From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- .../certviewer/AboutCertViewerChild.sys.mjs | 8 + .../certviewer/AboutCertViewerParent.sys.mjs | 43 + .../components/certviewer/content/certDecoder.mjs | 1267 + .../components/certviewer/content/certviewer.css | 8 + .../components/certviewer/content/certviewer.html | 113 + .../components/certviewer/content/certviewer.mjs | 475 + .../content/components/about-certificate-items.mjs | 33 + .../components/about-certificate-section.css | 7 + .../components/about-certificate-section.mjs | 114 + .../content/components/certificate-section.css | 72 + .../content/components/certificate-section.mjs | 91 + .../components/certificate-tabs-section.mjs | 123 + .../content/components/error-section.css | 27 + .../content/components/error-section.mjs | 31 + .../content/components/info-group-container.mjs | 65 + .../certviewer/content/components/info-group.css | 38 + .../certviewer/content/components/info-group.mjs | 91 + .../certviewer/content/components/info-item.css | 69 + .../certviewer/content/components/info-item.mjs | 173 + .../certviewer/content/components/list-item.css | 46 + .../certviewer/content/components/list-item.mjs | 58 + .../certviewer/content/components/utils.mjs | 26 + .../components/certviewer/content/vendor/pkijs.js | 24083 +++++++++++++++++++ toolkit/components/certviewer/jar.mn | 12 + toolkit/components/certviewer/moz.build | 19 + .../certviewer/tests/browser/adjustedCerts.js | 261 + .../certviewer/tests/browser/browser.ini | 23 + .../browser/browser_aboutcertificateviewer.js | 81 + .../tests/browser/browser_certificateTabLink.js | 61 + .../tests/browser/browser_checkAuthorityKeyID.js | 50 + .../tests/browser/browser_checkLongHex.js | 38 + .../browser/browser_checkMissingCommonName.js | 50 + .../tests/browser/browser_checkNonEmptyFields.js | 82 + .../browser/browser_checkNonRepeatedCertTabs.js | 131 + .../browser/browser_checkNonUndefinedStrings.js | 49 + .../certviewer/tests/browser/browser_checkOCSP.js | 46 + .../tests/browser/browser_checkStandAlonePage.js | 86 + .../tests/browser/browser_checkValiditySection.js | 57 + .../tests/browser/browser_downloadLink.js | 126 + .../browser/browser_handleMultipleCertsURL.js | 251 + .../browser/browser_openTabAndSendCertInfo.js | 271 + .../tests/browser/browser_renderCertToUI.js | 192 + .../certviewer/tests/browser/dummy_page.html | 9 + .../components/certviewer/tests/browser/head.js | 124 + .../certviewer/tests/chrome/CSoutput.mjs | 144 + .../components/certviewer/tests/chrome/chrome.ini | 12 + .../certviewer/tests/chrome/parseOutput.mjs | 330 + .../tests/chrome/test_adjustCertInformation.html | 45 + .../certviewer/tests/chrome/test_certDecoder.html | 39 + .../tests/chrome/test_certDecoderFields.html | 84 + .../test_kebabCaseInAdjustCertInformation.html | 106 + 51 files changed, 29840 insertions(+) create mode 100644 toolkit/components/certviewer/AboutCertViewerChild.sys.mjs create mode 100644 toolkit/components/certviewer/AboutCertViewerParent.sys.mjs create mode 100644 toolkit/components/certviewer/content/certDecoder.mjs create mode 100644 toolkit/components/certviewer/content/certviewer.css create mode 100644 toolkit/components/certviewer/content/certviewer.html create mode 100644 toolkit/components/certviewer/content/certviewer.mjs create mode 100644 toolkit/components/certviewer/content/components/about-certificate-items.mjs create mode 100644 toolkit/components/certviewer/content/components/about-certificate-section.css create mode 100644 toolkit/components/certviewer/content/components/about-certificate-section.mjs create mode 100644 toolkit/components/certviewer/content/components/certificate-section.css create mode 100644 toolkit/components/certviewer/content/components/certificate-section.mjs create mode 100644 toolkit/components/certviewer/content/components/certificate-tabs-section.mjs create mode 100644 toolkit/components/certviewer/content/components/error-section.css create mode 100644 toolkit/components/certviewer/content/components/error-section.mjs create mode 100644 toolkit/components/certviewer/content/components/info-group-container.mjs create mode 100644 toolkit/components/certviewer/content/components/info-group.css create mode 100644 toolkit/components/certviewer/content/components/info-group.mjs create mode 100644 toolkit/components/certviewer/content/components/info-item.css create mode 100644 toolkit/components/certviewer/content/components/info-item.mjs create mode 100644 toolkit/components/certviewer/content/components/list-item.css create mode 100644 toolkit/components/certviewer/content/components/list-item.mjs create mode 100644 toolkit/components/certviewer/content/components/utils.mjs create mode 100644 toolkit/components/certviewer/content/vendor/pkijs.js create mode 100644 toolkit/components/certviewer/jar.mn create mode 100644 toolkit/components/certviewer/moz.build create mode 100644 toolkit/components/certviewer/tests/browser/adjustedCerts.js create mode 100644 toolkit/components/certviewer/tests/browser/browser.ini create mode 100644 toolkit/components/certviewer/tests/browser/browser_aboutcertificateviewer.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_certificateTabLink.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_checkAuthorityKeyID.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_checkLongHex.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_checkMissingCommonName.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_checkNonEmptyFields.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_checkNonRepeatedCertTabs.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_checkNonUndefinedStrings.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_checkOCSP.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_checkStandAlonePage.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_checkValiditySection.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_downloadLink.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_handleMultipleCertsURL.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_openTabAndSendCertInfo.js create mode 100644 toolkit/components/certviewer/tests/browser/browser_renderCertToUI.js create mode 100644 toolkit/components/certviewer/tests/browser/dummy_page.html create mode 100644 toolkit/components/certviewer/tests/browser/head.js create mode 100644 toolkit/components/certviewer/tests/chrome/CSoutput.mjs create mode 100644 toolkit/components/certviewer/tests/chrome/chrome.ini create mode 100644 toolkit/components/certviewer/tests/chrome/parseOutput.mjs create mode 100644 toolkit/components/certviewer/tests/chrome/test_adjustCertInformation.html create mode 100644 toolkit/components/certviewer/tests/chrome/test_certDecoder.html create mode 100644 toolkit/components/certviewer/tests/chrome/test_certDecoderFields.html create mode 100644 toolkit/components/certviewer/tests/chrome/test_kebabCaseInAdjustCertInformation.html (limited to 'toolkit/components/certviewer') diff --git a/toolkit/components/certviewer/AboutCertViewerChild.sys.mjs b/toolkit/components/certviewer/AboutCertViewerChild.sys.mjs new file mode 100644 index 0000000000..0ac58ceb66 --- /dev/null +++ b/toolkit/components/certviewer/AboutCertViewerChild.sys.mjs @@ -0,0 +1,8 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { RemotePageChild } from "resource://gre/actors/RemotePageChild.sys.mjs"; + +export class AboutCertViewerChild extends RemotePageChild {} diff --git a/toolkit/components/certviewer/AboutCertViewerParent.sys.mjs b/toolkit/components/certviewer/AboutCertViewerParent.sys.mjs new file mode 100644 index 0000000000..62838bbdf7 --- /dev/null +++ b/toolkit/components/certviewer/AboutCertViewerParent.sys.mjs @@ -0,0 +1,43 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const TYPE_CA = 1; +const TYPE_USER = 2; +const TYPE_EMAIL = 4; +const TYPE_SERVER = 8; + +export class AboutCertViewerParent extends JSWindowActorParent { + getCertificates() { + let certs = { + [TYPE_CA]: [], + [TYPE_USER]: [], + [TYPE_EMAIL]: [], + [TYPE_SERVER]: [], + }; + let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService( + Ci.nsIX509CertDB + ); + let certcache = certdb.getCerts(); + for (let cert of certcache) { + for (let certType of Object.keys(certs).map(Number)) { + if (certType & cert.certType) { + certs[certType].push({ + displayName: cert.displayName, + derb64: cert.getBase64DERString(), + }); + } + } + } + return certs; + } + + receiveMessage(aMessage) { + switch (aMessage.name) { + case "getCertificates": + return this.getCertificates(); + } + + return undefined; + } +} diff --git a/toolkit/components/certviewer/content/certDecoder.mjs b/toolkit/components/certviewer/content/certDecoder.mjs new file mode 100644 index 0000000000..3929f5ff2d --- /dev/null +++ b/toolkit/components/certviewer/content/certDecoder.mjs @@ -0,0 +1,1267 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { + Certificate, + ECNamedCurves, + ECPublicKey, + RSAPublicKey, +} from "./vendor/pkijs.js"; + +const getTimeZone = () => { + let timeZone = new Date().toString().match(/\(([A-Za-z\s].*)\)/); + if (timeZone === null) { + // America/Chicago + timeZone = Intl.DateTimeFormat().resolvedOptions().timeZone; + } else if (timeZone.length > 1) { + timeZone = timeZone[1]; // Central Daylight Time + } else { + timeZone = "Local Time"; // not sure if this is right, but let's go with it for now + } + return timeZone; +}; + +const getPublicKeyInfo = x509 => { + let publicKey = x509.subjectPublicKeyInfo.parsedKey; + if (publicKey instanceof RSAPublicKey) { + let modulusJSON = publicKey.modulus.toJSON(); + let modulusHex = modulusJSON.valueBlock.valueHex; + return { + e: publicKey.publicExponent.toJSON().valueBlock.valueDec, + kty: "RSA", + n: hashify(modulusHex), + keysize: modulusHex.length * 4, // key size in bits + }; + } + if (publicKey instanceof ECPublicKey) { + let x = hashify(publicKey.x); + let y = hashify(publicKey.y); + let curve = ECNamedCurves.find(publicKey.namedCurve); + let keysize = curve ? curve.size * 8 : undefined; + return { + kty: "Elliptic Curve", + keysize, + x, // x coordinate + y, // y coordinate + xy: `04:${x}:${y}`, // 04 (uncompressed) public key + }; + } + return { kty: "Unknown" }; +}; + +const getX509Ext = (extensions, v) => { + for (var extension in extensions) { + if (extensions[extension].extnID === v) { + return extensions[extension].toJSON().parsedValue; + } + } + return undefined; +}; + +const getKeyUsages = (x509, criticalExtensions) => { + let keyUsages = { + critical: criticalExtensions.includes("2.5.29.15"), + purposes: [], + }; + + let keyUsagesBS = getX509Ext(x509.extensions, "2.5.29.15"); + if (keyUsagesBS !== undefined) { + // parse the bit string, shifting as necessary + let unusedBits = keyUsagesBS.valueBlock.unusedBits; + keyUsagesBS = parseInt(keyUsagesBS.valueBlock.valueHex, 16) >> unusedBits; + + // iterate through the bit string + strings.keyUsages.slice(unusedBits - 1).forEach(usage => { + if (keyUsagesBS & 1) { + keyUsages.purposes.push(usage); + } + + keyUsagesBS = keyUsagesBS >> 1; + }); + + // reverse the order for legibility + keyUsages.purposes.reverse(); + } + + return keyUsages; +}; + +const parseSubsidiary = distinguishedNames => { + const subsidiary = { + cn: "", + dn: [], + entries: [], + }; + + distinguishedNames.forEach(dn => { + const distinguishedName = strings.names[dn.type]; + const value = dn.value.valueBlock.value; + + if (distinguishedName === undefined) { + subsidiary.dn.push(`OID.${dn.type}=${value}`); + subsidiary.entries.push([`OID.${dn.type}`, value]); + } else if (distinguishedName.short === undefined) { + subsidiary.dn.push(`OID.${dn.type}=${value}`); + subsidiary.entries.push([distinguishedName.long, value]); + } else { + subsidiary.dn.push(`${distinguishedName.short}=${value}`); + subsidiary.entries.push([distinguishedName.long, value]); + + // add the common name for tab display + if (distinguishedName.short === "cn") { + subsidiary.cn = value; + } + } + }); + + // turn path into a string + subsidiary.dn = subsidiary.dn.join(", "); + + return subsidiary; +}; + +const getSubjectAltNames = (x509, criticalExtensions) => { + let san = getX509Ext(x509.extensions, "2.5.29.17"); + if (san && san.hasOwnProperty("altNames")) { + san = Object.keys(san.altNames).map(index => { + const type = san.altNames[index].type; + + switch (type) { + case 4: // directory + return [ + strings.san[type], + parseSubsidiary(san.altNames[index].value.typesAndValues).dn, + ]; + case 7: // ip address + let address = san.altNames[index].value.valueBlock.valueHex; + + if (address.length === 8) { + // ipv4 + return [ + strings.san[type], + address + .match(/.{1,2}/g) + .map(x => parseInt(x, 16)) + .join("."), + ]; + } else if (address.length === 32) { + // ipv6 + return [ + strings.san[type], + address + .toLowerCase() + .match(/.{1,4}/g) + .join(":") + .replace(/\b:?(?:0+:?){2,}/, "::"), + ]; + } + return [strings.san[type], "Unknown IP address"]; + + default: + return [strings.san[type], san.altNames[index].value]; + } + }); + } else { + san = []; + } + san = { + altNames: san, + critical: criticalExtensions.includes("2.5.29.17"), + }; + return san; +}; + +const getBasicConstraints = (x509, criticalExtensions) => { + let basicConstraints; + const basicConstraintsExt = getX509Ext(x509.extensions, "2.5.29.19"); + if (basicConstraintsExt) { + basicConstraints = { + cA: basicConstraintsExt.cA !== undefined && basicConstraintsExt.cA, + critical: criticalExtensions.includes("2.5.29.19"), + }; + } + return basicConstraints; +}; + +const getEKeyUsages = (x509, criticalExtensions) => { + let eKeyUsages = getX509Ext(x509.extensions, "2.5.29.37"); + if (eKeyUsages) { + eKeyUsages = { + critical: criticalExtensions.includes("2.5.29.37"), + purposes: eKeyUsages.keyPurposes.map(x => strings.eKU[x] || x), + }; + } + return eKeyUsages; +}; + +const getSubjectKeyID = (x509, criticalExtensions) => { + let sKID = getX509Ext(x509.extensions, "2.5.29.14"); + if (sKID) { + sKID = { + critical: criticalExtensions.includes("2.5.29.14"), + id: hashify(sKID.valueBlock.valueHex), + }; + } + return sKID; +}; + +const getAuthorityKeyID = (x509, criticalExtensions) => { + let aKID = getX509Ext(x509.extensions, "2.5.29.35"); + if (!aKID || !aKID.keyIdentifier) { + return null; + } + aKID = { + critical: criticalExtensions.includes("2.5.29.35"), + id: hashify(aKID.keyIdentifier.valueBlock.valueHex), + }; + return aKID; +}; + +const getCRLPoints = (x509, criticalExtensions) => { + let crlPoints = getX509Ext(x509.extensions, "2.5.29.31"); + if (crlPoints) { + crlPoints = { + critical: criticalExtensions.includes("2.5.29.31"), + points: crlPoints.distributionPoints.map( + x => x.distributionPoint[0].value + ), + }; + } + return crlPoints; +}; + +const getOcspStaple = (x509, criticalExtensions) => { + let ocspStaple = getX509Ext(x509.extensions, "1.3.6.1.5.5.7.1.24"); + if (ocspStaple && ocspStaple.valueBeforeDecode === "3003020105") { + ocspStaple = { + critical: criticalExtensions.includes("1.3.6.1.5.5.7.1.24"), + required: true, + }; + } else { + ocspStaple = { + critical: criticalExtensions.includes("1.3.6.1.5.5.7.1.24"), + required: false, + }; + } + return ocspStaple; +}; + +const getAuthorityInfoAccess = (x509, criticalExtensions) => { + let aia = getX509Ext(x509.extensions, "1.3.6.1.5.5.7.1.1"); + if (aia) { + aia = aia.accessDescriptions.map(x => { + return { + location: x.accessLocation.value, + method: strings.aia[x.accessMethod], + }; + }); + } + + aia = { + descriptions: aia, + critical: criticalExtensions.includes("1.3.6.1.5.5.7.1.1"), + }; + return aia; +}; + +const getSCTs = (x509, criticalExtensions) => { + let scts = getX509Ext(x509.extensions, "1.3.6.1.4.1.11129.2.4.2"); + if (scts) { + scts = Object.keys(scts.timestamps).map(x => { + let logId = scts.timestamps[x].logID.toLowerCase(); + let sctsTimestamp = scts.timestamps[x].timestamp; + return { + logId: hashify(logId), + name: ctLogNames.hasOwnProperty(logId) ? ctLogNames[logId] : undefined, + signatureAlgorithm: `${scts.timestamps[x].hashAlgorithm.replace( + "sha", + "SHA-" + )} ${scts.timestamps[x].signatureAlgorithm.toUpperCase()}`, + timestamp: `${sctsTimestamp.toLocaleString()} (${getTimeZone()})`, + timestampUTC: sctsTimestamp.toUTCString(), + version: scts.timestamps[x].version + 1, + }; + }); + } else { + scts = []; + } + + scts = { + critical: criticalExtensions.includes("1.3.6.1.4.1.11129.2.4.2"), + timestamps: scts, + }; + return scts; +}; + +const getCertificatePolicies = (x509, criticalExtensions) => { + let cp = getX509Ext(x509.extensions, "2.5.29.32"); + if (cp && cp.hasOwnProperty("certificatePolicies")) { + cp = cp.certificatePolicies.map(x => { + let id = x.policyIdentifier; + let certName = strings.cps.hasOwnProperty(id) + ? strings.cps[id].name + : undefined; + let qualifiers = undefined; + let value = strings.cps.hasOwnProperty(id) + ? strings.cps[id].value + : undefined; + + // ansi organization identifiers + if (id.startsWith("2.16.840.")) { + value = id; + id = "2.16.840"; + certName = strings.cps["2.16.840"].name; + } + + // statement identifiers + if (id.startsWith("1.3.6.1.4.1")) { + value = id; + id = "1.3.6.1.4.1"; + certName = strings.cps["1.3.6.1.4.1"].name; + } + + if (x.hasOwnProperty("policyQualifiers")) { + qualifiers = x.policyQualifiers.map(qualifier => { + let qualifierId = qualifier.policyQualifierId; + let qualifierName = strings.cps.hasOwnProperty(qualifierId) + ? strings.cps[qualifierId].name + : undefined; + let qualifierValue = qualifier.qualifier.valueBlock.value; + + // sometimes they are multiple qualifier subblocks, and for now we'll + // only return the first one because it's getting really messy at this point + if (Array.isArray(qualifierValue) && qualifierValue.length === 1) { + qualifierValue = qualifierValue[0].valueBlock.value; + } else if ( + Array.isArray(qualifierValue) && + qualifierValue.length > 1 + ) { + qualifierValue = "(currently unsupported)"; + } + + return { + qualifierId, + qualifierName, + qualifierValue, + }; + }); + } + + return { + id, + name: certName, + qualifiers, + value, + }; + }); + } + + cp = { + critical: criticalExtensions.includes("2.5.29.32"), + policies: cp, + }; + return cp; +}; + +const getMicrosoftCryptographicExtensions = (x509, criticalExtensions) => { + // now let's parse the Microsoft cryptographic extensions + let msCrypto = { + caVersion: getX509Ext(x509.extensions, "1.3.6.1.4.1.311.21.1"), + certificatePolicies: getX509Ext(x509.extensions, "1.3.6.1.4.1.311.21.10"), + certificateTemplate: getX509Ext(x509.extensions, "1.3.6.1.4.1.311.21.7"), + certificateType: getX509Ext(x509.extensions, "1.3.6.1.4.1.311.20.2"), + previousHash: getX509Ext(x509.extensions, "1.3.6.1.4.1.311.21.2"), + }; + + if ( + msCrypto.caVersion && + Number.isInteger(msCrypto.caVersion.keyIndex) && + Number.isInteger(msCrypto.caVersion.certificateIndex) + ) { + msCrypto.caVersion = { + critical: criticalExtensions.includes("1.3.6.1.4.1.311.21.1"), + caRenewals: msCrypto.caVersion.certificateIndex, + keyReuses: + msCrypto.caVersion.certificateIndex - msCrypto.caVersion.keyIndex, + }; + } + + if (msCrypto.certificatePolicies) { + msCrypto.certificatePolicies = { + critical: criticalExtensions.includes("1.3.6.1.4.1.311.21.10"), + purposes: msCrypto.certificatePolicies.certificatePolicies.map( + x => strings.eKU[x.policyIdentifier] || x.policyIdentifier + ), + }; + } + + if (msCrypto.certificateTemplate) { + msCrypto.certificateTemplate = { + critical: criticalExtensions.includes("1.3.6.1.4.1.311.21.7"), + id: msCrypto.certificateTemplate.extnID, + major: msCrypto.certificateTemplate.templateMajorVersion, + minor: msCrypto.certificateTemplate.templateMinorVersion, + }; + } + + if (msCrypto.certificateType) { + msCrypto.certificateType = { + critical: criticalExtensions.includes("1.3.6.1.4.1.311.20.2"), + type: + strings.microsoftCertificateTypes[ + msCrypto.certificateType.valueBlock.value + ] || "Unknown", + }; + } + + if (msCrypto.previousHash) { + msCrypto.previousHash = { + critical: criticalExtensions.includes("1.3.6.1.4.1.311.21.2"), + previousHash: hashify(msCrypto.previousHash.valueBlock.valueHex), + }; + } + + msCrypto.exists = !!( + msCrypto.caVersion || + msCrypto.certificatePolicies || + msCrypto.certificateTemplate || + msCrypto.certificateType || + msCrypto.previousHash + ); + + return msCrypto; +}; + +const b64ToPEM = string => { + let wrapped = string.match(/.{1,64}/g).join("\r\n"); + return `-----BEGIN CERTIFICATE-----\r\n${wrapped}\r\n-----END CERTIFICATE-----\r\n`; +}; + +export const parse = async certificate => { + // certificate could be an array of BER or an array of buffers + const supportedExtensions = [ + "1.3.6.1.4.1.311.20.2", // microsoft certificate type + "1.3.6.1.4.1.311.21.2", // microsoft certificate previous hash + "1.3.6.1.4.1.311.21.7", // microsoft certificate template + "1.3.6.1.4.1.311.21.1", // microsoft certification authority renewal + "1.3.6.1.4.1.311.21.10", // microsoft certificate policies + "1.3.6.1.4.1.11129.2.4.2", // embedded scts + "1.3.6.1.5.5.7.1.1", // authority info access + "1.3.6.1.5.5.7.1.24", // ocsp stapling + "1.3.101.77", // ct redaction - deprecated and not displayed + "2.5.29.14", // subject key identifier + "2.5.29.15", // key usages + "2.5.29.17", // subject alt names + "2.5.29.19", // basic constraints + "2.5.29.31", // crl points + "2.5.29.32", // certificate policies + "2.5.29.35", // authority key identifier + "2.5.29.37", // extended key usage + ]; + + let timeZone = getTimeZone(); + + // parse the certificate + let x509 = Certificate.fromBER(certificate); + + // convert the cert to PEM + const certPEM = b64ToPEM( + btoa(String.fromCharCode.apply(null, new Uint8Array(certificate))) + ); + + // get which extensions are critical + const criticalExtensions = []; + if (x509.extensions) { + x509.extensions.forEach(ext => { + if (ext.hasOwnProperty("critical") && ext.critical === true) { + criticalExtensions.push(ext.extnID); + } + }); + } + const spki = getPublicKeyInfo(x509); + const keyUsages = getKeyUsages(x509, criticalExtensions); + const san = getSubjectAltNames(x509, criticalExtensions); + const basicConstraints = getBasicConstraints(x509, criticalExtensions); + const eKeyUsages = getEKeyUsages(x509, criticalExtensions); + const sKID = getSubjectKeyID(x509, criticalExtensions); + const aKID = getAuthorityKeyID(x509, criticalExtensions); + const crlPoints = getCRLPoints(x509, criticalExtensions); + const ocspStaple = getOcspStaple(x509, criticalExtensions); + const aia = getAuthorityInfoAccess(x509, criticalExtensions); + const scts = getSCTs(x509, criticalExtensions); + const cp = getCertificatePolicies(x509, criticalExtensions); + const msCrypto = getMicrosoftCryptographicExtensions( + x509, + criticalExtensions + ); + + // determine which extensions weren't supported + let unsupportedExtensions = []; + if (x509.extensions) { + x509.extensions.forEach(ext => { + if (!supportedExtensions.includes(ext.extnID)) { + unsupportedExtensions.push(ext.extnID); + } + }); + } + + // the output shell + return { + ext: { + aia, + aKID, + basicConstraints, + crlPoints, + cp, + eKeyUsages, + keyUsages, + msCrypto, + ocspStaple, + scts, + sKID, + san, + }, + files: { + der: undefined, // TODO: implement! + pem: encodeURI(certPEM), + }, + fingerprint: { + sha1: await hash("SHA-1", certificate), + sha256: await hash("SHA-256", certificate), + }, + issuer: parseSubsidiary(x509.issuer.typesAndValues), + notBefore: `${x509.notBefore.value.toLocaleString()} (${timeZone})`, + notBeforeUTC: x509.notBefore.value.toUTCString(), + notAfter: `${x509.notAfter.value.toLocaleString()} (${timeZone})`, + notAfterUTC: x509.notAfter.value.toUTCString(), + subject: parseSubsidiary(x509.subject.typesAndValues), + serialNumber: hashify(getObjPath(x509, "serialNumber.valueBlock.valueHex")), + signature: { + name: strings.signature[getObjPath(x509, "signature.algorithmId")], + type: getObjPath(x509, "signature.algorithmId"), + }, + subjectPublicKeyInfo: spki, + unsupportedExtensions, + version: (x509.version + 1).toString(), + }; +}; + +const ctLogNames = { + "9606c02c690033aa1d145f59c6e2648d0549f0df96aab8db915a70d8ecf390a5": + "Akamai CT", + "39376f545f7b4607f59742d768cd5d2437bf3473b6534a4834bcf72e681c83c9": + "Alpha CT", + a577ac9ced7548dd8f025b67a241089df86e0f476ec203c2ecbedb185f282638: "CNNIC CT", + cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab604900: "Certly.IO", + "1fbc36e002ede97f40199e86b3573b8a4217d80187746ad0da03a06054d20df4": + "Cloudflare “Nimbus2017”", + db74afeecb29ecb1feca3e716d2ce5b9aabb36f7847183c75d9d4f37b61fbf64: + "Cloudflare “Nimbus2018”", + "747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56": + "Cloudflare “Nimbus2019”", + "5ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558": + "Cloudflare “Nimbus2020”", + "4494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a8": + "Cloudflare “Nimbus2021”", + "41c8cab1df22464a10c6a13a0942875e4e318b1b03ebeb4bc768f090629606f6": + "Cloudflare “Nimbus2022”", + "7a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb52": + "Cloudflare “Nimbus2023”", + "6ff141b5647e4222f7ef052cefae7c21fd608e27d2af5a6e9f4b8a37d6633ee5": + "DigiCert Nessie2018", + fe446108b1d01ab78a62ccfeab6ab2b2babff3abdad80a4d8b30df2d0008830c: + "DigiCert Nessie2019", + c652a0ec48ceb3fcab170992c43a87413309e80065a26252401ba3362a17c565: + "DigiCert Nessie2020", + eec095ee8d72640f92e3c3b91bc712a3696a097b4b6a1a1438e647b2cbedc5f9: + "DigiCert Nessie2021", + "51a3b0f5fd01799c566db837788f0ca47acc1b27cbf79e88429a0dfed48b05e5": + "DigiCert Nessie2022", + b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a: + "DigiCert Nessie2023", + "5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd": + "DigiCert Server", + "8775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f": + "DigiCert Server 2", + c1164ae0a772d2d4392dc80ac10770d4f0c49bde991a4840c1fa075164f63360: + "DigiCert Yeti2018", + e2694bae26e8e94009e8861bb63b83d43ee7fe7488fba48f2893019dddf1dbfe: + "DigiCert Yeti2019", + f095a459f200d18240102d2f93888ead4bfe1d47e399e1d034a6b0a8aa8eb273: + "DigiCert Yeti2020", + "5cdc4392fee6ab4544b15e9ad456e61037fbd5fa47dca17394b25ee6f6c70eca": + "DigiCert Yeti2021", + "2245450759552456963fa12ff1f76d86e0232663adc04b7f5dc6835c6ee20f02": + "DigiCert Yeti2022", + "35cf191bbfb16c57bf0fad4c6d42cbbbb627202651ea3fe12aefa803c33bd64c": + "DigiCert Yeti2023", + "717ea7420975be84a2723553f1777c26dd51af4e102144094d9019b462fb6668": "GDCA 1", + "14308d90ccd030135005c01ca526d81e84e87624e39b6248e08f724aea3bb42a": "GDCA 2", + c9cf890a21109c666cc17a3ed065c930d0e0135a9feba85af14210b8072421aa: + "GDCA CT #1", + "924a30f909336ff435d6993a10ac75a2c641728e7fc2d659ae6188ffad40ce01": + "GDCA CT #2", + fad4c97cc49ee2f8ac85c5ea5cea09d0220dbbf4e49c6b50662ff868f86b8c28: + "Google “Argon2017”", + a4501269055a15545e6211ab37bc103f62ae5576a45e4b1714453e1b22106a25: + "Google “Argon2018”", + "63f2dbcde83bcc2ccf0b728427576b33a48d61778fbd75a638b1c768544bd88d": + "Google “Argon2019”", + b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e: + "Google “Argon2020”", + f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e3: + "Google “Argon2021”", + "2979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc784": + "Google “Argon2022”", + "68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4": + "Google “Aviator”", + c3bf03a7e1ca8841c607bae3ff4270fca5ec45b186ebbe4e2cf3fc778630f5f6: + "Google “Crucible”", + "1d024b8eb1498b344dfd87ea3efc0996f7506f235d1d497061a4773c439c25fb": + "Google “Daedalus”", + "293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478": + "Google “Icarus”", + a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10: + "Google “Pilot”", + ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb: + "Google “Rocketeer”", + bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185: + "Google “Skydiver”", + "52eb4b225ec896974850675f23e43bc1d021e3214ce52ecd5fa87c203cdfca03": + "Google “Solera2018”", + "0b760e9a8b9a682f88985b15e947501a56446bba8830785c3842994386450c00": + "Google “Solera2019”", + "1fc72ce5a1b799f400c359bff96ca3913548e8644220610952e9ba1774f7bac7": + "Google “Solera2020”", + a3c99845e80ab7ce00157b3742df0207dd272b2b602ecf98ee2c12db9c5ae7e7: + "Google “Solera2021”", + "697aafca1a6b536fae21205046debad7e0eaea13d2432e6e9d8fb379f2b9aaf3": + "Google “Solera2022”", + a899d8780c9290aaf462f31880ccfbd52451e970d0fbf591ef75b0d99b645681: + "Google “Submariner”", + b0cc83e5a5f97d6baf7c09cc284904872ac7e88b132c6350b7c6fd26e16c6c77: + "Google “Testtube”", + b10cd559a6d67846811f7df9a51532739ac48d703bea0323da5d38755bc0ad4e: + "Google “Xenon2018”", + "084114980071532c16190460bcfc47fdc2653afa292c72b37ff863ae29ccc9f0": + "Google “Xenon2019”", + "07b75c1be57d68fff1b0c61d2315c7bae6577c5794b76aeebc613a1a69d3a21c": + "Google “Xenon2020”", + "7d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d7": + "Google “Xenon2021”", + "46a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d47": + "Google “Xenon2022”", + "7461b4a09cfb3d41d75159575b2e7649a445a8d27709b0cc564a6482b7eb41a3": "Izenpe", + "8941449c70742e06b9fc9ce7b116ba0024aa36d59af44f0204404f00f7ea8566": + "Izenpe “Argi”", + "296afa2d568bca0d2ea844956ae9721fc35fa355ecda99693aafd458a71aefdd": + "Let“s Encrypt ”Clicky”", + "537b69a3564335a9c04904e39593b2c298eb8d7a6e83023635c627248cd6b440": + "Nordu “flimsy”", + aae70b7f3cb8d566c86c2f16979c9f445f69ab0eb4535589b2f77a030104f3cd: + "Nordu “plausible”", + e0127629e90496564e3d0147984498aa48f8adb16600eb7902a1ef9909906273: + "PuChuangSiDa CT", + cf55e28923497c340d5206d05353aeb25834b52f1f8dc9526809f212efdd7ca6: + "SHECA CT 1", + "32dc59c2d4c41968d56e14bc61ac8f0e45db39faf3c155aa4252f5001fa0c623": + "SHECA CT 2", + db76fdadac65e7d09508886e2159bd8b90352f5fead3e3dc5e22eb350acc7b98: + "Sectigo (Comodo) “Dodo” CT", + "6f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d913": + "Sectigo (Comodo) “Mammoth” CT", + "5581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c": + "Sectigo (Comodo) “Sabre” CT", + "34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef": + "StartCom", + ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc: "Symantec", + a7ce4a4e6207e0addee5fdaa4b1f86768767b5d002a55d47310e7e670a95eab2: + "Symantec Deneb", + "15970488d7b997a05beb52512adee8d2e8b4a3165264121a9fabfbd5f85ad93f": + "Symantec “Sirius”", + bc78e1dfc5f63c684649334da10fa15f0979692009c081b4f3f6917f3ed9b8a5: + "Symantec “Vega”", + b0b784bc81c0ddc47544e883f05985bb9077d134d8ab88b2b2e533980b8e508b: + "Up In The Air “Behind the Sofa”", + ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d: "Venafi", + "03019df3fd85a69a8ebd1facc6da9ba73e469774fe77f579fc5a08b8328c1d6b": + "Venafi Gen2 CT", + "41b2dc2e89e63ce4af1ba7bb29bf68c6dee6f9f1cc047e30dffae3b3ba259263": "WoSign", + "63d0006026dde10bb0601f452446965ee2b6ea2cd4fbc95ac866a550af9075b7": + "WoSign 2", + "9e4ff73dc3ce220b69217c899e468076abf8d78636d5ccfc85a31a75628ba88b": + "WoSign CT #1", + "659b3350f43b12cc5ea5ab4ec765d3fde6c88243777778e72003f9eb2b8c3129": + "Let's Encrypt Oak 2019", + e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e: + "Let's Encrypt Oak 2020", + "9420bc1e8ed58d6c88731f828b222c0dd1da4d5e6c4f943d61db4e2f584da2c2": + "Let's Encrypt Oak 2021", + dfa55eab68824f1f6cadeeb85f4e3e5aeacda212a46a5e8e3b12c020445c2a73: + "Let's Encrypt Oak 2022", + b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb499: + "Let's Encrypt Oak 2023", + "849f5f7f58d2bf7b54ecbd74611cea45c49c98f1d6481bc6f69e8c174f24f3cf": + "Let's Encrypt Testflume 2019", + c63f2218c37d56a6aa06b596da8e53d4d7156d1e9bac8e44d2202de64d69d9dc: + "Let's Encrypt Testflume 2020", + "03edf1da9776b6f38c341e39ed9d707a7570369cf9844f327fe9e14138361b60": + "Let's Encrypt Testflume 2021", + "2327efda352510dbc019ef491ae3ff1cc5a479bce37878360ee318cffb64f8c8": + "Let's Encrypt Testflume 2022", + "5534b7ab5a6ac3a7cbeba65487b2a2d71b48f650fa17c5197c97a0cb2076f3c6": + "Let's Encrypt Testflume 2023", +}; + +const strings = { + ux: { + upload: "Upload Certificate", + }, + + names: { + // Directory Pilot Attributes + "0.9.2342.19200300.100.1.1": { + short: "uid", + long: "User ID", + }, + "0.9.2342.19200300.100.1.25": { + short: "dc", + long: "Domain Component", + }, + + // PKCS-9 + "1.2.840.113549.1.9.1": { + short: "e", + long: "Email Address", + }, + + // Incorporated Locations + "1.3.6.1.4.1.311.60.2.1.1": { + short: undefined, + long: "Inc. Locality", + }, + "1.3.6.1.4.1.311.60.2.1.2": { + short: undefined, + long: "Inc. State / Province", + }, + "1.3.6.1.4.1.311.60.2.1.3": { + short: undefined, + long: "Inc. Country", + }, + + // microsoft cryptographic extensions + "1.3.6.1.4.1.311.21.7": { + name: { + short: "Certificate Template", + long: "Microsoft Certificate Template", + }, + }, + "1.3.6.1.4.1.311.21.10": { + name: { + short: "Certificate Policies", + long: "Microsoft Certificate Policies", + }, + }, + + // certificate extensions + "1.3.6.1.4.1.11129.2.4.2": { + name: { + short: "Embedded SCTs", + long: "Embedded Signed Certificate Timestamps", + }, + }, + "1.3.6.1.5.5.7.1.1": { + name: { + short: undefined, + long: "Authority Information Access", + }, + }, + "1.3.6.1.5.5.7.1.24": { + name: { + short: "OCSP Stapling", + long: "Online Certificate Status Protocol Stapling", + }, + }, + + // X.500 attribute types + "2.5.4.1": { + short: undefined, + long: "Aliased Entry", + }, + "2.5.4.2": { + short: undefined, + long: "Knowledge Information", + }, + "2.5.4.3": { + short: "cn", + long: "Common Name", + }, + "2.5.4.4": { + short: "sn", + long: "Surname", + }, + "2.5.4.5": { + short: "serialNumber", + long: "Serial Number", + }, + "2.5.4.6": { + short: "c", + long: "Country", + }, + "2.5.4.7": { + short: "l", + long: "Locality", + }, + "2.5.4.8": { + short: "s", + long: "State / Province", + }, + "2.5.4.9": { + short: "street", + long: "Stress Address", + }, + "2.5.4.10": { + short: "o", + long: "Organization", + }, + "2.5.4.11": { + short: "ou", + long: "Organizational Unit", + }, + "2.5.4.12": { + short: "t", + long: "Title", + }, + "2.5.4.13": { + short: "description", + long: "Description", + }, + "2.5.4.14": { + short: undefined, + long: "Search Guide", + }, + "2.5.4.15": { + short: undefined, + long: "Business Category", + }, + "2.5.4.16": { + short: undefined, + long: "Postal Address", + }, + "2.5.4.17": { + short: "postalCode", + long: "Postal Code", + }, + "2.5.4.18": { + short: "POBox", + long: "PO Box", + }, + "2.5.4.19": { + short: undefined, + long: "Physical Delivery Office Name", + }, + "2.5.4.20": { + short: "phone", + long: "Phone Number", + }, + "2.5.4.21": { + short: undefined, + long: "Telex Number", + }, + "2.5.4.22": { + short: undefined, + long: "Teletex Terminal Identifier", + }, + "2.5.4.23": { + short: undefined, + long: "Fax Number", + }, + "2.5.4.24": { + short: undefined, + long: "X.121 Address", + }, + "2.5.4.25": { + short: undefined, + long: "International ISDN Number", + }, + "2.5.4.26": { + short: undefined, + long: "Registered Address", + }, + "2.5.4.27": { + short: undefined, + long: "Destination Indicator", + }, + "2.5.4.28": { + short: undefined, + long: "Preferred Delivery Method", + }, + "2.5.4.29": { + short: undefined, + long: "Presentation Address", + }, + "2.5.4.30": { + short: undefined, + long: "Supported Application Context", + }, + "2.5.4.31": { + short: undefined, + long: "Member", + }, + "2.5.4.32": { + short: undefined, + long: "Owner", + }, + "2.5.4.33": { + short: undefined, + long: "Role Occupant", + }, + "2.5.4.34": { + short: undefined, + long: "See Also", + }, + "2.5.4.35": { + short: undefined, + long: "User Password", + }, + "2.5.4.36": { + short: undefined, + long: "User Certificate", + }, + "2.5.4.37": { + short: undefined, + long: "CA Certificate", + }, + "2.5.4.38": { + short: undefined, + long: "Authority Revocation List", + }, + "2.5.4.39": { + short: undefined, + long: "Certificate Revocation List", + }, + "2.5.4.40": { + short: undefined, + long: "Cross-certificate Pair", + }, + "2.5.4.41": { + short: undefined, + long: "Name", + }, + "2.5.4.42": { + short: "g", + long: "Given Name", + }, + "2.5.4.43": { + short: "i", + long: "Initials", + }, + "2.5.4.44": { + short: undefined, + long: "Generation Qualifier", + }, + "2.5.4.45": { + short: undefined, + long: "Unique Identifier", + }, + "2.5.4.46": { + short: undefined, + long: "DN Qualifier", + }, + "2.5.4.47": { + short: undefined, + long: "Enhanced Search Guide", + }, + "2.5.4.48": { + short: undefined, + long: "Protocol Information", + }, + "2.5.4.49": { + short: "dn", + long: "Distinguished Name", + }, + "2.5.4.50": { + short: undefined, + long: "Unique Member", + }, + "2.5.4.51": { + short: undefined, + long: "House Identifier", + }, + "2.5.4.52": { + short: undefined, + long: "Supported Algorithms", + }, + "2.5.4.53": { + short: undefined, + long: "Delta Revocation List", + }, + "2.5.4.58": { + short: undefined, + long: "Attribute Certificate Attribute", // huh + }, + "2.5.4.65": { + short: undefined, + long: "Pseudonym", + }, + + // extensions + "2.5.29.14": { + name: { + short: "Subject Key ID", + long: "Subject Key Identifier", + }, + }, + "2.5.29.15": { + name: { + short: undefined, + long: "Key Usages", + }, + }, + "2.5.29.17": { + name: { + short: "Subject Alt Names", + long: "Subject Alternative Names", + }, + }, + "2.5.29.19": { + name: { + short: undefined, + long: "Basic Constraints", + }, + }, + "2.5.29.31": { + name: { + short: "CRL Endpoints", + long: "Certificate Revocation List Endpoints", + }, + }, + "2.5.29.32": { + name: { + short: undefined, + long: "Certificate Policies", + }, + }, + "2.5.29.35": { + name: { + short: "Authority Key ID", + long: "Authority Key Identifier", + }, + }, + "2.5.29.37": { + name: { + short: undefined, + long: "Extended Key Usages", + }, + }, + }, + + keyUsages: [ + "CRL Signing", + "Certificate Signing", + "Key Agreement", + "Data Encipherment", + "Key Encipherment", + "Non-Repudiation", + "Digital Signature", + ], + + san: [ + "Other Name", + "RFC 822 Name", + "DNS Name", + "X.400 Address", + "Directory Name", + "EDI Party Name", + "URI", + "IP Address", + "Registered ID", + ], + + eKU: { + "1.3.6.1.4.1.311.10.3.1": "Certificate Trust List (CTL) Signing", + "1.3.6.1.4.1.311.10.3.2": "Timestamp Signing", + "1.3.6.1.4.1.311.10.3.4": "EFS Encryption", + "1.3.6.1.4.1.311.10.3.4.1": "EFS Recovery", + "1.3.6.1.4.1.311.10.3.5": + "Windows Hardware Quality Labs (WHQL) Cryptography", + "1.3.6.1.4.1.311.10.3.7": "Windows NT 5 Cryptography", + "1.3.6.1.4.1.311.10.3.8": "Windows NT Embedded Cryptography", + "1.3.6.1.4.1.311.10.3.10": "Qualified Subordination", + "1.3.6.1.4.1.311.10.3.11": "Escrowed Key Recovery", + "1.3.6.1.4.1.311.10.3.12": "Document Signing", + "1.3.6.1.4.1.311.10.5.1": "Digital Rights Management", + "1.3.6.1.4.1.311.10.6.1": "Key Pack Licenses", + "1.3.6.1.4.1.311.10.6.2": "License Server", + "1.3.6.1.4.1.311.20.2.1": "Enrollment Agent", + "1.3.6.1.4.1.311.20.2.2": "Smartcard Login", + "1.3.6.1.4.1.311.21.5": "Certificate Authority Private Key Archival", + "1.3.6.1.4.1.311.21.6": "Key Recovery Agent", + "1.3.6.1.4.1.311.21.19": "Directory Service Email Replication", + "1.3.6.1.5.5.7.3.1": "Server Authentication", + "1.3.6.1.5.5.7.3.2": "Client Authentication", + "1.3.6.1.5.5.7.3.3": "Code Signing", + "1.3.6.1.5.5.7.3.4": "E-mail Protection", + "1.3.6.1.5.5.7.3.5": "IPsec End System", + "1.3.6.1.5.5.7.3.6": "IPsec Tunnel", + "1.3.6.1.5.5.7.3.7": "IPSec User", + "1.3.6.1.5.5.7.3.8": "Timestamping", + "1.3.6.1.5.5.7.3.9": "OCSP Signing", + "1.3.6.1.5.5.8.2.2": "Internet Key Exchange (IKE)", + }, + + signature: { + "1.2.840.113549.1.1.4": "MD5 with RSA Encryption", + "1.2.840.113549.1.1.5": "SHA-1 with RSA Encryption", + "1.2.840.113549.1.1.11": "SHA-256 with RSA Encryption", + "1.2.840.113549.1.1.12": "SHA-384 with RSA Encryption", + "1.2.840.113549.1.1.13": "SHA-512 with RSA Encryption", + "1.2.840.10040.4.3": "DSA with SHA-1", + "2.16.840.1.101.3.4.3.2": "DSA with SHA-256", + "1.2.840.10045.4.1": "ECDSA with SHA-1", + "1.2.840.10045.4.3.2": "ECDSA with SHA-256", + "1.2.840.10045.4.3.3": "ECDSA with SHA-384", + "1.2.840.10045.4.3.4": "ECDSA with SHA-512", + }, + + aia: { + "1.3.6.1.5.5.7.48.1": "Online Certificate Status Protocol (OCSP)", + "1.3.6.1.5.5.7.48.2": "CA Issuers", + }, + + // this includes qualifiers as well + cps: { + "1.3.6.1.4.1": { + name: "Statement Identifier", + value: undefined, + }, + "1.3.6.1.5.5.7.2.1": { + name: "Practices Statement", + value: undefined, + }, + "1.3.6.1.5.5.7.2.2": { + name: "User Notice", + value: undefined, + }, + "2.16.840": { + name: "ANSI Organizational Identifier", + value: undefined, + }, + "2.23.140.1.1": { + name: "Certificate Type", + value: "Extended Validation", + }, + "2.23.140.1.2.1": { + name: "Certificate Type", + value: "Domain Validation", + }, + "2.23.140.1.2.2": { + name: "Certificate Type", + value: "Organization Validation", + }, + "2.23.140.1.2.3": { + name: "Certificate Type", + value: "Individual Validation", + }, + "2.23.140.1.3": { + name: "Certificate Type", + value: "Extended Validation (Code Signing)", + }, + "2.23.140.1.31": { + name: "Certificate Type", + value: ".onion Extended Validation", + }, + "2.23.140.2.1": { + name: "Certificate Type", + value: "Test Certificate", + }, + }, + + microsoftCertificateTypes: { + Administrator: "Administrator", + CA: "Root Certification Authority", + CAExchange: "CA Exchange", + CEPEncryption: "CEP Encryption", + CertificateRequestAgent: "Certificate Request Agent", + ClientAuth: "Authenticated Session", + CodeSigning: "Code Signing", + CrossCA: "Cross Certification Authority", + CTLSigning: "Trust List Signing", + DirectoryEmailReplication: "Directory Email Replication", + DomainController: "Domain Controller", + DomainControllerAuthentication: "Domain Controller Authentication", + EFS: "Basic EFS", + EFSRecovery: "EFS Recovery Agent", + EnrollmentAgent: "Enrollment Agent", + EnrollmentAgentOffline: "Exchange Enrollment Agent (Offline request)", + ExchangeUser: "Exchange User", + ExchangeUserSignature: "Exchange Signature Only", + IPSECIntermediateOffline: "IPSec (Offline request)", + IPSECIntermediateOnline: "IPSEC", + KerberosAuthentication: "Kerberos Authentication", + KeyRecoveryAgent: "Key Recovery Agent", + Machine: "Computer", + MachineEnrollmentAgent: "Enrollment Agent (Computer)", + OCSPResponseSigning: "OCSP Response Signing", + OfflineRouter: "Router (Offline request)", + RASAndIASServer: "RAS and IAS Server", + SmartcardLogon: "Smartcard Logon", + SmartcardUser: "Smartcard User", + SubCA: "Subordinate Certification Authority", + User: "User", + UserSignature: "User Signature Only", + WebServer: "Web Server", + Workstation: "Workstation Authentication", + }, +}; + +function stringToArrayBuffer(string) { + let result = new Uint8Array(string.length); + for (let i = 0; i < string.length; i++) { + result[i] = string.charCodeAt(i); + } + return result; +} + +// this particular prototype override makes it easy to chain down complex objects +const getObjPath = (obj, path) => { + path = path.split("."); + for (let i = 0, len = path.length; i < len; i++) { + if (Array.isArray(obj[path[i]])) { + obj = obj[path[i]][path[i + 1]]; + i++; + } else { + obj = obj[path[i]]; + } + } + return obj; +}; + +const arrayBufferToHex = arrayBuffer => { + const array = Array.from(new Uint8Array(arrayBuffer)); + + return array + .map(b => ("00" + b.toString(16)).slice(-2)) + .join(":") + .toUpperCase(); +}; + +const hash = async (algo, buffer) => { + const hashBuffer = await crypto.subtle.digest(algo, buffer); + return arrayBufferToHex(hashBuffer); +}; + +const hashify = rawHash => { + if (typeof rawHash === "string") { + return rawHash.match(/.{2}/g).join(":").toUpperCase(); + } + if (rawHash instanceof ArrayBuffer) { + return arrayBufferToHex(rawHash); + } + return rawHash.join(":").toUpperCase(); +}; + +export const pemToDER = pem => { + return stringToArrayBuffer(atob(pem)); +}; diff --git a/toolkit/components/certviewer/content/certviewer.css b/toolkit/components/certviewer/content/certviewer.css new file mode 100644 index 0000000000..1d5bd52917 --- /dev/null +++ b/toolkit/components/certviewer/content/certviewer.css @@ -0,0 +1,8 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +body { + max-width: 800px; + margin: 0 auto; +} diff --git a/toolkit/components/certviewer/content/certviewer.html b/toolkit/components/certviewer/content/certviewer.html new file mode 100644 index 0000000000..661fa6b0d9 --- /dev/null +++ b/toolkit/components/certviewer/content/certviewer.html @@ -0,0 +1,113 @@ + + + + + + + + + + + + + + + + + about:certificate + + + + + + + + + + + + + + + + + + + + + diff --git a/toolkit/components/certviewer/content/certviewer.mjs b/toolkit/components/certviewer/content/certviewer.mjs new file mode 100644 index 0000000000..3e48a069f5 --- /dev/null +++ b/toolkit/components/certviewer/content/certviewer.mjs @@ -0,0 +1,475 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* eslint-env mozilla/remote-page */ + +import { normalizeToKebabCase } from "./components/utils.mjs"; +import { + parse, + pemToDER, +} from "chrome://global/content/certviewer/certDecoder.mjs"; + +document.addEventListener("DOMContentLoaded", async e => { + let url = new URL(document.URL); + let certInfo = url.searchParams.getAll("cert"); + if (certInfo.length === 0) { + render({}, false, true); + return; + } + certInfo = certInfo.map(cert => decodeURIComponent(cert)); + await buildChain(certInfo); +}); + +export const updateSelectedItem = (() => { + let state; + return selectedItem => { + let certificateSection = + document.querySelector("certificate-section") || + document.querySelector("about-certificate-section"); + if (selectedItem) { + if (state !== selectedItem) { + state = selectedItem; + certificateSection.updateCertificateSource(selectedItem); + certificateSection.updateSelectedTab(selectedItem); + } + } + return state; + }; +})(); + +const createEntryItem = (labelId, info, isHex = false) => { + if ( + labelId == null || + info == null || + (Array.isArray(info) && !info.length) + ) { + return null; + } + return { + labelId, + info, + isHex, + }; +}; + +const addToResultUsing = (callback, certItems, sectionId, Critical) => { + let items = callback(); + if (items.length) { + certItems.push({ + sectionId, + sectionItems: items, + Critical, + }); + } +}; + +const getElementByPathOrFalse = (obj, pathString) => { + let pathArray = pathString.split("."); + let result = obj; + for (let entry of pathArray) { + result = result[entry]; + if (result == null) { + return false; + } + } + return result ? result : false; +}; + +export const adjustCertInformation = cert => { + let certItems = []; + let tabName = cert?.subject?.cn || ""; + if (cert && !tabName) { + // No common name, use the value of the last item in the cert's entries. + tabName = cert.subject?.entries?.slice(-1)[0]?.[1] || ""; + } + + if (!cert) { + return { + certItems, + tabName, + }; + } + + addToResultUsing( + () => { + let items = []; + if (cert.subject && cert.subject.entries) { + items = cert.subject.entries + .map(entry => + createEntryItem(normalizeToKebabCase(entry[0]), entry[1]) + ) + .filter(elem => elem != null); + } + return items; + }, + certItems, + "subject-name", + false + ); + + addToResultUsing( + () => { + let items = []; + if (cert.issuer && cert.issuer.entries) { + items = cert.issuer.entries + .map(entry => + createEntryItem(normalizeToKebabCase(entry[0]), entry[1]) + ) + .filter(elem => elem != null); + } + return items; + }, + certItems, + "issuer-name", + false + ); + + addToResultUsing( + () => { + let items = []; + if (cert.notBefore && cert.notAfter) { + items = [ + createEntryItem("not-before", { + local: cert.notBefore, + utc: cert.notBeforeUTC, + }), + createEntryItem("not-after", { + local: cert.notAfter, + utc: cert.notAfterUTC, + }), + ].filter(elem => elem != null); + } + return items; + }, + certItems, + "validity", + false + ); + + addToResultUsing( + () => { + let items = []; + if (cert.ext && cert.ext.san && cert.ext.san.altNames) { + items = cert.ext.san.altNames + .map(entry => + createEntryItem(normalizeToKebabCase(entry[0]), entry[1]) + ) + .filter(elem => elem != null); + } + return items; + }, + certItems, + "subject-alt-names", + getElementByPathOrFalse(cert, "ext.san.critical") + ); + + addToResultUsing( + () => { + let items = []; + if (cert.subjectPublicKeyInfo) { + items = [ + createEntryItem("algorithm", cert.subjectPublicKeyInfo.kty), + createEntryItem("key-size", cert.subjectPublicKeyInfo.keysize), + createEntryItem("curve", cert.subjectPublicKeyInfo.crv), + createEntryItem("public-value", cert.subjectPublicKeyInfo.xy, true), + createEntryItem("exponent", cert.subjectPublicKeyInfo.e), + createEntryItem("modulus", cert.subjectPublicKeyInfo.n, true), + ].filter(elem => elem != null); + } + return items; + }, + certItems, + "public-key-info", + false + ); + + addToResultUsing( + () => { + let items = [ + createEntryItem("serial-number", cert.serialNumber, true), + createEntryItem( + "signature-algorithm", + cert.signature ? cert.signature.name : null + ), + createEntryItem("version", cert.version), + createEntryItem("download", cert.files ? cert.files.pem : null), + ].filter(elem => elem != null); + return items; + }, + certItems, + "miscellaneous", + false + ); + + addToResultUsing( + () => { + let items = []; + if (cert.fingerprint) { + items = [ + createEntryItem("sha-256", cert.fingerprint.sha256, true), + createEntryItem("sha-1", cert.fingerprint.sha1, true), + ].filter(elem => elem != null); + } + return items; + }, + certItems, + "fingerprints", + false + ); + + if (!cert.ext) { + return { + certItems, + tabName, + }; + } + + addToResultUsing( + () => { + let items = []; + if (cert.ext.basicConstraints) { + items = [ + createEntryItem( + "certificate-authority", + cert.ext.basicConstraints.cA + ), + ].filter(elem => elem != null); + } + return items; + }, + certItems, + "basic-constraints", + getElementByPathOrFalse(cert, "ext.basicConstraints.critical") + ); + + addToResultUsing( + () => { + let items = []; + if (cert.ext.keyUsages) { + items = [ + createEntryItem("purposes", cert.ext.keyUsages.purposes), + ].filter(elem => elem != null); + } + return items; + }, + certItems, + "key-usages", + getElementByPathOrFalse(cert, "ext.keyUsages.critical") + ); + + addToResultUsing( + () => { + let items = []; + if (cert.ext.eKeyUsages) { + items = [ + createEntryItem("purposes", cert.ext.eKeyUsages.purposes), + ].filter(elem => elem != null); + } + return items; + }, + certItems, + "extended-key-usages", + getElementByPathOrFalse(cert, "ext.eKeyUsages.critical") + ); + + addToResultUsing( + () => { + let items = []; + if (cert.ext.ocspStaple && cert.ext.ocspStaple.required) { + items = [createEntryItem("required", true)]; + } + return items; + }, + certItems, + "ocsp-stapling", + getElementByPathOrFalse(cert, "ext.ocspStaple.critical") + ); + + addToResultUsing( + () => { + let items = []; + if (cert.ext.sKID) { + items = [createEntryItem("key-id", cert.ext.sKID.id, true)].filter( + elem => elem != null + ); + } + return items; + }, + certItems, + "subject-key-id", + getElementByPathOrFalse(cert, "ext.sKID.critical") + ); + + addToResultUsing( + () => { + let items = []; + if (cert.ext.aKID) { + items = [createEntryItem("key-id", cert.ext.aKID.id, true)].filter( + elem => elem != null + ); + } + return items; + }, + certItems, + "authority-key-id", + getElementByPathOrFalse(cert, "ext.aKID.critical") + ); + + addToResultUsing( + () => { + let items = []; + if (cert.ext.crlPoints && cert.ext.crlPoints.points) { + items = cert.ext.crlPoints.points + .map(entry => { + let label = "distribution-point"; + return createEntryItem(label, entry); + }) + .filter(elem => elem != null); + } + return items; + }, + certItems, + "crl-endpoints", + getElementByPathOrFalse(cert, "ext.crlPoints.critical") + ); + + addToResultUsing( + () => { + let items = []; + if (cert.ext.aia && cert.ext.aia.descriptions) { + cert.ext.aia.descriptions.forEach(entry => { + items.push(createEntryItem("location", entry.location)); + items.push(createEntryItem("method", entry.method)); + }); + } + return items.filter(elem => elem != null); + }, + certItems, + "authority-info-aia", + getElementByPathOrFalse(cert, "ext.aia.critical") + ); + + addToResultUsing( + () => { + let items = []; + if (cert.ext.cp && cert.ext.cp.policies) { + cert.ext.cp.policies.forEach(entry => { + if (entry.name && entry.id) { + items.push( + createEntryItem("policy", entry.name + " ( " + entry.id + " )") + ); + } + items.push(createEntryItem("value", entry.value)); + if (entry.qualifiers) { + entry.qualifiers.forEach(qualifier => { + if (qualifier.qualifierName && qualifier.qualifierId) { + items.push( + createEntryItem( + "qualifier", + qualifier.qualifierName + + " ( " + + qualifier.qualifierId + + " )" + ) + ); + } + items.push(createEntryItem("value", qualifier.qualifierValue)); + }); + } + }); + } + return items.filter(elem => elem != null); + }, + certItems, + "certificate-policies", + getElementByPathOrFalse(cert, "ext.cp.critical") + ); + + addToResultUsing( + () => { + let items = []; + if (cert.ext.scts && cert.ext.scts.timestamps) { + cert.ext.scts.timestamps.forEach(entry => { + let timestamps = {}; + for (let key of Object.keys(entry)) { + if (key.includes("timestamp")) { + timestamps[key.includes("UTC") ? "utc" : "local"] = entry[key]; + } else { + let isHex = false; + if (key == "logId") { + isHex = true; + } + items.push( + createEntryItem(normalizeToKebabCase(key), entry[key], isHex) + ); + } + } + items.push(createEntryItem("timestamp", timestamps)); + }); + } + return items.filter(elem => elem != null); + }, + certItems, + "embedded-scts", + getElementByPathOrFalse(cert, "ext.scts.critical") + ); + + return { + certItems, + tabName, + }; +}; + +// isAboutCertificate means to the standalone page about:certificate, which +// uses a different customElement than opening a certain certificate +const render = async (certs, error, isAboutCertificate = false) => { + if (isAboutCertificate) { + await customElements.whenDefined("about-certificate-section"); + const AboutCertificateSection = customElements.get( + "about-certificate-section" + ); + document.querySelector("body").append(new AboutCertificateSection()); + } else { + await customElements.whenDefined("certificate-section"); + const CertificateSection = customElements.get("certificate-section"); + document.querySelector("body").append(new CertificateSection(certs, error)); + } + return Promise.resolve(); +}; + +const buildChain = async chain => { + await Promise.all( + chain + .map(cert => { + try { + return pemToDER(cert); + } catch (err) { + return Promise.reject(err); + } + }) + .map(cert => { + try { + return parse(cert); + } catch (err) { + return Promise.reject(err); + } + }) + ) + .then(certs => { + if (certs.length === 0) { + return Promise.reject(); + } + let certTitle = document.querySelector("#certTitle"); + let firstCertCommonName = certs[0].subject.cn; + document.l10n.setAttributes(certTitle, "certificate-viewer-tab-title", { + firstCertName: firstCertCommonName, + }); + + let adjustedCerts = certs.map(cert => adjustCertInformation(cert)); + return render(adjustedCerts, false); + }) + .catch(err => { + render(null, true); + }); +}; diff --git a/toolkit/components/certviewer/content/components/about-certificate-items.mjs b/toolkit/components/certviewer/content/components/about-certificate-items.mjs new file mode 100644 index 0000000000..9fa856c61e --- /dev/null +++ b/toolkit/components/certviewer/content/components/about-certificate-items.mjs @@ -0,0 +1,33 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* eslint-env mozilla/remote-page */ + +import { ListItem } from "./list-item.mjs"; + +export class AboutCertificateItems extends HTMLElement { + constructor(id, data) { + super(); + this.id = id; + this.data = data; + } + + connectedCallback() { + let template = document.getElementById("about-certificate-items-template"); + let templateHtml = template.content.cloneNode(true); + + this.attachShadow({ mode: "open" }).appendChild(templateHtml); + + document.l10n.connectRoot(this.shadowRoot); + + this.render(); + } + + render() { + for (let cert of this.data) { + this.shadowRoot.append(new ListItem(cert)); + } + } +} +customElements.define("about-certificate-items", AboutCertificateItems); diff --git a/toolkit/components/certviewer/content/components/about-certificate-section.css b/toolkit/components/certviewer/content/components/about-certificate-section.css new file mode 100644 index 0000000000..4f472b57d5 --- /dev/null +++ b/toolkit/components/certviewer/content/components/about-certificate-section.css @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +:host { + margin: 2em; +} diff --git a/toolkit/components/certviewer/content/components/about-certificate-section.mjs b/toolkit/components/certviewer/content/components/about-certificate-section.mjs new file mode 100644 index 0000000000..8939c6a2ae --- /dev/null +++ b/toolkit/components/certviewer/content/components/about-certificate-section.mjs @@ -0,0 +1,114 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* eslint-env mozilla/remote-page */ + +import { InfoGroupContainer } from "./info-group-container.mjs"; +import { CertificateTabsSection } from "./certificate-tabs-section.mjs"; + +const TYPE_CA = 1; +const TYPE_USER = 2; +const TYPE_EMAIL = 4; +const TYPE_SERVER = 8; + +export class AboutCertificateSection extends HTMLElement { + constructor() { + super(); + } + + connectedCallback() { + let template = document.getElementById("about-certificate-template"); + let templateHtml = template.content.cloneNode(true); + + this.attachShadow({ mode: "open" }).appendChild(templateHtml); + + document.l10n.connectRoot(this.shadowRoot); + + this.certificateTabsSection = new CertificateTabsSection(true); + this.shadowRoot.appendChild(this.certificateTabsSection.tabsElement); + this.infoGroupsContainers = new InfoGroupContainer(true); + + this.render(); + } + + render() { + RPMSendQuery("getCertificates").then(this.filterCerts.bind(this)); + + let title = this.shadowRoot.querySelector(".title"); + title.setAttribute( + "data-l10n-id", + "certificate-viewer-certificate-section-title" + ); + } + + filterCerts(srcCerts) { + let certs = []; + if (srcCerts[TYPE_USER].length) { + certs.push({ + name: "certificate-viewer-tab-mine", + data: srcCerts[TYPE_USER], + }); + } + if (srcCerts[TYPE_EMAIL].length) { + certs.push({ + name: "certificate-viewer-tab-people", + data: srcCerts[TYPE_EMAIL], + }); + } + if (srcCerts[TYPE_SERVER].length) { + certs.push({ + name: "certificate-viewer-tab-servers", + data: srcCerts[TYPE_SERVER], + }); + } + if (srcCerts[TYPE_CA].length) { + certs.push({ + name: "certificate-viewer-tab-ca", + data: srcCerts[TYPE_CA], + }); + } + + let i = 0; + for (let cert of certs) { + let final = i == certs.length - 1; + this.infoGroupsContainers.createInfoGroupsContainers({}, i, final, cert); + this.shadowRoot.appendChild( + this.infoGroupsContainers.infoGroupsContainers[i] + ); + this.certificateTabsSection.createTabSection(cert.name, i); + this.infoGroupsContainers.addClass("selected", 0); + i++; + } + this.setAccessibilityEventListeners(); + this.addClassForPadding(); + } + + // Adds class selector for items that need padding, + // as nth-child/parent-based selectors aren't supported + // due to the encapsulation of custom-element CSS. + addClassForPadding() { + let embeddedScts = this.shadowRoot.querySelector(".embedded-scts"); + if (!embeddedScts) { + return; + } + let items = embeddedScts.shadowRoot.querySelectorAll(".timestamp"); + + for (let i = 0; i < items.length; i++) { + items[i].classList.add("padding"); + } + } + + setAccessibilityEventListeners() { + this.certificateTabsSection.setAccessibilityEventListeners(); + } + + updateSelectedTab(index) { + this.certificateTabsSection.updateSelectedTab(index); + } + + updateCertificateSource(index) { + this.infoGroupsContainers.updateCertificateSource(index); + } +} +customElements.define("about-certificate-section", AboutCertificateSection); diff --git a/toolkit/components/certviewer/content/components/certificate-section.css b/toolkit/components/certviewer/content/components/certificate-section.css new file mode 100644 index 0000000000..07baa84530 --- /dev/null +++ b/toolkit/components/certviewer/content/components/certificate-section.css @@ -0,0 +1,72 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +h1 { + font-size: 1.5em; + font-weight: lighter; + margin: 3em 0 1em; +} + +.certificate-tabs { + display: flex; + text-align: center; + border-bottom: 1px solid var(--in-content-border-color); + box-shadow: var(--card-shadow); +} + +.info-groups { + display: none; + outline: none; + background-color: var(--in-content-box-background); + box-shadow: var(--card-shadow); + margin-bottom: 2em; + border-radius: 0 0 4px 4px; +} + +.info-groups.selected { + display: block; +} + +.tab { + margin: 0; + border-radius: 0; + padding: 18px; + padding-bottom: 15px; /* compensate for border-bottom below */ + border: none; + border-bottom: 3px solid transparent; + background-color: var(--in-content-box-background); + color: var(--in-content-text-color); + flex: 1 1 auto; + text-overflow: ellipsis; + overflow: hidden; + font-size: 1.1em; +} + +/* .tab can be LTR (by `dir="auto"`) for `about:certificate?cert=` + pages, so set the border-radius according to the parent's direction. */ +.certificate-tabs:dir(rtl) > .tab:first-of-type, +.certificate-tabs:dir(ltr) > .tab:last-of-type { + border-top-right-radius: 4px; +} + +.certificate-tabs:dir(ltr) > .tab:first-of-type, +.certificate-tabs:dir(rtl) > .tab:last-of-type { + border-top-left-radius: 4px; +} + +.certificate-tab:focus-visible { + z-index: 1; + outline: 2px solid var(--in-content-focus-outline-color); +} + +.tab:hover { + border-bottom-color: var(--in-content-border-color); +} + +.tab.selected { + border-bottom-color: currentColor; + color: var(--in-content-accent-color); + text-overflow: unset; + overflow: visible; +} diff --git a/toolkit/components/certviewer/content/components/certificate-section.mjs b/toolkit/components/certviewer/content/components/certificate-section.mjs new file mode 100644 index 0000000000..464232c089 --- /dev/null +++ b/toolkit/components/certviewer/content/components/certificate-section.mjs @@ -0,0 +1,91 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { ErrorSection } from "./error-section.mjs"; +import { InfoGroupContainer } from "./info-group-container.mjs"; +import { CertificateTabsSection } from "./certificate-tabs-section.mjs"; + +class CertificateSection extends HTMLElement { + constructor(certs, error) { + super(); + this.certs = certs; + this.error = error; + } + + connectedCallback() { + let template = document.getElementById("certificate-section-template"); + let templateHtml = template.content.cloneNode(true); + + this.attachShadow({ mode: "open" }).appendChild(templateHtml); + + document.l10n.connectRoot(this.shadowRoot); + document.l10n.translateFragment(this.shadowRoot); + + this.certificateTabsSection = new CertificateTabsSection(); + this.shadowRoot.appendChild(this.certificateTabsSection.tabsElement); + this.infoGroupsContainers = new InfoGroupContainer(); + + this.render(); + } + + render() { + let title = this.shadowRoot.querySelector(".title"); + title.setAttribute( + "data-l10n-id", + "certificate-viewer-certificate-section-title" + ); + + if (this.error) { + title.classList.add("error"); + this.certificateTabsSection.appendChild(new ErrorSection()); + return; + } + let final = false; + for (let i = 0; i < this.certs.length; i++) { + if (i === this.certs.length - 1) { + final = true; + } + this.infoGroupsContainers.createInfoGroupsContainers( + this.certs[i].certItems, + i, + final + ); + this.shadowRoot.appendChild( + this.infoGroupsContainers.infoGroupsContainers[i] + ); + this.certificateTabsSection.createTabSection(this.certs[i].tabName, i); + this.infoGroupsContainers.addClass("selected", 0); + } + this.setAccessibilityEventListeners(); + this.addClassForPadding(); + } + + // Adds class selector for items that need padding, + // as nth-child/parent-based selectors aren't supported + // due to the encapsulation of custom-element CSS. + addClassForPadding() { + let embeddedScts = this.shadowRoot.querySelector(".embedded-scts"); + if (!embeddedScts) { + return; + } + let items = embeddedScts.shadowRoot.querySelectorAll(".timestamp"); + + for (let i = 0; i < items.length; i++) { + items[i].classList.add("padding"); + } + } + + setAccessibilityEventListeners() { + this.certificateTabsSection.setAccessibilityEventListeners(); + } + + updateSelectedTab(index) { + this.certificateTabsSection.updateSelectedTab(index); + } + + updateCertificateSource(index) { + this.infoGroupsContainers.updateCertificateSource(index); + } +} +customElements.define("certificate-section", CertificateSection); diff --git a/toolkit/components/certviewer/content/components/certificate-tabs-section.mjs b/toolkit/components/certviewer/content/components/certificate-tabs-section.mjs new file mode 100644 index 0000000000..e47f9cd627 --- /dev/null +++ b/toolkit/components/certviewer/content/components/certificate-tabs-section.mjs @@ -0,0 +1,123 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { normalizeToKebabCase } from "./utils.mjs"; +import { updateSelectedItem } from "../certviewer.mjs"; + +export class CertificateTabsSection extends HTMLElement { + constructor(isAboutCertificate) { + super(); + this.isAboutCertificate = isAboutCertificate || false; + this.connectedCallback(); + } + + connectedCallback() { + let certificateTabsTemplate = document.getElementById( + "certificate-tabs-template" + ); + this.attachShadow({ mode: "open" }).appendChild( + certificateTabsTemplate.content.cloneNode(true) + ); + this.render(); + } + + render() { + this.tabsElement = this.shadowRoot.querySelector(".certificate-tabs"); + } + + appendChild(child) { + this.tabsElement.appendChild(child); + } + + createTabSection(tabName, i) { + let tab = document.createElement("button"); + if (tabName) { + tab.textContent = tabName; + } else { + tab.setAttribute( + "data-l10n-id", + "certificate-viewer-unknown-group-label" + ); + } + tab.setAttribute("id", normalizeToKebabCase(tabName)); + tab.setAttribute("aria-controls", "panel" + i); + tab.setAttribute("idnumber", i); + tab.setAttribute("role", "tab"); + tab.classList.add("certificate-tab"); + tab.classList.add("tab"); + if (this.isAboutCertificate) { + tab.setAttribute("data-l10n-id", tabName); + } else { + // Display tabs on `about:certificate?cert=` pages as dir=auto + // to avoid text like `mozilla.org.*` in RTL. + // Not needed in the standalone version of about:certificate + // because the tab text there should be localized. + tab.dir = "auto"; + } + this.tabsElement.appendChild(tab); + + // If it is the first tab, allow it to be tabbable by the user. + // If it isn't the first tab, do not allow tab functionality, + // as arrow functionality is implemented in certviewer.mjs. + if (i === 0) { + tab.classList.add("selected"); + tab.setAttribute("tabindex", 0); + } else { + tab.setAttribute("tabindex", -1); + } + } + + updateSelectedTab(index) { + let tabs = this.tabsElement.querySelectorAll(".certificate-tab"); + + for (let tab of tabs) { + tab.classList.remove("selected"); + } + tabs[index].classList.add("selected"); + } + + /* Information on setAccessibilityEventListeners() can be found + * at https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles/Tab_Role */ + setAccessibilityEventListeners() { + let tabs = this.tabsElement.querySelectorAll('[role="tab"]'); + + // Add a click event handler to each tab + for (let tab of tabs) { + tab.addEventListener("click", e => + updateSelectedItem(e.target.getAttribute("idnumber")) + ); + } + + // Enable arrow navigation between tabs in the tab list + let tabFocus = 0; + + this.tabsElement.addEventListener("keydown", e => { + // Move right + if (e.keyCode === 39 || e.keyCode === 37) { + // After navigating away from the current tab, + // prevent that tab from being tabbable - + // so as to only allow arrow navigation within the tablist. + tabs[tabFocus].setAttribute("tabindex", -1); + if (e.keyCode === 39) { + tabFocus++; + // If we're at the end, go to the start + if (tabFocus > tabs.length - 1) { + tabFocus = 0; + } + // Move left + } else if (e.keyCode === 37) { + tabFocus--; + // If we're at the start, move to the end + if (tabFocus < 0) { + tabFocus = tabs.length; + } + } + tabs[tabFocus].setAttribute("tabindex", 0); + tabs[tabFocus].focus(); + } + }); + } +} + +customElements.define("certificate-tabs-section", CertificateTabsSection); diff --git a/toolkit/components/certviewer/content/components/error-section.css b/toolkit/components/certviewer/content/components/error-section.css new file mode 100644 index 0000000000..e2bd98f6cc --- /dev/null +++ b/toolkit/components/certviewer/content/components/error-section.css @@ -0,0 +1,27 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +:host { + background-image: url("chrome://global/skin/illustrations/error-malformed-url.svg"); + min-height: 300px; + background-repeat: no-repeat; + padding-inline-start: 30%; + display: flex; + flex-direction: column; + justify-content: center; + margin: 0 auto; + max-width: 500px; + background-size: 30%; + background-position: left center; +} + +:host(:dir(rtl)) { + background-position-x: right; +} + +h1 { + text-align: center; + font-size: 2.5em; + font-weight: lighter; +} diff --git a/toolkit/components/certviewer/content/components/error-section.mjs b/toolkit/components/certviewer/content/components/error-section.mjs new file mode 100644 index 0000000000..80a16b7684 --- /dev/null +++ b/toolkit/components/certviewer/content/components/error-section.mjs @@ -0,0 +1,31 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class ErrorSection extends HTMLElement { + constructor() { + super(); + } + + connectedCallback() { + let template = document.getElementById("error-section-template"); + let templateHtml = template.content.cloneNode(true); + + this.attachShadow({ mode: "open" }).appendChild(templateHtml); + + document.l10n.connectRoot(this.shadowRoot); + this.render(); + } + + render() { + let title = this.shadowRoot.querySelector(".title"); + title.setAttribute("data-l10n-id", "certificate-viewer-error-title"); + + let errorMessage = this.shadowRoot.querySelector(".error"); + errorMessage.setAttribute( + "data-l10n-id", + "certificate-viewer-error-message" + ); + } +} +customElements.define("error-section", ErrorSection); diff --git a/toolkit/components/certviewer/content/components/info-group-container.mjs b/toolkit/components/certviewer/content/components/info-group-container.mjs new file mode 100644 index 0000000000..feca2f905b --- /dev/null +++ b/toolkit/components/certviewer/content/components/info-group-container.mjs @@ -0,0 +1,65 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { InfoGroup } from "./info-group.mjs"; +import { AboutCertificateItems } from "./about-certificate-items.mjs"; + +export class InfoGroupContainer extends HTMLElement { + constructor(isAboutCertificate = false) { + super(); + this.infoGroupsContainers = []; + this.isAboutCertificate = isAboutCertificate; + } + + connectedCallback() { + let infoGroupContainerTemplate = document.getElementById( + "info-groups-template" + ); + this.attachShadow({ mode: "open" }).appendChild( + infoGroupContainerTemplate.content.cloneNode(true) + ); + this.render(); + } + + render() {} + + createInfoGroupsContainers(certArray, i, final, certData = []) { + this.infoGroupsContainers[i] = document.createElement("div"); + this.infoGroupsContainers[i].setAttribute("id", "panel" + i); + this.infoGroupsContainers[i].setAttribute("role", "tabpanel"); + this.infoGroupsContainers[i].setAttribute("tabindex", 0); + this.infoGroupsContainers[i].setAttribute("aria-labelledby", "tab" + i); + // Hiding all the certificzte contents except for the first tab that is + // selected and shown by default + if (i !== 0) { + this.infoGroupsContainers[i].hidden = true; + } + this.infoGroupsContainers[i].classList.add("info-groups"); + + if (this.isAboutCertificate) { + this.infoGroupsContainers[i].appendChild( + new AboutCertificateItems(certData.name, certData.data) + ); + } else { + for (let j = 0; j < certArray.length; j++) { + this.infoGroupsContainers[i].appendChild( + new InfoGroup(certArray[j], final) + ); + } + } + } + + addClass(className, index) { + this.infoGroupsContainers[index].classList.add(className); + } + + updateCertificateSource(index) { + for (let i = 0; i < this.infoGroupsContainers.length; i++) { + this.infoGroupsContainers[i].classList.remove("selected"); + } + this.infoGroupsContainers[index].classList.add("selected"); + } +} + +customElements.define("info-group-container", InfoGroupContainer); diff --git a/toolkit/components/certviewer/content/components/info-group.css b/toolkit/components/certviewer/content/components/info-group.css new file mode 100644 index 0000000000..03e71d7723 --- /dev/null +++ b/toolkit/components/certviewer/content/components/info-group.css @@ -0,0 +1,38 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +:host { + display: grid; + grid-template-columns: minmax(8em, 25%) minmax(50%, 75%); + grid-gap: 0 2em; + padding: 1.75em 30px; + align-items: center; + border-top: 1px solid var(--in-content-border-color); +} + +:host(:first-of-type) { + border-top: none; +} + +.info-group-title { + margin: 0; + text-align: end; + font-weight: 700; + color: var(--in-content-text-color); + font-size: 1em; + vertical-align: middle; +} + +#critical-info { + -moz-context-properties: fill; + fill: currentColor; + height: 16px; + width: 16px; + vertical-align: middle; +} + +.extension { + text-align: end; + margin-block-end: 1em; +} diff --git a/toolkit/components/certviewer/content/components/info-group.mjs b/toolkit/components/certviewer/content/components/info-group.mjs new file mode 100644 index 0000000000..33ad773d4d --- /dev/null +++ b/toolkit/components/certviewer/content/components/info-group.mjs @@ -0,0 +1,91 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { InfoItem } from "./info-item.mjs"; +import { updateSelectedItem } from "../certviewer.mjs"; +import { normalizeToKebabCase } from "./utils.mjs"; + +export class InfoGroup extends HTMLElement { + constructor(item, final) { + super(); + this.item = item; + this.final = final; + } + + connectedCallback() { + let infoGroupTemplate = document.getElementById("info-group-template"); + this.attachShadow({ mode: "open" }).appendChild( + infoGroupTemplate.content.cloneNode(true) + ); + document.l10n.connectRoot(this.shadowRoot); + document.l10n.translateFragment(this.shadowRoot); + this.render(); + } + + render() { + let title = this.shadowRoot.querySelector(".info-group-title"); + title.setAttribute( + "data-l10n-id", + "certificate-viewer-" + this.item.sectionId + ); + + // Adds a class with the section title's name, to make + // it easier to find when highlighting errors. + this.classList.add(this.item.sectionId); + for (let i = 0; i < this.item.sectionItems.length; i++) { + this.shadowRoot.append(new InfoItem(this.item.sectionItems[i])); + } + + if (this.item.sectionId === "issuer-name") { + this.setLinkToTab(); + } + + let criticalIcon = this.shadowRoot.querySelector("#critical-info"); + if (!this.item.Critical) { + criticalIcon.style.display = "none"; + } + } + + setLinkToTab() { + if (this.final) { + return; + } + + let issuerLabelElement = + this.shadowRoot.querySelector(".common-name") || + this.shadowRoot.querySelector(".organizational-unit"); + + issuerLabelElement = issuerLabelElement?.shadowRoot.querySelector(".info"); + + if (!issuerLabelElement) { + return; + } + + let link = document.createElement("a"); + link.textContent = issuerLabelElement.textContent; + if (!link.textContent) { + link.setAttribute( + "data-l10n-id", + "certificate-viewer-unknown-group-label" + ); + } + link.setAttribute("href", "#"); + + issuerLabelElement.textContent = ""; + issuerLabelElement.appendChild(link); + + link.addEventListener("click", () => { + let id = normalizeToKebabCase(link.textContent); + let issuerTab = document + .querySelector("certificate-section") + .shadowRoot.getElementById(id); + + let index = issuerTab.getAttribute("idnumber"); + + updateSelectedItem(index); + }); + } +} + +customElements.define("info-group", InfoGroup); diff --git a/toolkit/components/certviewer/content/components/info-item.css b/toolkit/components/certviewer/content/components/info-item.css new file mode 100644 index 0000000000..b63452152c --- /dev/null +++ b/toolkit/components/certviewer/content/components/info-item.css @@ -0,0 +1,69 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +:host { + line-height: 22px; + display: contents; + word-break: break-word; +} + +:host * { + padding: 1px 0; +} + +label { + text-align: end; + margin-inline-end: 0; + color: var(--text-color-deemphasized); + font-weight: 600; + font-size: 1em; +} + +.hex { + overflow: hidden; + word-break: break-all; + text-overflow: ellipsis; + white-space: nowrap; +} + +.download-link-chain { + margin: 0 5px; +} + +.long-hex { + padding: 0; + border-block: 1px solid transparent; +} + +.long-hex:hover { + border-block-color: var(--in-content-border-color); + background-color: var(--in-content-item-hover); + color: var(--in-content-item-hover-text); +} + +.hex-open { + white-space: normal; +} + +:host(.value) *, +:host(.method) *, +:host(.padding) * { + padding-bottom: 10px; +} + +/* Elements that always need to be forced to LTR */ +.hex, +:host(.dns-name) .info, +.url { + direction: ltr; + text-align: match-parent; +} + +/* Display some elements according to their text directionality */ +:host(.common-name) .info, +:host(.name) .info, +:host(.organization) .info { + unicode-bidi: plaintext; + text-align: match-parent; +} diff --git a/toolkit/components/certviewer/content/components/info-item.mjs b/toolkit/components/certviewer/content/components/info-item.mjs new file mode 100644 index 0000000000..2e6619abbd --- /dev/null +++ b/toolkit/components/certviewer/content/components/info-item.mjs @@ -0,0 +1,173 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { b64ToPEM, normalizeToKebabCase } from "./utils.mjs"; + +export class InfoItem extends HTMLElement { + constructor(item) { + super(); + this.item = item; + } + + connectedCallback() { + let infoItemTemplate = document.getElementById("info-item-template"); + + this.attachShadow({ mode: "open" }).appendChild( + infoItemTemplate.content.cloneNode(true) + ); + + document.l10n.connectRoot(this.shadowRoot); + document.l10n.translateFragment(this.shadowRoot); + + this.render(); + } + + handleTimeZone(infoElement) { + let localTime = this.item.info.local; + let UTCTime = this.item.info.utc; + infoElement.textContent = UTCTime; + infoElement.setAttribute("title", localTime); + } + + addLongHexOverflow(info) { + info.classList.add("hex"); + + // For visual appeal, we want to collapse large hex values into single + // line items that can be clicked to expand. + // This function measures the size of the info item relative to its + // container and adds the "long-hex" class if it's overflowing. Since the + // container size changes on window resize this function is hooked up to + // a resize event listener. + function resize() { + if (info.classList.contains("hex-open")) { + info.classList.toggle("long-hex", true); + return; + } + + // If the item is not currently drawn and we can't measure its dimensions + // then attach an observer that will measure it once it appears. + if (info.clientWidth <= 0) { + let observer = new IntersectionObserver(function ([ + { intersectionRatio }, + ]) { + if (intersectionRatio > 0) { + info.classList.toggle( + "long-hex", + info.scrollWidth > info.clientWidth + ); + observer.unobserve(info); + } + }, + {}); + + observer.observe(info); + } + info.classList.toggle("long-hex", info.scrollWidth > info.clientWidth); + } + window.addEventListener("resize", resize); + window.requestAnimationFrame(resize); + + this.addEventListener("mouseup", () => { + // If a range of text is selected, don't toggle the class that + // hides/shows additional text. + if ( + info.classList.contains("long-hex") && + window.getSelection().type !== "Range" + ) { + info.classList.toggle("hex-open"); + } + }); + } + + render() { + let label = this.shadowRoot.querySelector("label"); + let labelId = this.item.labelId; + + // Map specific elements to a different message ID, to allow updates to + // existing labels and avoid duplicates. + let stringMapping = { + signaturealgorithm: "signature-algorithm", + "rfc-822-name": "email-address", + }; + let fluentID = stringMapping[labelId] || labelId; + + label.setAttribute("data-l10n-id", "certificate-viewer-" + fluentID); + + this.classList.add(labelId); + + let info = this.shadowRoot.querySelector(".info"); + if (this.item.info.hasOwnProperty("utc")) { + this.handleTimeZone(info); + return; + } + if (labelId === "other-name") { + info.setAttribute("data-l10n-id", "certificate-viewer-unsupported"); + return; + } + if (typeof this.item.info === "boolean") { + document.l10n.setAttributes(info, "certificate-viewer-boolean", { + boolean: this.item.info, + }); + } else { + info.textContent = Array.isArray(this.item.info) + ? this.item.info.join(", ") + : this.item.info; + } + + this.classList.add(labelId); + + if (this.item.isHex) { + this.addLongHexOverflow(info); + } + + if (labelId === "download") { + this.setDownloadLinkInformation(info); + } + } + + setDownloadLinkInformation(info) { + let link = document.createElement("a"); + link.setAttribute("href", "data:," + this.item.info); + link.classList.add("download-link"); + + let url = new URL(document.URL); + let certArray = url.searchParams.getAll("cert"); + let encodedCertArray = []; + for (let i = 0; i < certArray.length; i++) { + encodedCertArray.push(encodeURI(b64ToPEM(certArray[i]))); + } + encodedCertArray = encodedCertArray.join(""); + + let chainLink = document.createElement("a"); + chainLink.setAttribute("href", "data:," + encodedCertArray); + chainLink.classList.add("download-link"); + chainLink.classList.add("download-link-chain"); + + info.textContent = ""; + info.appendChild(link); + info.appendChild(chainLink); + + let commonName = document + .querySelector("certificate-section") + .shadowRoot.querySelector(".subject-name") + .shadowRoot.querySelector(".common-name") + .shadowRoot.querySelector(".info"); + + let fileName = normalizeToKebabCase(commonName.textContent); + + document.l10n.setAttributes(link, "certificate-viewer-download-pem", { + fileName, + }); + + document.l10n.setAttributes( + chainLink, + "certificate-viewer-download-pem-chain", + { + fileName, + } + ); + } +} + +customElements.define("info-item", InfoItem); diff --git a/toolkit/components/certviewer/content/components/list-item.css b/toolkit/components/certviewer/content/components/list-item.css new file mode 100644 index 0000000000..2d03edb63e --- /dev/null +++ b/toolkit/components/certviewer/content/components/list-item.css @@ -0,0 +1,46 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +:host { + display: grid; + padding: 1em 0 1em; + border-block: 0.5px solid var(--in-content-border-color); + border-inline: 0.5px solid transparent; + position: relative; +} + +:host(:hover) { + background-color: var(--in-content-item-hover); + color: var(--in-content-item-hover-text); + border-inline-color: var(--in-content-border-color); + cursor: pointer; +} + +a { + text-decoration: none; + color: inherit; +} + +.cert-url { + height: 100%; + width: 100%; + position: absolute; + align-items: center; + display: flex; +} + +.cert-url > .item-name { + padding-inline-start: 0.8em; +} + +.export { + position: absolute; + inset-inline-end: 2em; + align-self: center; + font-size: 1em; +} + +.export a { + position: relative; +} diff --git a/toolkit/components/certviewer/content/components/list-item.mjs b/toolkit/components/certviewer/content/components/list-item.mjs new file mode 100644 index 0000000000..820e8f964b --- /dev/null +++ b/toolkit/components/certviewer/content/components/list-item.mjs @@ -0,0 +1,58 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { normalizeToKebabCase } from "./utils.mjs"; + +export class ListItem extends HTMLElement { + constructor(item) { + super(); + this.item = item; + } + + connectedCallback() { + let ListItemTemplate = document.getElementById("list-item-template"); + + this.attachShadow({ mode: "open" }).appendChild( + ListItemTemplate.content.cloneNode(true) + ); + + document.l10n.translateFragment(this.shadowRoot); + document.l10n.connectRoot(this.shadowRoot); + + this.render(); + } + + render() { + let label = this.shadowRoot.querySelector(".item-name"); + label.textContent = this.item.displayName; + + this.handleExport(); + + let link = this.shadowRoot.querySelector(".cert-url"); + let derb64 = encodeURIComponent(this.item.derb64); + let url = `about:certificate?cert=${derb64}`; + link.setAttribute("href", url); + } + + handleExport() { + let exportButton = this.shadowRoot.querySelector(".export"); + // Wrap the Base64 string into lines of 64 characters, + // with CRLF line breaks (as specified in RFC 1421). + let wrapped = this.item.derb64.replace(/(\S{64}(?!$))/g, "$1\r\n"); + let download = + "-----BEGIN CERTIFICATE-----\r\n" + + wrapped + + "\r\n-----END CERTIFICATE-----\r\n"; + + let element = document.createElement("a"); + element.setAttribute("href", "data:," + encodeURI(download)); + let fileName = normalizeToKebabCase(this.item.displayName); + document.l10n.setAttributes(element, "certificate-viewer-export", { + fileName, + }); + exportButton.appendChild(element); + } +} + +customElements.define("list-item", ListItem); diff --git a/toolkit/components/certviewer/content/components/utils.mjs b/toolkit/components/certviewer/content/components/utils.mjs new file mode 100644 index 0000000000..e7c5d258d0 --- /dev/null +++ b/toolkit/components/certviewer/content/components/utils.mjs @@ -0,0 +1,26 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export const normalizeToKebabCase = string => { + let kebabString = string + // Turn all dots into dashes + .replace(/\./g, "-") + // Turn whitespace into dashes + .replace(/\s+/g, "-") + // Remove all non-characters or numbers + .replace(/[^a-z0-9\-]/gi, "") + // De-dupe dashes + .replace(/--/g, "-") + // Remove trailing and leading dashes + .replace(/^-/g, "") + .replace(/-$/g, "") + .toLowerCase(); + + return kebabString; +}; + +export const b64ToPEM = string => { + let wrapped = string.match(/.