1 files changed, 279 insertions, 0 deletions
diff --git a/third_party/js/PKI.js/src/OCSPRequest.ts b/third_party/js/PKI.js/src/OCSPRequest.ts
new file mode 100644
index 0000000000..e5da994909
--- /dev/null
+++ b/third_party/js/PKI.js/src/OCSPRequest.ts
@@ -0,0 +1,279 @@
+import * as asn1js from "asn1js";
+import * as pvutils from "pvutils";
+import * as common from "./common";
+import { TBSRequest, TBSRequestJson, TBSRequestSchema } from "./TBSRequest";
+import { Signature, SignatureJson, SignatureSchema } from "./Signature";
+import { Request } from "./Request";
+import { CertID, CertIDCreateParams } from "./CertID";
+import * as Schema from "./Schema";
+import { Certificate } from "./Certificate";
+import { AsnError, ParameterError } from "./errors";
+import { PkiObject, PkiObjectParameters } from "./PkiObject";
+
+const TBS_REQUEST = "tbsRequest";
+const OPTIONAL_SIGNATURE = "optionalSignature";
+const CLEAR_PROPS = [
+  TBS_REQUEST,
+  OPTIONAL_SIGNATURE
+];
+
+export interface IOCSPRequest {
+  tbsRequest: TBSRequest;
+  optionalSignature?: Signature;
+}
+
+export interface OCSPRequestJson {
+  tbsRequest: TBSRequestJson;
+  optionalSignature?: SignatureJson;
+}
+
+export type OCSPRequestParameters = PkiObjectParameters & Partial<IOCSPRequest>;
+
+/**
+ * Represents an OCSP request described in [RFC6960 Section 4.1](https://datatracker.ietf.org/doc/html/rfc6960#section-4.1)
+ *
+ * @example The following example demonstrates how to create OCSP request
+ * ```js
+ * // Create OCSP request
+ * const ocspReq = new pkijs.OCSPRequest();
+ *
+ * ocspReq.tbsRequest.requestorName = new pkijs.GeneralName({
+ *   type: 4,
+ *   value: cert.subject,
+ * });
+ *
+ * await ocspReq.createForCertificate(cert, {
+ *   hashAlgorithm: "SHA-256",
+ *   issuerCertificate: issuerCert,
+ * });
+ *
+ * const nonce = pkijs.getRandomValues(new Uint8Array(10));
+ * ocspReq.tbsRequest.requestExtensions = [
+ *   new pkijs.Extension({
+ *     extnID: "1.3.6.1.5.5.7.48.1.2", // nonce
+ *     extnValue: new asn1js.OctetString({ valueHex: nonce.buffer }).toBER(),
+ *   })
+ * ];
+ *
+ * // Encode OCSP request
+ * const ocspReqRaw = ocspReq.toSchema(true).toBER();
+ * ```
+ */
+export class OCSPRequest extends PkiObject implements IOCSPRequest {
+
+  public static override CLASS_NAME = "OCSPRequest";
+
+  public tbsRequest!: TBSRequest;
+  public optionalSignature?: Signature;
+
+  /**
+   * Initializes a new instance of the {@link OCSPRequest} class
+   * @param parameters Initialization parameters
+   */
+  constructor(parameters: OCSPRequestParameters = {}) {
+    super();
+
+    this.tbsRequest = pvutils.getParametersValue(parameters, TBS_REQUEST, OCSPRequest.defaultValues(TBS_REQUEST));
+    if (OPTIONAL_SIGNATURE in parameters) {
+      this.optionalSignature = pvutils.getParametersValue(parameters, OPTIONAL_SIGNATURE, OCSPRequest.defaultValues(OPTIONAL_SIGNATURE));
+    }
+
+    if (parameters.schema) {
+      this.fromSchema(parameters.schema);
+    }
+  }
+
+  /**
+   * Returns default values for all class members
+   * @param memberName String name for a class member
+   * @returns Default value
+   */
+  public static override defaultValues(memberName: typeof TBS_REQUEST): TBSRequest;
+  public static override defaultValues(memberName: typeof OPTIONAL_SIGNATURE): Signature;
+  public static override defaultValues(memberName: string): any {
+    switch (memberName) {
+      case TBS_REQUEST:
+        return new TBSRequest();
+      case OPTIONAL_SIGNATURE:
+        return new Signature();
+      default:
+        return super.defaultValues(memberName);
+    }
+  }
+
+  /**
+   * Compare values with default values for all class members
+   * @param memberName String name for a class member
+   * @param memberValue Value to compare with default value
+   * @returns Returns `true` if `memberValue` is equal to default value for selected class member
+   */
+  public static compareWithDefault(memberName: string, memberValue: any): boolean {
+    switch (memberName) {
+      case TBS_REQUEST:
+        return ((TBSRequest.compareWithDefault("tbs", memberValue.tbs)) &&
+          (TBSRequest.compareWithDefault("version", memberValue.version)) &&
+          (TBSRequest.compareWithDefault("requestorName", memberValue.requestorName)) &&
+          (TBSRequest.compareWithDefault("requestList", memberValue.requestList)) &&
+          (TBSRequest.compareWithDefault("requestExtensions", memberValue.requestExtensions)));
+      case OPTIONAL_SIGNATURE:
+        return ((Signature.compareWithDefault("signatureAlgorithm", memberValue.signatureAlgorithm)) &&
+          (Signature.compareWithDefault("signature", memberValue.signature)) &&
+          (Signature.compareWithDefault("certs", memberValue.certs)));
+      default:
+        return super.defaultValues(memberName);
+    }
+  }
+
+  /**
