x509.js 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752
  1. // Copyright 2017 Joyent, Inc.
  2. module.exports = {
  3. read: read,
  4. verify: verify,
  5. sign: sign,
  6. signAsync: signAsync,
  7. write: write
  8. };
  9. var assert = require('assert-plus');
  10. var asn1 = require('asn1');
  11. var Buffer = require('safer-buffer').Buffer;
  12. var algs = require('../algs');
  13. var utils = require('../utils');
  14. var Key = require('../key');
  15. var PrivateKey = require('../private-key');
  16. var pem = require('./pem');
  17. var Identity = require('../identity');
  18. var Signature = require('../signature');
  19. var Certificate = require('../certificate');
  20. var pkcs8 = require('./pkcs8');
  21. /*
  22. * This file is based on RFC5280 (X.509).
  23. */
  24. /* Helper to read in a single mpint */
  25. function readMPInt(der, nm) {
  26. assert.strictEqual(der.peek(), asn1.Ber.Integer,
  27. nm + ' is not an Integer');
  28. return (utils.mpNormalize(der.readString(asn1.Ber.Integer, true)));
  29. }
  30. function verify(cert, key) {
  31. var sig = cert.signatures.x509;
  32. assert.object(sig, 'x509 signature');
  33. var algParts = sig.algo.split('-');
  34. if (algParts[0] !== key.type)
  35. return (false);
  36. var blob = sig.cache;
  37. if (blob === undefined) {
  38. var der = new asn1.BerWriter();
  39. writeTBSCert(cert, der);
  40. blob = der.buffer;
  41. }
  42. var verifier = key.createVerify(algParts[1]);
  43. verifier.write(blob);
  44. return (verifier.verify(sig.signature));
  45. }
  46. function Local(i) {
  47. return (asn1.Ber.Context | asn1.Ber.Constructor | i);
  48. }
  49. function Context(i) {
  50. return (asn1.Ber.Context | i);
  51. }
  52. var SIGN_ALGS = {
  53. 'rsa-md5': '1.2.840.113549.1.1.4',
  54. 'rsa-sha1': '1.2.840.113549.1.1.5',
  55. 'rsa-sha256': '1.2.840.113549.1.1.11',
  56. 'rsa-sha384': '1.2.840.113549.1.1.12',
  57. 'rsa-sha512': '1.2.840.113549.1.1.13',
  58. 'dsa-sha1': '1.2.840.10040.4.3',
  59. 'dsa-sha256': '2.16.840.1.101.3.4.3.2',
  60. 'ecdsa-sha1': '1.2.840.10045.4.1',
  61. 'ecdsa-sha256': '1.2.840.10045.4.3.2',
  62. 'ecdsa-sha384': '1.2.840.10045.4.3.3',
  63. 'ecdsa-sha512': '1.2.840.10045.4.3.4',
  64. 'ed25519-sha512': '1.3.101.112'
  65. };
  66. Object.keys(SIGN_ALGS).forEach(function (k) {
  67. SIGN_ALGS[SIGN_ALGS[k]] = k;
  68. });
  69. SIGN_ALGS['1.3.14.3.2.3'] = 'rsa-md5';
  70. SIGN_ALGS['1.3.14.3.2.29'] = 'rsa-sha1';
  71. var EXTS = {
  72. 'issuerKeyId': '2.5.29.35',
  73. 'altName': '2.5.29.17',
  74. 'basicConstraints': '2.5.29.19',
  75. 'keyUsage': '2.5.29.15',
  76. 'extKeyUsage': '2.5.29.37'
  77. };
  78. function read(buf, options) {
  79. if (typeof (buf) === 'string') {
  80. buf = Buffer.from(buf, 'binary');
  81. }
  82. assert.buffer(buf, 'buf');
  83. var der = new asn1.BerReader(buf);
  84. der.readSequence();
  85. if (Math.abs(der.length - der.remain) > 1) {
  86. throw (new Error('DER sequence does not contain whole byte ' +
  87. 'stream'));
  88. }
  89. var tbsStart = der.offset;
  90. der.readSequence();
