {
|
|
//#console.log('[DEBUG] testChallenges');
|
|
if (me.skipDryRun || me.skipChallengeTest) {
|
|
return Promise.resolve();
|
|
}
|
|
|
|
var nopts = {};
|
|
Object.keys(reals).forEach(function (key) {
|
|
nopts[key] = reals[key];
|
|
});
|
|
nopts.order = {};
|
|
|
|
return Promise.all(nopts.domains.map(function (name) {
|
|
var challenges = ACME._testChallengeOptions();
|
|
var wild = '*.' === name.slice(0, 2);
|
|
if (wild) {
|
|
challenges = challenges.filter(function (ch) { return ch._wildcard; });
|
|
}
|
|
var resp = {
|
|
body: {
|
|
identifier: { type: 'dns' , value: name.replace('*.', '') }
|
|
, challenges: challenges
|
|
, expires: new Date(Date.now() + (60 * 1000)).toISOString()
|
|
, wildcard: name.includes('*.') || undefined
|
|
}
|
|
};
|
|
// The dry-run comes first in the spirit of "fail fast"
|
|
// (and protecting against challenge failure rate limits)
|
|
var dryrun = true;
|
|
return ACME._computeAuths(me, nopts, resp.body, dryrun).then(function (auths) {
|
|
resp.body.challenges = auths;
|
|
});
|
|
})).then(function (claims) {
|
|
nopts.order.claims = claims;
|
|
nopts.setChallengeWait = 0;
|
|
|
|
return ACME._setChallengesAll(me, nopts).then(function (valids) {
|
|
return Promise.all(valids.map(function (auth) {
|
|
ACME._removeChallenge(me, nopts, auth);
|
|
}));
|
|
});
|
|
});
|
|
};
|
|
ACME._chooseType = function(options, auths) {
|
|
// For each of the challenge types that we support
|
|
var auth;
|
|
var challengeTypes = Object.keys(options.challenges || ACME._challengesMap);
|
|
// ordered from most to least preferred
|
|
challengeTypes = (options.challengePriority||[ 'tls-alpn-01', 'http-01', 'dns-01' ]).filter(function (chType) {
|
|
return challengeTypes.includes(chType);
|
|
});
|
|
|
|
challengeTypes.some(function (chType) {
|
|
// And for each of the challenge types that are allowed
|
|
return auths.some(function (ch) {
|
|
// Check to see if there are any matches
|
|
if (ch.type === chType) {
|
|
auth = ch;
|
|
return true;
|
|
}
|
|
});
|
|
});
|
|
|
|
return auth;
|
|
};
|
|
ACME._challengesMap = {'http-01':0,'dns-01':0,'tls-alpn-01':0};
|
|
ACME._computeAuths = function (me, options, request, dryrun) {
|
|
//#console.log('[DEBUG] computeAuths');
|
|
// we don't poison the dns cache with our dummy request
|
|
var dnsPrefix = ACME.challengePrefixes['dns-01'];
|
|
if (dryrun) {
|
|
dnsPrefix = dnsPrefix.replace('acme-challenge', 'greenlock-dryrun-' + ACME._prnd(4));
|
|
}
|
|
var challengeTypes = Object.keys(options.challenges || ACME._challengesMap);
|
|
|
|
return ACME._importKeypair(me, options.accountKey || options.accountKeypair).then(function (pair) {
|
|
return me.Keypairs.thumbprint({ jwk: pair.public }).then(function (thumb) {
|
|
return Promise.all(request.challenges.map(function (challenge) {
|
|
// Don't do extra work for challenges that we can't satisfy
|
|
if (!challengeTypes.includes(challenge.type)) {
|
|
return null;
|
|
}
|
|
|
|
var auth = {};
|
|
|
|
// straight copy from the new order response
|
|
// { identifier, status, expires, challenges, wildcard }
|
|
Object.keys(request).forEach(function (key) {
|
|
auth[key] = request[key];
|
|
});
|
|
|
|
// copy from the challenge we've chosen
|
|
// { type, status, url, token }
|
|
// (note the duplicate status overwrites the one above, but they should be the same)
|
|
Object.keys(challenge).forEach(function (key) {
|
|
// don't confused devs with the id url
|
|
auth[key] = challenge[key];
|
|
});
|
|
|
|
// batteries-included helpers
|
|
auth.hostname = auth.identifier.value;
|
|
// because I'm not 100% clear if the wildcard identifier does or doesn't have the leading *. in all cases
|
|
auth.altname = ACME._untame(auth.identifier.value, auth.wildcard);
|
|
|
|
auth.thumbprint = thumb;
|
|
// keyAuthorization = token || '.' || base64url(JWK_Thumbprint(accountKey))
|
|
auth.keyAuthorization = challenge.token + '.' + auth.thumbprint;
|
|
|
|
if ('http-01' === auth.type) {
|
|
// conflicts with ACME challenge id url is already in use, so we call this challengeUrl instead
|
|
// TODO auth.http01Url ?
