coolaj86/ecdsa-csr.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolaj86:v1.1.0
Branches Tags
coolaj86:master
coolaj86:uasn1
coolaj86:v1.1.1
coolaj86:v1.1.0
coolaj86:v1.0.2
coolaj86:v1.0.1
coolaj86:v1.0.0
..
compare: coolaj86:master
Branches Tags
coolaj86:master
coolaj86:uasn1
coolaj86:v1.1.1
coolaj86:v1.1.0
coolaj86:v1.0.2
coolaj86:v1.0.1
coolaj86:v1.0.0

4 Commits
v1.1.0 ... master

Author SHA1 Message Date
AJ ONeal
6f6d874287 rename keyfile name 2018-11-18 22:52:23 -07:00
AJ ONeal
36ec6a9ef8 add common keys in common formats 2018-11-18 21:02:39 -07:00
AJ ONeal
e3cc95ab59 v1.1.1: code layout and organization 2018-11-18 17:45:50 -07:00
AJ ONeal
3657d674ab ASN.1 cleanup (comments) 2018-11-18 16:35:53 -07:00
8 changed files with 359 additions and 340 deletions
Show Stats Expand all files Collapse all files

5
fixtures/privkey-ec-p256.pkcs8.pem Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiYydo27aNGO9DBUW
eGEPD8oNi1LZDqfxPmQlieLBjVShRANCAAQhPVJYvGxpw+ITlnXqOSikCfz/7zms
yODIKiSueMN+3pj9icDgDnTJl7sKcWyp4Nymc9u5s/pyliJVyd680hjK
-----END EC PRIVATE KEY-----

5
fixtures/privkey-ec-p256.sec1.pem Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIImMnaNu2jRjvQwVFnhhDw/KDYtS2Q6n8T5kJYniwY1UoAoGCCqGSM49
AwEHoUQDQgAEIT1SWLxsacPiE5Z16jkopAn8/+85rMjgyCokrnjDft6Y/YnA4A50
yZe7CnFsqeDcpnPbubP6cpYiVcnevNIYyg==
-----END EC PRIVATE KEY-----

6
fixtures/privkey-ec-p384.pkcs8.pem Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN EC PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBeXK4IRZJNNLxTv078
zPTnPXy+HiRvXSzO+7/ul1e4ZZXqV8TI8THJRhawDoDaR1WhZANiAATbMRTRsoJr
t6Mosgnyg8acuGqHHKK/j/DfwrZrRI8Lp2xJ33+CU0nyVyq/Sx9/kZtUPiOe7zdL
qxyfr9N4CPcRk5EQZs6zp3OhWlq6Cf5dAwzIL07hUtsMMUYFlMmUyxs=
-----END EC PRIVATE KEY-----

6
fixtures/privkey-ec-p384.sec1.pem Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDBeXK4IRZJNNLxTv078zPTnPXy+HiRvXSzO+7/ul1e4ZZXqV8TI8THJ
RhawDoDaR1WgBwYFK4EEACKhZANiAATbMRTRsoJrt6Mosgnyg8acuGqHHKK/j/Df
wrZrRI8Lp2xJ33+CU0nyVyq/Sx9/kZtUPiOe7zdLqxyfr9N4CPcRk5EQZs6zp3Oh
Wlq6Cf5dAwzIL07hUtsMMUYFlMmUyxs=
-----END EC PRIVATE KEY-----

4
fixtures/pub-ec-p256.spki.pem Normal file
View File

@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIT1SWLxsacPiE5Z16jkopAn8/+85
rMjgyCokrnjDft6Y/YnA4A50yZe7CnFsqeDcpnPbubP6cpYiVcnevNIYyg==
-----END PUBLIC KEY-----

5
fixtures/pub-ec-p384.spki.pem Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE2zEU0bKCa7ejKLIJ8oPGnLhqhxyiv4/w
38K2a0SPC6dsSd9/glNJ8lcqv0sff5GbVD4jnu83S6scn6/TeAj3EZOREGbOs6dz
oVpaugn+XQMMyC9O4VLbDDFGBZTJlMsb
-----END PUBLIC KEY-----