  91. var sigOffset = der.offset + der.length;
  92. var tbsEnd = sigOffset;
  93. if (der.peek() === Local(0)) {
  94. der.readSequence(Local(0));
  95. var version = der.readInt();
  96. assert.ok(version <= 3,
  97. 'only x.509 versions up to v3 supported');
  98. }
  99. var cert = {};
  100. cert.signatures = {};
  101. var sig = (cert.signatures.x509 = {});
  102. sig.extras = {};
  103. cert.serial = readMPInt(der, 'serial');
  104. der.readSequence();
  105. var after = der.offset + der.length;
  106. var certAlgOid = der.readOID();
  107. var certAlg = SIGN_ALGS[certAlgOid];
  108. if (certAlg === undefined)
  109. throw (new Error('unknown signature algorithm ' + certAlgOid));
  110. der._offset = after;
  111. cert.issuer = Identity.parseAsn1(der);
  112. der.readSequence();
  113. cert.validFrom = readDate(der);
  114. cert.validUntil = readDate(der);
  115. cert.subjects = [Identity.parseAsn1(der)];
  116. der.readSequence();
  117. after = der.offset + der.length;
  118. cert.subjectKey = pkcs8.readPkcs8(undefined, 'public', der);
  119. der._offset = after;
  120. /* issuerUniqueID */
  121. if (der.peek() === Local(1)) {
  122. der.readSequence(Local(1));
  123. sig.extras.issuerUniqueID =
  124. buf.slice(der.offset, der.offset + der.length);
  125. der._offset += der.length;
  126. }
  127. /* subjectUniqueID */
  128. if (der.peek() === Local(2)) {
  129. der.readSequence(Local(2));
  130. sig.extras.subjectUniqueID =
  131. buf.slice(der.offset, der.offset + der.length);
  132. der._offset += der.length;
  133. }
  134. /* extensions */
  135. if (der.peek() === Local(3)) {
  136. der.readSequence(Local(3));
  137. var extEnd = der.offset + der.length;
  138. der.readSequence();
  139. while (der.offset < extEnd)
  140. readExtension(cert, buf, der);
  141. assert.strictEqual(der.offset, extEnd);
  142. }
  143. assert.strictEqual(der.offset, sigOffset);
  144. der.readSequence();
  145. after = der.offset + der.length;
  146. var sigAlgOid = der.readOID();
  147. var sigAlg = SIGN_ALGS[sigAlgOid];
  148. if (sigAlg === undefined)
  149. throw (new Error('unknown signature algorithm ' + sigAlgOid));
  150. der._offset = after;
  151. var sigData = der.readString(asn1.Ber.BitString, true);
  152. if (sigData[0] === 0)
  153. sigData = sigData.slice(1);
  154. var algParts = sigAlg.split('-');
  155. sig.signature = Signature.parse(sigData, algParts[0], 'asn1');
  156. sig.signature.hashAlgorithm = algParts[1];
  157. sig.algo = sigAlg;
  158. sig.cache = buf.slice(tbsStart, tbsEnd);
  159. return (new Certificate(cert));
  160. }
  161. function readDate(der) {
  162. if (der.peek() === asn1.Ber.UTCTime) {
  163. return (utcTimeToDate(der.readString(asn1.Ber.UTCTime)));
  164. } else if (der.peek() === asn1.Ber.GeneralizedTime) {
  165. return (gTimeToDate(der.readString(asn1.Ber.GeneralizedTime)));
  166. } else {
  167. throw (new Error('Unsupported date format'));
  168. }
  169. }
  170. function writeDate(der, date) {
  171. if (date.getUTCFullYear() >= 2050 || date.getUTCFullYear() < 1950) {