|
|
auth.challengeUrl = 'http://' + auth.identifier.value + ACME.challengePrefixes['http-01'] + '/' + auth.token;
|
|
return auth;
|
|
}
|
|
|
|
if ('dns-01' !== auth.type) {
|
|
return auth;
|
|
}
|
|
|
|
return Crypto._sha('sha256', auth.keyAuthorization).then(function (hash) {
|
|
auth.dnsHost = dnsPrefix + '.' + auth.hostname.replace('*.', '');
|
|
auth.dnsAuthorization = hash;
|
|
auth.keyAuthorizationDigest = hash;
|
|
return auth;
|
|
});
|
|
})).then(function (auths) {
|
|
return auths.filter(Boolean);
|
|
});
|
|
});
|
|
});
|
|
};
|
|
|
|
ACME._untame = function (name, wild) {
|
|
if (wild) { name = '*.' + name.replace('*.', ''); }
|
|
return name;
|
|
};
|
|
|
|
// https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-7.5.1
|
|
ACME._postChallenge = function (me, options, auth) {
|
|
var RETRY_INTERVAL = me.retryInterval || 5000;
|
|
var DEAUTH_INTERVAL = me.deauthWait || 10 * 1000;
|
|
var MAX_POLL = me.retryPoll || 8;
|
|
var MAX_PEND = me.retryPending || 4;
|
|
var count = 0;
|
|
|
|
var altname = ACME._untame(auth.identifier.value, auth.wildcard);
|
|
|
|
/*
|
|
POST /acme/authz/1234 HTTP/1.1
|
|
Host: example.com
|
|
Content-Type: application/jose+json
|
|
|
|
{
|
|
"protected": base64url({
|
|
"alg": "ES256",
|
|
"kid": "https://example.com/acme/acct/1",
|
|
"nonce": "xWCM9lGbIyCgue8di6ueWQ",
|
|
"url": "https://example.com/acme/authz/1234"
|
|
}),
|
|
"payload": base64url({
|
|
"status": "deactivated"
|
|
}),
|
|
"signature": "srX9Ji7Le9bjszhu...WTFdtujObzMtZcx4"
|
|
}
|
|
*/
|
|
function deactivate() {
|
|
//#console.debug('[acme-v2.js] deactivate:');
|
|
return ACME._jwsRequest(me, {
|
|
options: options
|
|
, url: auth.url
|
|
, protected: { kid: options._kid }
|
|
, payload: Enc.binToBuf(JSON.stringify({ "status": "deactivated" }))
|
|
}).then(function (/*#resp*/) {
|
|
//#console.debug('deactivate challenge: resp.body:');
|
|
//#console.debug(resp.body);
|
|
return ACME._wait(DEAUTH_INTERVAL);
|
|
});
|
|
}
|
|
|
|
function pollStatus() {
|
|
if (count >= MAX_POLL) {
|
|
var err = new Error(
|
|
"[acme-v2] stuck in bad pending/processing state for '" + altname + "'"
|
|
);
|
|
err.detail = "Too many attempts to validate challenge.";
|
|
return Promise.reject();
|
|
}
|
|
|
|
count += 1;
|
|
|
|
//#console.debug('\n[DEBUG] statusChallenge\n');
|
|
// POST-as-GET
|
|
return ACME._jwsRequest(me, {
|
|
options: options
|
|
, url: auth.url
|
|
, protected: { kid: options._kid }
|
|
, payload: Enc.binToBuf('')
|
|
}).then(checkResult).catch(transformError);
|
|
}
|
|
|
|
function checkResult(resp) {
|
|
if (options.onChallengeStatus) {
|
|
try {
|
|
options.onChallengeStatus({
|
|
altname: altname, type: auth.type, status: resp.body.status, wildcard: auth.wildcard
|
|
});
|
|
} catch(e) {
|
|
console.warn('options.onChallengeStatus Error:');
|
|
console.warn(e);
|
|
}
|
|
}
|
|
|
|
if ('processing' === resp.body.status) {
|
|
//#console.debug('poll: again');
|
|
return ACME._wait(RETRY_INTERVAL).then(pollStatus);
|
|
}
|
|
|
|
// This state should never occur
|
|
if ('pending' === resp.body.status) {
|
|
if (count >= MAX_PEND) {
|
|
return ACME._wait(RETRY_INTERVAL).then(deactivate).then(respondToChallenge);
|
|
}
|
|
//#console.debug('poll: again');
|
|
return ACME._wait(RETRY_INTERVAL).then(pollStatus);
|
|
}
|
|
|
|
if ('valid' === resp.body.status) {
|
|
//#console.debug('poll: valid');
|
|
|
|
try {
|
|
ACME._removeChallenge(me, options, auth);
|
|
} catch(e) {}
|
|
return resp.body;
|
|
}
|
|
|
|
var code = 'E_ACME_UNKNOWN';
|
|
var err = new Error("[acme-v2] " + auth.altname + " (" + code + "): " + JSON.stringify(resp.body, null, 2));
|
|
err.code = code;
|
|
|
|
return Promise.reject(err);