+   * @inheritdoc
+   * @asn ASN.1 schema
+   * ```asn
+   * OCSPRequest ::= SEQUENCE {
+   *    tbsRequest                  TBSRequest,
+   *    optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+   *```
+   */
+  public static override schema(parameters: Schema.SchemaParameters<{
+    tbsRequest?: TBSRequestSchema;
+    optionalSignature?: SignatureSchema;
+  }> = {}): Schema.SchemaType {
+    const names = pvutils.getParametersValue<NonNullable<typeof parameters.names>>(parameters, "names", {});
+
+    return (new asn1js.Sequence({
+      name: names.blockName || "OCSPRequest",
+      value: [
+        TBSRequest.schema(names.tbsRequest || {
+          names: {
+            blockName: TBS_REQUEST
+          }
+        }),
+        new asn1js.Constructed({
+          optional: true,
+          idBlock: {
+            tagClass: 3, // CONTEXT-SPECIFIC
+            tagNumber: 0 // [0]
+          },
+          value: [
+            Signature.schema(names.optionalSignature || {
+              names: {
+                blockName: OPTIONAL_SIGNATURE
+              }
+            })
+          ]
+        })
+      ]
+    }));
+  }
+
+  public fromSchema(schema: Schema.SchemaType): void {
+    // Clear input data first
+    pvutils.clearProps(schema, CLEAR_PROPS);
+
+    // Check the schema is valid
+    const asn1 = asn1js.compareSchema(schema,
+      schema,
+      OCSPRequest.schema()
+    );
+    AsnError.assertSchema(asn1, this.className);
+
+    // Get internal properties from parsed schema
+    this.tbsRequest = new TBSRequest({ schema: asn1.result.tbsRequest });
+    if (OPTIONAL_SIGNATURE in asn1.result)
+      this.optionalSignature = new Signature({ schema: asn1.result.optionalSignature });
+  }
+
+  public toSchema(encodeFlag = false) {
+    //#region Create array for output sequence
+    const outputArray = [];
+
+    outputArray.push(this.tbsRequest.toSchema(encodeFlag));
+    if (this.optionalSignature)
+      outputArray.push(
+        new asn1js.Constructed({
+          optional: true,
+          idBlock: {
+            tagClass: 3, // CONTEXT-SPECIFIC
+            tagNumber: 0 // [0]
+          },
+          value: [
+            this.optionalSignature.toSchema()
+          ]
+        }));
+    //#endregion
+
+    //#region Construct and return new ASN.1 schema for this object
+    return (new asn1js.Sequence({
+      value: outputArray
+    }));
+    //#endregion
+  }
+
+  public toJSON(): OCSPRequestJson {
+    const res: OCSPRequestJson = {
+      tbsRequest: this.tbsRequest.toJSON()
+    };
+
+    if (this.optionalSignature) {
+      res.optionalSignature = this.optionalSignature.toJSON();
+    }
+
+    return res;
+  }
+
+  /**
+   * Making OCSP Request for specific certificate
+   * @param certificate Certificate making OCSP Request for
+   * @param parameters Additional parameters
+   * @param crypto Crypto engine
+   */
+  public async createForCertificate(certificate: Certificate, parameters: CertIDCreateParams, crypto = common.getCrypto(true)): Promise<void> {
+    //#region Initial variables
+    const certID = new CertID();
+    //#endregion
+
+    //#region Create OCSP certificate identifier for the certificate
+    await certID.createForCertificate(certificate, parameters, crypto);
+    //#endregion
+
+    //#region Make final request data
+    this.tbsRequest.requestList.push(new Request({
+      reqCert: certID,
+    }));
+    //#endregion
+  }
+
+  /**
+   * Make signature for current OCSP Request
+   * @param privateKey Private key for "subjectPublicKeyInfo" structure
+   * @param hashAlgorithm Hashing algorithm. Default SHA-1
+   * @param crypto Crypto engine
+   */
+  public async sign(privateKey: CryptoKey, hashAlgorithm = "SHA-1", crypto = common.getCrypto(true)) {
+    // Initial checking
+    ParameterError.assertEmpty(privateKey, "privateKey", "OCSPRequest.sign method");
+
+    // Check that OPTIONAL_SIGNATURE exists in the current request
+    if (!this.optionalSignature) {
+      throw new Error("Need to create \"optionalSignature\" field before signing");
+    }
+
+    //#region Get a "default parameters" for current algorithm and set correct signature algorithm
+    const signatureParams = await crypto.getSignatureParameters(privateKey, hashAlgorithm);
+    const parameters = signatureParams.parameters;
+    this.optionalSignature.signatureAlgorithm = signatureParams.signatureAlgorithm;
+    //#endregion
+
+    //#region Create TBS data for signing
+    const tbs = this.tbsRequest.toSchema(true).toBER(false);
+    //#endregion
+
+    // Signing TBS data on provided private key
+    const signature = await crypto.signWithPrivateKey(tbs, privateKey, parameters as any);
+    this.optionalSignature.signature = new asn1js.BitString({ valueHex: signature });
+  }
+
+  verify() {
+    // TODO: Create the function
+  }
+
+}