  172. der.writeString(dateToGTime(date), asn1.Ber.GeneralizedTime);
  173. } else {
  174. der.writeString(dateToUTCTime(date), asn1.Ber.UTCTime);
  175. }
  176. }
  177. /* RFC5280, section 4.2.1.6 (GeneralName type) */
  178. var ALTNAME = {
  179. OtherName: Local(0),
  180. RFC822Name: Context(1),
  181. DNSName: Context(2),
  182. X400Address: Local(3),
  183. DirectoryName: Local(4),
  184. EDIPartyName: Local(5),
  185. URI: Context(6),
  186. IPAddress: Context(7),
  187. OID: Context(8)
  188. };
  189. /* RFC5280, section 4.2.1.12 (KeyPurposeId) */
  190. var EXTPURPOSE = {
  191. 'serverAuth': '1.3.6.1.5.5.7.3.1',
  192. 'clientAuth': '1.3.6.1.5.5.7.3.2',
  193. 'codeSigning': '1.3.6.1.5.5.7.3.3',
  194. /* See https://github.com/joyent/oid-docs/blob/master/root.md */
  195. 'joyentDocker': '1.3.6.1.4.1.38678.1.4.1',
  196. 'joyentCmon': '1.3.6.1.4.1.38678.1.4.2'
  197. };
  198. var EXTPURPOSE_REV = {};
  199. Object.keys(EXTPURPOSE).forEach(function (k) {
  200. EXTPURPOSE_REV[EXTPURPOSE[k]] = k;
  201. });
  202. var KEYUSEBITS = [
  203. 'signature', 'identity', 'keyEncryption',
  204. 'encryption', 'keyAgreement', 'ca', 'crl'
  205. ];
  206. function readExtension(cert, buf, der) {
  207. der.readSequence();
  208. var after = der.offset + der.length;
  209. var extId = der.readOID();
  210. var id;
  211. var sig = cert.signatures.x509;
  212. if (!sig.extras.exts)
  213. sig.extras.exts = [];
  214. var critical;
  215. if (der.peek() === asn1.Ber.Boolean)
  216. critical = der.readBoolean();
  217. switch (extId) {
  218. case (EXTS.basicConstraints):
  219. der.readSequence(asn1.Ber.OctetString);
  220. der.readSequence();
  221. var bcEnd = der.offset + der.length;
  222. var ca = false;
  223. if (der.peek() === asn1.Ber.Boolean)
  224. ca = der.readBoolean();
  225. if (cert.purposes === undefined)
  226. cert.purposes = [];
  227. if (ca === true)
  228. cert.purposes.push('ca');
  229. var bc = { oid: extId, critical: critical };
  230. if (der.offset < bcEnd && der.peek() === asn1.Ber.Integer)
  231. bc.pathLen = der.readInt();
  232. sig.extras.exts.push(bc);
  233. break;
  234. case (EXTS.extKeyUsage):
  235. der.readSequence(asn1.Ber.OctetString);
  236. der.readSequence();
  237. if (cert.purposes === undefined)
  238. cert.purposes = [];
  239. var ekEnd = der.offset + der.length;
  240. while (der.offset < ekEnd) {
  241. var oid = der.readOID();
  242. cert.purposes.push(EXTPURPOSE_REV[oid] || oid);
  243. }
  244. /*
  245. * This is a bit of a hack: in the case where we have a cert
  246. * that's only allowed to do serverAuth or clientAuth (and not
  247. * the other), we want to make sure all our Subjects are of
  248. * the right type. But we already parsed our Subjects and
  249. * decided if they were hosts or users earlier (since it appears
  250. * first in the cert).
  251. *
  252. * So we go through and mutate them into the right kind here if
  253. * it doesn't match. This might not be hugely beneficial, as it
  254. * seems that single-purpose certs are not often seen in the
  255. * wild.
