GRAYBYTE | AutoShopMaker

Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

// Copyright 2017 Joyent, Inc. module.exports = { read: read, verify: verify, sign: sign, signAsync: signAsync, write: write }; var assert = require('assert-plus'); var asn1 = require('asn1'); var Buffer = require('safer-buffer').Buffer; var algs = require('../algs'); var utils = require('../utils'); var Key = require('../key'); var PrivateKey = require('../private-key'); var pem = require('./pem'); var Identity = require('../identity'); var Signature = require('../signature'); var Certificate = require('../certificate'); var pkcs8 = require('./pkcs8'); /* * This file is based on RFC5280 (X.509). */ /* Helper to read in a single mpint */ function readMPInt(der, nm) { assert.strictEqual(der.peek(), asn1.Ber.Integer, nm + ' is not an Integer'); return (utils.mpNormalize(der.readString(asn1.Ber.Integer, true))); } function verify(cert, key) { var sig = cert.signatures.x509; assert.object(sig, 'x509 signature'); var algParts = sig.algo.split('-'); if (algParts[0] !== key.type) return (false); var blob = sig.cache; if (blob === undefined) { var der = new asn1.BerWriter(); writeTBSCert(cert, der); blob = der.buffer; } var verifier = key.createVerify(algParts[1]); verifier.write(blob); return (verifier.verify(sig.signature)); } function Local(i) { return (asn1.Ber.Context | asn1.Ber.Constructor | i); } function Context(i) { return (asn1.Ber.Context | i); } var SIGN_ALGS = { 'rsa-md5': '1.2.840.113549.1.1.4', 'rsa-sha1': '1.2.840.113549.1.1.5', 'rsa-sha256': '1.2.840.113549.1.1.11', 'rsa-sha384': '1.2.840.113549.1.1.12', 'rsa-sha512': '1.2.840.113549.1.1.13', 'dsa-sha1': '1.2.840.10040.4.3', 'dsa-sha256': '2.16.840.1.101.3.4.3.2', 'ecdsa-sha1': '1.2.840.10045.4.1', 'ecdsa-sha256': '1.2.840.10045.4.3.2', 'ecdsa-sha384': '1.2.840.10045.4.3.3', 'ecdsa-sha512': '1.2.840.10045.4.3.4', 'ed25519-sha512': '1.3.101.112' }; Object.keys(SIGN_ALGS).forEach(function (k) { SIGN_ALGS[SIGN_ALGS[k]] = k; }); SIGN_ALGS['1.3.14.3.2.3'] = 'rsa-md5'; SIGN_ALGS['1.3.14.3.2.29'] = 'rsa-sha1'; var EXTS = { 'issuerKeyId': '2.5.29.35', 'altName': '2.5.29.17', 'basicConstraints': '2.5.29.19', 'keyUsage': '2.5.29.15', 'extKeyUsage': '2.5.29.37' }; function read(buf, options) { if (typeof (buf) === 'string') { buf = Buffer.from(buf, 'binary'); } assert.buffer(buf, 'buf'); var der = new asn1.BerReader(buf); der.readSequence(); if (Math.abs(der.length - der.remain) > 1) { throw (new Error('DER sequence does not contain whole byte ' + 'stream')); } var tbsStart = der.offset; der.readSequence(); var sigOffset = der.offset + der.length; var tbsEnd = sigOffset; if (der.peek() === Local(0)) { der.readSequence(Local(0)); var version = der.readInt(); assert.ok(version <= 3, 'only x.509 versions up to v3 supported'); } var cert = {}; cert.signatures = {}; var sig = (cert.signatures.x509 = {}); sig.extras = {}; cert.serial = readMPInt(der, 'serial'); der.readSequence(); var after = der.offset + der.length; var certAlgOid = der.readOID(); var certAlg = SIGN_ALGS[certAlgOid]; if (certAlg === undefined) throw (new Error('unknown signature algorithm ' + certAlgOid)); der._offset = after; cert.issuer = Identity.parseAsn1(der); der.readSequence(); cert.validFrom = readDate(der); cert.validUntil = readDate(der); cert.subjects = [Identity.parseAsn1(der)]; der.readSequence(); after = der.offset + der.length; cert.subjectKey = pkcs8.readPkcs8(undefined, 'public', der); der._offset = after; /* issuerUniqueID */ if (der.peek() === Local(1)) { der.readSequence(Local(1)); sig.extras.issuerUniqueID = buf.slice(der.offset, der.offset + der.length); der._offset += der.length; } /* subjectUniqueID */ if (der.peek() === Local(2)) { der.readSequence(Local(2)); sig.extras.subjectUniqueID = buf.slice(der.offset, der.offset + der.length); der._offset += der.length; } /* extensions */ if (der.peek() === Local(3)) { der.readSequence(Local(3)); var extEnd = der.offset + der.length; der.readSequence(); while (der.offset < extEnd) readExtension(cert, buf, der); assert.strictEqual(der.offset, extEnd); } assert.strictEqual(der.offset, sigOffset); der.readSequence(); after = der.offset + der.length; var sigAlgOid = der.readOID(); var sigAlg = SIGN_ALGS[sigAlgOid]; if (sigAlg === undefined) throw (new Error('unknown signature algorithm ' + sigAlgOid)); der._offset = after; var sigData = der.readString(asn1.Ber.BitString, true); if (sigData[0] === 0) sigData = sigData.slice(1); var algParts = sigAlg.split('-'); sig.signature = Signature.parse(sigData, algParts[0], 'asn1'); sig.signature.hashAlgorithm = algParts[1]; sig.algo = sigAlg; sig.cache = buf.slice(tbsStart, tbsEnd); return (new Certificate(cert)); } function readDate(der) { if (der.peek() === asn1.Ber.UTCTime) { return (utcTimeToDate(der.readString(asn1.Ber.UTCTime))); } else if (der.peek() === asn1.Ber.GeneralizedTime) { return (gTimeToDate(der.readString(asn1.Ber.GeneralizedTime))); } else { throw (new Error('Unsupported date format')); } } /* RFC5280, section 4.2.1.6 (GeneralName type) */ var ALTNAME = { OtherName: Local(0), RFC822Name: Context(1), DNSName: Context(2), X400Address: Local(3), DirectoryName: Local(4), EDIPartyName: Local(5), URI: Context(6), IPAddress: Context(7), OID: Context(8) }; /* RFC5280, section 4.2.1.12 (KeyPurposeId) */ var EXTPURPOSE = { 'serverAuth': '1.3.6.1.5.5.7.3.1', 'clientAuth': '1.3.6.1.5.5.7.3.2', 'codeSigning': '1.3.6.1.5.5.7.3.3', /* See https://github.com/joyent/oid-docs/blob/master/root.md */ 'joyentDocker': '1.3.6.1.4.1.38678.1.4.1', 'joyentCmon': '1.3.6.1.4.1.38678.1.4.2' }; var EXTPURPOSE_REV = {}; Object.keys(EXTPURPOSE).forEach(function (k) { EXTPURPOSE_REV[EXTPURPOSE[k]] = k; }); var KEYUSEBITS = [ 'signature', 'identity', 'keyEncryption', 'encryption', 'keyAgreement', 'ca', 'crl' ]; function readExtension(cert, buf, der) { der.readSequence(); var after = der.offset + der.length; var extId = der.readOID(); var id; var sig = cert.signatures.x509; sig.extras.exts = []; var critical; if (der.peek() === asn1.Ber.Boolean) critical = der.readBoolean(); switch (extId) { case (EXTS.basicConstraints): der.readSequence(asn1.Ber.OctetString); der.readSequence(); var bcEnd = der.offset + der.length; var ca = false; if (der.peek() === asn1.Ber.Boolean) ca = der.readBoolean(); if (cert.purposes === undefined) cert.purposes = []; if (ca === true) cert.purposes.push('ca'); var bc = { oid: extId, critical: critical }; if (der.offset < bcEnd && der.peek() === asn1.Ber.Integer) bc.pathLen = der.readInt(); sig.extras.exts.push(bc); break; case (EXTS.extKeyUsage): der.readSequence(asn1.Ber.OctetString); der.readSequence(); if (cert.purposes === undefined) cert.purposes = []; var ekEnd = der.offset + der.length; while (der.offset < ekEnd) { var oid = der.readOID(); cert.purposes.push(EXTPURPOSE_REV[oid] || oid); } /* * This is a bit of a hack: in the case where we have a cert * that's only allowed to do serverAuth or clientAuth (and not * the other), we want to make sure all our Subjects are of * the right type. But we already parsed our Subjects and * decided if they were hosts or users earlier (since it appears * first in the cert). * * So we go through and mutate them into the right kind here if * it doesn't match. This might not be hugely beneficial, as it * seems that single-purpose certs are not often seen in the * wild. */ if (cert.purposes.indexOf('serverAuth') !