666
lib/ecdsacsr.js
View File

@ -6,242 +6,26 @@ var crypto = require('crypto');
// prime256v1 (ANSI X9.62 named elliptic curve) // prime256v1 (ANSI X9.62 named elliptic curve)
var OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase(); var OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase();
function ASN1() { var ECDSACSR = {};
var args = Array.prototype.slice.call(arguments); var ECDSA = {};
var typ = args.shift(); var DER = {};
var str = args.join('').replace(/\s+/g, ''); var PEM = {};
var len = (str.length/2); var ASN1;
var len2 = len; var Hex = {};
var lenlen = 0; var AB = {};
var hex = typ;
var hlen = ''; //
// high-order bit means multiple bytes // CSR - the main event
if (len2 !== Math.round(len2)) { //
throw new Error("invalid hex");
} ECDSACSR.create = function createEcCsr(keypem, domains) {
if (len2 > 127) { var pemblock = PEM.parseBlock(keypem);
lenlen += 1; var ecpub = PEM.parseEcPubkey(pemblock.der);
while (len2 > 255) { var request = ECDSACSR.request(ecpub, domains);
lenlen += 1; return AB.fromHex(ECDSACSR.sign(keypem, request));
len2 = len2 >> 8;
//console.warn("LEN2", len2);
}
}
if (lenlen) {
hlen = numToHex(0x80 + lenlen);
}
/*
console.warn(
'typ:', typ
, 'lenlen:', hlen
, 'len:', len, numToHex(len)
);
console.warn('str:', str);
*/
return hex + hlen + numToHex(len) + str;
}
ASN1.UInt = function UINT() {
var str = Array.prototype.slice.call(arguments).join('');
var first = parseInt(str.slice(0, 2), 16);
// high-order bit means signed, negative
// we want positive, so we pad with a leading '00'
if (0x80 & first) { str = '00' + str; }
return ASN1('02', str);
}; };
ASN1.BitStr = function BITSTR() { ECDSACSR.request = function createCsrBodyEc(xy, domains) {
var str = Array.prototype.slice.call(arguments).join('');
// '00' is a mask of how many bits of the next byte to ignore
return ASN1('03', '00' + str);
};
function fromBase64(b64) {
var buf;
var ab;
if ('undefined' === typeof atob) {
buf = Buffer.from(b64, 'base64');
return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
}
buf = atob(b64);
ab = new ArrayBuffer(buf.length);
ab = new Uint8Array(ab);
buf.split('').forEach(function (ch, i) {
ab[i] = ch.charCodeAt(0);
});
return ab.buffer;
}
function parsePem(pem) {
var typ;
var pub;
var crv;
var der = fromBase64(pem.split(/\n/).filter(function (line, i) {
if (0 === i) {
if (/ PUBLIC /.test(line)) {
pub = true;
} else if (/ PRIVATE /.test(line)) {
pub = false;
}
if (/ EC/.test(line)) {
typ = 'EC';
}
}
return !/---/.test(line);
}).join(''));
if (!typ || 'EC' === typ) {
var hex = toHex(der).toLowerCase();
if (-1 !== hex.indexOf(OBJ_ID_EC)) {
typ = 'EC';
crv = 'P-256';
} else {
// TODO more than just P-256
console.warn("unsupported ec curve");
}
}
return { typ: typ, pub: pub, der: der, crv: crv };
}
function toHex(ab) {
var hex = [];
var u8 = new Uint8Array(ab);
var size = u8.byteLength;
var i;
var h;
for (i = 0; i < size; i += 1) {
h = u8[i].toString(16);
if (2 === h.length) {
hex.push(h);
} else {
hex.push('0' + h);
}
}
return hex.join('');
}
function fromHex(hex) {
if ('undefined' !== typeof Buffer) {
return Buffer.from(hex, 'hex');
}
var ab = new ArrayBuffer(hex.length/2);
var i;
var j;
ab = new Uint8Array(ab);
for (i = 0, j = 0; i < (hex.length/2); i += 1) {
ab[i] = parseInt(hex.slice(j, j+1), 16);
j += 2;
}
return ab.buffer;
}
function readEcPubkey(der) {
// the key is the last 520 bits of both the private key and the public key
// he 3 bits prior identify the key as
var x, y;
var compressed;
var keylen = 32;
var offset = 64;
var headerSize = 4;
var header = toHex(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset));
if ('03420004' !== header) {
offset = 32;
header = toHex(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset));
if ('03420002' !== header) {