  256. */
  257. if (cert.purposes.indexOf('serverAuth') !== -1 &&
  258. cert.purposes.indexOf('clientAuth') === -1) {
  259. cert.subjects.forEach(function (ide) {
  260. if (ide.type !== 'host') {
  261. ide.type = 'host';
  262. ide.hostname = ide.uid ||
  263. ide.email ||
  264. ide.components[0].value;
  265. }
  266. });
  267. } else if (cert.purposes.indexOf('clientAuth') !== -1 &&
  268. cert.purposes.indexOf('serverAuth') === -1) {
  269. cert.subjects.forEach(function (ide) {
  270. if (ide.type !== 'user') {
  271. ide.type = 'user';
  272. ide.uid = ide.hostname ||
  273. ide.email ||
  274. ide.components[0].value;
  275. }
  276. });
  277. }
  278. sig.extras.exts.push({ oid: extId, critical: critical });
  279. break;
  280. case (EXTS.keyUsage):
  281. der.readSequence(asn1.Ber.OctetString);
  282. var bits = der.readString(asn1.Ber.BitString, true);
  283. var setBits = readBitField(bits, KEYUSEBITS);
  284. setBits.forEach(function (bit) {
  285. if (cert.purposes === undefined)
  286. cert.purposes = [];
  287. if (cert.purposes.indexOf(bit) === -1)
  288. cert.purposes.push(bit);
  289. });
  290. sig.extras.exts.push({ oid: extId, critical: critical,
  291. bits: bits });
  292. break;
  293. case (EXTS.altName):
  294. der.readSequence(asn1.Ber.OctetString);
  295. der.readSequence();
  296. var aeEnd = der.offset + der.length;
  297. while (der.offset < aeEnd) {
  298. switch (der.peek()) {
  299. case ALTNAME.OtherName:
  300. case ALTNAME.EDIPartyName:
  301. der.readSequence();
  302. der._offset += der.length;
  303. break;
  304. case ALTNAME.OID:
  305. der.readOID(ALTNAME.OID);
  306. break;
  307. case ALTNAME.RFC822Name:
  308. /* RFC822 specifies email addresses */
  309. var email = der.readString(ALTNAME.RFC822Name);
  310. id = Identity.forEmail(email);
  311. if (!cert.subjects[0].equals(id))
  312. cert.subjects.push(id);
  313. break;
  314. case ALTNAME.DirectoryName:
  315. der.readSequence(ALTNAME.DirectoryName);
  316. id = Identity.parseAsn1(der);
  317. if (!cert.subjects[0].equals(id))
  318. cert.subjects.push(id);
  319. break;
  320. case ALTNAME.DNSName:
  321. var host = der.readString(
  322. ALTNAME.DNSName);
  323. id = Identity.forHost(host);
  324. if (!cert.subjects[0].equals(id))
  325. cert.subjects.push(id);
  326. break;
  327. default:
  328. der.readString(der.peek());
  329. break;
  330. }
  331. }
  332. sig.extras.exts.push({ oid: extId, critical: critical });
  333. break;
  334. default:
  335. sig.extras.exts.push({
  336. oid: extId,
  337. critical: critical,
  338. data: der.readString(asn1.Ber.OctetString, true)
  339. });
  340. break;
  341. }
  342. der._offset = after;
  343. }
  344. var UTCTIME_RE =
  345. /^([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})?Z$/;
  346. function utcTimeToDate(t) {
  347. var m = t.match(UTCTIME_RE);
  348. assert.ok(m, 'timestamps must be in UTC');
  349. var d = new Date();
  350. var thisYear = d.getUTCFullYear();
  351. var century = Math.floor(thisYear / 100) * 100;
  352. var year = parseInt(m[1], 10);
  353. if (thisYear % 100 < 50 && year >= 60)