== -1 && cert.purposes.indexOf('clientAuth') === -1) { cert.subjects.forEach(function (ide) { if (ide.type !== 'host') { ide.type = 'host'; ide.hostname = ide.uid || ide.email || ide.components[0].value; } }); } else if (cert.purposes.indexOf('clientAuth') !== -1 && cert.purposes.indexOf('serverAuth') === -1) { cert.subjects.forEach(function (ide) { if (ide.type !== 'user') { ide.type = 'user'; ide.uid = ide.hostname || ide.email || ide.components[0].value; } }); } sig.extras.exts.push({ oid: extId, critical: critical }); break; case (EXTS.keyUsage): der.readSequence(asn1.Ber.OctetString); var bits = der.readString(asn1.Ber.BitString, true); var setBits = readBitField(bits, KEYUSEBITS); setBits.forEach(function (bit) { if (cert.purposes === undefined) cert.purposes = []; if (cert.purposes.indexOf(bit) === -1) cert.purposes.push(bit); }); sig.extras.exts.push({ oid: extId, critical: critical, bits: bits }); break; case (EXTS.altName): der.readSequence(asn1.Ber.OctetString); der.readSequence(); var aeEnd = der.offset + der.length; while (der.offset < aeEnd) { switch (der.peek()) { case ALTNAME.OtherName: case ALTNAME.EDIPartyName: der.readSequence(); der._offset += der.length; break; case ALTNAME.OID: der.readOID(ALTNAME.OID); break; case ALTNAME.RFC822Name: /* RFC822 specifies email addresses */ var email = der.readString(ALTNAME.RFC822Name); id = Identity.forEmail(email); if (!cert.subjects[0].equals(id)) cert.subjects.push(id); break; case ALTNAME.DirectoryName: der.readSequence(ALTNAME.DirectoryName); id = Identity.parseAsn1(der); if (!cert.subjects[0].equals(id)) cert.subjects.push(id); break; case ALTNAME.DNSName: var host = der.readString( ALTNAME.DNSName); id = Identity.forHost(host); if (!cert.subjects[0].equals(id)) cert.subjects.push(id); break; default: der.readString(der.peek()); break; } } sig.extras.exts.push({ oid: extId, critical: critical }); break; default: sig.extras.exts.push({ oid: extId, critical: critical, data: der.readString(asn1.Ber.OctetString, true) }); break; } der._offset = after; } var UTCTIME_RE = /^([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})?Z$/; function utcTimeToDate(t) { var m = t.match(UTCTIME_RE); assert.ok(m, 'timestamps must be in UTC'); var d = new Date(); var thisYear = d.getUTCFullYear(); var century = Math.floor(thisYear / 100) * 100; var year = parseInt(m[1], 10); if (thisYear % 100 < 50 && year >= 60) year += (century - 1); else year += century; d.setUTCFullYear(year, parseInt(m[2], 10) - 1, parseInt(m[3], 10)); d.setUTCHours(parseInt(m[4], 10), parseInt(m[5], 10)); if (m[6] && m[6].length > 0) d.setUTCSeconds(parseInt(m[6], 10)); return (d); } var GTIME_RE = /^([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})?Z$/; function gTimeToDate(t) { var m = t.match(GTIME_RE); assert.ok(m); var d = new Date(); d.setUTCFullYear(parseInt(m[1], 10), parseInt(m[2], 10) - 1, parseInt(m[3], 10)); d.setUTCHours(parseInt(m[4], 10), parseInt(m[5], 10)); if (m[6] && m[6].length > 0) d.setUTCSeconds(parseInt(m[6], 10)); return (d); } function zeroPad(n) { var s = '' + n; while (s.length < 2) s = '0' + s; return (s); } function dateToUTCTime(d) { var s = ''; s += zeroPad(d.getUTCFullYear() % 100); s += zeroPad(d.getUTCMonth() + 1); s += zeroPad(d.getUTCDate()); s += zeroPad(d.getUTCHours()); s += zeroPad(d.getUTCMinutes()); s += zeroPad(d.getUTCSeconds()); s += 'Z'; return (s); } function sign(cert, key) { if (cert.signatures.x509 === undefined) cert.signatures.x509 = {}; var sig = cert.signatures.x509; sig.algo = key.type + '-' + key.defaultHashAlgorithm(); if (SIGN_ALGS[sig.algo] === undefined) return (false); var der = new asn1.BerWriter(); writeTBSCert(cert, der); var blob = der.buffer; sig.cache = blob; var signer = key.createSign(); signer.write(blob); cert.signatures.x509.signature = signer.sign(); return (true); } function signAsync(cert, signer, done) { if (cert.signatures.x509 === undefined) cert.signatures.x509 = {}; var sig = cert.signatures.x509; var der = new asn1.BerWriter(); writeTBSCert(cert, der); var blob = der.buffer; sig.cache = blob; signer(blob, function (err, signature) { if (err) { done(err); return; } sig.algo = signature.type + '-' + signature.hashAlgorithm; if (SIGN_ALGS[sig.algo] === undefined) { done(new Error('Invalid signing algorithm "' + sig.algo + '"')); return; } sig.signature = signature; done(); }); } function write(cert, options) { var sig = cert.signatures.x509; assert.object(sig, 'x509 signature'); var der = new asn1.BerWriter(); der.startSequence(); if (sig.cache) { der._ensure(sig.cache.length); sig.cache.copy(der._buf, der._offset); der._offset += sig.cache.length; } else { writeTBSCert(cert, der); } der.startSequence(); der.writeOID(SIGN_ALGS[sig.algo]); if (sig.algo.match(/^rsa-/)) der.writeNull(); der.endSequence(); var sigData = sig.signature.toBuffer('asn1'); var data = Buffer.alloc(sigData.length + 1); data[0] = 0; sigData.copy(data, 1); der.writeBuffer(data, asn1.Ber.BitString); der.endSequence(); return (der.buffer); } function writeTBSCert(cert, der) { var sig = cert.signatures.x509; assert.object(sig, 'x509 signature'); der.startSequence(); der.startSequence(Local(0)); der.writeInt(2); der.endSequence(); der.writeBuffer(utils.mpNormalize(cert.serial), asn1.Ber.Integer); der.startSequence(); der.writeOID(SIGN_ALGS[sig.algo]); if (sig.algo.match(/^rsa-/)) der.writeNull(); der.endSequence(); cert.issuer.toAsn1(der); der.startSequence(); der.writeString(dateToUTCTime(cert.validFrom), asn1.Ber.UTCTime); der.writeString(dateToUTCTime(cert.validUntil), asn1.Ber.UTCTime); der.endSequence(); var subject = cert.subjects[0]; var altNames = cert.subjects.slice(1); subject.toAsn1(der); pkcs8.writePkcs8(der, cert.subjectKey); if (sig.extras && sig.extras.issuerUniqueID) { der.writeBuffer(sig.extras.issuerUniqueID, Local(1)); } if (sig.extras && sig.extras.subjectUniqueID) { der.writeBuffer(sig.extras.subjectUniqueID, Local(2)); } if (altNames.length > 0 || subject.type === 'host' || (cert.purposes !== undefined && cert.purposes.length > 0) || (sig.extras && sig.extras.exts)) { der.startSequence(Local(3)); der.startSequence(); var exts = []; if (cert.purposes !== undefined && cert.purposes.length > 0) { exts.push({ oid: EXTS.basicConstraints, critical: true }); exts.push({ oid: EXTS.keyUsage, critical: true }); exts.push({ oid: EXTS.extKeyUsage, critical: true }); } exts.push({ oid: EXTS.altName }); if (sig.extras && sig.extras.exts) exts = sig.extras.exts; for (var i = 0; i < exts.length; ++i) { der.startSequence(); der.writeOID(exts[i].oid); if (exts[i].critical !