|
|
}
|
|
|
|
function transformError(e) {
|
|
var err = e;
|
|
if (err.urn) {
|
|
err = new Error("[acme-v2] " + auth.altname + " status:" + e.status + " " + e.detail);
|
|
err.auth = auth;
|
|
err.altname = auth.altname;
|
|
err.type = auth.type;
|
|
err.code = ('invalid' === e.status) ? 'E_ACME_CHALLENGE' : 'E_ACME_UNKNOWN';
|
|
}
|
|
|
|
throw err;
|
|
}
|
|
|
|
function respondToChallenge() {
|
|
//#console.debug('[acme-v2.js] responding to accept challenge:');
|
|
// POST-as-POST (empty JSON object)
|
|
return ACME._jwsRequest(me, {
|
|
options: options
|
|
, url: auth.url
|
|
, protected: { kid: options._kid }
|
|
, payload: Enc.binToBuf(JSON.stringify({}))
|
|
}).then(checkResult).catch(transformError);
|
|
}
|
|
|
|
return respondToChallenge();
|
|
};
|
|
|
|
// options = { domains, claims, challenges, challengePriority }
|
|
ACME._setChallengesAll = function (me, options) {
|
|
//#console.log("[DEBUG] setChallengesAll");
|
|
var claims = options.order.claims.slice(0);
|
|
var valids = [];
|
|
var auths = [];
|
|
// TODO: Do we still need this delay? Or shall we leave it to plugins to account for themselves?
|
|
var DELAY = options.setChallengeWait || me.setChallengeWait || 500;
|
|
|
|
// Set any challenges, excpting ones that have already been validated
|
|
function setNext() {
|
|
var claim = claims.shift();
|
|
if (!claim) { return Promise.resolve(); }
|
|
|
|
return Promise.resolve().then(function () {
|
|
// For any challenges that are already valid,
|
|
// add to the list and skip any checks.
|
|
if (claim.challenges.some(function (ch) {
|
|
if ('valid' === ch.status) {
|
|
valids.push(ch);
|
|
return true;
|
|
}
|
|
})) {
|
|
return;
|
|
}
|
|
|
|
// Get the list of challenge types we can validate.
|
|
// Then order that list by preference
|
|
// Select the first matching offered challenge type
|
|
var usable = Object.keys(options.challenges || ACME._challengesMap);
|
|
var selected = (options.challengePriority||[ 'tls-alpn-01', 'http-01', 'dns-01' ]).map(function (chType) {
|
|
if (!usable.includes(chType)) { return; }
|
|
return claim.challenges.filter(function (ch) {
|
|
return ch.type === chType;
|
|
})[0];
|
|
}).filter(Boolean)[0];
|
|
var ch;
|
|
|
|
// Bail with a descriptive message if no usable challenge could be selected
|
|
if (!selected) {
|
|
var enabled = usable.join(', ') || 'none';
|
|
var suitable = claim.challenges.map(function (r) { return r.type; }).join(', ') || 'none';
|
|
throw new Error(
|
|
"None of the challenge types that you've enabled ( " + enabled + " )"
|
|
+ " are suitable for validating the domain you've selected (" + claim.altname + ")."
|
|
+ " You must enable one of ( " + suitable + " )."
|
|
);
|
|
}
|
|
auths.push(selected);
|
|
|
|
// Give the nameservers a moment to propagate
|
|
if ('dns-01' === selected.type) {
|
|
DELAY = 1.5 * 1000;
|
|
}
|
|
|
|
if (false === options.challenges) { return; }
|
|
ch = options.challenges[selected.type] || {};
|
|
if (!ch.set) {
|
|
throw new Error("no handler for setting challenge");
|
|
}
|
|
return ch.set(selected);
|
|
}).then(setNext);
|
|
}
|
|
|
|
function checkNext() {
|
|
var auth = auths.shift();
|
|
if (!auth) { return Promise.resolve(valids); }
|
|
|
|
// These are not as much "valids" as they are "not invalids"
|
|
if (!me._canUse[auth.type] || me.skipChallengeTest) {
|
|
valids.push(auth);
|
|
return checkNext();
|
|
}
|
|
|
|
return ACME.challengeTests[auth.type](me, auth).then(function () {
|
|
valids.push(auth);
|
|
}).then(checkNext);
|
|
}
|
|
|
|
// The reason we set every challenge in a batch first before checking any
|
|
// is so that we don't poison our own DNS cache with misses.