  354. year += (century - 1);
  355. else
  356. year += century;
  357. d.setUTCFullYear(year, parseInt(m[2], 10) - 1, parseInt(m[3], 10));
  358. d.setUTCHours(parseInt(m[4], 10), parseInt(m[5], 10));
  359. if (m[6] && m[6].length > 0)
  360. d.setUTCSeconds(parseInt(m[6], 10));
  361. return (d);
  362. }
  363. var GTIME_RE =
  364. /^([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})?Z$/;
  365. function gTimeToDate(t) {
  366. var m = t.match(GTIME_RE);
  367. assert.ok(m);
  368. var d = new Date();
  369. d.setUTCFullYear(parseInt(m[1], 10), parseInt(m[2], 10) - 1,
  370. parseInt(m[3], 10));
  371. d.setUTCHours(parseInt(m[4], 10), parseInt(m[5], 10));
  372. if (m[6] && m[6].length > 0)
  373. d.setUTCSeconds(parseInt(m[6], 10));
  374. return (d);
  375. }
  376. function zeroPad(n, m) {
  377. if (m === undefined)
  378. m = 2;
  379. var s = '' + n;
  380. while (s.length < m)
  381. s = '0' + s;
  382. return (s);
  383. }
  384. function dateToUTCTime(d) {
  385. var s = '';
  386. s += zeroPad(d.getUTCFullYear() % 100);
  387. s += zeroPad(d.getUTCMonth() + 1);
  388. s += zeroPad(d.getUTCDate());
  389. s += zeroPad(d.getUTCHours());
  390. s += zeroPad(d.getUTCMinutes());
  391. s += zeroPad(d.getUTCSeconds());
  392. s += 'Z';
  393. return (s);
  394. }
  395. function dateToGTime(d) {
  396. var s = '';
  397. s += zeroPad(d.getUTCFullYear(), 4);
  398. s += zeroPad(d.getUTCMonth() + 1);
  399. s += zeroPad(d.getUTCDate());
  400. s += zeroPad(d.getUTCHours());
  401. s += zeroPad(d.getUTCMinutes());
  402. s += zeroPad(d.getUTCSeconds());
  403. s += 'Z';
  404. return (s);
  405. }
  406. function sign(cert, key) {
  407. if (cert.signatures.x509 === undefined)
  408. cert.signatures.x509 = {};
  409. var sig = cert.signatures.x509;
  410. sig.algo = key.type + '-' + key.defaultHashAlgorithm();
  411. if (SIGN_ALGS[sig.algo] === undefined)
  412. return (false);
  413. var der = new asn1.BerWriter();
  414. writeTBSCert(cert, der);
  415. var blob = der.buffer;
  416. sig.cache = blob;
  417. var signer = key.createSign();
  418. signer.write(blob);
  419. cert.signatures.x509.signature = signer.sign();
  420. return (true);
  421. }
  422. function signAsync(cert, signer, done) {
  423. if (cert.signatures.x509 === undefined)
  424. cert.signatures.x509 = {};
  425. var sig = cert.signatures.x509;
  426. var der = new asn1.BerWriter();
  427. writeTBSCert(cert, der);
  428. var blob = der.buffer;
  429. sig.cache = blob;
  430. signer(blob, function (err, signature) {
  431. if (err) {
  432. done(err);
  433. return;
  434. }
  435. sig.algo = signature.type + '-' + signature.hashAlgorithm;
  436. if (SIGN_ALGS[sig.algo] === undefined) {
  437. done(new Error('Invalid signing algorithm "' +
  438. sig.algo + '"'));
  439. return;
  440. }
  441. sig.signature = signature;
  442. done();
  443. });
  444. }
  445. function write(cert, options) {
  446. var sig = cert.signatures.x509;
  447. assert.object(sig, 'x509 signature');
  448. var der = new asn1.BerWriter();
  449. der.startSequence();
  450. if (sig.cache) {
  451. der._ensure(sig.cache.length);