{1,64}/g).join("\r\n"); + return `-----BEGIN CERTIFICATE-----\r\n${wrapped}\r\n-----END CERTIFICATE-----\r\n`; +}; diff --git a/toolkit/components/certviewer/content/vendor/pkijs.js b/toolkit/components/certviewer/content/vendor/pkijs.js new file mode 100644 index 0000000000..efee8d1e16 --- /dev/null +++ b/toolkit/components/certviewer/content/vendor/pkijs.js @@ -0,0 +1,24083 @@ +/*! + * Copyright (c) 2014, GlobalSign + * Copyright (c) 2015-2019, Peculiar Ventures + * All rights reserved. + * + * Author 2014-2019, Yury Strozhevsky + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * * Neither the name of the {organization} nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/*! + * MIT License + * + * Copyright (c) 2017-2022 Peculiar Ventures, LLC + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + */ + +const ARRAY_BUFFER_NAME = "[object ArrayBuffer]"; +class BufferSourceConverter { + static isArrayBuffer(data) { + return Object.prototype.toString.call(data) === ARRAY_BUFFER_NAME; + } + static toArrayBuffer(data) { + if (this.isArrayBuffer(data)) { + return data; + } + if (data.byteLength === data.buffer.byteLength) { + return data.buffer; + } + return this.toUint8Array(data).slice().buffer; + } + static toUint8Array(data) { + return this.toView(data, Uint8Array); + } + static toView(data, type) { + if (data.constructor === type) { + return data; + } + if (this.isArrayBuffer(data)) { + return new type(data); + } + if (this.isArrayBufferView(data)) { + return new type(data.buffer, data.byteOffset, data.byteLength); + } + throw new TypeError("The provided value is not of type '(ArrayBuffer or ArrayBufferView)'"); + } + static isBufferSource(data) { + return this.isArrayBufferView(data) + || this.isArrayBuffer(data); + } + static isArrayBufferView(data) { + return ArrayBuffer.isView(data) + || (data && this.isArrayBuffer(data.buffer)); + } + static isEqual(a, b) { + const aView = BufferSourceConverter.toUint8Array(a); + const bView = BufferSourceConverter.toUint8Array(b); + if (aView.length !== bView.byteLength) { + return false; + } + for (let i = 0; i < aView.length; i++) { + if (aView[i] !== bView[i]) { + return false; + } + } + return true; + } + static concat(...args) { + if (Array.isArray(args[0])) { + const buffers = args[0]; + let size = 0; + for (const buffer of buffers) { + size += buffer.byteLength; + } + const res = new Uint8Array(size); + let offset = 0; + for (const buffer of buffers) { + const view = this.toUint8Array(buffer); + res.set(view, offset); + offset += view.length; + } + if (args[1]) { + return this.toView(res, args[1]); + } + return res.buffer; + } + else { + return this.concat(args); + } + } +} + +class Utf8Converter { + static fromString(text) { + const s = unescape(encodeURIComponent(text)); + const uintArray = new Uint8Array(s.length); + for (let i = 0; i < s.length; i++) { + uintArray[i] = s.charCodeAt(i); + } + return uintArray.buffer; + } + static toString(buffer) { + const buf = BufferSourceConverter.toUint8Array(buffer); + let encodedString = ""; + for (let i = 0; i < buf.length; i++) { + encodedString += String.fromCharCode(buf[i]); + } + const decodedString = decodeURIComponent(escape(encodedString)); + return decodedString; + } +} +class Utf16Converter { + static toString(buffer, littleEndian = false) { + const arrayBuffer = BufferSourceConverter.toArrayBuffer(buffer); + const dataView = new DataView(arrayBuffer); + let res = ""; + for (let i = 0; i < arrayBuffer.byteLength; i += 2) { + const code = dataView.getUint16(i, littleEndian); + res += String.fromCharCode(code); + } + return res; + } + static fromString(text, littleEndian = false) { + const res = new ArrayBuffer(text.length * 2); + const dataView = new DataView(res); + for (let i = 0; i < text.length; i++) { + dataView.setUint16(i * 2, text.charCodeAt(i), littleEndian); + } + return res; + } +} +class Convert { + static isHex(data) { + return typeof data === "string" + && /^[a-z0-9]+$/i.test(data); + } + static isBase64(data) { + return typeof data === "string" + && /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(data); + } + static isBase64Url(data) { + return typeof data === "string" + && /^[a-zA-Z0-9-_]+$/i.test(data); + } + static ToString(buffer, enc = "utf8") { + const buf = BufferSourceConverter.toUint8Array(buffer); + switch (enc.toLowerCase()) { + case "utf8": + return this.ToUtf8String(buf); + case "binary": + return this.ToBinary(buf); + case "hex": + return this.ToHex(buf); + case "base64": + return this.ToBase64(buf); + case "base64url": + return this.ToBase64Url(buf); + case "utf16le": + return Utf16Converter.toString(buf, true); + case "utf16": + case "utf16be": + return Utf16Converter.toString(buf); + default: + throw new Error(`Unknown type of encoding '${enc}'`); + } + } + static FromString(str, enc = "utf8") { + if (!str) { + return new ArrayBuffer(0); + } + switch (enc.toLowerCase()) { + case "utf8": + return this.FromUtf8String(str); + case "binary": + return this.FromBinary(str); + case "hex": + return this.FromHex(str); + case "base64": + return this.FromBase64(str); + case "base64url": + return this.FromBase64Url(str); + case "utf16le": + return Utf16Converter.fromString(str, true); + case "utf16": + case "utf16be": + return Utf16Converter.fromString(str); + default: + throw new Error(`Unknown type of encoding '${enc}'`); + } + } + static ToBase64(buffer) { + const buf = BufferSourceConverter.toUint8Array(buffer); + if (typeof btoa !== "undefined") { + const binary = this.ToString(buf, "binary"); + return btoa(binary); + } + else { + return Buffer.from(buf).toString("base64"); + } + } + static FromBase64(base64) { + const formatted = this.formatString(base64); + if (!formatted) { + return new ArrayBuffer(0); + } + if (!Convert.isBase64(formatted)) { + throw new TypeError("Argument 'base64Text' is not Base64 encoded"); + } + if (typeof atob !== "undefined") { + return this.FromBinary(atob(formatted)); + } + else { + return new Uint8Array(Buffer.from(formatted, "base64")).buffer; + } + } + static FromBase64Url(base64url) { + const formatted = this.formatString(base64url); + if (!formatted) { + return new ArrayBuffer(0); + } + if (!Convert.isBase64Url(formatted)) { + throw new TypeError("Argument 'base64url' is not Base64Url encoded"); + } + return this.FromBase64(this.Base64Padding(formatted.replace(/\-/g, "+").replace(/\_/g, "/"))); + } + static ToBase64Url(data) { + return this.ToBase64(data).replace(/\+/g, "-").replace(/\//g, "_").replace(/\=/g, ""); + } + static FromUtf8String(text, encoding = Convert.DEFAULT_UTF8_ENCODING) { + switch (encoding) { + case "ascii": + return this.FromBinary(text); + case "utf8": + return Utf8Converter.fromString(text); + case "utf16": + case "utf16be": + return Utf16Converter.fromString(text); + case "utf16le": + case "usc2": + return Utf16Converter.fromString(text, true); + default: + throw new Error(`Unknown type of encoding '${encoding}'`); + } + } + static ToUtf8String(buffer, encoding = Convert.DEFAULT_UTF8_ENCODING) { + switch (encoding) { + case "ascii": + return this.ToBinary(buffer); + case "utf8": + return Utf8Converter.toString(buffer); + case "utf16": + case "utf16be": + return Utf16Converter.toString(buffer); + case "utf16le": + case "usc2": + return Utf16Converter.toString(buffer, true); + default: + throw new Error(`Unknown type of encoding '${encoding}'`); + } + } + static FromBinary(text) { + const stringLength = text.length; + const resultView = new Uint8Array(stringLength); + for (let i = 0; i < stringLength; i++) { + resultView[i] = text.charCodeAt(i); + } + return resultView.buffer; + } + static ToBinary(buffer) { + const buf = BufferSourceConverter.toUint8Array(buffer); + let res = ""; + for (let i = 0; i < buf.length; i++) { + res += String.fromCharCode(buf[i]); + } + return res; + } + static ToHex(buffer) { + const buf = BufferSourceConverter.toUint8Array(buffer); + const splitter = ""; + const res = []; + const len = buf.length; + for (let i = 0; i < len; i++) { + const char = buf[i].toString(16).padStart(2, "0"); + res.push(char); + } + return res.join(splitter); + } + static FromHex(hexString) { + let formatted = this.formatString(hexString); + if (!formatted) { + return new ArrayBuffer(0); + } + if (!Convert.isHex(formatted)) { + throw new TypeError("Argument 'hexString' is not HEX encoded"); + } + if (formatted.length % 2) { + formatted = `0${formatted}`; + } + const res = new Uint8Array(formatted.length / 2); + for (let i = 0; i < formatted.length; i = i + 2) { + const c = formatted.slice(i, i + 2); + res[i / 2] = parseInt(c, 16); + } + return res.buffer; + } + static ToUtf16String(buffer, littleEndian = false) { + return Utf16Converter.toString(buffer, littleEndian); + } + static FromUtf16String(text, littleEndian = false) { + return Utf16Converter.fromString(text, littleEndian); + } + static Base64Padding(base64) { + const padCount = 4 - (base64.length % 4); + if (padCount < 4) { + for (let i = 0; i < padCount; i++) { + base64 += "="; + } + } + return base64; + } + static formatString(data) { + return (data === null || data === void 0 ? void 0 : data.replace(/[\n\r\t ]/g, "")) || ""; + } +} +Convert.DEFAULT_UTF8_ENCODING = "utf8"; + +/*! + Copyright (c) Peculiar Ventures, LLC +*/ +function getParametersValue(parameters, name, defaultValue) { + var _a; + if ((parameters instanceof Object) === false) { + return defaultValue; + } + return (_a = parameters[name]) !== null && _a !== void 0 ? _a : defaultValue; +} +function bufferToHexCodes(inputBuffer, inputOffset = 0, inputLength = (inputBuffer.byteLength - inputOffset), insertSpace = false) { + let result = ""; + for (const item of (new Uint8Array(inputBuffer, inputOffset, inputLength))) { + const str = item.toString(16).toUpperCase(); + if (str.length === 1) { + result += "0"; + } + result += str; + if (insertSpace) { + result += " "; + } + } + return result.trim(); +} +function utilFromBase(inputBuffer, inputBase) { + let result = 0; + if (inputBuffer.length === 1) { + return inputBuffer[0]; + } + for (let i = (inputBuffer.length - 1); i >= 0; i--) { + result += inputBuffer[(inputBuffer.length - 1) - i] * Math.pow(2, inputBase * i); + } + return result; +} +function utilToBase(value, base, reserved = (-1)) { + const internalReserved = reserved; + let internalValue = value; + let result = 0; + let biggest = Math.pow(2, base); + for (let i = 1; i < 8; i++) { + if (value < biggest) { + let retBuf; + if (internalReserved < 0) { + retBuf = new ArrayBuffer(i); + result = i; + } + else { + if (internalReserved < i) { + return (new ArrayBuffer(0)); + } + retBuf = new ArrayBuffer(internalReserved); + result = internalReserved; + } + const retView = new Uint8Array(retBuf); + for (let j = (i - 1); j >= 0; j--) { + const basis = Math.pow(2, j * base); + retView[result - j - 1] = Math.floor(internalValue / basis); + internalValue -= (retView[result - j - 1]) * basis; + } + return retBuf; + } + biggest *= Math.pow(2, base); + } + return new ArrayBuffer(0); +} +function utilConcatBuf(...buffers) { + let outputLength = 0; + let prevLength = 0; + for (const buffer of buffers) { + outputLength += buffer.byteLength; + } + const retBuf = new ArrayBuffer(outputLength); + const retView = new Uint8Array(retBuf); + for (const buffer of buffers) { + retView.set(new Uint8Array(buffer), prevLength); + prevLength += buffer.byteLength; + } + return retBuf; +} +function utilConcatView(...views) { + let outputLength = 0; + let prevLength = 0; + for (const view of views) { + outputLength += view.length; + } + const retBuf = new ArrayBuffer(outputLength); + const retView = new Uint8Array(retBuf); + for (const view of views) { + retView.set(view, prevLength); + prevLength += view.length; + } + return retView; +} +function utilDecodeTC() { + const buf = new Uint8Array(this.valueHex); + if (this.valueHex.byteLength >= 2) { + const condition1 = (buf[0] === 0xFF) && (buf[1] & 0x80); + const condition2 = (buf[0] === 0x00) && ((buf[1] & 0x80) === 0x00); + if (condition1 || condition2) { + this.warnings.push("Needlessly long format"); + } + } + const bigIntBuffer = new ArrayBuffer(this.valueHex.byteLength); + const bigIntView = new Uint8Array(bigIntBuffer); + for (let i = 0; i < this.valueHex.byteLength; i++) { + bigIntView[i] = 0; + } + bigIntView[0] = (buf[0] & 0x80); + const bigInt = utilFromBase(bigIntView, 8); + const smallIntBuffer = new ArrayBuffer(this.valueHex.byteLength); + const smallIntView = new Uint8Array(smallIntBuffer); + for (let j = 0; j < this.valueHex.byteLength; j++) { + smallIntView[j] = buf[j]; + } + smallIntView[0] &= 0x7F; + const smallInt = utilFromBase(smallIntView, 8); + return (smallInt - bigInt); +} +function utilEncodeTC(value) { + const modValue = (value < 0) ? (value * (-1)) : value; + let bigInt = 128; + for (let i = 1; i < 8; i++) { + if (modValue <= bigInt) { + if (value < 0) { + const smallInt = bigInt - modValue; + const retBuf = utilToBase(smallInt, 8, i); + const retView = new Uint8Array(retBuf); + retView[0] |= 0x80; + return retBuf; + } + let retBuf = utilToBase(modValue, 8, i); + let retView = new Uint8Array(retBuf); + if (retView[0] & 0x80) { + const tempBuf = retBuf.slice(0); + const tempView = new Uint8Array(tempBuf); + retBuf = new ArrayBuffer(retBuf.byteLength + 1); + retView = new Uint8Array(retBuf); + for (let k = 0; k < tempBuf.byteLength; k++) { + retView[k + 1] = tempView[k]; + } + retView[0] = 0x00; + } + return retBuf; + } + bigInt *= Math.pow(2, 8); + } + return (new ArrayBuffer(0)); +} +function isEqualBuffer(inputBuffer1, inputBuffer2) { + if (inputBuffer1.byteLength !== inputBuffer2.byteLength) { + return false; + } + const view1 = new Uint8Array(inputBuffer1); + const view2 = new Uint8Array(inputBuffer2); + for (let i = 0; i < view1.length; i++) { + if (view1[i] !== view2[i]) { + return false; + } + } + return true; +} +function padNumber(inputNumber, fullLength) { + const str = inputNumber.toString(10); + if (fullLength < str.length) { + return ""; + } + const dif = fullLength - str.length; + const padding = new Array(dif); + for (let i = 0; i < dif; i++) { + padding[i] = "0"; + } + const paddingString = padding.join(""); + return paddingString.concat(str); +} +const base64Template = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; +const base64UrlTemplate = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_="; +function toBase64(input, useUrlTemplate = false, skipPadding = false, skipLeadingZeros = false) { + let i = 0; + let flag1 = 0; + let flag2 = 0; + let output = ""; + const template = (useUrlTemplate) ? base64UrlTemplate : base64Template; + if (skipLeadingZeros) { + let nonZeroPosition = 0; + for (let i = 0; i < input.length; i++) { + if (input.charCodeAt(i) !== 0) { + nonZeroPosition = i; + break; + } + } + input = input.slice(nonZeroPosition); + } + while (i < input.length) { + const chr1 = input.charCodeAt(i++); + if (i >= input.length) { + flag1 = 1; + } + const chr2 = input.charCodeAt(i++); + if (i >= input.length) { + flag2 = 1; + } + const chr3 = input.charCodeAt(i++); + const enc1 = chr1 >> 2; + const enc2 = ((chr1 & 0x03) << 4) | (chr2 >> 4); + let enc3 = ((chr2 & 0x0F) << 2) | (chr3 >> 6); + let enc4 = chr3 & 0x3F; + if (flag1 === 1) { + enc3 = enc4 = 64; + } + else { + if (flag2 === 1) { + enc4 = 64; + } + } + if (skipPadding) { + if (enc3 === 64) { + output += `${template.charAt(enc1)}${template.charAt(enc2)}`; + } + else { + if (enc4 === 64) { + output += `${template.charAt(enc1)}${template.charAt(enc2)}${template.charAt(enc3)}`; + } + else { + output += `${template.charAt(enc1)}${template.charAt(enc2)}${template.charAt(enc3)}${template.charAt(enc4)}`; + } + } + } + else { + output += `${template.charAt(enc1)}${template.charAt(enc2)}${template.charAt(enc3)}${template.charAt(enc4)}`; + } + } + return output; +} +function fromBase64(input, useUrlTemplate = false, cutTailZeros = false) { + const template = (useUrlTemplate) ? base64UrlTemplate : base64Template; + function indexOf(toSearch) { + for (let i = 0; i < 64; i++) { + if (template.charAt(i) === toSearch) + return i; + } + return 64; + } + function test(incoming) { + return ((incoming === 64) ? 0x00 : incoming); + } + let i = 0; + let output = ""; + while (i < input.length) { + const enc1 = indexOf(input.charAt(i++)); + const enc2 = (i >= input.length) ? 0x00 : indexOf(input.charAt(i++)); + const enc3 = (i >= input.length) ? 0x00 : indexOf(input.charAt(i++)); + const enc4 = (i >= input.length) ? 0x00 : indexOf(input.charAt(i++)); + const chr1 = (test(enc1) << 2) | (test(enc2) >> 4); + const chr2 = ((test(enc2) & 0x0F) << 4) | (test(enc3) >> 2); + const chr3 = ((test(enc3) & 0x03) << 6) | test(enc4); + output += String.fromCharCode(chr1); + if (enc3 !== 64) { + output += String.fromCharCode(chr2); + } + if (enc4 !== 64) { + output += String.fromCharCode(chr3); + } + } + if (cutTailZeros) { + const outputLength = output.length; + let nonZeroStart = (-1); + for (let i = (outputLength - 1); i >= 0; i--) { + if (output.charCodeAt(i) !== 0) { + nonZeroStart = i; + break; + } + } + if (nonZeroStart !== (-1)) { + output = output.slice(0, nonZeroStart + 1); + } + else { + output = ""; + } + } + return output; +} +function arrayBufferToString(buffer) { + let resultString = ""; + const view = new Uint8Array(buffer); + for (const element of view) { + resultString += String.fromCharCode(element); + } + return resultString; +} +function stringToArrayBuffer(str) { + const stringLength = str.length; + const resultBuffer = new ArrayBuffer(stringLength); + const resultView = new Uint8Array(resultBuffer); + for (let i = 0; i < stringLength; i++) { + resultView[i] = str.charCodeAt(i); + } + return resultBuffer; +} +const log2 = Math.log(2); +function nearestPowerOf2(length) { + const base = (Math.log(length) / log2); + const floor = Math.floor(base); + const round = Math.round(base); + return ((floor === round) ? floor : round); +} +function clearProps(object, propsArray) { + for (const prop of propsArray) { + delete object[prop]; + } +} + +/*! + * Copyright (c) 2014, GMO GlobalSign + * Copyright (c) 2015-2022, Peculiar Ventures + * All rights reserved. + * + * Author 2014-2019, Yury Strozhevsky + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * * Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +function assertBigInt() { + if (typeof BigInt === "undefined") { + throw new Error("BigInt is not defined. Your environment doesn't implement BigInt."); + } +} +function concat(buffers) { + let outputLength = 0; + let prevLength = 0; + for (let i = 0; i < buffers.length; i++) { + const buffer = buffers[i]; + outputLength += buffer.byteLength; + } + const retView = new Uint8Array(outputLength); + for (let i = 0; i < buffers.length; i++) { + const buffer = buffers[i]; + retView.set(new Uint8Array(buffer), prevLength); + prevLength += buffer.byteLength; + } + return retView.buffer; +} +function checkBufferParams(baseBlock, inputBuffer, inputOffset, inputLength) { + if (!(inputBuffer instanceof Uint8Array)) { + baseBlock.error = "Wrong parameter: inputBuffer must be 'Uint8Array'"; + return false; + } + if (!inputBuffer.byteLength) { + baseBlock.error = "Wrong parameter: inputBuffer has zero length"; + return false; + } + if (inputOffset < 0) { + baseBlock.error = "Wrong parameter: inputOffset less than zero"; + return false; + } + if (inputLength < 0) { + baseBlock.error = "Wrong parameter: inputLength less than zero"; + return false; + } + if ((inputBuffer.byteLength - inputOffset - inputLength) < 0) { + baseBlock.error = "End of input reached before message was fully decoded (inconsistent offset and length values)"; + return false; + } + return true; +} + +class ViewWriter { + constructor() { + this.items = []; + } + write(buf) { + this.items.push(buf); + } + final() { + return concat(this.items); + } +} + +const powers2 = [new Uint8Array([1])]; +const digitsString = "0123456789"; +const NAME = "name"; +const VALUE_HEX_VIEW = "valueHexView"; +const IS_HEX_ONLY = "isHexOnly"; +const ID_BLOCK = "idBlock"; +const TAG_CLASS = "tagClass"; +const TAG_NUMBER = "tagNumber"; +const IS_CONSTRUCTED = "isConstructed"; +const FROM_BER = "fromBER"; +const TO_BER = "toBER"; +const LOCAL = "local"; +const EMPTY_STRING$1 = ""; +const EMPTY_BUFFER$1 = new ArrayBuffer(0); +const EMPTY_VIEW = new Uint8Array(0); +const END_OF_CONTENT_NAME = "EndOfContent"; +const OCTET_STRING_NAME = "OCTET STRING"; +const BIT_STRING_NAME = "BIT STRING"; + +function HexBlock(BaseClass) { + var _a; + return _a = class Some extends BaseClass { + constructor(...args) { + var _a; + super(...args); + const params = args[0] || {}; + this.isHexOnly = (_a = params.isHexOnly) !== null && _a !== void 0 ? _a : false; + this.valueHexView = params.valueHex ? BufferSourceConverter.toUint8Array(params.valueHex) : EMPTY_VIEW; + } + get valueHex() { + return this.valueHexView.slice().buffer; + } + set valueHex(value) { + this.valueHexView = new Uint8Array(value); + } + fromBER(inputBuffer, inputOffset, inputLength) { + const view = inputBuffer instanceof ArrayBuffer ? new Uint8Array(inputBuffer) : inputBuffer; + if (!checkBufferParams(this, view, inputOffset, inputLength)) { + return -1; + } + const endLength = inputOffset + inputLength; + this.valueHexView = view.subarray(inputOffset, endLength); + if (!this.valueHexView.length) { + this.warnings.push("Zero buffer length"); + return inputOffset; + } + this.blockLength = inputLength; + return endLength; + } + toBER(sizeOnly = false) { + if (!this.isHexOnly) { + this.error = "Flag 'isHexOnly' is not set, abort"; + return EMPTY_BUFFER$1; + } + if (sizeOnly) { + return new ArrayBuffer(this.valueHexView.byteLength); + } + return (this.valueHexView.byteLength === this.valueHexView.buffer.byteLength) + ? this.valueHexView.buffer + : this.valueHexView.slice().buffer; + } + toJSON() { + return { + ...super.toJSON(), + isHexOnly: this.isHexOnly, + valueHex: Convert.ToHex(this.valueHexView), + }; + } + }, + _a.NAME = "hexBlock", + _a; +} + +class LocalBaseBlock { + constructor({ blockLength = 0, error = EMPTY_STRING$1, warnings = [], valueBeforeDecode = EMPTY_VIEW, } = {}) { + this.blockLength = blockLength; + this.error = error; + this.warnings = warnings; + this.valueBeforeDecodeView = BufferSourceConverter.toUint8Array(valueBeforeDecode); + } + static blockName() { + return this.NAME; + } + get valueBeforeDecode() { + return this.valueBeforeDecodeView.slice().buffer; + } + set valueBeforeDecode(value) { + this.valueBeforeDecodeView = new Uint8Array(value); + } + toJSON() { + return { + blockName: this.constructor.NAME, + blockLength: this.blockLength, + error: this.error, + warnings: this.warnings, + valueBeforeDecode: Convert.ToHex(this.valueBeforeDecodeView), + }; + } +} +LocalBaseBlock.NAME = "baseBlock"; + +class ValueBlock extends LocalBaseBlock { + fromBER(inputBuffer, inputOffset, inputLength) { + throw TypeError("User need to make a specific function in a class which extends 'ValueBlock'"); + } + toBER(sizeOnly, writer) { + throw TypeError("User need to make a specific function in a class which extends 'ValueBlock'"); + } +} +ValueBlock.NAME = "valueBlock"; + +class LocalIdentificationBlock extends HexBlock(LocalBaseBlock) { + constructor({ idBlock = {}, } = {}) { + var _a, _b, _c, _d; + super(); + if (idBlock) { + this.isHexOnly = (_a = idBlock.isHexOnly) !== null && _a !== void 0 ? _a : false; + this.valueHexView = idBlock.valueHex ? BufferSourceConverter.toUint8Array(idBlock.valueHex) : EMPTY_VIEW; + this.tagClass = (_b = idBlock.tagClass) !== null && _b !== void 0 ? _b : -1; + this.tagNumber = (_c = idBlock.tagNumber) !== null && _c !== void 0 ? _c : -1; + this.isConstructed = (_d = idBlock.isConstructed) !== null && _d !== void 0 ? _d : false; + } + else { + this.tagClass = -1; + this.tagNumber = -1; + this.isConstructed = false; + } + } + toBER(sizeOnly = false) { + let firstOctet = 0; + switch (this.tagClass) { + case 1: + firstOctet |= 0x00; + break; + case 2: + firstOctet |= 0x40; + break; + case 3: + firstOctet |= 0x80; + break; + case 4: + firstOctet |= 0xC0; + break; + default: + this.error = "Unknown tag class"; + return EMPTY_BUFFER$1; + } + if (this.isConstructed) + firstOctet |= 0x20; + if (this.tagNumber < 31 && !this.isHexOnly) { + const retView = new Uint8Array(1); + if (!sizeOnly) { + let number = this.tagNumber; + number &= 0x1F; + firstOctet |= number; + retView[0] = firstOctet; + } + return retView.buffer; + } + if (!this.isHexOnly) { + const encodedBuf = utilToBase(this.tagNumber, 7); + const encodedView = new Uint8Array(encodedBuf); + const size = encodedBuf.byteLength; + const retView = new Uint8Array(size + 1); + retView[0] = (firstOctet | 0x1F); + if (!sizeOnly) { + for (let i = 0; i < (size - 1); i++) + retView[i + 1] = encodedView[i] | 0x80; + retView[size] = encodedView[size - 1]; + } + return retView.buffer; + } + const retView = new Uint8Array(this.valueHexView.byteLength + 1); + retView[0] = (firstOctet | 0x1F); + if (!sizeOnly) { + const curView = this.valueHexView; + for (let i = 0; i < (curView.length - 1); i++) + retView[i + 1] = curView[i] | 0x80; + retView[this.valueHexView.byteLength] = curView[curView.length - 1]; + } + return retView.buffer; + } + fromBER(inputBuffer, inputOffset, inputLength) { + const inputView = BufferSourceConverter.toUint8Array(inputBuffer); + if (!checkBufferParams(this, inputView, inputOffset, inputLength)) { + return -1; + } + const intBuffer = inputView.subarray(inputOffset, inputOffset + inputLength); + if (intBuffer.length === 0) { + this.error = "Zero buffer length"; + return -1; + } + const tagClassMask = intBuffer[0] & 0xC0; + switch (tagClassMask) { + case 0x00: + this.tagClass = (1); + break; + case 0x40: + this.tagClass = (2); + break; + case 0x80: + this.tagClass = (3); + break; + case 0xC0: + this.tagClass = (4); + break; + default: + this.error = "Unknown tag class"; + return -1; + } + this.isConstructed = (intBuffer[0] & 0x20) === 0x20; + this.isHexOnly = false; + const tagNumberMask = intBuffer[0] & 0x1F; + if (tagNumberMask !== 0x1F) { + this.tagNumber = (tagNumberMask); + this.blockLength = 1; + } + else { + let count = 1; + let intTagNumberBuffer = this.valueHexView = new Uint8Array(255); + let tagNumberBufferMaxLength = 255; + while (intBuffer[count] & 0x80) { + intTagNumberBuffer[count - 1] = intBuffer[count] & 0x7F; + count++; + if (count >= intBuffer.length) { + this.error = "End of input reached before message was fully decoded"; + return -1; + } + if (count === tagNumberBufferMaxLength) { + tagNumberBufferMaxLength += 255; + const tempBufferView = new Uint8Array(tagNumberBufferMaxLength); + for (let i = 0; i < intTagNumberBuffer.length; i++) + tempBufferView[i] = intTagNumberBuffer[i]; + intTagNumberBuffer = this.valueHexView = new Uint8Array(tagNumberBufferMaxLength); + } + } + this.blockLength = (count + 1); + intTagNumberBuffer[count - 1] = intBuffer[count] & 0x7F; + const tempBufferView = new Uint8Array(count); + for (let i = 0; i < count; i++) + tempBufferView[i] = intTagNumberBuffer[i]; + intTagNumberBuffer = this.valueHexView = new Uint8Array(count); + intTagNumberBuffer.set(tempBufferView); + if (this.blockLength <= 9) + this.tagNumber = utilFromBase(intTagNumberBuffer, 7); + else { + this.isHexOnly = true; + this.warnings.push("Tag too long, represented as hex-coded"); + } + } + if (((this.tagClass === 1)) && + (this.isConstructed)) { + switch (this.tagNumber) { + case 1: + case 2: + case 5: + case 6: + case 9: + case 13: + case 14: + case 23: + case 24: + case 31: + case 32: + case 33: + case 34: + this.error = "Constructed encoding used for primitive type"; + return -1; + } + } + return (inputOffset + this.blockLength); + } + toJSON() { + return { + ...super.toJSON(), + tagClass: this.tagClass, + tagNumber: this.tagNumber, + isConstructed: this.isConstructed, + }; + } +} +LocalIdentificationBlock.NAME = "identificationBlock"; + +class LocalLengthBlock extends LocalBaseBlock { + constructor({ lenBlock = {}, } = {}) { + var _a, _b, _c; + super(); + this.isIndefiniteForm = (_a = lenBlock.isIndefiniteForm) !== null && _a !== void 0 ? _a : false; + this.longFormUsed = (_b = lenBlock.longFormUsed) !== null && _b !== void 0 ? _b : false; + this.length = (_c = lenBlock.length) !== null && _c !== void 0 ? _c : 0; + } + fromBER(inputBuffer, inputOffset, inputLength) { + const view = BufferSourceConverter.toUint8Array(inputBuffer); + if (!checkBufferParams(this, view, inputOffset, inputLength)) { + return -1; + } + const intBuffer = view.subarray(inputOffset, inputOffset + inputLength); + if (intBuffer.length === 0) { + this.error = "Zero buffer length"; + return -1; + } + if (intBuffer[0] === 0xFF) { + this.error = "Length block 0xFF is reserved by standard"; + return -1; + } + this.isIndefiniteForm = intBuffer[0] === 0x80; + if (this.isIndefiniteForm) { + this.blockLength = 1; + return (inputOffset + this.blockLength); + } + this.longFormUsed = !!