|
|
return setNext().then(function () {
|
|
//#console.debug('\n[DEBUG] waitChallengeDelay %s\n', DELAY);
|
|
return ACME._wait(DELAY);
|
|
}).then(checkNext);
|
|
};
|
|
ACME._finalizeOrder = function (me, options) {
|
|
return ACME._getAccountKid(me, options).then(function () {
|
|
if (!options.challenges && !options.challengePriority) {
|
|
throw new Error("You must set either challenges or challengePrority");
|
|
}
|
|
return ACME._setChallengesAll(me, options).then(function (valids) {
|
|
// options._kid added
|
|
//#console.debug('finalizeOrder:');
|
|
var order = options.order;
|
|
var validatedDomains = options.order.identifiers.map(function (ident) {
|
|
return ident.value;
|
|
});
|
|
|
|
// Actually sets the challenge via ACME
|
|
function challengeNext() {
|
|
var auth = valids.shift();
|
|
if (!auth) { return Promise.resolve(); }
|
|
return ACME._postChallenge(me, options, auth).then(challengeNext);
|
|
}
|
|
return challengeNext().then(function () {
|
|
//#console.debug("[getCertificate] next.then");
|
|
//#console.log('DEBUG order:');
|
|
//#console.log(options.order);
|
|
return options.order.identifiers.map(function (ident) {
|
|
return ident.value;
|
|
});
|
|
}).then(function () {
|
|
return ACME._getCsrWeb64(me, options, validatedDomains).then(function (csr) {
|
|
var body = { csr: csr };
|
|
var payload = JSON.stringify(body);
|
|
|
|
function pollCert() {
|
|
//#console.debug('[acme-v2.js] pollCert:');
|
|
return ACME._jwsRequest(me, {
|
|
options: options
|
|
, url: options.order.finalizeUrl
|
|
, protected: { kid: options._kid }
|
|
, payload: Enc.binToBuf(payload)
|
|
}).then(function (resp) {
|
|
//#console.debug('order finalized: resp.body:');
|
|
//#console.debug(resp.body);
|
|
|
|
// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.1.3
|
|
// Possible values are: "pending" => ("invalid" || "ready") => "processing" => "valid"
|
|
if ('valid' === resp.body.status) {
|
|
options._expires = resp.body.expires;
|
|
options._certificate = resp.body.certificate;
|
|
|
|
return resp.body; // return order
|
|
}
|
|
|
|
if ('processing' === resp.body.status) {
|
|
return ACME._wait().then(pollCert);
|
|
}
|
|
|
|
//#console.debug("Error: bad status:\n" + JSON.stringify(resp.body, null, 2));
|
|
|
|
if ('pending' === resp.body.status) {
|
|
return Promise.reject(new Error(
|
|
"Did not finalize order: status 'pending'."
|
|
+ " Best guess: You have not accepted at least one challenge for each domain:\n"
|
|
+ "Requested: '" + options.domains.join(', ') + "'\n"
|
|
+ "Validated: '" + validatedDomains.join(', ') + "'\n"
|
|
+ JSON.stringify(resp.body, null, 2)
|
|
));
|
|
}
|
|
|
|
if ('invalid' === resp.body.status) {
|
|
return Promise.reject(new Error(
|
|
"Did not finalize order: status 'invalid'."
|
|
+ " Best guess: One or more of the domain challenges could not be verified"
|
|
+ " (or the order was canceled).\n"
|
|
+ "Requested: '" + options.domains.join(', ') + "'\n"
|
|
+ "Validated: '" + validatedDomains.join(', ') + "'\n"
|
|
+ JSON.stringify(resp.body, null, 2)
|
|
));
|
|
}
|
|
|
|
if ('ready' === resp.body.status) {
|
|
return Promise.reject(new Error(
|
|
"Did not finalize order: status 'ready'."
|
|
+ " Hmmm... this state shouldn't be possible here. That was the last state."
|
|
+ " This one should at least be 'processing'.\n"
|
|
+ "Requested: '" + options.domains.join(', ') + "'\n"
|
|
+ "Validated: '" + validatedDomains.join(', ') + "'\n"
|
|
+ JSON.stringify(resp.body, null, 2) + "\n\n"
|
|
+ "Please open an issue at https://git.coolaj86.com/coolaj86/acme-v2.js"
|
|
));
|
|
}
|
|
|
|
return Promise.reject(new Error(
|
|
"Didn't finalize order: Unhandled status '" + resp.body.status + "'."