throw new Error("not a valid EC P-256 key (expected 0x0342004 or 0x0342002 as pub key preamble, but found " + header + ")");
}
}
// The one good thing that came from the b***kchain hysteria: good EC documentation
// https://davidederosa.com/basic-blockchain-programming/elliptic-curve-keys/
compressed = ('2' === header[header.byteLength -1]);
x = der.slice(der.byteLength - offset, (der.byteLength - offset) + keylen);
if (!compressed) {
y = der.slice(der.byteLength - keylen, der.byteLength);
}
return {
x: x
, y: y || null
};
}
function formatAsPem(str) {
var finalString = '';
while (str.length > 0) {
finalString += str.substring(0, 64) + '\n';
str = str.substring(64);
}
return finalString;
}
function toBase64(der) {
if ('undefined' === typeof btoa) {
return Buffer.from(der).toString('base64');
}
var chs = [];
der.forEach(function (b) {
chs.push(String.fromCharCode(b));
});
return btoa(chs.join(''));
}
function csrEcSig(r, s) {
return [
ASN1('30'
// 1.2.840.10045.4.3.2 ecdsaWithSHA256
// (ANSI X9.62 ECDSA algorithm with SHA256)
, ASN1('06', '2A 86 48 CE 3D 04 03 02')
)
, ASN1.BitStr(
ASN1('30'
, ASN1.UInt(toHex(r))
, ASN1.UInt(toHex(s))
)
)
].join('');
}
function strToHex(str) {
var escstr = encodeURIComponent(str);
// replaces any uri escape sequence, such as %0A,
// with binary escape, such as 0x0A
var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) {
return String.fromCharCode('0x' + p1);
});
return binstr.split('').map(function (b) {
var h = b.charCodeAt(0).toString(16);
if (2 === h.length) { return h; }
return '0' + h;
}).join('');
}
function numToHex(d) {
d = d.toString(16);
if (d.length % 2) {
return '0' + d;
}
return d;
}
function fromHex(hex) {
if ('undefined' !== typeof Buffer) {
return Buffer.from(hex, 'hex');
}
var ab = new ArrayBuffer(hex.length/2);
var i;
var j;
ab = new Uint8Array(ab);
for (i = 0, j = 0; i < (hex.length/2); i += 1) {
ab[i] = parseInt(hex.slice(j, j+1), 16);
j += 2;
}
return ab.buffer;
}
function createCsrBodyEc(domains, xy) {
var publen = xy.x.byteLength; var publen = xy.x.byteLength;
var compression = '04'; var compression = '04';
var hxy = ''; var hxy = '';
@ -256,64 +40,89 @@ function createCsrBodyEc(domains, xy) {
// I haven't learned yet, and I'm not sure if it's allowed at all // I haven't learned yet, and I'm not sure if it's allowed at all
compression = '02'; compression = '02';
} }
hxy += toHex(xy.x); hxy += Hex.fromAB(xy.x);
if (xy.y) { if (xy.y) { hxy += Hex.fromAB(xy.y); }
hxy += toHex(xy.y);
}
var version = ASN1.UInt('00'); // Sorry for the mess, but it is what it is
var subject = ASN1('30' return ASN1('30'
, ASN1('31'
, ASN1('30' // Version (0)
// object id (commonName) , ASN1.UInt('00')
, ASN1('06', '55 04 03')
, ASN1('0C', strToHex(domains[0]))))); // CN / Subject
var pubkey = ASN1('30'
, ASN1('30' , ASN1('30'
// 1.2.840.10045.2.1 ecPublicKey
// (ANSI X9.62 public key type)
, ASN1('06', '2A 86 48 CE 3D 02 01')
// 1.2.840.10045.3.1.7 prime256v1
// (ANSI X9.62 named elliptic curve)
, ASN1('06', '2A 86 48 CE 3D 03 01 07')
)
, ASN1.BitStr(compression + hxy));
var altnames = ASN1('A0'
, ASN1('30'
// (extensionRequest (PKCS #9 via CRMF))
, ASN1('06', '2A 86 48 86 F7 0D 01 09 0E')
, ASN1('31' , ASN1('31'
, ASN1('30' , ASN1('30'
// object id (commonName)
, ASN1('06', '55 04 03')
, ASN1('0C', Hex.fromString(domains[0])))))
// EC P-256 Public Key
, ASN1('30'
, ASN1('30'
// 1.2.840.10045.2.1 ecPublicKey
// (ANSI X9.62 public key type)
, ASN1('06', '2A 86 48 CE 3D 02 01')
// 1.2.840.10045.3.1.7 prime256v1
// (ANSI X9.62 named elliptic curve)
, ASN1('06', '2A 86 48 CE 3D 03 01 07')
)
, ASN1.BitStr(compression + hxy))
// CSR Extension Subject Alternative Names
, ASN1('A0'
, ASN1('30'
// (extensionRequest (PKCS #9 via CRMF))
, ASN1('06', '2A 86 48 86 F7 0D 01 09 0E')
, ASN1('31'
, ASN1('30' , ASN1('30'
// (subjectAltName (X.509 extension)) , ASN1('30'