(intBuffer[0] & 0x80); + if (this.longFormUsed === false) { + this.length = (intBuffer[0]); + this.blockLength = 1; + return (inputOffset + this.blockLength); + } + const count = intBuffer[0] & 0x7F; + if (count > 8) { + this.error = "Too big integer"; + return -1; + } + if ((count + 1) > intBuffer.length) { + this.error = "End of input reached before message was fully decoded"; + return -1; + } + const lenOffset = inputOffset + 1; + const lengthBufferView = view.subarray(lenOffset, lenOffset + count); + if (lengthBufferView[count - 1] === 0x00) + this.warnings.push("Needlessly long encoded length"); + this.length = utilFromBase(lengthBufferView, 8); + if (this.longFormUsed && (this.length <= 127)) + this.warnings.push("Unnecessary usage of long length form"); + this.blockLength = count + 1; + return (inputOffset + this.blockLength); + } + toBER(sizeOnly = false) { + let retBuf; + let retView; + if (this.length > 127) + this.longFormUsed = true; + if (this.isIndefiniteForm) { + retBuf = new ArrayBuffer(1); + if (sizeOnly === false) { + retView = new Uint8Array(retBuf); + retView[0] = 0x80; + } + return retBuf; + } + if (this.longFormUsed) { + const encodedBuf = utilToBase(this.length, 8); + if (encodedBuf.byteLength > 127) { + this.error = "Too big length"; + return (EMPTY_BUFFER$1); + } + retBuf = new ArrayBuffer(encodedBuf.byteLength + 1); + if (sizeOnly) + return retBuf; + const encodedView = new Uint8Array(encodedBuf); + retView = new Uint8Array(retBuf); + retView[0] = encodedBuf.byteLength | 0x80; + for (let i = 0; i < encodedBuf.byteLength; i++) + retView[i + 1] = encodedView[i]; + return retBuf; + } + retBuf = new ArrayBuffer(1); + if (sizeOnly === false) { + retView = new Uint8Array(retBuf); + retView[0] = this.length; + } + return retBuf; + } + toJSON() { + return { + ...super.toJSON(), + isIndefiniteForm: this.isIndefiniteForm, + longFormUsed: this.longFormUsed, + length: this.length, + }; + } +} +LocalLengthBlock.NAME = "lengthBlock"; + +const typeStore = {}; + +class BaseBlock extends LocalBaseBlock { + constructor({ name = EMPTY_STRING$1, optional = false, primitiveSchema, ...parameters } = {}, valueBlockType) { + super(parameters); + this.name = name; + this.optional = optional; + if (primitiveSchema) { + this.primitiveSchema = primitiveSchema; + } + this.idBlock = new LocalIdentificationBlock(parameters); + this.lenBlock = new LocalLengthBlock(parameters); + this.valueBlock = valueBlockType ? new valueBlockType(parameters) : new ValueBlock(parameters); + } + fromBER(inputBuffer, inputOffset, inputLength) { + const resultOffset = this.valueBlock.fromBER(inputBuffer, inputOffset, (this.lenBlock.isIndefiniteForm) ? inputLength : this.lenBlock.length); + if (resultOffset === -1) { + this.error = this.valueBlock.error; + return resultOffset; + } + if (!this.idBlock.error.length) + this.blockLength += this.idBlock.blockLength; + if (!this.lenBlock.error.length) + this.blockLength += this.lenBlock.blockLength; + if (!this.valueBlock.error.length) + this.blockLength += this.valueBlock.blockLength; + return resultOffset; + } + toBER(sizeOnly, writer) { + const _writer = writer || new ViewWriter(); + if (!writer) { + prepareIndefiniteForm(this); + } + const idBlockBuf = this.idBlock.toBER(sizeOnly); + _writer.write(idBlockBuf); + if (this.lenBlock.isIndefiniteForm) { + _writer.write(new Uint8Array([0x80]).buffer); + this.valueBlock.toBER(sizeOnly, _writer); + _writer.write(new ArrayBuffer(2)); + } + else { + const valueBlockBuf = this.valueBlock.toBER(sizeOnly); + this.lenBlock.length = valueBlockBuf.byteLength; + const lenBlockBuf = this.lenBlock.toBER(sizeOnly); + _writer.write(lenBlockBuf); + _writer.write(valueBlockBuf); + } + if (!writer) { + return _writer.final(); + } + return EMPTY_BUFFER$1; + } + toJSON() { + const object = { + ...super.toJSON(), + idBlock: this.idBlock.toJSON(), + lenBlock: this.lenBlock.toJSON(), + valueBlock: this.valueBlock.toJSON(), + name: this.name, + optional: this.optional, + }; + if (this.primitiveSchema) + object.primitiveSchema = this.primitiveSchema.toJSON(); + return object; + } + toString(encoding = "ascii") { + if (encoding === "ascii") { + return this.onAsciiEncoding(); + } + return Convert.ToHex(this.toBER()); + } + onAsciiEncoding() { + return `${this.constructor.NAME} : ${Convert.ToHex(this.valueBlock.valueBeforeDecodeView)}`; + } + isEqual(other) { + if (this === other) { + return true; + } + if (!(other instanceof this.constructor)) { + return false; + } + const thisRaw = this.toBER(); + const otherRaw = other.toBER(); + return isEqualBuffer(thisRaw, otherRaw); + } +} +BaseBlock.NAME = "BaseBlock"; +function prepareIndefiniteForm(baseBlock) { + if (baseBlock instanceof typeStore.Constructed) { + for (const value of baseBlock.valueBlock.value) { + if (prepareIndefiniteForm(value)) { + baseBlock.lenBlock.isIndefiniteForm = true; + } + } + } + return !!baseBlock.lenBlock.isIndefiniteForm; +} + +class BaseStringBlock extends BaseBlock { + constructor({ value = EMPTY_STRING$1, ...parameters } = {}, stringValueBlockType) { + super(parameters, stringValueBlockType); + if (value) { + this.fromString(value); + } + } + getValue() { + return this.valueBlock.value; + } + setValue(value) { + this.valueBlock.value = value; + } + fromBER(inputBuffer, inputOffset, inputLength) { + const resultOffset = this.valueBlock.fromBER(inputBuffer, inputOffset, (this.lenBlock.isIndefiniteForm) ? inputLength : this.lenBlock.length); + if (resultOffset === -1) { + this.error = this.valueBlock.error; + return resultOffset; + } + this.fromBuffer(this.valueBlock.valueHexView); + if (!this.idBlock.error.length) + this.blockLength += this.idBlock.blockLength; + if (!this.lenBlock.error.length) + this.blockLength += this.lenBlock.blockLength; + if (!this.valueBlock.error.length) + this.blockLength += this.valueBlock.blockLength; + return resultOffset; + } + onAsciiEncoding() { + return `${this.constructor.NAME} : '${this.valueBlock.value}'`; + } +} +BaseStringBlock.NAME = "BaseStringBlock"; + +class LocalPrimitiveValueBlock extends HexBlock(ValueBlock) { + constructor({ isHexOnly = true, ...parameters } = {}) { + super(parameters); + this.isHexOnly = isHexOnly; + } +} +LocalPrimitiveValueBlock.NAME = "PrimitiveValueBlock"; + +var _a$w; +class Primitive extends BaseBlock { + constructor(parameters = {}) { + super(parameters, LocalPrimitiveValueBlock); + this.idBlock.isConstructed = false; + } +} +_a$w = Primitive; +(() => { + typeStore.Primitive = _a$w; +})(); +Primitive.NAME = "PRIMITIVE"; + +function localChangeType(inputObject, newType) { + if (inputObject instanceof newType) { + return inputObject; + } + const newObject = new newType(); + newObject.idBlock = inputObject.idBlock; + newObject.lenBlock = inputObject.lenBlock; + newObject.warnings = inputObject.warnings; + newObject.valueBeforeDecodeView = inputObject.valueBeforeDecodeView; + return newObject; +} +function localFromBER(inputBuffer, inputOffset = 0, inputLength = inputBuffer.length) { + const incomingOffset = inputOffset; + let returnObject = new BaseBlock({}, ValueBlock); + const baseBlock = new LocalBaseBlock(); + if (!checkBufferParams(baseBlock, inputBuffer, inputOffset, inputLength)) { + returnObject.error = baseBlock.error; + return { + offset: -1, + result: returnObject + }; + } + const intBuffer = inputBuffer.subarray(inputOffset, inputOffset + inputLength); + if (!intBuffer.length) { + returnObject.error = "Zero buffer length"; + return { + offset: -1, + result: returnObject + }; + } + let resultOffset = returnObject.idBlock.fromBER(inputBuffer, inputOffset, inputLength); + if (returnObject.idBlock.warnings.length) { + returnObject.warnings.concat(returnObject.idBlock.warnings); + } + if (resultOffset === -1) { + returnObject.error = returnObject.idBlock.error; + return { + offset: -1, + result: returnObject + }; + } + inputOffset = resultOffset; + inputLength -= returnObject.idBlock.blockLength; + resultOffset = returnObject.lenBlock.fromBER(inputBuffer, inputOffset, inputLength); + if (returnObject.lenBlock.warnings.length) { + returnObject.warnings.concat(returnObject.lenBlock.warnings); + } + if (resultOffset === -1) { + returnObject.error = returnObject.lenBlock.error; + return { + offset: -1, + result: returnObject + }; + } + inputOffset = resultOffset; + inputLength -= returnObject.lenBlock.blockLength; + if (!returnObject.idBlock.isConstructed && + returnObject.lenBlock.isIndefiniteForm) { + returnObject.error = "Indefinite length form used for primitive encoding form"; + return { + offset: -1, + result: returnObject + }; + } + let newASN1Type = BaseBlock; + switch (returnObject.idBlock.tagClass) { + case 1: + if ((returnObject.idBlock.tagNumber >= 37) && + (returnObject.idBlock.isHexOnly === false)) { + returnObject.error = "UNIVERSAL 37 and upper tags are reserved by ASN.1 standard"; + return { + offset: -1, + result: returnObject + }; + } + switch (returnObject.idBlock.tagNumber) { + case 0: + if ((returnObject.idBlock.isConstructed) && + (returnObject.lenBlock.length > 0)) { + returnObject.error = "Type [UNIVERSAL 0] is reserved"; + return { + offset: -1, + result: returnObject + }; + } + newASN1Type = typeStore.EndOfContent; + break; + case 1: + newASN1Type = typeStore.Boolean; + break; + case 2: + newASN1Type = typeStore.Integer; + break; + case 3: + newASN1Type = typeStore.BitString; + break; + case 4: + newASN1Type = typeStore.OctetString; + break; + case 5: + newASN1Type = typeStore.Null; + break; + case 6: + newASN1Type = typeStore.ObjectIdentifier; + break; + case 10: + newASN1Type = typeStore.Enumerated; + break; + case 12: + newASN1Type = typeStore.Utf8String; + break; + case 13: + newASN1Type = typeStore.RelativeObjectIdentifier; + break; + case 14: + newASN1Type = typeStore.TIME; + break; + case 15: + returnObject.error = "[UNIVERSAL 15] is reserved by ASN.1 standard"; + return { + offset: -1, + result: returnObject + }; + case 16: + newASN1Type = typeStore.Sequence; + break; + case 17: + newASN1Type = typeStore.Set; + break; + case 18: + newASN1Type = typeStore.NumericString; + break; + case 19: + newASN1Type = typeStore.PrintableString; + break; + case 20: + newASN1Type = typeStore.TeletexString; + break; + case 21: + newASN1Type = typeStore.VideotexString; + break; + case 22: + newASN1Type = typeStore.IA5String; + break; + case 23: + newASN1Type = typeStore.UTCTime; + break; + case 24: + newASN1Type = typeStore.GeneralizedTime; + break; + case 25: + newASN1Type = typeStore.GraphicString; + break; + case 26: + newASN1Type = typeStore.VisibleString; + break; + case 27: + newASN1Type = typeStore.GeneralString; + break; + case 28: + newASN1Type = typeStore.UniversalString; + break; + case 29: + newASN1Type = typeStore.CharacterString; + break; + case 30: + newASN1Type = typeStore.BmpString; + break; + case 31: + newASN1Type = typeStore.DATE; + break; + case 32: + newASN1Type = typeStore.TimeOfDay; + break; + case 33: + newASN1Type = typeStore.DateTime; + break; + case 34: + newASN1Type = typeStore.Duration; + break; + default: { + const newObject = returnObject.idBlock.isConstructed + ? new typeStore.Constructed() + : new typeStore.Primitive(); + newObject.idBlock = returnObject.idBlock; + newObject.lenBlock = returnObject.lenBlock; + newObject.warnings = returnObject.warnings; + returnObject = newObject; + } + } + break; + case 2: + case 3: + case 4: + default: { + newASN1Type = returnObject.idBlock.isConstructed + ? typeStore.Constructed + : typeStore.Primitive; + } + } + returnObject = localChangeType(returnObject, newASN1Type); + resultOffset = returnObject.fromBER(inputBuffer, inputOffset, returnObject.lenBlock.isIndefiniteForm ? inputLength : returnObject.lenBlock.length); + returnObject.valueBeforeDecodeView = inputBuffer.subarray(incomingOffset, incomingOffset + returnObject.blockLength); + return { + offset: resultOffset, + result: returnObject + }; +} +function fromBER(inputBuffer) { + if (!inputBuffer.byteLength) { + const result = new BaseBlock({}, ValueBlock); + result.error = "Input buffer has zero length"; + return { + offset: -1, + result + }; + } + return localFromBER(BufferSourceConverter.toUint8Array(inputBuffer).slice(), 0, inputBuffer.byteLength); +} + +function checkLen(indefiniteLength, length) { + if (indefiniteLength) { + return 1; + } + return length; +} +class LocalConstructedValueBlock extends ValueBlock { + constructor({ value = [], isIndefiniteForm = false, ...parameters } = {}) { + super(parameters); + this.value = value; + this.isIndefiniteForm = isIndefiniteForm; + } + fromBER(inputBuffer, inputOffset, inputLength) { + const view = BufferSourceConverter.toUint8Array(inputBuffer); + if (!checkBufferParams(this, view, inputOffset, inputLength)) { + return -1; + } + this.valueBeforeDecodeView = view.subarray(inputOffset, inputOffset + inputLength); + if (this.valueBeforeDecodeView.length === 0) { + this.warnings.push("Zero buffer length"); + return inputOffset; + } + let currentOffset = inputOffset; + while (checkLen(this.isIndefiniteForm, inputLength) > 0) { + const returnObject = localFromBER(view, currentOffset, inputLength); + if (returnObject.offset === -1) { + this.error = returnObject.result.error; + this.warnings.concat(returnObject.result.warnings); + return -1; + } + currentOffset = returnObject.offset; + this.blockLength += returnObject.result.blockLength; + inputLength -= returnObject.result.blockLength; + this.value.push(returnObject.result); + if (this.isIndefiniteForm && returnObject.result.constructor.NAME === END_OF_CONTENT_NAME) { + break; + } + } + if (this.isIndefiniteForm) { + if (this.value[this.value.length - 1].constructor.NAME === END_OF_CONTENT_NAME) { + this.value.pop(); + } + else { + this.warnings.push("No EndOfContent block encoded"); + } + } + return currentOffset; + } + toBER(sizeOnly, writer) { + const _writer = writer || new ViewWriter(); + for (let i = 0; i < this.value.length; i++) { + this.value[i].toBER(sizeOnly, _writer); + } + if (!writer) { + return _writer.final(); + } + return EMPTY_BUFFER$1; + } + toJSON() { + const object = { + ...super.toJSON(), + isIndefiniteForm: this.isIndefiniteForm, + value: [], + }; + for (const value of this.value) { + object.value.push(value.toJSON()); + } + return object; + } +} +LocalConstructedValueBlock.NAME = "ConstructedValueBlock"; + +var _a$v; +class Constructed extends BaseBlock { + constructor(parameters = {}) { + super(parameters, LocalConstructedValueBlock); + this.idBlock.isConstructed = true; + } + fromBER(inputBuffer, inputOffset, inputLength) { + this.valueBlock.isIndefiniteForm = this.lenBlock.isIndefiniteForm; + const resultOffset = this.valueBlock.fromBER(inputBuffer, inputOffset, (this.lenBlock.isIndefiniteForm) ? inputLength : this.lenBlock.length); + if (resultOffset === -1) { + this.error = this.valueBlock.error; + return resultOffset; + } + if (!this.idBlock.error.length) + this.blockLength += this.idBlock.blockLength; + if (!this.lenBlock.error.length) + this.blockLength += this.lenBlock.blockLength; + if (!this.valueBlock.error.length) + this.blockLength += this.valueBlock.blockLength; + return resultOffset; + } + onAsciiEncoding() { + const values = []; + for (const value of this.valueBlock.value) { + values.push(value.toString("ascii").split("\n").map(o => ` ${o}`).join("\n")); + } + const blockName = this.idBlock.tagClass === 3 + ? `[${this.idBlock.tagNumber}]` + : this.constructor.NAME; + return values.length + ? `${blockName} :\n${values.join("\n")}` + : `${blockName} :`; + } +} +_a$v = Constructed; +(() => { + typeStore.Constructed = _a$v; +})(); +Constructed.NAME = "CONSTRUCTED"; + +class LocalEndOfContentValueBlock extends ValueBlock { + fromBER(inputBuffer, inputOffset, inputLength) { + return inputOffset; + } + toBER(sizeOnly) { + return EMPTY_BUFFER$1; + } +} +LocalEndOfContentValueBlock.override = "EndOfContentValueBlock"; + +var _a$u; +class EndOfContent extends BaseBlock { + constructor(parameters = {}) { + super(parameters, LocalEndOfContentValueBlock); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 0; + } +} +_a$u = EndOfContent; +(() => { + typeStore.EndOfContent = _a$u; +})(); +EndOfContent.NAME = END_OF_CONTENT_NAME; + +var _a$t; +class Null extends BaseBlock { + constructor(parameters = {}) { + super(parameters, ValueBlock); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 5; + } + fromBER(inputBuffer, inputOffset, inputLength) { + if (this.lenBlock.length > 0) + this.warnings.push("Non-zero length of value block for Null type"); + if (!this.idBlock.error.length) + this.blockLength += this.idBlock.blockLength; + if (!this.lenBlock.error.length) + this.blockLength += this.lenBlock.blockLength; + this.blockLength += inputLength; + if ((inputOffset + inputLength) > inputBuffer.byteLength) { + this.error = "End of input reached before message was fully decoded (inconsistent offset and length values)"; + return -1; + } + return (inputOffset + inputLength); + } + toBER(sizeOnly, writer) { + const retBuf = new ArrayBuffer(2); + if (!sizeOnly) { + const retView = new Uint8Array(retBuf); + retView[0] = 0x05; + retView[1] = 0x00; + } + if (writer) { + writer.write(retBuf); + } + return retBuf; + } + onAsciiEncoding() { + return `${this.constructor.NAME}`; + } +} +_a$t = Null; +(() => { + typeStore.Null = _a$t; +})(); +Null.NAME = "NULL"; + +class LocalBooleanValueBlock extends HexBlock(ValueBlock) { + constructor({ value, ...parameters } = {}) { + super(parameters); + if (parameters.valueHex) { + this.valueHexView = BufferSourceConverter.toUint8Array(parameters.valueHex); + } + else { + this.valueHexView = new Uint8Array(1); + } + if (value) { + this.value = value; + } + } + get value() { + for (const octet of this.valueHexView) { + if (octet > 0) { + return true; + } + } + return false; + } + set value(value) { + this.valueHexView[0] = value ? 0xFF : 0x00; + } + fromBER(inputBuffer, inputOffset, inputLength) { + const inputView = BufferSourceConverter.toUint8Array(inputBuffer); + if (!checkBufferParams(this, inputView, inputOffset, inputLength)) { + return -1; + } + this.valueHexView = inputView.subarray(inputOffset, inputOffset + inputLength); + if (inputLength > 1) + this.warnings.push("Boolean value encoded in more then 1 octet"); + this.isHexOnly = true; + utilDecodeTC.call(this); + this.blockLength = inputLength; + return (inputOffset + inputLength); + } + toBER() { + return this.valueHexView.slice(); + } + toJSON() { + return { + ...super.toJSON(), + value: this.value, + }; + } +} +LocalBooleanValueBlock.NAME = "BooleanValueBlock"; + +var _a$s; +class Boolean extends BaseBlock { + constructor(parameters = {}) { + super(parameters, LocalBooleanValueBlock); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 1; + } + getValue() { + return this.valueBlock.value; + } + setValue(value) { + this.valueBlock.value = value; + } + onAsciiEncoding() { + return `${this.constructor.NAME} : ${this.getValue}`; + } +} +_a$s = Boolean; +(() => { + typeStore.Boolean = _a$s; +})(); +Boolean.NAME = "BOOLEAN"; + +class LocalOctetStringValueBlock extends HexBlock(LocalConstructedValueBlock) { + constructor({ isConstructed = false, ...parameters } = {}) { + super(parameters); + this.isConstructed = isConstructed; + } + fromBER(inputBuffer, inputOffset, inputLength) { + let resultOffset = 0; + if (this.isConstructed) { + this.isHexOnly = false; + resultOffset = LocalConstructedValueBlock.prototype.fromBER.call(this, inputBuffer, inputOffset, inputLength); + if (resultOffset === -1) + return resultOffset; + for (let i = 0; i < this.value.length; i++) { + const currentBlockName = this.value[i].constructor.NAME; + if (currentBlockName === END_OF_CONTENT_NAME) { + if (this.isIndefiniteForm) + break; + else { + this.error = "EndOfContent is unexpected, OCTET STRING may consists of OCTET STRINGs only"; + return -1; + } + } + if (currentBlockName !== OCTET_STRING_NAME) { + this.error = "OCTET STRING may consists of OCTET STRINGs only"; + return -1; + } + } + } + else { + this.isHexOnly = true; + resultOffset = super.fromBER(inputBuffer, inputOffset, inputLength); + this.blockLength = inputLength; + } + return resultOffset; + } + toBER(sizeOnly, writer) { + if (this.isConstructed) + return LocalConstructedValueBlock.prototype.toBER.call(this, sizeOnly, writer); + return sizeOnly + ? new ArrayBuffer(this.valueHexView.byteLength) + : this.valueHexView.slice().buffer; + } + toJSON() { + return { + ...super.toJSON(), + isConstructed: this.isConstructed, + }; + } +} +LocalOctetStringValueBlock.NAME = "OctetStringValueBlock"; + +var _a$r; +class OctetString extends BaseBlock { + constructor({ idBlock = {}, lenBlock = {}, ...parameters } = {}) { + var _b, _c; + (_b = parameters.isConstructed) !== null && _b !== void 0 ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === void 0 ? void 0 : _c.length)); + super({ + idBlock: { + isConstructed: parameters.isConstructed, + ...idBlock, + }, + lenBlock: { + ...lenBlock, + isIndefiniteForm: !!parameters.isIndefiniteForm, + }, + ...parameters, + }, LocalOctetStringValueBlock); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 4; + } + fromBER(inputBuffer, inputOffset, inputLength) { + this.valueBlock.isConstructed = this.idBlock.isConstructed; + this.valueBlock.isIndefiniteForm = this.lenBlock.isIndefiniteForm; + if (inputLength === 0) { + if (this.idBlock.error.length === 0) + this.blockLength += this.idBlock.blockLength; + if (this.lenBlock.error.length === 0) + this.blockLength += this.lenBlock.blockLength; + return inputOffset; + } + if (!this.valueBlock.isConstructed) { + const view = inputBuffer instanceof ArrayBuffer ? new Uint8Array(inputBuffer) : inputBuffer; + const buf = view.subarray(inputOffset, inputOffset + inputLength); + try { + if (buf.byteLength) { + const asn = localFromBER(buf, 0, buf.byteLength); + if (asn.offset !== -1 && asn.offset === inputLength) { + this.valueBlock.value = [asn.result]; + } + } + } + catch (e) { + } + } + return super.fromBER(inputBuffer, inputOffset, inputLength); + } + onAsciiEncoding() { + if (this.valueBlock.isConstructed || (this.valueBlock.value && this.valueBlock.value.length)) { + return Constructed.prototype.onAsciiEncoding.call(this); + } + return `${this.constructor.NAME} : ${Convert.ToHex(this.valueBlock.valueHexView)}`; + } + getValue() { + if (!this.idBlock.isConstructed) { + return this.valueBlock.valueHexView.slice().buffer; + } + const array = []; + for (const content of this.valueBlock.value) { + if (content instanceof OctetString) { + array.push(content.valueBlock.valueHexView); + } + } + return BufferSourceConverter.concat(array); + } +} +_a$r = OctetString; +(() => { + typeStore.OctetString = _a$r; +})(); +OctetString.NAME = OCTET_STRING_NAME; + +class LocalBitStringValueBlock extends HexBlock(LocalConstructedValueBlock) { + constructor({ unusedBits = 0, isConstructed = false, ...parameters } = {}) { + super(parameters); + this.unusedBits = unusedBits; + this.isConstructed = isConstructed; + this.blockLength = this.valueHexView.byteLength; + } + fromBER(inputBuffer, inputOffset, inputLength) { + if (!inputLength) { + return inputOffset; + } + let resultOffset = -1; + if (this.isConstructed) { + resultOffset = LocalConstructedValueBlock.prototype.fromBER.call(this, inputBuffer, inputOffset, inputLength); + if (resultOffset === -1) + return resultOffset; + for (const value of this.value) { + const currentBlockName = value.constructor.NAME; + if (currentBlockName === END_OF_CONTENT_NAME) { + if (this.isIndefiniteForm) + break; + else { + this.error = "EndOfContent is unexpected, BIT STRING may consists of BIT STRINGs only"; + return -1; + } + } + if (currentBlockName !== BIT_STRING_NAME) { + this.error = "BIT STRING may consists of BIT STRINGs only"; + return -1; + } + const valueBlock = value.valueBlock; + if ((this.unusedBits > 0) && (valueBlock.unusedBits > 0)) { + this.error = "Using of \"unused bits\" inside constructive BIT STRING allowed for least one only"; + return -1; + } + this.unusedBits = valueBlock.unusedBits; + } + return resultOffset; + } + const inputView = BufferSourceConverter.toUint8Array(inputBuffer); + if (!checkBufferParams(this, inputView, inputOffset, inputLength)) { + return -1; + } + const intBuffer = inputView.subarray(inputOffset, inputOffset + inputLength); + this.unusedBits = intBuffer[0]; + if (this.unusedBits > 7) { + this.error = "Unused bits for BitString must be in range 0-7"; + return -1; + } + if (!this.unusedBits) { + const buf = intBuffer.subarray(1); + try { + if (buf.byteLength) { + const asn = localFromBER(buf, 0, buf.byteLength); + if (asn.offset !== -1 && asn.offset === (inputLength - 1)) { + this.value = [asn.result]; + } + } + } + catch (e) { + } + } + this.valueHexView = intBuffer.subarray(1); + this.blockLength = intBuffer.length; + return (inputOffset + inputLength); + } + toBER(sizeOnly, writer) { + if (this.isConstructed) { + return LocalConstructedValueBlock.prototype.toBER.call(this, sizeOnly, writer); + } + if (sizeOnly) { + return new ArrayBuffer(this.valueHexView.byteLength + 1); + } + if (!this.valueHexView.byteLength) { + return EMPTY_BUFFER$1; + } + const retView = new Uint8Array(this.valueHexView.length + 1); + retView[0] = this.unusedBits; + retView.set(this.valueHexView, 1); + return retView.buffer; + } + toJSON() { + return { + ...super.toJSON(), + unusedBits: this.unusedBits, + isConstructed: this.isConstructed, + }; + } +} +LocalBitStringValueBlock.NAME = "BitStringValueBlock"; + +var _a$q; +class BitString extends BaseBlock { + constructor({ idBlock = {}, lenBlock = {}, ...parameters } = {}) { + var _b, _c; + (_b = parameters.isConstructed) !== null && _b !== void 0 ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === void 0 ? void 0 : _c.length)); + super({ + idBlock: { + isConstructed: parameters.isConstructed, + ...idBlock, + }, + lenBlock: { + ...lenBlock, + isIndefiniteForm: !!parameters.isIndefiniteForm, + }, + ...parameters, + }, LocalBitStringValueBlock); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 3; + } + fromBER(inputBuffer, inputOffset, inputLength) { + this.valueBlock.isConstructed = this.idBlock.isConstructed; + this.valueBlock.isIndefiniteForm = this.lenBlock.isIndefiniteForm; + return super.fromBER(inputBuffer, inputOffset, inputLength); + } + onAsciiEncoding() { + if (this.valueBlock.isConstructed || (this.valueBlock.value && this.valueBlock.value.length)) { + return Constructed.prototype.onAsciiEncoding.call(this); + } + else { + const bits = []; + const valueHex = this.valueBlock.valueHexView; + for (const byte of valueHex) { + bits.push(byte.toString(2).padStart(8, "0")); + } + const bitsStr = bits.join(""); + return `${this.constructor.NAME} : ${bitsStr.substring(0, bitsStr.length - this.valueBlock.unusedBits)}`; + } + } +} +_a$q = BitString; +(() => { + typeStore.BitString = _a$q; +})(); +BitString.NAME = BIT_STRING_NAME; + +var _a$p; +function viewAdd(first, second) { + const c = new Uint8Array([0]); + const firstView = new Uint8Array(first); + const secondView = new Uint8Array(second); + let firstViewCopy = firstView.slice(0); + const firstViewCopyLength = firstViewCopy.length - 1; + const secondViewCopy = secondView.slice(0); + const secondViewCopyLength = secondViewCopy.length - 1; + let value = 0; + const max = (secondViewCopyLength < firstViewCopyLength) ? firstViewCopyLength : secondViewCopyLength; + let counter = 0; + for (let i = max; i >= 0; i--, counter++) { + switch (true) { + case (counter < secondViewCopy.length): + value = firstViewCopy[firstViewCopyLength - counter] + secondViewCopy[secondViewCopyLength - counter] + c[0]; + break; + default: + value = firstViewCopy[firstViewCopyLength - counter] + c[0]; + } + c[0] = value / 10; + switch (true) { + case (counter >= firstViewCopy.length): + firstViewCopy = utilConcatView(new Uint8Array([value % 10]), firstViewCopy); + break; + default: + firstViewCopy[firstViewCopyLength - counter] = value % 10; + } + } + if (c[0] > 0) + firstViewCopy = utilConcatView(c, firstViewCopy); + return firstViewCopy; +} +function power2(n) { + if (n >= powers2.length) { + for (let p = powers2.length; p <= n; p++) { + const c = new Uint8Array([0]); + let digits = (powers2[p - 1]).slice(0); + for (let i = (digits.length - 1); i >= 0; i--) { + const newValue = new Uint8Array([(digits[i] << 1) + c[0]]); + c[0] = newValue[0] / 10; + digits[i] = newValue[0] % 10; + } + if (c[0] > 0) + digits = utilConcatView(c, digits); + powers2.push(digits); + } + } + return powers2[n]; +} +function viewSub(first, second) { + let b = 0; + const firstView = new Uint8Array(first); + const secondView = new Uint8Array(second); + const firstViewCopy = firstView.slice(0); + const firstViewCopyLength = firstViewCopy.length - 1; + const secondViewCopy = secondView.slice(0); + const secondViewCopyLength = secondViewCopy.length - 1; + let value; + let counter = 0; + for (let i = secondViewCopyLength; i >= 0; i--, counter++) { + value = firstViewCopy[firstViewCopyLength - counter] - secondViewCopy[secondViewCopyLength - counter] - b; + switch (true) { + case (value < 0): + b = 1; + firstViewCopy[firstViewCopyLength - counter] = value + 10; + break; + default: + b = 0; + firstViewCopy[firstViewCopyLength - counter] = value; + } + } + if (b > 0) { + for (let i = (firstViewCopyLength - secondViewCopyLength + 1); i >= 0; i--, counter++) { + value = firstViewCopy[firstViewCopyLength - counter] - b; + if (value < 0) { + b = 1; + firstViewCopy[firstViewCopyLength - counter] = value + 10; + } + else { + b = 0; + firstViewCopy[firstViewCopyLength - counter] = value; + break; + } + } + } + return firstViewCopy.slice(); +} +class LocalIntegerValueBlock extends HexBlock(ValueBlock) { + constructor({ value, ...parameters } = {}) { + super(parameters); + this._valueDec = 0; + if (parameters.valueHex) { + this.setValueHex(); + } + if (value !