|
|
+ " This is not one of the known statuses...\n"
|
|
+ "Requested: '" + options.domains.join(', ') + "'\n"
|
|
+ "Validated: '" + validatedDomains.join(', ') + "'\n"
|
|
+ JSON.stringify(resp.body, null, 2) + "\n\n"
|
|
+ "Please open an issue at https://git.coolaj86.com/coolaj86/acme-v2.js"
|
|
));
|
|
});
|
|
}
|
|
|
|
return pollCert();
|
|
}).then(function () {
|
|
//#console.debug('acme-v2: order was finalized');
|
|
// POST-as-GET
|
|
return ACME._jwsRequest(me, {
|
|
options: options
|
|
, url: options._certificate
|
|
, protected: { kid: options._kid }
|
|
, payload: Enc.binToBuf('')
|
|
}).then(function (resp) {
|
|
//#console.debug('acme-v2: csr submitted and cert received:');
|
|
// https://github.com/certbot/certbot/issues/5721
|
|
var certsarr = ACME.splitPemChain(ACME.formatPemChain((resp.body||'')));
|
|
// cert, chain, fullchain, privkey, /*TODO, subject, altnames, issuedAt, expiresAt */
|
|
// TODO CSR.info
|
|
var certs = {
|
|
expires: order.expires
|
|
, identifiers: order.identifiers
|
|
, cert: certsarr.shift()
|
|
, chain: certsarr.join('\n')
|
|
};
|
|
//#console.debug(certs);
|
|
return certs;
|
|
});
|
|
});
|
|
});
|
|
});
|
|
});
|
|
};
|
|
ACME._createOrder = function (me, options) {
|
|
return ACME._getAccountKid(me, options).then(function () {
|
|
// options._kid added
|
|
var body = {
|
|
// raw wildcard syntax MUST be used here
|
|
identifiers: options.domains.sort(function (a, b) {
|
|
// the first in the list will be the subject of the certificate, I believe (and hope)
|
|
if (!options.subject) { return 0; }
|
|
if (options.subject === a) { return -1; }
|
|
if (options.subject === b) { return 1; }
|
|
return 0;
|
|
}).map(function (hostname) {
|
|
return { type: "dns", value: hostname };
|
|
})
|
|
//, "notBefore": "2016-01-01T00:00:00Z"
|
|
//, "notAfter": "2016-01-08T00:00:00Z"
|
|
};
|
|
|
|
var payload = JSON.stringify(body);
|
|
//#console.debug('\n[DEBUG] newOrder\n');
|
|
return ACME._jwsRequest(me, {
|
|
options: options
|
|
, url: me._directoryUrls.newOrder
|
|
, protected: { kid: options._kid }
|
|
, payload: Enc.binToBuf(payload)
|
|
}).then(function (resp) {
|
|
var order = {
|
|
orderUrl: resp.headers.location
|
|
, finalizeUrl: resp.body.finalize
|
|
, authorizations: resp.body.authorizations
|
|
, identifiers: body.identifiers
|
|
, _response: resp.body
|
|
};
|
|
//#console.debug('[ordered]', location); // the account id url
|
|
//#console.debug(resp);
|
|
|
|
if (!order.authorizations) {
|
|
return Promise.reject(new Error(
|
|
"[acme-v2.js] authorizations were not fetched for '" + options.domains.join() + "':\n"
|
|
+ JSON.stringify(resp.body)
|
|
));
|
|
}
|
|
|
|
return order;
|
|
}).then(function (order) {
|
|
var claims = [];
|
|
//#console.debug("[acme-v2] POST newOrder has authorizations");
|
|
var challengeAuths = order.authorizations.slice(0);
|
|
|
|
function getNext() {
|
|
var authUrl = challengeAuths.shift();
|
|
if (!authUrl) { return claims; }
|
|
|
|
return ACME._getChallenges(me, options, authUrl).then(function (claim) {
|
|
// var domain = options.domains[i]; // claim.identifier.value
|
|
claims.push(claim);
|
|
return getNext();
|
|
});
|
|
}
|
|
|
|
return getNext().then(function () {
|
|
order.claims = claims;
|
|
options.order = order;
|
|
return order;
|
|
});
|
|
});
|
|
});
|
|
};
|
|
ACME._getAccountKid = function (me, options) {
|
|
// It's just fine if there's no account, we'll go get the key id we need via the existing key
|
|
options._kid = options._kid || options.accountKid
|
|
|| (options.account && (options.account.kid
|
|
|| (options.account.key && options.account.key.kid)));
|
|
if (options._kid) {
|
|
return Promise.resolve(options._kid);
|
|
}
|
|
|
|
//return Promise.reject(new Error("must include KeyID"));
|
|
// This is an idempotent request. It'll return the same account for the same public key.