, ASN1('06', '55 1D 11') // (subjectAltName (X.509 extension))
, ASN1('04' , ASN1('06', '55 1D 11')
, ASN1('30', domains.map(function (d) { , ASN1('04'
return ASN1('82', strToHex(d)); , ASN1('30', domains.map(function (d) {
}).join('')))))))); return ASN1('82', Hex.fromString(d));
var body = ASN1('30' }).join(''))))))))
// #0 Total 3
, version
// Subject
// #1 Total 2+11+n
, subject
// P-256 Public Key
// #2 Total 2+25+xy
, pubkey
// Altnames
// #3 Total 2+28+n
, altnames
); );
};
return body; ECDSACSR.sign = function csrEcSig(keypem, request) {
} var sig = ECDSA.sign(keypem, AB.fromHex(request));
var rLen = sig.r.byteLength;
var rc = '';
var sLen = sig.s.byteLength;
var sc = '';
// https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; }
function signEc(keypem, ab) { if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; }
return ASN1('30'
// The Full CSR Request Body
, request
// The Signature Type
, ASN1('30'
// 1.2.840.10045.4.3.2 ecdsaWithSHA256
// (ANSI X9.62 ECDSA algorithm with SHA256)
, ASN1('06', '2A 86 48 CE 3D 04 03 02')
)
// The Signature, embedded in a Bit Stream
, ASN1.BitStr(
// As far as I can tell this is a completely separate ASN.1 structure
// that just so happens to be embedded in a Bit String of another ASN.1
ASN1('30'
, ASN1.UInt(Hex.fromAB(sig.r))
, ASN1.UInt(Hex.fromAB(sig.s))))
);
};
//
// ECDSA
//
// Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a
ECDSA.sign = function signEc(keypem, ab) {
// Signer is a stream // Signer is a stream
var sign = crypto.createSign('SHA256'); var sign = crypto.createSign('SHA256');
sign.write(new Uint8Array(ab)); sign.write(new Uint8Array(ab));
@ -346,63 +155,26 @@ function signEc(keypem, ab) {
if (0 === r[0]) { r = r.slice(1); } if (0 === r[0]) { r = r.slice(1); }
return { raw: sig.buffer, r: r.buffer, s: s.buffer }; return { raw: sig.buffer, r: r.buffer, s: s.buffer };
} };
function createEcCsr(domains, keypem, ecpub) { //
// TODO get pub from priv // DER
//
var csrBody = createCsrBodyEc(domains, ecpub); DER.toCSR = function createEcCsrPem(der) {
var sig = signEc(keypem, fromHex(csrBody)); var pem = PEM._format(AB.toBase64(der));
var rLen = sig.r.byteLength;
var rc = '';
var sLen = sig.s.byteLength;
var sc = '';
if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; }
if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; }
var csrSig = csrEcSig(sig.r, sig.s);
/*
console.log('sig:', sig.raw.byteLength, toHex(sig.raw));
console.log('r:', sig.r.byteLength, toHex(sig.r));
console.log('s:', sig.s.byteLength, toHex(sig.s));
console.log('csr sig:', csrSig.length / 2, csrSig);
console.log('csrBodyLen + csrSigLen', numToHex(len));
*/
return fromHex(ASN1('30', csrBody, csrSig));
}
function createEcCsrPem(domains, keypem) {
var pemblock = parsePem(keypem);
var ecpub = readEcPubkey(pemblock.der);
var ab = createEcCsr(domains, keypem, ecpub);
var pem = formatAsPem(toBase64(ab));
return '-----BEGIN CERTIFICATE REQUEST-----\n' + pem + '-----END CERTIFICATE REQUEST-----'; return '-----BEGIN CERTIFICATE REQUEST-----\n' + pem + '-----END CERTIFICATE REQUEST-----';
} };
// Taken from Unibabel //
// https://git.coolaj86.com/coolaj86/unibabel.js#readme // PEM
// https://coolaj86.com/articles/base64-unicode-utf-8-javascript-and-you/ //
function utf8ToUint8Array(str) {
var escstr = encodeURIComponent(str);
// replaces any uri escape sequence, such as %0A,
// with binary escape, such as 0x0A
var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) {
return String.fromCharCode('0x' + p1);
});
var buf = new Uint8Array(binstr.length);
binstr.split('').forEach(function (ch, i) {
buf[i] = ch.charCodeAt(0);
});
return buf; // Just for error checking
} PEM.from = function ensurePem(key) {
function ensurePem(key) {
if (!key) { throw new Error("no private key given"); } if (!key) { throw new Error("no private key given"); }