  452. sig.cache.copy(der._buf, der._offset);
  453. der._offset += sig.cache.length;
  454. } else {
  455. writeTBSCert(cert, der);
  456. }
  457. der.startSequence();
  458. der.writeOID(SIGN_ALGS[sig.algo]);
  459. if (sig.algo.match(/^rsa-/))
  460. der.writeNull();
  461. der.endSequence();
  462. var sigData = sig.signature.toBuffer('asn1');
  463. var data = Buffer.alloc(sigData.length + 1);
  464. data[0] = 0;
  465. sigData.copy(data, 1);
  466. der.writeBuffer(data, asn1.Ber.BitString);
  467. der.endSequence();
  468. return (der.buffer);
  469. }
  470. function writeTBSCert(cert, der) {
  471. var sig = cert.signatures.x509;
  472. assert.object(sig, 'x509 signature');
  473. der.startSequence();
  474. der.startSequence(Local(0));
  475. der.writeInt(2);
  476. der.endSequence();
  477. der.writeBuffer(utils.mpNormalize(cert.serial), asn1.Ber.Integer);
  478. der.startSequence();
  479. der.writeOID(SIGN_ALGS[sig.algo]);
  480. if (sig.algo.match(/^rsa-/))
  481. der.writeNull();
  482. der.endSequence();
  483. cert.issuer.toAsn1(der);
  484. der.startSequence();
  485. writeDate(der, cert.validFrom);
  486. writeDate(der, cert.validUntil);
  487. der.endSequence();
  488. var subject = cert.subjects[0];
  489. var altNames = cert.subjects.slice(1);
  490. subject.toAsn1(der);
  491. pkcs8.writePkcs8(der, cert.subjectKey);
  492. if (sig.extras && sig.extras.issuerUniqueID) {
  493. der.writeBuffer(sig.extras.issuerUniqueID, Local(1));
  494. }
  495. if (sig.extras && sig.extras.subjectUniqueID) {
  496. der.writeBuffer(sig.extras.subjectUniqueID, Local(2));
  497. }
  498. if (altNames.length > 0 || subject.type === 'host' ||
  499. (cert.purposes !== undefined && cert.purposes.length > 0) ||
  500. (sig.extras && sig.extras.exts)) {
  501. der.startSequence(Local(3));
  502. der.startSequence();
  503. var exts = [];
  504. if (cert.purposes !== undefined && cert.purposes.length > 0) {
  505. exts.push({
  506. oid: EXTS.basicConstraints,
  507. critical: true
  508. });
  509. exts.push({
  510. oid: EXTS.keyUsage,
  511. critical: true
  512. });
  513. exts.push({
  514. oid: EXTS.extKeyUsage,
  515. critical: true
  516. });
  517. }
  518. exts.push({ oid: EXTS.altName });
  519. if (sig.extras && sig.extras.exts)
  520. exts = sig.extras.exts;
  521. for (var i = 0; i < exts.length; ++i) {
  522. der.startSequence();
  523. der.writeOID(exts[i].oid);
  524. if (exts[i].critical !== undefined)
  525. der.writeBoolean(exts[i].critical);
  526. if (exts[i].oid === EXTS.altName) {
  527. der.startSequence(asn1.Ber.OctetString);
  528. der.startSequence();
  529. if (subject.type === 'host') {
  530. der.writeString(subject.hostname,
  531. Context(2));
  532. }
  533. for (var j = 0; j < altNames.length; ++j) {
  534. if (altNames[j].type === 'host') {
  535. der.writeString(
  536. altNames[j].hostname,
  537. ALTNAME.DNSName);
  538. } else if (altNames[j].type ===
  539. 'email') {
  540. der.writeString(
  541. altNames[j].email,
  542. ALTNAME.RFC822Name);
  543. } else {
  544. /*
  545. * Encode anything else as a
  546. * DN style name for now.