|
|
return ACME._registerAccount(me, options).then(function (account) {
|
|
options._kid = account.key.kid;
|
|
// start back from the top
|
|
return options._kid;
|
|
});
|
|
};
|
|
|
|
//
|
|
// Helper Methods
|
|
//
|
|
ACME._getCertificate = function (me, options) {
|
|
//#console.debug('[acme-v2] DEBUG get cert 1');
|
|
|
|
if (options.csr) {
|
|
// TODO validate csr signature
|
|
options._csr = me.CSR._info(options.csr);
|
|
options.domains = options._csr.altnames;
|
|
if (options._csr.subject !== options.domains[0]) {
|
|
return Promise.reject(new Error("certificate subject (commonName) does not match first altname (SAN)"));
|
|
}
|
|
}
|
|
if (!(options.domains && options.domains.length)) {
|
|
return Promise.reject(new Error("options.domains must be a list of string domain names,"
|
|
+ " with the first being the subject of the certificate (or options.subject must specified)."));
|
|
}
|
|
if (!options.challenges) {
|
|
return Promise.reject(new Error("You must specify challenge handlers."));
|
|
}
|
|
|
|
// Do a little dry-run / self-test
|
|
return ACME._testChallenges(me, options).then(function () {
|
|
//#console.debug('[acme-v2] certificates.create');
|
|
return ACME._createOrder(me, options).then(function (/*order*/) {
|
|
// options.order = order;
|
|
return ACME._finalizeOrder(me, options);
|
|
});
|
|
});
|
|
};
|
|
ACME._getCsrWeb64 = function (me, options, validatedDomains) {
|
|
var csr;
|
|
if (options.csr) {
|
|
csr = options.csr;
|
|
// if der, convert to base64
|
|
if ('string' !== typeof csr) { csr = Enc.bufToUrlBase64(csr); }
|
|
// nix PEM headers, if any
|
|
if ('-' === csr[0]) { csr = csr.split(/\n+/).slice(1, -1).join(''); }
|
|
csr = Enc.base64ToUrlBase64(csr.trim().replace(/\s+/g, ''));
|
|
return Promise.resolve(csr);
|
|
}
|
|
|
|
return ACME._importKeypair(me, options.serverKey || options.serverKeypair || options.domainKeypair).then(function (pair) {
|
|
return me.CSR({ jwk: pair.private, domains: validatedDomains, encoding: 'der' }).then(function (der) {
|
|
return Enc.bufToUrlBase64(der);
|
|
});
|
|
});
|
|
};
|
|
|
|
ACME.create = function create(me) {
|
|
if (!me) { me = {}; }
|
|
// me.debug = true;
|
|
me.challengePrefixes = ACME.challengePrefixes;
|
|
me.Keypairs = me.Keypairs || exports.Keypairs || require('keypairs').Keypairs;
|
|
me.CSR = me.CSR || exports.CSR || require('CSR').CSR;
|
|
me._nonces = [];
|
|
me._canUse = {};
|
|
if (!me._baseUrl) {
|
|
me._baseUrl = "";
|
|
}
|
|
//me.Keypairs = me.Keypairs || require('keypairs');
|
|
//me.request = me.request || require('@root/request');
|
|
if (!me.dns01) {
|
|
me.dns01 = function (auth) {
|
|
return ACME._dns01(me, auth);
|
|
};
|
|
}
|
|
// backwards compat
|
|
if (!me.dig) { me.dig = me.dns01; }
|
|
if (!me.http01) {
|
|
me.http01 = function (auth) {
|
|
return ACME._http01(me, auth);
|
|
};
|
|
}
|
|
|
|
if ('function' !== typeof me.request) {
|
|
me.request = ACME._defaultRequest;
|
|
}
|
|
|
|
me.init = function (opts) {
|
|
function fin(dir) {
|
|
me._directoryUrls = dir;
|
|
me._tos = dir.meta.termsOfService;
|
|
return dir;
|
|
}
|
|
if (opts && opts.meta && opts.termsOfService) {
|
|
return Promise.resolve(fin(opts));
|
|
}
|
|
if (!me.directoryUrl) { me.directoryUrl = opts; }
|
|
if ('string' !== typeof me.directoryUrl) {
|
|
throw new Error("you must supply either the ACME directory url as a string or an object of the ACME urls");
|
|
}
|
|
var p = Promise.resolve();
|
|
if (!me.skipChallengeTest) {
|
|
// Not ACME
|
|
p = me.request({ url: me._baseUrl + "/api/_acme_api_/" }).then(function (resp) {
|
|
if (resp.body.success) {
|
|
me._canCheck['http-01'] = true;