== undefined) { + this.valueDec = value; + } + } + setValueHex() { + if (this.valueHexView.length >= 4) { + this.warnings.push("Too big Integer for decoding, hex only"); + this.isHexOnly = true; + this._valueDec = 0; + } + else { + this.isHexOnly = false; + if (this.valueHexView.length > 0) { + this._valueDec = utilDecodeTC.call(this); + } + } + } + set valueDec(v) { + this._valueDec = v; + this.isHexOnly = false; + this.valueHexView = new Uint8Array(utilEncodeTC(v)); + } + get valueDec() { + return this._valueDec; + } + fromDER(inputBuffer, inputOffset, inputLength, expectedLength = 0) { + const offset = this.fromBER(inputBuffer, inputOffset, inputLength); + if (offset === -1) + return offset; + const view = this.valueHexView; + if ((view[0] === 0x00) && ((view[1] & 0x80) !== 0)) { + this.valueHexView = view.subarray(1); + } + else { + if (expectedLength !== 0) { + if (view.length < expectedLength) { + if ((expectedLength - view.length) > 1) + expectedLength = view.length + 1; + this.valueHexView = view.subarray(expectedLength - view.length); + } + } + } + return offset; + } + toDER(sizeOnly = false) { + const view = this.valueHexView; + switch (true) { + case ((view[0] & 0x80) !== 0): + { + const updatedView = new Uint8Array(this.valueHexView.length + 1); + updatedView[0] = 0x00; + updatedView.set(view, 1); + this.valueHexView = updatedView; + } + break; + case ((view[0] === 0x00) && ((view[1] & 0x80) === 0)): + { + this.valueHexView = this.valueHexView.subarray(1); + } + break; + } + return this.toBER(sizeOnly); + } + fromBER(inputBuffer, inputOffset, inputLength) { + const resultOffset = super.fromBER(inputBuffer, inputOffset, inputLength); + if (resultOffset === -1) { + return resultOffset; + } + this.setValueHex(); + return resultOffset; + } + toBER(sizeOnly) { + return sizeOnly + ? new ArrayBuffer(this.valueHexView.length) + : this.valueHexView.slice().buffer; + } + toJSON() { + return { + ...super.toJSON(), + valueDec: this.valueDec, + }; + } + toString() { + const firstBit = (this.valueHexView.length * 8) - 1; + let digits = new Uint8Array((this.valueHexView.length * 8) / 3); + let bitNumber = 0; + let currentByte; + const asn1View = this.valueHexView; + let result = ""; + let flag = false; + for (let byteNumber = (asn1View.byteLength - 1); byteNumber >= 0; byteNumber--) { + currentByte = asn1View[byteNumber]; + for (let i = 0; i < 8; i++) { + if ((currentByte & 1) === 1) { + switch (bitNumber) { + case firstBit: + digits = viewSub(power2(bitNumber), digits); + result = "-"; + break; + default: + digits = viewAdd(digits, power2(bitNumber)); + } + } + bitNumber++; + currentByte >>= 1; + } + } + for (let i = 0; i < digits.length; i++) { + if (digits[i]) + flag = true; + if (flag) + result += digitsString.charAt(digits[i]); + } + if (flag === false) + result += digitsString.charAt(0); + return result; + } +} +_a$p = LocalIntegerValueBlock; +LocalIntegerValueBlock.NAME = "IntegerValueBlock"; +(() => { + Object.defineProperty(_a$p.prototype, "valueHex", { + set: function (v) { + this.valueHexView = new Uint8Array(v); + this.setValueHex(); + }, + get: function () { + return this.valueHexView.slice().buffer; + }, + }); +})(); + +var _a$o; +class Integer extends BaseBlock { + constructor(parameters = {}) { + super(parameters, LocalIntegerValueBlock); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 2; + } + toBigInt() { + assertBigInt(); + return BigInt(this.valueBlock.toString()); + } + static fromBigInt(value) { + assertBigInt(); + const bigIntValue = BigInt(value); + const writer = new ViewWriter(); + const hex = bigIntValue.toString(16).replace(/^-/, ""); + const view = new Uint8Array(Convert.FromHex(hex)); + if (bigIntValue < 0) { + const first = new Uint8Array(view.length + (view[0] & 0x80 ? 1 : 0)); + first[0] |= 0x80; + const firstInt = BigInt(`0x${Convert.ToHex(first)}`); + const secondInt = firstInt + bigIntValue; + const second = BufferSourceConverter.toUint8Array(Convert.FromHex(secondInt.toString(16))); + second[0] |= 0x80; + writer.write(second); + } + else { + if (view[0] & 0x80) { + writer.write(new Uint8Array([0])); + } + writer.write(view); + } + const res = new Integer({ + valueHex: writer.final(), + }); + return res; + } + convertToDER() { + const integer = new Integer({ valueHex: this.valueBlock.valueHexView }); + integer.valueBlock.toDER(); + return integer; + } + convertFromDER() { + return new Integer({ + valueHex: this.valueBlock.valueHexView[0] === 0 + ? this.valueBlock.valueHexView.subarray(1) + : this.valueBlock.valueHexView, + }); + } + onAsciiEncoding() { + return `${this.constructor.NAME} : ${this.valueBlock.toString()}`; + } +} +_a$o = Integer; +(() => { + typeStore.Integer = _a$o; +})(); +Integer.NAME = "INTEGER"; + +var _a$n; +class Enumerated extends Integer { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 10; + } +} +_a$n = Enumerated; +(() => { + typeStore.Enumerated = _a$n; +})(); +Enumerated.NAME = "ENUMERATED"; + +class LocalSidValueBlock extends HexBlock(ValueBlock) { + constructor({ valueDec = -1, isFirstSid = false, ...parameters } = {}) { + super(parameters); + this.valueDec = valueDec; + this.isFirstSid = isFirstSid; + } + fromBER(inputBuffer, inputOffset, inputLength) { + if (!inputLength) { + return inputOffset; + } + const inputView = BufferSourceConverter.toUint8Array(inputBuffer); + if (!checkBufferParams(this, inputView, inputOffset, inputLength)) { + return -1; + } + const intBuffer = inputView.subarray(inputOffset, inputOffset + inputLength); + this.valueHexView = new Uint8Array(inputLength); + for (let i = 0; i < inputLength; i++) { + this.valueHexView[i] = intBuffer[i] & 0x7F; + this.blockLength++; + if ((intBuffer[i] & 0x80) === 0x00) + break; + } + const tempView = new Uint8Array(this.blockLength); + for (let i = 0; i < this.blockLength; i++) { + tempView[i] = this.valueHexView[i]; + } + this.valueHexView = tempView; + if ((intBuffer[this.blockLength - 1] & 0x80) !== 0x00) { + this.error = "End of input reached before message was fully decoded"; + return -1; + } + if (this.valueHexView[0] === 0x00) + this.warnings.push("Needlessly long format of SID encoding"); + if (this.blockLength <= 8) + this.valueDec = utilFromBase(this.valueHexView, 7); + else { + this.isHexOnly = true; + this.warnings.push("Too big SID for decoding, hex only"); + } + return (inputOffset + this.blockLength); + } + set valueBigInt(value) { + assertBigInt(); + let bits = BigInt(value).toString(2); + while (bits.length % 7) { + bits = "0" + bits; + } + const bytes = new Uint8Array(bits.length / 7); + for (let i = 0; i < bytes.length; i++) { + bytes[i] = parseInt(bits.slice(i * 7, i * 7 + 7), 2) + (i + 1 < bytes.length ? 0x80 : 0); + } + this.fromBER(bytes.buffer, 0, bytes.length); + } + toBER(sizeOnly) { + if (this.isHexOnly) { + if (sizeOnly) + return (new ArrayBuffer(this.valueHexView.byteLength)); + const curView = this.valueHexView; + const retView = new Uint8Array(this.blockLength); + for (let i = 0; i < (this.blockLength - 1); i++) + retView[i] = curView[i] | 0x80; + retView[this.blockLength - 1] = curView[this.blockLength - 1]; + return retView.buffer; + } + const encodedBuf = utilToBase(this.valueDec, 7); + if (encodedBuf.byteLength === 0) { + this.error = "Error during encoding SID value"; + return EMPTY_BUFFER$1; + } + const retView = new Uint8Array(encodedBuf.byteLength); + if (!sizeOnly) { + const encodedView = new Uint8Array(encodedBuf); + const len = encodedBuf.byteLength - 1; + for (let i = 0; i < len; i++) + retView[i] = encodedView[i] | 0x80; + retView[len] = encodedView[len]; + } + return retView; + } + toString() { + let result = ""; + if (this.isHexOnly) + result = Convert.ToHex(this.valueHexView); + else { + if (this.isFirstSid) { + let sidValue = this.valueDec; + if (this.valueDec <= 39) + result = "0."; + else { + if (this.valueDec <= 79) { + result = "1."; + sidValue -= 40; + } + else { + result = "2."; + sidValue -= 80; + } + } + result += sidValue.toString(); + } + else + result = this.valueDec.toString(); + } + return result; + } + toJSON() { + return { + ...super.toJSON(), + valueDec: this.valueDec, + isFirstSid: this.isFirstSid, + }; + } +} +LocalSidValueBlock.NAME = "sidBlock"; + +class LocalObjectIdentifierValueBlock extends ValueBlock { + constructor({ value = EMPTY_STRING$1, ...parameters } = {}) { + super(parameters); + this.value = []; + if (value) { + this.fromString(value); + } + } + fromBER(inputBuffer, inputOffset, inputLength) { + let resultOffset = inputOffset; + while (inputLength > 0) { + const sidBlock = new LocalSidValueBlock(); + resultOffset = sidBlock.fromBER(inputBuffer, resultOffset, inputLength); + if (resultOffset === -1) { + this.blockLength = 0; + this.error = sidBlock.error; + return resultOffset; + } + if (this.value.length === 0) + sidBlock.isFirstSid = true; + this.blockLength += sidBlock.blockLength; + inputLength -= sidBlock.blockLength; + this.value.push(sidBlock); + } + return resultOffset; + } + toBER(sizeOnly) { + const retBuffers = []; + for (let i = 0; i < this.value.length; i++) { + const valueBuf = this.value[i].toBER(sizeOnly); + if (valueBuf.byteLength === 0) { + this.error = this.value[i].error; + return EMPTY_BUFFER$1; + } + retBuffers.push(valueBuf); + } + return concat(retBuffers); + } + fromString(string) { + this.value = []; + let pos1 = 0; + let pos2 = 0; + let sid = ""; + let flag = false; + do { + pos2 = string.indexOf(".", pos1); + if (pos2 === -1) + sid = string.substring(pos1); + else + sid = string.substring(pos1, pos2); + pos1 = pos2 + 1; + if (flag) { + const sidBlock = this.value[0]; + let plus = 0; + switch (sidBlock.valueDec) { + case 0: + break; + case 1: + plus = 40; + break; + case 2: + plus = 80; + break; + default: + this.value = []; + return; + } + const parsedSID = parseInt(sid, 10); + if (isNaN(parsedSID)) + return; + sidBlock.valueDec = parsedSID + plus; + flag = false; + } + else { + const sidBlock = new LocalSidValueBlock(); + if (sid > Number.MAX_SAFE_INTEGER) { + assertBigInt(); + const sidValue = BigInt(sid); + sidBlock.valueBigInt = sidValue; + } + else { + sidBlock.valueDec = parseInt(sid, 10); + if (isNaN(sidBlock.valueDec)) + return; + } + if (!this.value.length) { + sidBlock.isFirstSid = true; + flag = true; + } + this.value.push(sidBlock); + } + } while (pos2 !== -1); + } + toString() { + let result = ""; + let isHexOnly = false; + for (let i = 0; i < this.value.length; i++) { + isHexOnly = this.value[i].isHexOnly; + let sidStr = this.value[i].toString(); + if (i !== 0) + result = `${result}.`; + if (isHexOnly) { + sidStr = `{${sidStr}}`; + if (this.value[i].isFirstSid) + result = `2.{${sidStr} - 80}`; + else + result += sidStr; + } + else + result += sidStr; + } + return result; + } + toJSON() { + const object = { + ...super.toJSON(), + value: this.toString(), + sidArray: [], + }; + for (let i = 0; i < this.value.length; i++) { + object.sidArray.push(this.value[i].toJSON()); + } + return object; + } +} +LocalObjectIdentifierValueBlock.NAME = "ObjectIdentifierValueBlock"; + +var _a$m; +class ObjectIdentifier extends BaseBlock { + constructor(parameters = {}) { + super(parameters, LocalObjectIdentifierValueBlock); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 6; + } + getValue() { + return this.valueBlock.toString(); + } + setValue(value) { + this.valueBlock.fromString(value); + } + onAsciiEncoding() { + return `${this.constructor.NAME} : ${this.valueBlock.toString() || "empty"}`; + } + toJSON() { + return { + ...super.toJSON(), + value: this.getValue(), + }; + } +} +_a$m = ObjectIdentifier; +(() => { + typeStore.ObjectIdentifier = _a$m; +})(); +ObjectIdentifier.NAME = "OBJECT IDENTIFIER"; + +class LocalRelativeSidValueBlock extends HexBlock(LocalBaseBlock) { + constructor({ valueDec = 0, ...parameters } = {}) { + super(parameters); + this.valueDec = valueDec; + } + fromBER(inputBuffer, inputOffset, inputLength) { + if (inputLength === 0) + return inputOffset; + const inputView = BufferSourceConverter.toUint8Array(inputBuffer); + if (!checkBufferParams(this, inputView, inputOffset, inputLength)) + return -1; + const intBuffer = inputView.subarray(inputOffset, inputOffset + inputLength); + this.valueHexView = new Uint8Array(inputLength); + for (let i = 0; i < inputLength; i++) { + this.valueHexView[i] = intBuffer[i] & 0x7F; + this.blockLength++; + if ((intBuffer[i] & 0x80) === 0x00) + break; + } + const tempView = new Uint8Array(this.blockLength); + for (let i = 0; i < this.blockLength; i++) + tempView[i] = this.valueHexView[i]; + this.valueHexView = tempView; + if ((intBuffer[this.blockLength - 1] & 0x80) !== 0x00) { + this.error = "End of input reached before message was fully decoded"; + return -1; + } + if (this.valueHexView[0] === 0x00) + this.warnings.push("Needlessly long format of SID encoding"); + if (this.blockLength <= 8) + this.valueDec = utilFromBase(this.valueHexView, 7); + else { + this.isHexOnly = true; + this.warnings.push("Too big SID for decoding, hex only"); + } + return (inputOffset + this.blockLength); + } + toBER(sizeOnly) { + if (this.isHexOnly) { + if (sizeOnly) + return (new ArrayBuffer(this.valueHexView.byteLength)); + const curView = this.valueHexView; + const retView = new Uint8Array(this.blockLength); + for (let i = 0; i < (this.blockLength - 1); i++) + retView[i] = curView[i] | 0x80; + retView[this.blockLength - 1] = curView[this.blockLength - 1]; + return retView.buffer; + } + const encodedBuf = utilToBase(this.valueDec, 7); + if (encodedBuf.byteLength === 0) { + this.error = "Error during encoding SID value"; + return EMPTY_BUFFER$1; + } + const retView = new Uint8Array(encodedBuf.byteLength); + if (!sizeOnly) { + const encodedView = new Uint8Array(encodedBuf); + const len = encodedBuf.byteLength - 1; + for (let i = 0; i < len; i++) + retView[i] = encodedView[i] | 0x80; + retView[len] = encodedView[len]; + } + return retView.buffer; + } + toString() { + let result = ""; + if (this.isHexOnly) + result = Convert.ToHex(this.valueHexView); + else { + result = this.valueDec.toString(); + } + return result; + } + toJSON() { + return { + ...super.toJSON(), + valueDec: this.valueDec, + }; + } +} +LocalRelativeSidValueBlock.NAME = "relativeSidBlock"; + +class LocalRelativeObjectIdentifierValueBlock extends ValueBlock { + constructor({ value = EMPTY_STRING$1, ...parameters } = {}) { + super(parameters); + this.value = []; + if (value) { + this.fromString(value); + } + } + fromBER(inputBuffer, inputOffset, inputLength) { + let resultOffset = inputOffset; + while (inputLength > 0) { + const sidBlock = new LocalRelativeSidValueBlock(); + resultOffset = sidBlock.fromBER(inputBuffer, resultOffset, inputLength); + if (resultOffset === -1) { + this.blockLength = 0; + this.error = sidBlock.error; + return resultOffset; + } + this.blockLength += sidBlock.blockLength; + inputLength -= sidBlock.blockLength; + this.value.push(sidBlock); + } + return resultOffset; + } + toBER(sizeOnly, writer) { + const retBuffers = []; + for (let i = 0; i < this.value.length; i++) { + const valueBuf = this.value[i].toBER(sizeOnly); + if (valueBuf.byteLength === 0) { + this.error = this.value[i].error; + return EMPTY_BUFFER$1; + } + retBuffers.push(valueBuf); + } + return concat(retBuffers); + } + fromString(string) { + this.value = []; + let pos1 = 0; + let pos2 = 0; + let sid = ""; + do { + pos2 = string.indexOf(".", pos1); + if (pos2 === -1) + sid = string.substring(pos1); + else + sid = string.substring(pos1, pos2); + pos1 = pos2 + 1; + const sidBlock = new LocalRelativeSidValueBlock(); + sidBlock.valueDec = parseInt(sid, 10); + if (isNaN(sidBlock.valueDec)) + return true; + this.value.push(sidBlock); + } while (pos2 !== -1); + return true; + } + toString() { + let result = ""; + let isHexOnly = false; + for (let i = 0; i < this.value.length; i++) { + isHexOnly = this.value[i].isHexOnly; + let sidStr = this.value[i].toString(); + if (i !== 0) + result = `${result}.`; + if (isHexOnly) { + sidStr = `{${sidStr}}`; + result += sidStr; + } + else + result += sidStr; + } + return result; + } + toJSON() { + const object = { + ...super.toJSON(), + value: this.toString(), + sidArray: [], + }; + for (let i = 0; i < this.value.length; i++) + object.sidArray.push(this.value[i].toJSON()); + return object; + } +} +LocalRelativeObjectIdentifierValueBlock.NAME = "RelativeObjectIdentifierValueBlock"; + +var _a$l; +class RelativeObjectIdentifier extends BaseBlock { + constructor(parameters = {}) { + super(parameters, LocalRelativeObjectIdentifierValueBlock); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 13; + } + getValue() { + return this.valueBlock.toString(); + } + setValue(value) { + this.valueBlock.fromString(value); + } + onAsciiEncoding() { + return `${this.constructor.NAME} : ${this.valueBlock.toString() || "empty"}`; + } + toJSON() { + return { + ...super.toJSON(), + value: this.getValue(), + }; + } +} +_a$l = RelativeObjectIdentifier; +(() => { + typeStore.RelativeObjectIdentifier = _a$l; +})(); +RelativeObjectIdentifier.NAME = "RelativeObjectIdentifier"; + +var _a$k; +class Sequence extends Constructed { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 16; + } +} +_a$k = Sequence; +(() => { + typeStore.Sequence = _a$k; +})(); +Sequence.NAME = "SEQUENCE"; + +var _a$j; +class Set extends Constructed { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 17; + } +} +_a$j = Set; +(() => { + typeStore.Set = _a$j; +})(); +Set.NAME = "SET"; + +class LocalStringValueBlock extends HexBlock(ValueBlock) { + constructor({ ...parameters } = {}) { + super(parameters); + this.isHexOnly = true; + this.value = EMPTY_STRING$1; + } + toJSON() { + return { + ...super.toJSON(), + value: this.value, + }; + } +} +LocalStringValueBlock.NAME = "StringValueBlock"; + +class LocalSimpleStringValueBlock extends LocalStringValueBlock { +} +LocalSimpleStringValueBlock.NAME = "SimpleStringValueBlock"; + +class LocalSimpleStringBlock extends BaseStringBlock { + constructor({ ...parameters } = {}) { + super(parameters, LocalSimpleStringValueBlock); + } + fromBuffer(inputBuffer) { + this.valueBlock.value = String.fromCharCode.apply(null, BufferSourceConverter.toUint8Array(inputBuffer)); + } + fromString(inputString) { + const strLen = inputString.length; + const view = this.valueBlock.valueHexView = new Uint8Array(strLen); + for (let i = 0; i < strLen; i++) + view[i] = inputString.charCodeAt(i); + this.valueBlock.value = inputString; + } +} +LocalSimpleStringBlock.NAME = "SIMPLE STRING"; + +class LocalUtf8StringValueBlock extends LocalSimpleStringBlock { + fromBuffer(inputBuffer) { + this.valueBlock.valueHexView = BufferSourceConverter.toUint8Array(inputBuffer); + try { + this.valueBlock.value = Convert.ToUtf8String(inputBuffer); + } + catch (ex) { + this.warnings.push(`Error during "decodeURIComponent": ${ex}, using raw string`); + this.valueBlock.value = Convert.ToBinary(inputBuffer); + } + } + fromString(inputString) { + this.valueBlock.valueHexView = new Uint8Array(Convert.FromUtf8String(inputString)); + this.valueBlock.value = inputString; + } +} +LocalUtf8StringValueBlock.NAME = "Utf8StringValueBlock"; + +var _a$i; +class Utf8String extends LocalUtf8StringValueBlock { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 12; + } +} +_a$i = Utf8String; +(() => { + typeStore.Utf8String = _a$i; +})(); +Utf8String.NAME = "UTF8String"; + +class LocalBmpStringValueBlock extends LocalSimpleStringBlock { + fromBuffer(inputBuffer) { + this.valueBlock.value = Convert.ToUtf16String(inputBuffer); + this.valueBlock.valueHexView = BufferSourceConverter.toUint8Array(inputBuffer); + } + fromString(inputString) { + this.valueBlock.value = inputString; + this.valueBlock.valueHexView = new Uint8Array(Convert.FromUtf16String(inputString)); + } +} +LocalBmpStringValueBlock.NAME = "BmpStringValueBlock"; + +var _a$h; +class BmpString extends LocalBmpStringValueBlock { + constructor({ ...parameters } = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 30; + } +} +_a$h = BmpString; +(() => { + typeStore.BmpString = _a$h; +})(); +BmpString.NAME = "BMPString"; + +class LocalUniversalStringValueBlock extends LocalSimpleStringBlock { + fromBuffer(inputBuffer) { + const copyBuffer = ArrayBuffer.isView(inputBuffer) ? inputBuffer.slice().buffer : inputBuffer.slice(0); + const valueView = new Uint8Array(copyBuffer); + for (let i = 0; i < valueView.length; i += 4) { + valueView[i] = valueView[i + 3]; + valueView[i + 1] = valueView[i + 2]; + valueView[i + 2] = 0x00; + valueView[i + 3] = 0x00; + } + this.valueBlock.value = String.fromCharCode.apply(null, new Uint32Array(copyBuffer)); + } + fromString(inputString) { + const strLength = inputString.length; + const valueHexView = this.valueBlock.valueHexView = new Uint8Array(strLength * 4); + for (let i = 0; i < strLength; i++) { + const codeBuf = utilToBase(inputString.charCodeAt(i), 8); + const codeView = new Uint8Array(codeBuf); + if (codeView.length > 4) + continue; + const dif = 4 - codeView.length; + for (let j = (codeView.length - 1); j >= 0; j--) + valueHexView[i * 4 + j + dif] = codeView[j]; + } + this.valueBlock.value = inputString; + } +} +LocalUniversalStringValueBlock.NAME = "UniversalStringValueBlock"; + +var _a$g; +class UniversalString extends LocalUniversalStringValueBlock { + constructor({ ...parameters } = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 28; + } +} +_a$g = UniversalString; +(() => { + typeStore.UniversalString = _a$g; +})(); +UniversalString.NAME = "UniversalString"; + +var _a$f; +class NumericString extends LocalSimpleStringBlock { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 18; + } +} +_a$f = NumericString; +(() => { + typeStore.NumericString = _a$f; +})(); +NumericString.NAME = "NumericString"; + +var _a$e; +class PrintableString extends LocalSimpleStringBlock { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 19; + } +} +_a$e = PrintableString; +(() => { + typeStore.PrintableString = _a$e; +})(); +PrintableString.NAME = "PrintableString"; + +var _a$d; +class TeletexString extends LocalSimpleStringBlock { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 20; + } +} +_a$d = TeletexString; +(() => { + typeStore.TeletexString = _a$d; +})(); +TeletexString.NAME = "TeletexString"; + +var _a$c; +class VideotexString extends LocalSimpleStringBlock { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 21; + } +} +_a$c = VideotexString; +(() => { + typeStore.VideotexString = _a$c; +})(); +VideotexString.NAME = "VideotexString"; + +var _a$b; +class IA5String extends LocalSimpleStringBlock { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 22; + } +} +_a$b = IA5String; +(() => { + typeStore.IA5String = _a$b; +})(); +IA5String.NAME = "IA5String"; + +var _a$a; +class GraphicString extends LocalSimpleStringBlock { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 25; + } +} +_a$a = GraphicString; +(() => { + typeStore.GraphicString = _a$a; +})(); +GraphicString.NAME = "GraphicString"; + +var _a$9; +class VisibleString extends LocalSimpleStringBlock { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 26; + } +} +_a$9 = VisibleString; +(() => { + typeStore.VisibleString = _a$9; +})(); +VisibleString.NAME = "VisibleString"; + +var _a$8; +class GeneralString extends LocalSimpleStringBlock { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 27; + } +} +_a$8 = GeneralString; +(() => { + typeStore.GeneralString = _a$8; +})(); +GeneralString.NAME = "GeneralString"; + +var _a$7; +class CharacterString extends LocalSimpleStringBlock { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 29; + } +} +_a$7 = CharacterString; +(() => { + typeStore.CharacterString = _a$7; +})(); +CharacterString.NAME = "CharacterString"; + +var _a$6; +class UTCTime extends VisibleString { + constructor({ value, valueDate, ...parameters } = {}) { + super(parameters); + this.year = 0; + this.month = 0; + this.day = 0; + this.hour = 0; + this.minute = 0; + this.second = 0; + if (value) { + this.fromString(value); + this.valueBlock.valueHexView = new Uint8Array(value.length); + for (let i = 0; i < value.length; i++) + this.valueBlock.valueHexView[i] = value.charCodeAt(i); + } + if (valueDate) { + this.fromDate(valueDate); + this.valueBlock.valueHexView = new Uint8Array(this.toBuffer()); + } + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 23; + } + fromBuffer(inputBuffer) { + this.fromString(String.fromCharCode.apply(null, BufferSourceConverter.toUint8Array(inputBuffer))); + } + toBuffer() { + const str = this.toString(); + const buffer = new ArrayBuffer(str.length); + const view = new Uint8Array(buffer); + for (let i = 0; i < str.length; i++) + view[i] = str.charCodeAt(i); + return buffer; + } + fromDate(inputDate) { + this.year = inputDate.getUTCFullYear(); + this.month = inputDate.getUTCMonth() + 1; + this.day = inputDate.getUTCDate(); + this.hour = inputDate.getUTCHours(); + this.minute = inputDate.getUTCMinutes(); + this.second = inputDate.getUTCSeconds(); + } + toDate() { + return (new Date(Date.UTC(this.year, this.month - 1, this.day, this.hour, this.minute, this.second))); + } + fromString(inputString) { + const parser = /(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})Z/ig; + const parserArray = parser.exec(inputString); + if (parserArray === null) { + this.error = "Wrong input string for conversion"; + return; + } + const year = parseInt(parserArray[1], 10); + if (year >= 50) + this.year = 1900 + year; + else + this.year = 2000 + year; + this.month = parseInt(parserArray[2], 10); + this.day = parseInt(parserArray[3], 10); + this.hour = parseInt(parserArray[4], 10); + this.minute = parseInt(parserArray[5], 10); + this.second = parseInt(parserArray[6], 10); + } + toString(encoding = "iso") { + if (encoding === "iso") { + const outputArray = new Array(7); + outputArray[0] = padNumber(((this.year < 2000) ? (this.year - 1900) : (this.year - 2000)), 2); + outputArray[1] = padNumber(this.month, 2); + outputArray[2] = padNumber(this.day, 2); + outputArray[3] = padNumber(this.hour, 2); + outputArray[4] = padNumber(this.minute, 2); + outputArray[5] = padNumber(this.second, 2); + outputArray[6] = "Z"; + return outputArray.join(""); + } + return super.toString(encoding); + } + onAsciiEncoding() { + return `${this.constructor.NAME} : ${this.toDate().toISOString()}`; + } + toJSON() { + return { + ...super.toJSON(), + year: this.year, + month: this.month, + day: this.day, + hour: this.hour, + minute: this.minute, + second: this.second, + }; + } +} +_a$6 = UTCTime; +(() => { + typeStore.UTCTime = _a$6; +})(); +UTCTime.NAME = "UTCTime"; + +var _a$5; +class GeneralizedTime extends UTCTime { + constructor(parameters = {}) { + var _b; + super(parameters); + (_b = this.millisecond) !== null && _b !== void 0 ? _b : (this.millisecond = 0); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 24; + } + fromDate(inputDate) { + super.fromDate(inputDate); + this.millisecond = inputDate.getUTCMilliseconds(); + } + toDate() { + return (new Date(Date.UTC(this.year, this.month - 1, this.day, this.hour, this.minute, this.second, this.millisecond))); + } + fromString(inputString) { + let isUTC = false; + let timeString = ""; + let dateTimeString = ""; + let fractionPart = 0; + let parser; + let hourDifference = 0; + let minuteDifference = 0; + if (inputString[inputString.length - 1] === "Z") { + timeString = inputString.substring(0, inputString.length - 1); + isUTC = true; + } + else { + const number = new Number(inputString[inputString.length - 1]); + if (isNaN(number.valueOf())) + throw new Error("Wrong input string for conversion"); + timeString = inputString; + } + if (isUTC) { + if (timeString.indexOf("+") !== -1) + throw new Error("Wrong input string for conversion"); + if (timeString.indexOf("-") !== -1) + throw new Error("Wrong input string for conversion"); + } + else { + let multiplier = 1; + let differencePosition = timeString.indexOf("+"); + let differenceString = ""; + if (differencePosition === -1) { + differencePosition = timeString.indexOf("-"); + multiplier = -1; + } + if (differencePosition !== -1) { + differenceString = timeString.substring(differencePosition + 1); + timeString = timeString.substring(0, differencePosition); + if ((differenceString.length !== 2) && (differenceString.length !