// whether PEM or DER, convert to Uint8Array // whether PEM or DER, convert to Uint8Array
if ('string' === typeof key) { key = utf8ToUint8Array(key); } if ('string' === typeof key) { key = AB.utf8ToUint8Array(key); }
// for consistency // for consistency
if (key instanceof Buffer) { key = new Uint8Array(key.buffer.slice(key.byteOffset, key.byteOffset + key.byteLength)); } if (key instanceof Buffer) { key = new Uint8Array(key.buffer.slice(key.byteOffset, key.byteOffset + key.byteLength)); }
@ -425,7 +197,7 @@ function ensurePem(key) {
// if DER, convert to PEM // if DER, convert to PEM
if ((0x30 === key[0]) && (0x80 & key[1])) { if ((0x30 === key[0]) && (0x80 & key[1])) {
key = toBase64(key); key = AB.toBase64(key);
} }
key = [].map.call(key, function (i) { key = [].map.call(key, function (i) {
return String.fromCharCode(i); return String.fromCharCode(i);
@ -439,7 +211,224 @@ function ensurePem(key) {
throw new Error("key does not appear to be in PEM formt (does not begin with either '-' or 'M')," throw new Error("key does not appear to be in PEM formt (does not begin with either '-' or 'M'),"
+ " nor DER format (does not begin with 0x308X)"); + " nor DER format (does not begin with 0x308X)");
} }
} };
PEM.parseBlock = function parsePem(pem) {
var typ;
var pub;
var crv;
var der = AB.fromBase64(pem.split(/\n/).filter(function (line, i) {
if (0 === i) {
if (/ PUBLIC /.test(line)) {
pub = true;
} else if (/ PRIVATE /.test(line)) {
pub = false;
}
if (/ EC/.test(line)) {
typ = 'EC';
}
}
return !/---/.test(line);
}).join(''));
if (!typ || 'EC' === typ) {
var hex = Hex.fromAB(der).toLowerCase();
if (-1 !== hex.indexOf(OBJ_ID_EC)) {
typ = 'EC';
crv = 'P-256';
} else {
// TODO support P-384 as well (but probably nothing else)
console.warn("unsupported ec curve");
}
}
return { typ: typ, pub: pub, der: der, crv: crv };
};
PEM._format = function formatAsPem(str) {
var finalString = '';
while (str.length > 0) {
finalString += str.substring(0, 64) + '\n';
str = str.substring(64);
}
return finalString;
};
PEM.parseEcPubkey = function readEcPubkey(der) {
// the key is the last 520 bits of both the private key and the public key
// he 3 bits prior identify the key as
var x, y;
var compressed;
var keylen = 32;
var offset = 64;
var headerSize = 4;
var header = Hex.fromAB(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset));
if ('03420004' !== header) {
offset = 32;
header = Hex.fromAB(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset));
if ('03420002' !== header) {
throw new Error("not a valid EC P-256 key (expected 0x0342004 or 0x0342002 as pub key preamble, but found " + header + ")");
}
}
// The one good thing that came from the b***kchain hysteria: good EC documentation
// https://davidederosa.com/basic-blockchain-programming/elliptic-curve-keys/
compressed = ('2' === header[header.byteLength -1]);
x = der.slice(der.byteLength - offset, (der.byteLength - offset) + keylen);
if (!compressed) {
y = der.slice(der.byteLength - keylen, der.byteLength);
}
return {
x: x
, y: y || null
};
};
//
// A dumbed-down, minimal ASN.1 packer
//
// Almost every ASN.1 type that's important for CSR
// can be represented generically with only a few rules.
ASN1 = function ASN1(/*type, hexstrings...*/) {
var args = Array.prototype.slice.call(arguments);
var typ = args.shift();
var str = args.join('').replace(/\s+/g, '').toLowerCase();
var len = (str.length/2);
var lenlen = 0;
var hex = typ;
// We can't have an odd number of hex chars
if (len !== Math.round(len)) {
throw new Error("invalid hex");
}
// The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc)
// The second byte is either the size of the value, or the size of its size
// 1. If the second byte is < 0x80 (128) it is considered the size