|
|
me._canCheck['dns-01'] = true;
|
|
}
|
|
}).catch(function () {
|
|
// ignore
|
|
});
|
|
}
|
|
return p.then(function () {
|
|
return ACME._directory(me).then(function (resp) {
|
|
return fin(resp.body);
|
|
});
|
|
});
|
|
};
|
|
me.accounts = {
|
|
create: function (options) {
|
|
return ACME._registerAccount(me, options);
|
|
}
|
|
};
|
|
me.orders = {
|
|
// create + get challlenges
|
|
request: function (options) {
|
|
return ACME._createOrder(me, options);
|
|
}
|
|
// set challenges, check challenges, finalize order, return order
|
|
, complete: function (options) {
|
|
return ACME._finalizeOrder(me, options);
|
|
}
|
|
};
|
|
me.certificates = {
|
|
create: function (options) {
|
|
return ACME._getCertificate(me, options);
|
|
}
|
|
};
|
|
return me;
|
|
};
|
|
|
|
// Handle nonce, signing, and request altogether
|
|
ACME._jwsRequest = function (me, bigopts) {
|
|
return ACME._getNonce(me).then(function (nonce) {
|
|
bigopts.protected.nonce = nonce;
|
|
bigopts.protected.url = bigopts.url;
|
|
// protected.alg: added by Keypairs.signJws
|
|
if (!bigopts.protected.jwk) {
|
|
// protected.kid must be overwritten due to ACME's interpretation of the spec
|
|
if (!bigopts.protected.kid) { bigopts.protected.kid = bigopts.options._kid; }
|
|
}
|
|
return me.Keypairs.signJws(
|
|
{ jwk: bigopts.accountKey || bigopts.options.accountKeypair.privateKeyJwk
|
|
, protected: bigopts.protected
|
|
, payload: bigopts.payload
|
|
}
|
|
).then(function (jws) {
|
|
//#console.debug('[acme-v2] ' + bigopts.url + ':');
|
|
//#console.debug(jws);
|
|
return ACME._request(me, { url: bigopts.url, json: jws });
|
|
}).catch(function (e) {
|
|
if (/badNonce$/.test(e.urn)) {
|
|
// retry badNonces
|
|
var retryable = (bigopts._retries >= 2);
|
|
if (!retryable) {
|
|
bigopts._retries = (bigopts._retries || 0) + 1;
|
|
return ACME._jwsRequest(me, bigopts);
|
|
}
|
|
}
|
|
throw e;
|
|
});
|
|
});
|
|
};
|
|
// Handle some ACME-specific defaults
|
|
ACME._request = function (me, opts) {
|
|
if (!opts.headers) { opts.headers = {}; }
|
|
if (opts.json && true !== opts.json) {
|
|
opts.headers['Content-Type'] = 'application/jose+json';
|
|
opts.body = JSON.stringify(opts.json);
|
|
if (!opts.method) { opts.method = 'POST'; }
|
|
}
|
|
return me.request(opts).then(function (resp) {
|
|
if (resp.toJSON) { resp = resp.toJSON(); }
|
|
if (resp.headers['replay-nonce']) {
|
|
ACME._setNonce(me, resp.headers['replay-nonce']);
|
|
}
|
|
|
|
var e;
|
|
var err;
|
|
if (resp.body) {
|
|
err = resp.body.error;
|
|
e = new Error("");
|
|
if (400 === resp.body.status) {
|
|
err = { type: resp.body.type, detail: resp.body.detail };
|
|
}
|
|
if (err) {
|
|
e.status = resp.body.status;
|
|
e.code = 'E_ACME';
|
|
if (e.status) {
|
|
e.message = "[" + e.status + "] ";
|
|
}
|
|
e.detail = err.detail;
|
|
e.message += (err.detail || JSON.stringify(err));
|
|
e.urn = err.type;
|
|
e.uri = resp.body.url;
|
|
e._rawError = err;
|
|
e._rawBody = resp.body;
|
|
throw e;
|
|
}
|
|
}
|
|
|
|
return resp;
|
|
});
|
|
};
|
|
// A very generic, swappable request lib
|
|
ACME._defaultRequest = function (opts) {
|
|
// Note: normally we'd have to supply a User-Agent string, but not here in a browser
|
|
if (!opts.headers) { opts.headers = {}; }
|
|
if (opts.json) {
|
|
opts.headers.Accept = 'application/json';
|
|
if (true !== opts.json) { opts.body = JSON.stringify(opts.json); }
|
|
}
|
|
if (!opts.method) {
|
|
opts.method = 'GET';
|
|
if (opts.body) { opts.method = 'POST'; }
|
|
}
|
|
opts.cors = true;
|
|
return window.fetch(opts.url, opts).then(function (resp) {
|
|
var headers = {};
|
|