== undefined) der.writeBoolean(exts[i].critical); if (exts[i].oid === EXTS.altName) { der.startSequence(asn1.Ber.OctetString); der.startSequence(); if (subject.type === 'host') { der.writeString(subject.hostname, Context(2)); } for (var j = 0; j < altNames.length; ++j) { if (altNames[j].type === 'host') { der.writeString( altNames[j].hostname, ALTNAME.DNSName); } else if (altNames[j].type === 'email') { der.writeString( altNames[j].email, ALTNAME.RFC822Name); } else { /* * Encode anything else as a * DN style name for now. */ der.startSequence( ALTNAME.DirectoryName); altNames[j].toAsn1(der); der.endSequence(); } } der.endSequence(); der.endSequence(); } else if (exts[i].oid === EXTS.basicConstraints) { der.startSequence(asn1.Ber.OctetString); der.startSequence(); var ca = (cert.purposes.indexOf('ca') !== -1); var pathLen = exts[i].pathLen; der.writeBoolean(ca); if (pathLen !== undefined) der.writeInt(pathLen); der.endSequence(); der.endSequence(); } else if (exts[i].oid === EXTS.extKeyUsage) { der.startSequence(asn1.Ber.OctetString); der.startSequence(); cert.purposes.forEach(function (purpose) { if (purpose === 'ca') return; if (KEYUSEBITS.indexOf(purpose) !== -1) return; var oid = purpose; if (EXTPURPOSE[purpose] !== undefined) oid = EXTPURPOSE[purpose]; der.writeOID(oid); }); der.endSequence(); der.endSequence(); } else if (exts[i].oid === EXTS.keyUsage) { der.startSequence(asn1.Ber.OctetString); /* * If we parsed this certificate from a byte * stream (i.e. we didn't generate it in sshpk) * then we'll have a ".bits" property on the * ext with the original raw byte contents. * * If we have this, use it here instead of * regenerating it. This guarantees we output * the same data we parsed, so signatures still * validate. */ if (exts[i].bits !== undefined) { der.writeBuffer(exts[i].bits, asn1.Ber.BitString); } else { var bits = writeBitField(cert.purposes, KEYUSEBITS); der.writeBuffer(bits, asn1.Ber.BitString); } der.endSequence(); } else { der.writeBuffer(exts[i].data, asn1.Ber.OctetString); } der.endSequence(); } der.endSequence(); der.endSequence(); } der.endSequence(); } /* * Reads an ASN.1 BER bitfield out of the Buffer produced by doing * `BerReader#readString(asn1.Ber.BitString)`. That function gives us the raw * contents of the BitString tag, which is a count of unused bits followed by * the bits as a right-padded byte string. * * `bits` is the Buffer, `bitIndex` should contain an array of string names * for the bits in the string, ordered starting with bit #0 in the ASN.1 spec. * * Returns an array of Strings, the names of the bits that were set to 1. */ function readBitField(bits, bitIndex) { var bitLen = 8 * (bits.length - 1) - bits[0]; var setBits = {}; for (var i = 0; i < bitLen; ++i) { var byteN = 1 + Math.floor(i / 8); var bit = 7 - (i % 8); var mask = 1 << bit; var bitVal = ((bits[byteN] & mask) !== 0); var name = bitIndex[i]; if (bitVal && typeof (name) === 'string') { setBits[name] = true; } } return (Object.keys(setBits)); } /* * `setBits` is an array of strings, containing the names for each bit that * sould be set to 1. `bitIndex` is same as in `readBitField()`. * * Returns a Buffer, ready to be written out with `BerWriter#writeString()`. */ function writeBitField(setBits, bitIndex) { var bitLen = bitIndex.length; var blen = Math.ceil(bitLen / 8); var unused = blen * 8 - bitLen; var bits = Buffer.alloc(1 + blen); // zero-filled bits[0] = unused; for (var i = 0; i < bitLen; ++i) { var byteN = 1 + Math.floor(i / 8); var bit = 7 - (i % 8); var mask = 1 << bit; var name = bitIndex[i]; if (name === undefined) continue; var bitVal = (setBits.indexOf(name) !== -1); if (bitVal) { bits[byteN] |= mask; } } return (bits); }