diff options
Diffstat (limited to 'third_party/js/PKI.js/src/OCSPRequest.ts')
-rw-r--r-- | third_party/js/PKI.js/src/OCSPRequest.ts | 279 |
1 files changed, 279 insertions, 0 deletions
diff --git a/third_party/js/PKI.js/src/OCSPRequest.ts b/third_party/js/PKI.js/src/OCSPRequest.ts new file mode 100644 index 0000000000..e5da994909 --- /dev/null +++ b/third_party/js/PKI.js/src/OCSPRequest.ts @@ -0,0 +1,279 @@ +import * as asn1js from "asn1js"; +import * as pvutils from "pvutils"; +import * as common from "./common"; +import { TBSRequest, TBSRequestJson, TBSRequestSchema } from "./TBSRequest"; +import { Signature, SignatureJson, SignatureSchema } from "./Signature"; +import { Request } from "./Request"; +import { CertID, CertIDCreateParams } from "./CertID"; +import * as Schema from "./Schema"; +import { Certificate } from "./Certificate"; +import { AsnError, ParameterError } from "./errors"; +import { PkiObject, PkiObjectParameters } from "./PkiObject"; + +const TBS_REQUEST = "tbsRequest"; +const OPTIONAL_SIGNATURE = "optionalSignature"; +const CLEAR_PROPS = [ + TBS_REQUEST, + OPTIONAL_SIGNATURE +]; + +export interface IOCSPRequest { + tbsRequest: TBSRequest; + optionalSignature?: Signature; +} + +export interface OCSPRequestJson { + tbsRequest: TBSRequestJson; + optionalSignature?: SignatureJson; +} + +export type OCSPRequestParameters = PkiObjectParameters & Partial<IOCSPRequest>; + +/** + * Represents an OCSP request described in [RFC6960 Section 4.1](https://datatracker.ietf.org/doc/html/rfc6960#section-4.1) + * + * @example The following example demonstrates how to create OCSP request + * ```js + * // Create OCSP request + * const ocspReq = new pkijs.OCSPRequest(); + * + * ocspReq.tbsRequest.requestorName = new pkijs.GeneralName({ + * type: 4, + * value: cert.subject, + * }); + * + * await ocspReq.createForCertificate(cert, { + * hashAlgorithm: "SHA-256", + * issuerCertificate: issuerCert, + * }); + * + * const nonce = pkijs.getRandomValues(new Uint8Array(10)); + * ocspReq.tbsRequest.requestExtensions = [ + * new pkijs.Extension({ + * extnID: "1.3.6.1.5.5.7.48.1.2", // nonce + * extnValue: new asn1js.OctetString({ valueHex: nonce.buffer }).toBER(), + * }) + * ]; + * + * // Encode OCSP request + * const ocspReqRaw = ocspReq.toSchema(true).toBER(); + * ``` + */ +export class OCSPRequest extends PkiObject implements IOCSPRequest { + + public static override CLASS_NAME = "OCSPRequest"; + + public tbsRequest!: TBSRequest; + public optionalSignature?: Signature; + + /** + * Initializes a new instance of the {@link OCSPRequest} class + * @param parameters Initialization parameters + */ + constructor(parameters: OCSPRequestParameters = {}) { + super(); + + this.tbsRequest = pvutils.getParametersValue(parameters, TBS_REQUEST, OCSPRequest.defaultValues(TBS_REQUEST)); + if (OPTIONAL_SIGNATURE in parameters) { + this.optionalSignature = pvutils.getParametersValue(parameters, OPTIONAL_SIGNATURE, OCSPRequest.defaultValues(OPTIONAL_SIGNATURE)); + } + + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + + /** + * Returns default values for all class members + * @param memberName String name for a class member + * @returns Default value + */ + public static override defaultValues(memberName: typeof TBS_REQUEST): TBSRequest; + public static override defaultValues(memberName: typeof OPTIONAL_SIGNATURE): Signature; + public static override defaultValues(memberName: string): any { + switch (memberName) { + case TBS_REQUEST: + return new TBSRequest(); + case OPTIONAL_SIGNATURE: + return new Signature(); + default: + return super.defaultValues(memberName); + } + } + + /** + * Compare values with default values for all class members + * @param memberName String name for a class member + * @param memberValue Value to compare with default value + * @returns Returns `true` if `memberValue` is equal to default value for selected class member + */ + public static compareWithDefault(memberName: string, memberValue: any): boolean { + switch (memberName) { + case TBS_REQUEST: + return ((TBSRequest.compareWithDefault("tbs", memberValue.tbs)) && + (TBSRequest.compareWithDefault("version", memberValue.version)) && + (TBSRequest.compareWithDefault("requestorName", memberValue.requestorName)) && + (TBSRequest.compareWithDefault("requestList", memberValue.requestList)) && + (TBSRequest.compareWithDefault("requestExtensions", memberValue.requestExtensions))); + case OPTIONAL_SIGNATURE: + return ((Signature.compareWithDefault("signatureAlgorithm", memberValue.signatureAlgorithm)) && + (Signature.compareWithDefault("signature", memberValue.signature)) && + (Signature.compareWithDefault("certs", memberValue.certs))); + default: + return super.defaultValues(memberName); + } + } + + /** + * @inheritdoc + * @asn ASN.1 schema + * ```asn + * OCSPRequest ::= SEQUENCE { + * tbsRequest TBSRequest, + * optionalSignature [0] EXPLICIT Signature OPTIONAL } + *``` + */ + public static override schema(parameters: Schema.SchemaParameters<{ + tbsRequest?: TBSRequestSchema; + optionalSignature?: SignatureSchema; + }> = {}): Schema.SchemaType { + const names = pvutils.getParametersValue<NonNullable<typeof parameters.names>>(parameters, "names", {}); + + return (new asn1js.Sequence({ + name: names.blockName || "OCSPRequest", + value: [ + TBSRequest.schema(names.tbsRequest || { + names: { + blockName: TBS_REQUEST + } + }), + new asn1js.Constructed({ + optional: true, + idBlock: { + tagClass: 3, // CONTEXT-SPECIFIC + tagNumber: 0 // [0] + }, + value: [ + Signature.schema(names.optionalSignature || { + names: { + blockName: OPTIONAL_SIGNATURE + } + }) + ] + }) + ] + })); + } + + public fromSchema(schema: Schema.SchemaType): void { + // Clear input data first + pvutils.clearProps(schema, CLEAR_PROPS); + + // Check the schema is valid + const asn1 = asn1js.compareSchema(schema, + schema, + OCSPRequest.schema() + ); + AsnError.assertSchema(asn1, this.className); + + // Get internal properties from parsed schema + this.tbsRequest = new TBSRequest({ schema: asn1.result.tbsRequest }); + if (OPTIONAL_SIGNATURE in asn1.result) + this.optionalSignature = new Signature({ schema: asn1.result.optionalSignature }); + } + + public toSchema(encodeFlag = false) { + //#region Create array for output sequence + const outputArray = []; + + outputArray.push(this.tbsRequest.toSchema(encodeFlag)); + if (this.optionalSignature) + outputArray.push( + new asn1js.Constructed({ + optional: true, + idBlock: { + tagClass: 3, // CONTEXT-SPECIFIC + tagNumber: 0 // [0] + }, + value: [ + this.optionalSignature.toSchema() + ] + })); + //#endregion + + //#region Construct and return new ASN.1 schema for this object + return (new asn1js.Sequence({ + value: outputArray + })); + //#endregion + } + + public toJSON(): OCSPRequestJson { + const res: OCSPRequestJson = { + tbsRequest: this.tbsRequest.toJSON() + }; + + if (this.optionalSignature) { + res.optionalSignature = this.optionalSignature.toJSON(); + } + + return res; + } + + /** + * Making OCSP Request for specific certificate + * @param certificate Certificate making OCSP Request for + * @param parameters Additional parameters + * @param crypto Crypto engine + */ + public async createForCertificate(certificate: Certificate, parameters: CertIDCreateParams, crypto = common.getCrypto(true)): Promise<void> { + //#region Initial variables + const certID = new CertID(); + //#endregion + + //#region Create OCSP certificate identifier for the certificate + await certID.createForCertificate(certificate, parameters, crypto); + //#endregion + + //#region Make final request data + this.tbsRequest.requestList.push(new Request({ + reqCert: certID, + })); + //#endregion + } + + /** + * Make signature for current OCSP Request + * @param privateKey Private key for "subjectPublicKeyInfo" structure + * @param hashAlgorithm Hashing algorithm. Default SHA-1 + * @param crypto Crypto engine + */ + public async sign(privateKey: CryptoKey, hashAlgorithm = "SHA-1", crypto = common.getCrypto(true)) { + // Initial checking + ParameterError.assertEmpty(privateKey, "privateKey", "OCSPRequest.sign method"); + + // Check that OPTIONAL_SIGNATURE exists in the current request + if (!this.optionalSignature) { + throw new Error("Need to create \"optionalSignature\" field before signing"); + } + + //#region Get a "default parameters" for current algorithm and set correct signature algorithm + const signatureParams = await crypto.getSignatureParameters(privateKey, hashAlgorithm); + const parameters = signatureParams.parameters; + this.optionalSignature.signatureAlgorithm = signatureParams.signatureAlgorithm; + //#endregion + + //#region Create TBS data for signing + const tbs = this.tbsRequest.toSchema(true).toBER(false); + //#endregion + + // Signing TBS data on provided private key + const signature = await crypto.signWithPrivateKey(tbs, privateKey, parameters as any); + this.optionalSignature.signature = new asn1js.BitString({ valueHex: signature }); + } + + verify() { + // TODO: Create the function + } + +} |