// 2. If it is > 0x80 then it describes the number of bytes of the size
// ex: 0x82 means the next 2 bytes describe the size of the value
// 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file)
if (len > 127) {
lenlen += 1;
while (len > 255) {
lenlen += 1;
len = len >> 8;
}
}
if (lenlen) { hex += Hex.fromInt(0x80 + lenlen); }
return hex + Hex.fromInt(str.length/2) + str;
};
// The Integer type has some special rules
ASN1.UInt = function UINT() {
var str = Array.prototype.slice.call(arguments).join('');
var first = parseInt(str.slice(0, 2), 16);
// If the first byte is 0x80 or greater, the number is considered negative
// Therefore we add a '00' prefix if the 0x80 bit is set
if (0x80 & first) { str = '00' + str; }
return ASN1('02', str);
};
// The Bit String type also has a special rule
ASN1.BitStr = function BITSTR() {
var str = Array.prototype.slice.call(arguments).join('');
// '00' is a mask of how many bits of the next byte to ignore
return ASN1('03', '00' + str);
};
//
// Hex, Base64, Buffer, String
//
Hex.fromAB = function toHex(ab) {
var hex = [];
var u8 = new Uint8Array(ab);
var size = u8.byteLength;
var i;
var h;
for (i = 0; i < size; i += 1) {
h = u8[i].toString(16);
if (2 === h.length) {
hex.push(h);
} else {
hex.push('0' + h);
}
}
return hex.join('');
};
Hex.fromString = function strToHex(str) {
var escstr = encodeURIComponent(str);
// replaces any uri escape sequence, such as %0A,
// with binary escape, such as 0x0A
var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) {
return String.fromCharCode('0x' + p1);
});
return binstr.split('').map(function (b) {
var h = b.charCodeAt(0).toString(16);
if (2 === h.length) { return h; }
return '0' + h;
}).join('');
};
Hex.fromInt = function numToHex(d) {
d = d.toString(16);
if (d.length % 2) {
return '0' + d;
}
return d;
};
// Taken from Unibabel
// https://git.coolaj86.com/coolaj86/unibabel.js#readme
// https://coolaj86.com/articles/base64-unicode-utf-8-javascript-and-you/
AB.utf8ToUint8Array = function (str) {
var escstr = encodeURIComponent(str);
// replaces any uri escape sequence, such as %0A,
// with binary escape, such as 0x0A
var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) {
return String.fromCharCode('0x' + p1);
});
var buf = new Uint8Array(binstr.length);
binstr.split('').forEach(function (ch, i) {
buf[i] = ch.charCodeAt(0);
});
return buf;
};
AB.fromHex = function fromHex(hex) {
if ('undefined' !== typeof Buffer) {
return Buffer.from(hex, 'hex');
}
var ab = new ArrayBuffer(hex.length/2);
var i;
var j;
ab = new Uint8Array(ab);
for (i = 0, j = 0; i < (hex.length/2); i += 1) {
ab[i] = parseInt(hex.slice(j, j+1), 16);
j += 2;
}
return ab.buffer;
};
AB.fromBase64 = function fromBase64(b64) {
var buf = Buffer.from(b64, 'base64');
return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
};
AB.toBase64 = function toBase64(der) {
return Buffer.from(der).toString('base64');
};
/*global Promise*/ /*global Promise*/
module.exports = function (opts) { module.exports = function (opts) {
@ -462,8 +451,7 @@ module.exports = function (opts) {
})) { })) {
throw new Error("You must pass options.domains as utf8 strings (not punycode)"); throw new Error("You must pass options.domains as utf8 strings (not punycode)");
} }
var key = ensurePem(opts.key); var key = PEM.from(opts.key);
return DER.toCSR(ECDSACSR.create(key, opts.domains));
return createEcCsrPem(opts.domains, key);
}); });
}; };

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "ecdsa-csr", "name": "ecdsa-csr",
"version": "1.1.0", "version": "1.1.1",
"description": "A focused, zero-dependency library to generate a Certificate Signing Request (CSR) and sign it!", "description": "A focused, zero-dependency library to generate a Certificate Signing Request (CSR) and sign it!",
"main": "index.js", "main": "index.js",
"bin": { "bin": {