var result = { statusCode: resp.status, headers: headers, toJSON: function () { return this; } };
|
|
Array.from(resp.headers.entries()).forEach(function (h) { headers[h[0]] = h[1]; });
|
|
if (!headers['content-type']) {
|
|
return result;
|
|
}
|
|
if (/json/.test(headers['content-type'])) {
|
|
return resp.json().then(function (json) {
|
|
result.body = json;
|
|
return result;
|
|
});
|
|
}
|
|
return resp.text().then(function (txt) {
|
|
result.body = txt;
|
|
return result;
|
|
});
|
|
});
|
|
};
|
|
|
|
ACME._importKeypair = function (me, kp) {
|
|
var jwk = kp.privateKeyJwk || kp.kty && kp;
|
|
var p;
|
|
if (jwk) {
|
|
// nix the browser jwk extras
|
|
jwk.key_ops = undefined;
|
|
jwk.ext = undefined;
|
|
p = Promise.resolve({ private: jwk, public: me.Keypairs.neuter({ jwk: jwk }) });
|
|
} else {
|
|
p = me.Keypairs.import({ pem: kp.privateKeyPem });
|
|
}
|
|
return p.then(function (pair) {
|
|
kp.privateKeyJwk = pair.private;
|
|
kp.publicKeyJwk = pair.public;
|
|
if (pair.public.kid) {
|
|
pair = JSON.parse(JSON.stringify(pair));
|
|
delete pair.public.kid;
|
|
delete pair.private.kid;
|
|
}
|
|
return pair;
|
|
});
|
|
};
|
|
|
|
ACME._toWebsafeBase64 = function (b64) {
|
|
return b64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g,"");
|
|
};
|
|
|
|
// In v8 this is crypto random, but we're just using it for pseudorandom
|
|
ACME._prnd = function (n) {
|
|
var rnd = '';
|
|
while (rnd.length / 2 < n) {
|
|
var num = Math.random().toString().substr(2);
|
|
if (num.length % 2) {
|
|
num = '0' + num;
|
|
}
|
|
var pairs = num.match(/(..?)/g);
|
|
rnd += pairs.map(ACME._toHex).join('');
|
|
}
|
|
return rnd.substr(0, n*2);
|
|
};
|
|
ACME._toHex = function (pair) {
|
|
return parseInt(pair, 10).toString(16);
|
|
};
|
|
ACME._dns01 = function (me, auth) {
|
|
// Not ACME
|
|
return new me.request({ url: me._baseUrl + "/api/dns/" + auth.dnsHost + "?type=TXT" }).then(function (resp) {
|
|
var err;
|
|
if (!resp.body || !Array.isArray(resp.body.answer)) {
|
|
err = new Error("failed to get DNS response");
|
|
console.error(err);
|
|
throw err;
|
|
}
|
|
if (!resp.body.answer.length) {
|
|
err = new Error("failed to get DNS answer record in response");
|
|
console.error(err);
|
|
throw err;
|
|
}
|
|
return {
|
|
answer: resp.body.answer.map(function (ans) {
|
|
return { data: ans.data, ttl: ans.ttl };
|
|
})
|
|
};
|
|
});
|
|
};
|
|
ACME._http01 = function (me, auth) {
|
|
var url = encodeURIComponent(auth.challengeUrl);
|
|
// Not ACME
|
|
return new me.request({ url: me._baseUrl + "/api/http?url=" + url }).then(function (resp) {
|
|
return resp.body;
|
|
});
|
|
};
|
|
ACME._removeChallenge = function (me, options, auth) {
|
|
return Promise.resolve().then(function () {
|
|
if (!options.challenges) { return; }
|
|
var ch = options.challenges[auth.type];
|
|
ch.remove(auth).catch(function (e) {
|
|
console.warn("challenge.remove error:");
|
|
console.warn(e);
|
|
});
|
|
});
|
|
};
|
|
|
|
Enc.bufToUrlBase64 = function (u8) {
|
|
return Enc.bufToBase64(u8)
|
|
.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
|
|
};
|
|
Enc.bufToBase64 = function (u8) {
|
|
var bin = '';
|
|
u8.forEach(function (i) {
|
|
bin += String.fromCharCode(i);
|
|
});
|
|
return btoa(bin);
|
|
};
|
|
|
|
Crypto._sha = function (sha, str) {
|
|
var encoder = new TextEncoder();
|
|
var data = encoder.encode(str);
|
|
sha = 'SHA-' + sha.replace(/^sha-?/i, '');
|
|
return window.crypto.subtle.digest(sha, data).then(function (hash) {
|
|
return Enc.bufToUrlBase64(new Uint8Array(hash));
|
|
});
|
|
};
|
|
|
|
}('undefined' === typeof window ? module.exports : window));
|