  547. */
  548. der.startSequence(
  549. ALTNAME.DirectoryName);
  550. altNames[j].toAsn1(der);
  551. der.endSequence();
  552. }
  553. }
  554. der.endSequence();
  555. der.endSequence();
  556. } else if (exts[i].oid === EXTS.basicConstraints) {
  557. der.startSequence(asn1.Ber.OctetString);
  558. der.startSequence();
  559. var ca = (cert.purposes.indexOf('ca') !== -1);
  560. var pathLen = exts[i].pathLen;
  561. der.writeBoolean(ca);
  562. if (pathLen !== undefined)
  563. der.writeInt(pathLen);
  564. der.endSequence();
  565. der.endSequence();
  566. } else if (exts[i].oid === EXTS.extKeyUsage) {
  567. der.startSequence(asn1.Ber.OctetString);
  568. der.startSequence();
  569. cert.purposes.forEach(function (purpose) {
  570. if (purpose === 'ca')
  571. return;
  572. if (KEYUSEBITS.indexOf(purpose) !== -1)
  573. return;
  574. var oid = purpose;
  575. if (EXTPURPOSE[purpose] !== undefined)
  576. oid = EXTPURPOSE[purpose];
  577. der.writeOID(oid);
  578. });
  579. der.endSequence();
  580. der.endSequence();
  581. } else if (exts[i].oid === EXTS.keyUsage) {
  582. der.startSequence(asn1.Ber.OctetString);
  583. /*
  584. * If we parsed this certificate from a byte
  585. * stream (i.e. we didn't generate it in sshpk)
  586. * then we'll have a ".bits" property on the
  587. * ext with the original raw byte contents.
  588. *
  589. * If we have this, use it here instead of
  590. * regenerating it. This guarantees we output
  591. * the same data we parsed, so signatures still
  592. * validate.
  593. */
  594. if (exts[i].bits !== undefined) {
  595. der.writeBuffer(exts[i].bits,
  596. asn1.Ber.BitString);
  597. } else {
  598. var bits = writeBitField(cert.purposes,
  599. KEYUSEBITS);
  600. der.writeBuffer(bits,
  601. asn1.Ber.BitString);
  602. }
  603. der.endSequence();
  604. } else {
  605. der.writeBuffer(exts[i].data,
  606. asn1.Ber.OctetString);
  607. }
  608. der.endSequence();
  609. }
  610. der.endSequence();
  611. der.endSequence();
  612. }
  613. der.endSequence();
  614. }
  615. /*
  616. * Reads an ASN.1 BER bitfield out of the Buffer produced by doing
  617. * `BerReader#readString(asn1.Ber.BitString)`. That function gives us the raw
  618. * contents of the BitString tag, which is a count of unused bits followed by
  619. * the bits as a right-padded byte string.
  620. *
  621. * `bits` is the Buffer, `bitIndex` should contain an array of string names
  622. * for the bits in the string, ordered starting with bit #0 in the ASN.1 spec.
  623. *
  624. * Returns an array of Strings, the names of the bits that were set to 1.
  625. */
  626. function readBitField(bits, bitIndex) {
  627. var bitLen = 8 * (bits.length - 1) - bits[0];
  628. var setBits = {};
  629. for (var i = 0; i < bitLen; ++i) {
  630. var byteN = 1 + Math.floor(i / 8);
  631. var bit = 7 - (i % 8);
  632. var mask = 1 << bit;
  633. var bitVal = ((bits[byteN] & mask) !== 0);
  634. var name = bitIndex[i];
  635. if (bitVal && typeof (name) === 'string') {
  636. setBits[name] = true;
  637. }
  638. }
  639. return (Object.keys(setBits));
  640. }
  641. /*
  642. * `setBits` is an array of strings, containing the names for each bit that
  643. * sould be set to 1. `bitIndex` is same as in `readBitField()`.
  644. *
  645. * Returns a Buffer, ready to be written out with `BerWriter#writeString()`.
  646. */
  647. function writeBitField(setBits, bitIndex) {
  648. var bitLen = bitIndex.length;
  649. var blen = Math.ceil(bitLen / 8);
  650. var unused = blen * 8 - bitLen;
  651. var bits = Buffer.alloc(1 + blen); // zero-filled
  652. bits[0] = unused;
  653. for (var i = 0; i < bitLen; ++i) {
  654. var byteN = 1 + Math.floor(i / 8);
  655. var bit = 7 - (i % 8);
  656. var mask = 1 << bit;
  657. var name = bitIndex[i];
  658. if (name === undefined)
  659. continue;
  660. var bitVal = (setBits.indexOf(name) !== -1);
  661. if (bitVal) {
  662. bits[byteN] |= mask;
  663. }
  664. }
  665. return (bits);
  666. }