== 4)) + throw new Error("Wrong input string for conversion"); + let number = parseInt(differenceString.substring(0, 2), 10); + if (isNaN(number.valueOf())) + throw new Error("Wrong input string for conversion"); + hourDifference = multiplier * number; + if (differenceString.length === 4) { + number = parseInt(differenceString.substring(2, 4), 10); + if (isNaN(number.valueOf())) + throw new Error("Wrong input string for conversion"); + minuteDifference = multiplier * number; + } + } + } + let fractionPointPosition = timeString.indexOf("."); + if (fractionPointPosition === -1) + fractionPointPosition = timeString.indexOf(","); + if (fractionPointPosition !== -1) { + const fractionPartCheck = new Number(`0${timeString.substring(fractionPointPosition)}`); + if (isNaN(fractionPartCheck.valueOf())) + throw new Error("Wrong input string for conversion"); + fractionPart = fractionPartCheck.valueOf(); + dateTimeString = timeString.substring(0, fractionPointPosition); + } + else + dateTimeString = timeString; + switch (true) { + case (dateTimeString.length === 8): + parser = /(\d{4})(\d{2})(\d{2})/ig; + if (fractionPointPosition !== -1) + throw new Error("Wrong input string for conversion"); + break; + case (dateTimeString.length === 10): + parser = /(\d{4})(\d{2})(\d{2})(\d{2})/ig; + if (fractionPointPosition !== -1) { + let fractionResult = 60 * fractionPart; + this.minute = Math.floor(fractionResult); + fractionResult = 60 * (fractionResult - this.minute); + this.second = Math.floor(fractionResult); + fractionResult = 1000 * (fractionResult - this.second); + this.millisecond = Math.floor(fractionResult); + } + break; + case (dateTimeString.length === 12): + parser = /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})/ig; + if (fractionPointPosition !== -1) { + let fractionResult = 60 * fractionPart; + this.second = Math.floor(fractionResult); + fractionResult = 1000 * (fractionResult - this.second); + this.millisecond = Math.floor(fractionResult); + } + break; + case (dateTimeString.length === 14): + parser = /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/ig; + if (fractionPointPosition !== -1) { + const fractionResult = 1000 * fractionPart; + this.millisecond = Math.floor(fractionResult); + } + break; + default: + throw new Error("Wrong input string for conversion"); + } + const parserArray = parser.exec(dateTimeString); + if (parserArray === null) + throw new Error("Wrong input string for conversion"); + for (let j = 1; j < parserArray.length; j++) { + switch (j) { + case 1: + this.year = parseInt(parserArray[j], 10); + break; + case 2: + this.month = parseInt(parserArray[j], 10); + break; + case 3: + this.day = parseInt(parserArray[j], 10); + break; + case 4: + this.hour = parseInt(parserArray[j], 10) + hourDifference; + break; + case 5: + this.minute = parseInt(parserArray[j], 10) + minuteDifference; + break; + case 6: + this.second = parseInt(parserArray[j], 10); + break; + default: + throw new Error("Wrong input string for conversion"); + } + } + if (isUTC === false) { + const tempDate = new Date(this.year, this.month, this.day, this.hour, this.minute, this.second, this.millisecond); + this.year = tempDate.getUTCFullYear(); + this.month = tempDate.getUTCMonth(); + this.day = tempDate.getUTCDay(); + this.hour = tempDate.getUTCHours(); + this.minute = tempDate.getUTCMinutes(); + this.second = tempDate.getUTCSeconds(); + this.millisecond = tempDate.getUTCMilliseconds(); + } + } + toString(encoding = "iso") { + if (encoding === "iso") { + const outputArray = []; + outputArray.push(padNumber(this.year, 4)); + outputArray.push(padNumber(this.month, 2)); + outputArray.push(padNumber(this.day, 2)); + outputArray.push(padNumber(this.hour, 2)); + outputArray.push(padNumber(this.minute, 2)); + outputArray.push(padNumber(this.second, 2)); + if (this.millisecond !== 0) { + outputArray.push("."); + outputArray.push(padNumber(this.millisecond, 3)); + } + outputArray.push("Z"); + return outputArray.join(""); + } + return super.toString(encoding); + } + toJSON() { + return { + ...super.toJSON(), + millisecond: this.millisecond, + }; + } +} +_a$5 = GeneralizedTime; +(() => { + typeStore.GeneralizedTime = _a$5; +})(); +GeneralizedTime.NAME = "GeneralizedTime"; + +var _a$4; +class DATE$2 extends Utf8String { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 31; + } +} +_a$4 = DATE$2; +(() => { + typeStore.DATE = _a$4; +})(); +DATE$2.NAME = "DATE"; + +var _a$3; +class TimeOfDay extends Utf8String { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 32; + } +} +_a$3 = TimeOfDay; +(() => { + typeStore.TimeOfDay = _a$3; +})(); +TimeOfDay.NAME = "TimeOfDay"; + +var _a$2; +class DateTime extends Utf8String { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 33; + } +} +_a$2 = DateTime; +(() => { + typeStore.DateTime = _a$2; +})(); +DateTime.NAME = "DateTime"; + +var _a$1; +class Duration extends Utf8String { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 34; + } +} +_a$1 = Duration; +(() => { + typeStore.Duration = _a$1; +})(); +Duration.NAME = "Duration"; + +var _a$x; +class TIME extends Utf8String { + constructor(parameters = {}) { + super(parameters); + this.idBlock.tagClass = 1; + this.idBlock.tagNumber = 14; + } +} +_a$x = TIME; +(() => { + typeStore.TIME = _a$x; +})(); +TIME.NAME = "TIME"; + +class Any { + constructor({ name = EMPTY_STRING$1, optional = false, } = {}) { + this.name = name; + this.optional = optional; + } +} + +class Choice extends Any { + constructor({ value = [], ...parameters } = {}) { + super(parameters); + this.value = value; + } +} + +class Repeated extends Any { + constructor({ value = new Any(), local = false, ...parameters } = {}) { + super(parameters); + this.value = value; + this.local = local; + } +} + +class RawData { + constructor({ data = EMPTY_VIEW } = {}) { + this.dataView = BufferSourceConverter.toUint8Array(data); + } + get data() { + return this.dataView.slice().buffer; + } + set data(value) { + this.dataView = BufferSourceConverter.toUint8Array(value); + } + fromBER(inputBuffer, inputOffset, inputLength) { + const endLength = inputOffset + inputLength; + this.dataView = BufferSourceConverter.toUint8Array(inputBuffer).subarray(inputOffset, endLength); + return endLength; + } + toBER(sizeOnly) { + return this.dataView.slice().buffer; + } +} + +function compareSchema(root, inputData, inputSchema) { + if (inputSchema instanceof Choice) { + for (let j = 0; j < inputSchema.value.length; j++) { + const result = compareSchema(root, inputData, inputSchema.value[j]); + if (result.verified) { + return { + verified: true, + result: root + }; + } + } + { + const _result = { + verified: false, + result: { + error: "Wrong values for Choice type" + }, + }; + if (inputSchema.hasOwnProperty(NAME)) + _result.name = inputSchema.name; + return _result; + } + } + if (inputSchema instanceof Any) { + if (inputSchema.hasOwnProperty(NAME)) + root[inputSchema.name] = inputData; + return { + verified: true, + result: root + }; + } + if ((root instanceof Object) === false) { + return { + verified: false, + result: { error: "Wrong root object" } + }; + } + if ((inputData instanceof Object) === false) { + return { + verified: false, + result: { error: "Wrong ASN.1 data" } + }; + } + if ((inputSchema instanceof Object) === false) { + return { + verified: false, + result: { error: "Wrong ASN.1 schema" } + }; + } + if ((ID_BLOCK in inputSchema) === false) { + return { + verified: false, + result: { error: "Wrong ASN.1 schema" } + }; + } + if ((FROM_BER in inputSchema.idBlock) === false) { + return { + verified: false, + result: { error: "Wrong ASN.1 schema" } + }; + } + if ((TO_BER in inputSchema.idBlock) === false) { + return { + verified: false, + result: { error: "Wrong ASN.1 schema" } + }; + } + const encodedId = inputSchema.idBlock.toBER(false); + if (encodedId.byteLength === 0) { + return { + verified: false, + result: { error: "Error encoding idBlock for ASN.1 schema" } + }; + } + const decodedOffset = inputSchema.idBlock.fromBER(encodedId, 0, encodedId.byteLength); + if (decodedOffset === -1) { + return { + verified: false, + result: { error: "Error decoding idBlock for ASN.1 schema" } + }; + } + if (inputSchema.idBlock.hasOwnProperty(TAG_CLASS) === false) { + return { + verified: false, + result: { error: "Wrong ASN.1 schema" } + }; + } + if (inputSchema.idBlock.tagClass !== inputData.idBlock.tagClass) { + return { + verified: false, + result: root + }; + } + if (inputSchema.idBlock.hasOwnProperty(TAG_NUMBER) === false) { + return { + verified: false, + result: { error: "Wrong ASN.1 schema" } + }; + } + if (inputSchema.idBlock.tagNumber !== inputData.idBlock.tagNumber) { + return { + verified: false, + result: root + }; + } + if (inputSchema.idBlock.hasOwnProperty(IS_CONSTRUCTED) === false) { + return { + verified: false, + result: { error: "Wrong ASN.1 schema" } + }; + } + if (inputSchema.idBlock.isConstructed !== inputData.idBlock.isConstructed) { + return { + verified: false, + result: root + }; + } + if (!(IS_HEX_ONLY in inputSchema.idBlock)) { + return { + verified: false, + result: { error: "Wrong ASN.1 schema" } + }; + } + if (inputSchema.idBlock.isHexOnly !== inputData.idBlock.isHexOnly) { + return { + verified: false, + result: root + }; + } + if (inputSchema.idBlock.isHexOnly) { + if ((VALUE_HEX_VIEW in inputSchema.idBlock) === false) { + return { + verified: false, + result: { error: "Wrong ASN.1 schema" } + }; + } + const schemaView = inputSchema.idBlock.valueHexView; + const asn1View = inputData.idBlock.valueHexView; + if (schemaView.length !== asn1View.length) { + return { + verified: false, + result: root + }; + } + for (let i = 0; i < schemaView.length; i++) { + if (schemaView[i] !== asn1View[1]) { + return { + verified: false, + result: root + }; + } + } + } + if (inputSchema.name) { + inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1); + if (inputSchema.name) + root[inputSchema.name] = inputData; + } + if (inputSchema instanceof typeStore.Constructed) { + let admission = 0; + let result = { + verified: false, + result: { + error: "Unknown error", + } + }; + let maxLength = inputSchema.valueBlock.value.length; + if (maxLength > 0) { + if (inputSchema.valueBlock.value[0] instanceof Repeated) { + maxLength = inputData.valueBlock.value.length; + } + } + if (maxLength === 0) { + return { + verified: true, + result: root + }; + } + if ((inputData.valueBlock.value.length === 0) && + (inputSchema.valueBlock.value.length !== 0)) { + let _optional = true; + for (let i = 0; i < inputSchema.valueBlock.value.length; i++) + _optional = _optional && (inputSchema.valueBlock.value[i].optional || false); + if (_optional) { + return { + verified: true, + result: root + }; + } + if (inputSchema.name) { + inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1); + if (inputSchema.name) + delete root[inputSchema.name]; + } + root.error = "Inconsistent object length"; + return { + verified: false, + result: root + }; + } + for (let i = 0; i < maxLength; i++) { + if ((i - admission) >= inputData.valueBlock.value.length) { + if (inputSchema.valueBlock.value[i].optional === false) { + const _result = { + verified: false, + result: root + }; + root.error = "Inconsistent length between ASN.1 data and schema"; + if (inputSchema.name) { + inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1); + if (inputSchema.name) { + delete root[inputSchema.name]; + _result.name = inputSchema.name; + } + } + return _result; + } + } + else { + if (inputSchema.valueBlock.value[0] instanceof Repeated) { + result = compareSchema(root, inputData.valueBlock.value[i], inputSchema.valueBlock.value[0].value); + if (result.verified === false) { + if (inputSchema.valueBlock.value[0].optional) + admission++; + else { + if (inputSchema.name) { + inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1); + if (inputSchema.name) + delete root[inputSchema.name]; + } + return result; + } + } + if ((NAME in inputSchema.valueBlock.value[0]) && (inputSchema.valueBlock.value[0].name.length > 0)) { + let arrayRoot = {}; + if ((LOCAL in inputSchema.valueBlock.value[0]) && (inputSchema.valueBlock.value[0].local)) + arrayRoot = inputData; + else + arrayRoot = root; + if (typeof arrayRoot[inputSchema.valueBlock.value[0].name] === "undefined") + arrayRoot[inputSchema.valueBlock.value[0].name] = []; + arrayRoot[inputSchema.valueBlock.value[0].name].push(inputData.valueBlock.value[i]); + } + } + else { + result = compareSchema(root, inputData.valueBlock.value[i - admission], inputSchema.valueBlock.value[i]); + if (result.verified === false) { + if (inputSchema.valueBlock.value[i].optional) + admission++; + else { + if (inputSchema.name) { + inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1); + if (inputSchema.name) + delete root[inputSchema.name]; + } + return result; + } + } + } + } + } + if (result.verified === false) { + const _result = { + verified: false, + result: root + }; + if (inputSchema.name) { + inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1); + if (inputSchema.name) { + delete root[inputSchema.name]; + _result.name = inputSchema.name; + } + } + return _result; + } + return { + verified: true, + result: root + }; + } + if (inputSchema.primitiveSchema && + (VALUE_HEX_VIEW in inputData.valueBlock)) { + const asn1 = localFromBER(inputData.valueBlock.valueHexView); + if (asn1.offset === -1) { + const _result = { + verified: false, + result: asn1.result + }; + if (inputSchema.name) { + inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1); + if (inputSchema.name) { + delete root[inputSchema.name]; + _result.name = inputSchema.name; + } + } + return _result; + } + return compareSchema(root, asn1.result, inputSchema.primitiveSchema); + } + return { + verified: true, + result: root + }; +} + +const EMPTY_BUFFER = new ArrayBuffer(0); +const EMPTY_STRING = ""; + +class ArgumentError extends TypeError { + constructor() { + super(...arguments); + this.name = ArgumentError.NAME; + } + static isType(value, type) { + if (typeof type === "string") { + if (type === "Array" && Array.isArray(value)) { + return true; + } + else if (type === "ArrayBuffer" && value instanceof ArrayBuffer) { + return true; + } + else if (type === "ArrayBufferView" && ArrayBuffer.isView(value)) { + return true; + } + else if (typeof value === type) { + return true; + } + } + else if (value instanceof type) { + return true; + } + return false; + } + static assert(value, name, ...types) { + for (const type of types) { + if (this.isType(value, type)) { + return; + } + } + const typeNames = types.map(o => o instanceof Function && "name" in o ? o.name : `${o}`); + throw new ArgumentError(`Parameter '${name}' is not of type ${typeNames.length > 1 ? `(${typeNames.join(" or ")})` : typeNames[0]}`); + } +} +ArgumentError.NAME = "ArgumentError"; + +class ParameterError extends TypeError { + constructor(field, target = null, message) { + super(); + this.name = ParameterError.NAME; + this.field = field; + if (target) { + this.target = target; + } + if (message) { + this.message = message; + } + else { + this.message = `Absent mandatory parameter '${field}' ${target ? ` in '${target}'` : EMPTY_STRING}`; + } + } + static assert(...args) { + let target = null; + let params; + let fields; + if (typeof args[0] === "string") { + target = args[0]; + params = args[1]; + fields = args.slice(2); + } + else { + params = args[0]; + fields = args.slice(1); + } + ArgumentError.assert(params, "parameters", "object"); + for (const field of fields) { + const value = params[field]; + if (value === undefined || value === null) { + throw new ParameterError(field, target); + } + } + } + static assertEmpty(value, name, target) { + if (value === undefined || value === null) { + throw new ParameterError(name, target); + } + } +} +ParameterError.NAME = "ParameterError"; + +class AsnError extends Error { + static assertSchema(asn1, target) { + if (!asn1.verified) { + throw new Error(`Object's schema was not verified against input data for ${target}`); + } + } + static assert(asn, target) { + if (asn.offset === -1) { + throw new AsnError(`Error during parsing of ASN.1 data. Data is not correct for '${target}'.`); + } + } + constructor(message) { + super(message); + this.name = "AsnError"; + } +} + +class PkiObject { + static blockName() { + return this.CLASS_NAME; + } + static fromBER(raw) { + const asn1 = fromBER(raw); + AsnError.assert(asn1, this.name); + try { + return new this({ schema: asn1.result }); + } + catch (e) { + throw new AsnError(`Cannot create '${this.CLASS_NAME}' from ASN.1 object`); + } + } + static defaultValues(memberName) { + throw new Error(`Invalid member name for ${this.CLASS_NAME} class: ${memberName}`); + } + static schema(parameters = {}) { + throw new Error(`Method '${this.CLASS_NAME}.schema' should be overridden`); + } + get className() { + return this.constructor.CLASS_NAME; + } + toString(encoding = "hex") { + let schema; + try { + schema = this.toSchema(); + } + catch (_a) { + schema = this.toSchema(true); + } + return Convert.ToString(schema.toBER(), encoding); + } +} +PkiObject.CLASS_NAME = "PkiObject"; + +function stringPrep(inputString) { + let isSpace = false; + let cutResult = EMPTY_STRING; + const result = inputString.trim(); + for (let i = 0; i < result.length; i++) { + if (result.charCodeAt(i) === 32) { + if (isSpace === false) + isSpace = true; + } + else { + if (isSpace) { + cutResult += " "; + isSpace = false; + } + cutResult += result[i]; + } + } + return cutResult.toLowerCase(); +} + +const TYPE$5 = "type"; +const VALUE$6 = "value"; +class AttributeTypeAndValue extends PkiObject { + constructor(parameters = {}) { + super(); + this.type = getParametersValue(parameters, TYPE$5, AttributeTypeAndValue.defaultValues(TYPE$5)); + this.value = getParametersValue(parameters, VALUE$6, AttributeTypeAndValue.defaultValues(VALUE$6)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case TYPE$5: + return EMPTY_STRING; + case VALUE$6: + return {}; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.type || EMPTY_STRING) }), + new Any({ name: (names.value || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, [ + TYPE$5, + "typeValue" + ]); + const asn1 = compareSchema(schema, schema, AttributeTypeAndValue.schema({ + names: { + type: TYPE$5, + value: "typeValue" + } + })); + AsnError.assertSchema(asn1, this.className); + this.type = asn1.result.type.valueBlock.toString(); + this.value = asn1.result.typeValue; + } + toSchema() { + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.type }), + this.value + ] + })); + } + toJSON() { + const _object = { + type: this.type + }; + if (Object.keys(this.value).length !== 0) { + _object.value = (this.value).toJSON(); + } + else { + _object.value = this.value; + } + return _object; + } + isEqual(compareTo) { + const stringBlockNames = [ + Utf8String.blockName(), + BmpString.blockName(), + UniversalString.blockName(), + NumericString.blockName(), + PrintableString.blockName(), + TeletexString.blockName(), + VideotexString.blockName(), + IA5String.blockName(), + GraphicString.blockName(), + VisibleString.blockName(), + GeneralString.blockName(), + CharacterString.blockName() + ]; + if (compareTo instanceof ArrayBuffer) { + return BufferSourceConverter.isEqual(this.value.valueBeforeDecodeView, compareTo); + } + if (compareTo.constructor.blockName() === AttributeTypeAndValue.blockName()) { + if (this.type !== compareTo.type) + return false; + const isStringPair = [false, false]; + const thisName = this.value.constructor.blockName(); + for (const name of stringBlockNames) { + if (thisName === name) { + isStringPair[0] = true; + } + if (compareTo.value.constructor.blockName() === name) { + isStringPair[1] = true; + } + } + if (isStringPair[0] !== isStringPair[1]) { + return false; + } + const isString = (isStringPair[0] && isStringPair[1]); + if (isString) { + const value1 = stringPrep(this.value.valueBlock.value); + const value2 = stringPrep(compareTo.value.valueBlock.value); + if (value1.localeCompare(value2) !== 0) + return false; + } + else { + if (!BufferSourceConverter.isEqual(this.value.valueBeforeDecodeView, compareTo.value.valueBeforeDecodeView)) + return false; + } + return true; + } + return false; + } +} +AttributeTypeAndValue.CLASS_NAME = "AttributeTypeAndValue"; + +const TYPE_AND_VALUES = "typesAndValues"; +const VALUE_BEFORE_DECODE = "valueBeforeDecode"; +const RDN = "RDN"; +class RelativeDistinguishedNames extends PkiObject { + constructor(parameters = {}) { + super(); + this.typesAndValues = getParametersValue(parameters, TYPE_AND_VALUES, RelativeDistinguishedNames.defaultValues(TYPE_AND_VALUES)); + this.valueBeforeDecode = getParametersValue(parameters, VALUE_BEFORE_DECODE, RelativeDistinguishedNames.defaultValues(VALUE_BEFORE_DECODE)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case TYPE_AND_VALUES: + return []; + case VALUE_BEFORE_DECODE: + return EMPTY_BUFFER; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case TYPE_AND_VALUES: + return (memberValue.length === 0); + case VALUE_BEFORE_DECODE: + return (memberValue.byteLength === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.repeatedSequence || EMPTY_STRING), + value: new Set({ + value: [ + new Repeated({ + name: (names.repeatedSet || EMPTY_STRING), + value: AttributeTypeAndValue.schema(names.typeAndValue || {}) + }) + ] + }) + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, [ + RDN, + TYPE_AND_VALUES + ]); + const asn1 = compareSchema(schema, schema, RelativeDistinguishedNames.schema({ + names: { + blockName: RDN, + repeatedSet: TYPE_AND_VALUES + } + })); + AsnError.assertSchema(asn1, this.className); + if (TYPE_AND_VALUES in asn1.result) { + this.typesAndValues = Array.from(asn1.result.typesAndValues, element => new AttributeTypeAndValue({ schema: element })); + } + this.valueBeforeDecode = asn1.result.RDN.valueBeforeDecodeView.slice().buffer; + } + toSchema() { + if (this.valueBeforeDecode.byteLength === 0) { + return (new Sequence({ + value: [new Set({ + value: Array.from(this.typesAndValues, o => o.toSchema()) + })] + })); + } + const asn1 = fromBER(this.valueBeforeDecode); + AsnError.assert(asn1, "RelativeDistinguishedNames"); + if (!(asn1.result instanceof Sequence)) { + throw new Error("ASN.1 result should be SEQUENCE"); + } + return asn1.result; + } + toJSON() { + return { + typesAndValues: Array.from(this.typesAndValues, o => o.toJSON()) + }; + } + isEqual(compareTo) { + if (compareTo instanceof RelativeDistinguishedNames) { + if (this.typesAndValues.length !== compareTo.typesAndValues.length) + return false; + for (const [index, typeAndValue] of this.typesAndValues.entries()) { + if (typeAndValue.isEqual(compareTo.typesAndValues[index]) === false) + return false; + } + return true; + } + if (compareTo instanceof ArrayBuffer) { + return isEqualBuffer(this.valueBeforeDecode, compareTo); + } + return false; + } +} +RelativeDistinguishedNames.CLASS_NAME = "RelativeDistinguishedNames"; + +const TYPE$4 = "type"; +const VALUE$5 = "value"; +function builtInStandardAttributes(parameters = {}, optional = false) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + optional, + value: [ + new Constructed({ + optional: true, + idBlock: { + tagClass: 2, + tagNumber: 1 + }, + name: (names.country_name || EMPTY_STRING), + value: [ + new Choice({ + value: [ + new NumericString(), + new PrintableString() + ] + }) + ] + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 2, + tagNumber: 2 + }, + name: (names.administration_domain_name || EMPTY_STRING), + value: [ + new Choice({ + value: [ + new NumericString(), + new PrintableString() + ] + }) + ] + }), + new Primitive({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + name: (names.network_address || EMPTY_STRING), + isHexOnly: true + }), + new Primitive({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + name: (names.terminal_identifier || EMPTY_STRING), + isHexOnly: true + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + name: (names.private_domain_name || EMPTY_STRING), + value: [ + new Choice({ + value: [ + new NumericString(), + new PrintableString() + ] + }) + ] + }), + new Primitive({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 3 + }, + name: (names.organization_name || EMPTY_STRING), + isHexOnly: true + }), + new Primitive({ + optional: true, + name: (names.numeric_user_identifier || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 4 + }, + isHexOnly: true + }), + new Constructed({ + optional: true, + name: (names.personal_name || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 5 + }, + value: [ + new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + isHexOnly: true + }), + new Primitive({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + isHexOnly: true + }), + new Primitive({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + isHexOnly: true + }), + new Primitive({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 3 + }, + isHexOnly: true + }) + ] + }), + new Constructed({ + optional: true, + name: (names.organizational_unit_names || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 6 + }, + value: [ + new Repeated({ + value: new PrintableString() + }) + ] + }) + ] + })); +} +function builtInDomainDefinedAttributes(optional = false) { + return (new Sequence({ + optional, + value: [ + new PrintableString(), + new PrintableString() + ] + })); +} +function extensionAttributes(optional = false) { + return (new Set({ + optional, + value: [ + new Primitive({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + isHexOnly: true + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [new Any()] + }) + ] + })); +} +class GeneralName extends PkiObject { + constructor(parameters = {}) { + super(); + this.type = getParametersValue(parameters, TYPE$4, GeneralName.defaultValues(TYPE$4)); + this.value = getParametersValue(parameters, VALUE$5, GeneralName.defaultValues(VALUE$5)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case TYPE$4: + return 9; + case VALUE$5: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case TYPE$4: + return (memberValue === GeneralName.defaultValues(memberName)); + case VALUE$5: + return (Object.keys(memberValue).length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Choice({ + value: [ + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier(), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Any()] + }) + ] + }), + new Primitive({ + name: (names.blockName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 1 + } + }), + new Primitive({ + name: (names.blockName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 2 + } + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 3 + }, + name: (names.blockName || EMPTY_STRING), + value: [ + builtInStandardAttributes((names.builtInStandardAttributes || {}), false), + builtInDomainDefinedAttributes(true), + extensionAttributes(true) + ] + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 4 + }, + name: (names.blockName || EMPTY_STRING), + value: [RelativeDistinguishedNames.schema(names.directoryName || {})] + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 5 + }, + name: (names.blockName || EMPTY_STRING), + value: [ + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Choice({ + value: [ + new TeletexString(), + new PrintableString(), + new UniversalString(), + new Utf8String(), + new BmpString() + ] + }) + ] + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [ + new Choice({ + value: [ + new TeletexString(), + new PrintableString(), + new UniversalString(), + new Utf8String(), + new BmpString() + ] + }) + ] + }) + ] + }), + new Primitive({ + name: (names.blockName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 6 + } + }), + new Primitive({ + name: (names.blockName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 7 + } + }), + new Primitive({ + name: (names.blockName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 8 + } + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, [ + "blockName", + "otherName", + "rfc822Name", + "dNSName", + "x400Address", + "directoryName", + "ediPartyName", + "uniformResourceIdentifier", + "iPAddress", + "registeredID" + ]); + const asn1 = compareSchema(schema, schema, GeneralName.schema({ + names: { + blockName: "blockName", + otherName: "otherName", + rfc822Name: "rfc822Name", + dNSName: "dNSName", + x400Address: "x400Address", + directoryName: { + names: { + blockName: "directoryName" + } + }, + ediPartyName: "ediPartyName", + uniformResourceIdentifier: "uniformResourceIdentifier", + iPAddress: "iPAddress", + registeredID: "registeredID" + } + })); + AsnError.assertSchema(asn1, this.className); + this.type = asn1.result.blockName.idBlock.tagNumber; + switch (this.type) { + case 0: + this.value = asn1.result.blockName; + break; + case 1: + case 2: + case 6: + { + const value = asn1.result.blockName; + value.idBlock.tagClass = 1; + value.idBlock.tagNumber = 22; + const valueBER = value.toBER(false); + const asnValue = fromBER(valueBER); + AsnError.assert(asnValue, "GeneralName value"); + this.value = asnValue.result.valueBlock.value; + } + break; + case 3: + this.value = asn1.result.blockName; + break; + case 4: + this.value = new RelativeDistinguishedNames({ schema: asn1.result.directoryName }); + break; + case 5: + this.value = asn1.result.ediPartyName; + break; + case 7: + this.value = new OctetString({ valueHex: asn1.result.blockName.valueBlock.valueHex }); + break; + case 8: + { + const value = asn1.result.blockName; + value.idBlock.tagClass = 1; + value.idBlock.tagNumber = 6; + const valueBER = value.toBER(false); + const asnValue = fromBER(valueBER); + AsnError.assert(asnValue, "GeneralName registeredID"); + this.value = asnValue.result.valueBlock.toString(); + } + break; + } + } + toSchema() { + switch (this.type) { + case 0: + case 3: + case 5: + return new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: this.type + }, + value: [ + this.value + ] + }); + case 1: + case 2: + case 6: + { + const value = new IA5String({ value: this.value }); + value.idBlock.tagClass = 3; + value.idBlock.tagNumber = this.type; + return value; + } + case 4: + return new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 4 + }, + value: [this.value.toSchema()] + }); + case 7: + { + const value = this.value; + value.idBlock.tagClass = 3; + value.idBlock.tagNumber = this.type; + return value; + } + case 8: + { + const value = new ObjectIdentifier({ value: this.value }); + value.idBlock.tagClass = 3; + value.idBlock.tagNumber = this.type; + return value; + } + default: + return GeneralName.schema(); + } + } + toJSON() { + const _object = { + type: this.type, + value: EMPTY_STRING + }; + if ((typeof this.value) === "string") + _object.value = this.value; + else { + try { + _object.value = this.value.toJSON(); + } + catch (ex) { + } + } + return _object; + } +} +GeneralName.CLASS_NAME = "GeneralName"; + +const ACCESS_METHOD = "accessMethod"; +const ACCESS_LOCATION = "accessLocation"; +const CLEAR_PROPS$1v = [ + ACCESS_METHOD, + ACCESS_LOCATION, +]; +class AccessDescription extends PkiObject { + constructor(parameters = {}) { + super(); + this.accessMethod = getParametersValue(parameters, ACCESS_METHOD, AccessDescription.defaultValues(ACCESS_METHOD)); + this.accessLocation = getParametersValue(parameters, ACCESS_LOCATION, AccessDescription.defaultValues(ACCESS_LOCATION)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ACCESS_METHOD: + return EMPTY_STRING; + case ACCESS_LOCATION: + return new GeneralName(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.accessMethod || EMPTY_STRING) }), + GeneralName.schema(names.accessLocation || {}) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1v); + const asn1 = compareSchema(schema, schema, AccessDescription.schema({ + names: { + accessMethod: ACCESS_METHOD, + accessLocation: { + names: { + blockName: ACCESS_LOCATION + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.accessMethod = asn1.result.accessMethod.valueBlock.toString(); + this.accessLocation = new GeneralName({ schema: asn1.result.accessLocation }); + } + toSchema() { + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.accessMethod }), + this.accessLocation.toSchema() + ] + })); + } + toJSON() { + return { + accessMethod: this.accessMethod, + accessLocation: this.accessLocation.toJSON() + }; + } +} +AccessDescription.CLASS_NAME = "AccessDescription"; + +const SECONDS = "seconds"; +const MILLIS = "millis"; +const MICROS = "micros"; +class Accuracy extends PkiObject { + constructor(parameters = {}) { + super(); + if (SECONDS in parameters) { + this.seconds = getParametersValue(parameters, SECONDS, Accuracy.defaultValues(SECONDS)); + } + if (MILLIS in parameters) { + this.millis = getParametersValue(parameters, MILLIS, Accuracy.defaultValues(MILLIS)); + } + if (MICROS in parameters) { + this.micros = getParametersValue(parameters, MICROS, Accuracy.defaultValues(MICROS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case SECONDS: + case MILLIS: + case MICROS: + return 0; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case SECONDS: + case MILLIS: + case MICROS: + return (memberValue === Accuracy.defaultValues(memberName)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + optional: true, + value: [ + new Integer({ + optional: true, + name: (names.seconds || EMPTY_STRING) + }), + new Primitive({ + name: (names.millis || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + } + }), + new Primitive({ + name: (names.micros || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + } + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, [ + SECONDS, + MILLIS, + MICROS, + ]); + const asn1 = compareSchema(schema, schema, Accuracy.schema({ + names: { + seconds: SECONDS, + millis: MILLIS, + micros: MICROS, + } + })); + AsnError.assertSchema(asn1, this.className); + if ("seconds" in asn1.result) { + this.seconds = asn1.result.seconds.valueBlock.valueDec; + } + if ("millis" in asn1.result) { + const intMillis = new Integer({ valueHex: asn1.result.millis.valueBlock.valueHex }); + this.millis = intMillis.valueBlock.valueDec; + } + if ("micros" in asn1.result) { + const intMicros = new Integer({ valueHex: asn1.result.micros.valueBlock.valueHex }); + this.micros = intMicros.valueBlock.valueDec; + } + } + toSchema() { + const outputArray = []; + if (this.seconds !== undefined) + outputArray.push(new Integer({ value: this.seconds })); + if (this.millis !== undefined) { + const intMillis = new Integer({ value: this.millis }); + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + valueHex: intMillis.valueBlock.valueHexView + })); + } + if (this.micros !== undefined) { + const intMicros = new Integer({ value: this.micros }); + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + valueHex: intMicros.valueBlock.valueHexView + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const _object = {}; + if (this.seconds !== undefined) + _object.seconds = this.seconds; + if (this.millis !== undefined) + _object.millis = this.millis; + if (this.micros !== undefined) + _object.micros = this.micros; + return _object; + } +} +Accuracy.CLASS_NAME = "Accuracy"; + +const ALGORITHM_ID = "algorithmId"; +const ALGORITHM_PARAMS = "algorithmParams"; +const ALGORITHM$2 = "algorithm"; +const PARAMS = "params"; +const CLEAR_PROPS$1u = [ + ALGORITHM$2, + PARAMS +]; +class AlgorithmIdentifier extends PkiObject { + constructor(parameters = {}) { + super(); + this.algorithmId = getParametersValue(parameters, ALGORITHM_ID, AlgorithmIdentifier.defaultValues(ALGORITHM_ID)); + if (ALGORITHM_PARAMS in parameters) { + this.algorithmParams = getParametersValue(parameters, ALGORITHM_PARAMS, AlgorithmIdentifier.defaultValues(ALGORITHM_PARAMS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ALGORITHM_ID: + return EMPTY_STRING; + case ALGORITHM_PARAMS: + return new Any(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case ALGORITHM_ID: + return (memberValue === EMPTY_STRING); + case ALGORITHM_PARAMS: + return (memberValue instanceof Any); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + optional: (names.optional || false), + value: [ + new ObjectIdentifier({ name: (names.algorithmIdentifier || EMPTY_STRING) }), + new Any({ name: (names.algorithmParams || EMPTY_STRING), optional: true }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1u); + const asn1 = compareSchema(schema, schema, AlgorithmIdentifier.schema({ + names: { + algorithmIdentifier: ALGORITHM$2, + algorithmParams: PARAMS + } + })); + AsnError.assertSchema(asn1, this.className); + this.algorithmId = asn1.result.algorithm.valueBlock.toString(); + if (PARAMS in asn1.result) { + this.algorithmParams = asn1.result.params; + } + } + toSchema() { + const outputArray = []; + outputArray.push(new ObjectIdentifier({ value: this.algorithmId })); + if (this.algorithmParams && !(this.algorithmParams instanceof Any)) { + outputArray.push(this.algorithmParams); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const object = { + algorithmId: this.algorithmId + }; + if (this.algorithmParams && !(this.algorithmParams instanceof Any)) { + object.algorithmParams = this.algorithmParams.toJSON(); + } + return object; + } + isEqual(algorithmIdentifier) { + if (!(algorithmIdentifier instanceof AlgorithmIdentifier)) { + return false; + } + if (this.algorithmId !== algorithmIdentifier.algorithmId) { + return false; + } + if (this.algorithmParams) { + if (algorithmIdentifier.algorithmParams) { + return JSON.stringify(this.algorithmParams) === JSON.stringify(algorithmIdentifier.algorithmParams); + } + return false; + } + if (algorithmIdentifier.algorithmParams) { + return false; + } + return true; + } +} +AlgorithmIdentifier.CLASS_NAME = "AlgorithmIdentifier"; + +const ALT_NAMES = "altNames"; +const CLEAR_PROPS$1t = [ + ALT_NAMES +]; +class AltName extends PkiObject { + constructor(parameters = {}) { + super(); + this.altNames = getParametersValue(parameters, ALT_NAMES, AltName.defaultValues(ALT_NAMES)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ALT_NAMES: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.altNames || EMPTY_STRING), + value: GeneralName.schema() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1t); + const asn1 = compareSchema(schema, schema, AltName.schema({ + names: { + altNames: ALT_NAMES + } + })); + AsnError.assertSchema(asn1, this.className); + if (ALT_NAMES in asn1.result) { + this.altNames = Array.from(asn1.result.altNames, element => new GeneralName({ schema: element })); + } + } + toSchema() { + return (new Sequence({ + value: Array.from(this.altNames, o => o.toSchema()) + })); + } + toJSON() { + return { + altNames: Array.from(this.altNames, o => o.toJSON()) + }; + } +} +AltName.CLASS_NAME = "AltName"; + +const TYPE$3 = "type"; +const VALUES$1 = "values"; +const CLEAR_PROPS$1s = [ + TYPE$3, + VALUES$1 +]; +class Attribute extends PkiObject { + constructor(parameters = {}) { + super(); + this.type = getParametersValue(parameters, TYPE$3, Attribute.defaultValues(TYPE$3)); + this.values = getParametersValue(parameters, VALUES$1, Attribute.defaultValues(VALUES$1)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case TYPE$3: + return EMPTY_STRING; + case VALUES$1: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case TYPE$3: + return (memberValue === EMPTY_STRING); + case VALUES$1: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.type || EMPTY_STRING) }), + new Set({ + name: (names.setName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.values || EMPTY_STRING), + value: new Any() + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1s); + const asn1 = compareSchema(schema, schema, Attribute.schema({ + names: { + type: TYPE$3, + values: VALUES$1 + } + })); + AsnError.assertSchema(asn1, this.className); + this.type = asn1.result.type.valueBlock.toString(); + this.values = asn1.result.values; + } + toSchema() { + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.type }), + new Set({ + value: this.values + }) + ] + })); + } + toJSON() { + return { + type: this.type, + values: Array.from(this.values, o => o.toJSON()) + }; + } +} +Attribute.CLASS_NAME = "Attribute"; + +const NOT_BEFORE_TIME = "notBeforeTime"; +const NOT_AFTER_TIME = "notAfterTime"; +const CLEAR_PROPS$1r = [ + NOT_BEFORE_TIME, + NOT_AFTER_TIME, +]; +class AttCertValidityPeriod extends PkiObject { + constructor(parameters = {}) { + super(); + this.notBeforeTime = getParametersValue(parameters, NOT_BEFORE_TIME, AttCertValidityPeriod.defaultValues(NOT_BEFORE_TIME)); + this.notAfterTime = getParametersValue(parameters, NOT_AFTER_TIME, AttCertValidityPeriod.defaultValues(NOT_AFTER_TIME)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case NOT_BEFORE_TIME: + case NOT_AFTER_TIME: + return new Date(0, 0, 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new GeneralizedTime({ name: (names.notBeforeTime || EMPTY_STRING) }), + new GeneralizedTime({ name: (names.notAfterTime || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1r); + const asn1 = compareSchema(schema, schema, AttCertValidityPeriod.schema({ + names: { + notBeforeTime: NOT_BEFORE_TIME, + notAfterTime: NOT_AFTER_TIME + } + })); + AsnError.assertSchema(asn1, this.className); + this.notBeforeTime = asn1.result.notBeforeTime.toDate(); + this.notAfterTime = asn1.result.notAfterTime.toDate(); + } + toSchema() { + return (new Sequence({ + value: [ + new GeneralizedTime({ valueDate: this.notBeforeTime }), + new GeneralizedTime({ valueDate: this.notAfterTime }), + ] + })); + } + toJSON() { + return { + notBeforeTime: this.notBeforeTime, + notAfterTime: this.notAfterTime + }; + } +} +AttCertValidityPeriod.CLASS_NAME = "AttCertValidityPeriod"; + +const NAMES = "names"; +const GENERAL_NAMES = "generalNames"; +class GeneralNames extends PkiObject { + constructor(parameters = {}) { + super(); + this.names = getParametersValue(parameters, NAMES, GeneralNames.defaultValues(NAMES)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case "names": + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}, optional = false) { + const names = getParametersValue(parameters, NAMES, {}); + return (new Sequence({ + optional, + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.generalNames || EMPTY_STRING), + value: GeneralName.schema() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, [ + NAMES, + GENERAL_NAMES + ]); + const asn1 = compareSchema(schema, schema, GeneralNames.schema({ + names: { + blockName: NAMES, + generalNames: GENERAL_NAMES + } + })); + AsnError.assertSchema(asn1, this.className); + this.names = Array.from(asn1.result.generalNames, element => new GeneralName({ schema: element })); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.names, o => o.toSchema()) + })); + } + toJSON() { + return { + names: Array.from(this.names, o => o.toJSON()) + }; + } +} +GeneralNames.CLASS_NAME = "GeneralNames"; + +const id_SubjectDirectoryAttributes = "2.5.29.9"; +const id_SubjectKeyIdentifier = "2.5.29.14"; +const id_KeyUsage = "2.5.29.15"; +const id_PrivateKeyUsagePeriod = "2.5.29.16"; +const id_SubjectAltName = "2.5.29.17"; +const id_IssuerAltName = "2.5.29.18"; +const id_BasicConstraints = "2.5.29.19"; +const id_CRLNumber = "2.5.29.20"; +const id_BaseCRLNumber = "2.5.29.27"; +const id_CRLReason = "2.5.29.21"; +const id_InvalidityDate = "2.5.29.24"; +const id_IssuingDistributionPoint = "2.5.29.28"; +const id_CertificateIssuer = "2.5.29.29"; +const id_NameConstraints = "2.5.29.30"; +const id_CRLDistributionPoints = "2.5.29.31"; +const id_FreshestCRL = "2.5.29.46"; +const id_CertificatePolicies = "2.5.29.32"; +const id_AnyPolicy = "2.5.29.32.0"; +const id_MicrosoftAppPolicies = "1.3.6.1.4.1.311.21.10"; +const id_PolicyMappings = "2.5.29.33"; +const id_AuthorityKeyIdentifier = "2.5.29.35"; +const id_PolicyConstraints = "2.5.29.36"; +const id_ExtKeyUsage = "2.5.29.37"; +const id_InhibitAnyPolicy = "2.5.29.54"; +const id_AuthorityInfoAccess = "1.3.6.1.5.5.7.1.1"; +const id_SubjectInfoAccess = "1.3.6.1.5.5.7.1.11"; +const id_SignedCertificateTimestampList = "1.3.6.1.4.1.11129.2.4.2"; +const id_MicrosoftCertTemplateV1 = "1.3.6.1.4.1.311.20.2"; +const id_MicrosoftPrevCaCertHash = "1.3.6.1.4.1.311.21.2"; +const id_MicrosoftCertTemplateV2 = "1.3.6.1.4.1.311.21.7"; +const id_MicrosoftCaVersion = "1.3.6.1.4.1.311.21.1"; +const id_QCStatements = "1.3.6.1.5.5.7.1.3"; +const id_ContentType_Data = "1.2.840.113549.1.7.1"; +const id_ContentType_SignedData = "1.2.840.113549.1.7.2"; +const id_ContentType_EnvelopedData = "1.2.840.113549.1.7.3"; +const id_ContentType_EncryptedData = "1.2.840.113549.1.7.6"; +const id_eContentType_TSTInfo = "1.2.840.113549.1.9.16.1.4"; +const id_CertBag_X509Certificate = "1.2.840.113549.1.9.22.1"; +const id_CertBag_SDSICertificate = "1.2.840.113549.1.9.22.2"; +const id_CertBag_AttributeCertificate = "1.2.840.113549.1.9.22.3"; +const id_CRLBag_X509CRL = "1.2.840.113549.1.9.23.1"; +const id_pkix = "1.3.6.1.5.5.7"; +const id_ad = `${id_pkix}.48`; +const id_PKIX_OCSP_Basic = `${id_ad}.1.1`; +const id_ad_caIssuers = `${id_ad}.2`; +const id_ad_ocsp = `${id_ad}.1`; +const id_sha1 = "1.3.14.3.2.26"; +const id_sha256 = "2.16.840.1.101.3.4.2.1"; +const id_sha384 = "2.16.840.1.101.3.4.2.2"; +const id_sha512 = "2.16.840.1.101.3.4.2.3"; + +const KEY_IDENTIFIER$1 = "keyIdentifier"; +const AUTHORITY_CERT_ISSUER = "authorityCertIssuer"; +const AUTHORITY_CERT_SERIAL_NUMBER = "authorityCertSerialNumber"; +const CLEAR_PROPS$1q = [ + KEY_IDENTIFIER$1, + AUTHORITY_CERT_ISSUER, + AUTHORITY_CERT_SERIAL_NUMBER, +]; +class AuthorityKeyIdentifier extends PkiObject { + constructor(parameters = {}) { + super(); + if (KEY_IDENTIFIER$1 in parameters) { + this.keyIdentifier = getParametersValue(parameters, KEY_IDENTIFIER$1, AuthorityKeyIdentifier.defaultValues(KEY_IDENTIFIER$1)); + } + if (AUTHORITY_CERT_ISSUER in parameters) { + this.authorityCertIssuer = getParametersValue(parameters, AUTHORITY_CERT_ISSUER, AuthorityKeyIdentifier.defaultValues(AUTHORITY_CERT_ISSUER)); + } + if (AUTHORITY_CERT_SERIAL_NUMBER in parameters) { + this.authorityCertSerialNumber = getParametersValue(parameters, AUTHORITY_CERT_SERIAL_NUMBER, AuthorityKeyIdentifier.defaultValues(AUTHORITY_CERT_SERIAL_NUMBER)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case KEY_IDENTIFIER$1: + return new OctetString(); + case AUTHORITY_CERT_ISSUER: + return []; + case AUTHORITY_CERT_SERIAL_NUMBER: + return new Integer(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Primitive({ + name: (names.keyIdentifier || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + } + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [ + new Repeated({ + name: (names.authorityCertIssuer || EMPTY_STRING), + value: GeneralName.schema() + }) + ] + }), + new Primitive({ + name: (names.authorityCertSerialNumber || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 2 + } + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1q); + const asn1 = compareSchema(schema, schema, AuthorityKeyIdentifier.schema({ + names: { + keyIdentifier: KEY_IDENTIFIER$1, + authorityCertIssuer: AUTHORITY_CERT_ISSUER, + authorityCertSerialNumber: AUTHORITY_CERT_SERIAL_NUMBER + } + })); + AsnError.assertSchema(asn1, this.className); + if (KEY_IDENTIFIER$1 in asn1.result) + this.keyIdentifier = new OctetString({ valueHex: asn1.result.keyIdentifier.valueBlock.valueHex }); + if (AUTHORITY_CERT_ISSUER in asn1.result) + this.authorityCertIssuer = Array.from(asn1.result.authorityCertIssuer, o => new GeneralName({ schema: o })); + if (AUTHORITY_CERT_SERIAL_NUMBER in asn1.result) + this.authorityCertSerialNumber = new Integer({ valueHex: asn1.result.authorityCertSerialNumber.valueBlock.valueHex }); + } + toSchema() { + const outputArray = []; + if (this.keyIdentifier) { + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + valueHex: this.keyIdentifier.valueBlock.valueHexView + })); + } + if (this.authorityCertIssuer) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: Array.from(this.authorityCertIssuer, o => o.toSchema()) + })); + } + if (this.authorityCertSerialNumber) { + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + valueHex: this.authorityCertSerialNumber.valueBlock.valueHexView + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const object = {}; + if (this.keyIdentifier) { + object.keyIdentifier = this.keyIdentifier.toJSON(); + } + if (this.authorityCertIssuer) { + object.authorityCertIssuer = Array.from(this.authorityCertIssuer, o => o.toJSON()); + } + if (this.authorityCertSerialNumber) { + object.authorityCertSerialNumber = this.authorityCertSerialNumber.toJSON(); + } + return object; + } +} +AuthorityKeyIdentifier.CLASS_NAME = "AuthorityKeyIdentifier"; + +const PATH_LENGTH_CONSTRAINT = "pathLenConstraint"; +const CA = "cA"; +class BasicConstraints extends PkiObject { + constructor(parameters = {}) { + super(); + this.cA = getParametersValue(parameters, CA, false); + if (PATH_LENGTH_CONSTRAINT in parameters) { + this.pathLenConstraint = getParametersValue(parameters, PATH_LENGTH_CONSTRAINT, 0); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case CA: + return false; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Boolean({ + optional: true, + name: (names.cA || EMPTY_STRING) + }), + new Integer({ + optional: true, + name: (names.pathLenConstraint || EMPTY_STRING) + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, [ + CA, + PATH_LENGTH_CONSTRAINT + ]); + const asn1 = compareSchema(schema, schema, BasicConstraints.schema({ + names: { + cA: CA, + pathLenConstraint: PATH_LENGTH_CONSTRAINT + } + })); + AsnError.assertSchema(asn1, this.className); + if (CA in asn1.result) { + this.cA = asn1.result.cA.valueBlock.value; + } + if (PATH_LENGTH_CONSTRAINT in asn1.result) { + if (asn1.result.pathLenConstraint.valueBlock.isHexOnly) { + this.pathLenConstraint = asn1.result.pathLenConstraint; + } + else { + this.pathLenConstraint = asn1.result.pathLenConstraint.valueBlock.valueDec; + } + } + } + toSchema() { + const outputArray = []; + if (this.cA !== BasicConstraints.defaultValues(CA)) + outputArray.push(new Boolean({ value: this.cA })); + if (PATH_LENGTH_CONSTRAINT in this) { + if (this.pathLenConstraint instanceof Integer) { + outputArray.push(this.pathLenConstraint); + } + else { + outputArray.push(new Integer({ value: this.pathLenConstraint })); + } + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const object = {}; + if (this.cA !== BasicConstraints.defaultValues(CA)) { + object.cA = this.cA; + } + if (PATH_LENGTH_CONSTRAINT in this) { + if (this.pathLenConstraint instanceof Integer) { + object.pathLenConstraint = this.pathLenConstraint.toJSON(); + } + else { + object.pathLenConstraint = this.pathLenConstraint; + } + } + return object; + } +} +BasicConstraints.CLASS_NAME = "BasicConstraints"; + +const CERTIFICATE_INDEX = "certificateIndex"; +const KEY_INDEX = "keyIndex"; +class CAVersion extends PkiObject { + constructor(parameters = {}) { + super(); + this.certificateIndex = getParametersValue(parameters, CERTIFICATE_INDEX, CAVersion.defaultValues(CERTIFICATE_INDEX)); + this.keyIndex = getParametersValue(parameters, KEY_INDEX, CAVersion.defaultValues(KEY_INDEX)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case CERTIFICATE_INDEX: + case KEY_INDEX: + return 0; + default: + return super.defaultValues(memberName); + } + } + static schema() { + return (new Integer()); + } + fromSchema(schema) { + if (schema.constructor.blockName() !== Integer.blockName()) { + throw new Error("Object's schema was not verified against input data for CAVersion"); + } + let value = schema.valueBlock.valueHex.slice(0); + const valueView = new Uint8Array(value); + switch (true) { + case (value.byteLength < 4): + { + const tempValue = new ArrayBuffer(4); + const tempValueView = new Uint8Array(tempValue); + tempValueView.set(valueView, 4 - value.byteLength); + value = tempValue.slice(0); + } + break; + case (value.byteLength > 4): + { + const tempValue = new ArrayBuffer(4); + const tempValueView = new Uint8Array(tempValue); + tempValueView.set(valueView.slice(0, 4)); + value = tempValue.slice(0); + } + break; + } + const keyIndexBuffer = value.slice(0, 2); + const keyIndexView8 = new Uint8Array(keyIndexBuffer); + let temp = keyIndexView8[0]; + keyIndexView8[0] = keyIndexView8[1]; + keyIndexView8[1] = temp; + const keyIndexView16 = new Uint16Array(keyIndexBuffer); + this.keyIndex = keyIndexView16[0]; + const certificateIndexBuffer = value.slice(2); + const certificateIndexView8 = new Uint8Array(certificateIndexBuffer); + temp = certificateIndexView8[0]; + certificateIndexView8[0] = certificateIndexView8[1]; + certificateIndexView8[1] = temp; + const certificateIndexView16 = new Uint16Array(certificateIndexBuffer); + this.certificateIndex = certificateIndexView16[0]; + } + toSchema() { + const certificateIndexBuffer = new ArrayBuffer(2); + const certificateIndexView = new Uint16Array(certificateIndexBuffer); + certificateIndexView[0] = this.certificateIndex; + const certificateIndexView8 = new Uint8Array(certificateIndexBuffer); + let temp = certificateIndexView8[0]; + certificateIndexView8[0] = certificateIndexView8[1]; + certificateIndexView8[1] = temp; + const keyIndexBuffer = new ArrayBuffer(2); + const keyIndexView = new Uint16Array(keyIndexBuffer); + keyIndexView[0] = this.keyIndex; + const keyIndexView8 = new Uint8Array(keyIndexBuffer); + temp = keyIndexView8[0]; + keyIndexView8[0] = keyIndexView8[1]; + keyIndexView8[1] = temp; + return (new Integer({ + valueHex: utilConcatBuf(keyIndexBuffer, certificateIndexBuffer) + })); + } + toJSON() { + return { + certificateIndex: this.certificateIndex, + keyIndex: this.keyIndex + }; + } +} +CAVersion.CLASS_NAME = "CAVersion"; + +const POLICY_QUALIFIER_ID = "policyQualifierId"; +const QUALIFIER = "qualifier"; +const CLEAR_PROPS$1p = [ + POLICY_QUALIFIER_ID, + QUALIFIER +]; +class PolicyQualifierInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.policyQualifierId = getParametersValue(parameters, POLICY_QUALIFIER_ID, PolicyQualifierInfo.defaultValues(POLICY_QUALIFIER_ID)); + this.qualifier = getParametersValue(parameters, QUALIFIER, PolicyQualifierInfo.defaultValues(QUALIFIER)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case POLICY_QUALIFIER_ID: + return EMPTY_STRING; + case QUALIFIER: + return new Any(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.policyQualifierId || EMPTY_STRING) }), + new Any({ name: (names.qualifier || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1p); + const asn1 = compareSchema(schema, schema, PolicyQualifierInfo.schema({ + names: { + policyQualifierId: POLICY_QUALIFIER_ID, + qualifier: QUALIFIER + } + })); + AsnError.assertSchema(asn1, this.className); + this.policyQualifierId = asn1.result.policyQualifierId.valueBlock.toString(); + this.qualifier = asn1.result.qualifier; + } + toSchema() { + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.policyQualifierId }), + this.qualifier + ] + })); + } + toJSON() { + return { + policyQualifierId: this.policyQualifierId, + qualifier: this.qualifier.toJSON() + }; + } +} +PolicyQualifierInfo.CLASS_NAME = "PolicyQualifierInfo"; + +const POLICY_IDENTIFIER = "policyIdentifier"; +const POLICY_QUALIFIERS = "policyQualifiers"; +const CLEAR_PROPS$1o = [ + POLICY_IDENTIFIER, + POLICY_QUALIFIERS +]; +class PolicyInformation extends PkiObject { + constructor(parameters = {}) { + super(); + this.policyIdentifier = getParametersValue(parameters, POLICY_IDENTIFIER, PolicyInformation.defaultValues(POLICY_IDENTIFIER)); + if (POLICY_QUALIFIERS in parameters) { + this.policyQualifiers = getParametersValue(parameters, POLICY_QUALIFIERS, PolicyInformation.defaultValues(POLICY_QUALIFIERS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case POLICY_IDENTIFIER: + return EMPTY_STRING; + case POLICY_QUALIFIERS: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.policyIdentifier || EMPTY_STRING) }), + new Sequence({ + optional: true, + value: [ + new Repeated({ + name: (names.policyQualifiers || EMPTY_STRING), + value: PolicyQualifierInfo.schema() + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1o); + const asn1 = compareSchema(schema, schema, PolicyInformation.schema({ + names: { + policyIdentifier: POLICY_IDENTIFIER, + policyQualifiers: POLICY_QUALIFIERS + } + })); + AsnError.assertSchema(asn1, this.className); + this.policyIdentifier = asn1.result.policyIdentifier.valueBlock.toString(); + if (POLICY_QUALIFIERS in asn1.result) { + this.policyQualifiers = Array.from(asn1.result.policyQualifiers, element => new PolicyQualifierInfo({ schema: element })); + } + } + toSchema() { + const outputArray = []; + outputArray.push(new ObjectIdentifier({ value: this.policyIdentifier })); + if (this.policyQualifiers) { + outputArray.push(new Sequence({ + value: Array.from(this.policyQualifiers, o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + policyIdentifier: this.policyIdentifier + }; + if (this.policyQualifiers) + res.policyQualifiers = Array.from(this.policyQualifiers, o => o.toJSON()); + return res; + } +} +PolicyInformation.CLASS_NAME = "PolicyInformation"; + +const CERTIFICATE_POLICIES = "certificatePolicies"; +const CLEAR_PROPS$1n = [ + CERTIFICATE_POLICIES, +]; +class CertificatePolicies extends PkiObject { + constructor(parameters = {}) { + super(); + this.certificatePolicies = getParametersValue(parameters, CERTIFICATE_POLICIES, CertificatePolicies.defaultValues(CERTIFICATE_POLICIES)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case CERTIFICATE_POLICIES: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.certificatePolicies || EMPTY_STRING), + value: PolicyInformation.schema() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1n); + const asn1 = compareSchema(schema, schema, CertificatePolicies.schema({ + names: { + certificatePolicies: CERTIFICATE_POLICIES + } + })); + AsnError.assertSchema(asn1, this.className); + this.certificatePolicies = Array.from(asn1.result.certificatePolicies, element => new PolicyInformation({ schema: element })); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.certificatePolicies, o => o.toSchema()) + })); + } + toJSON() { + return { + certificatePolicies: Array.from(this.certificatePolicies, o => o.toJSON()) + }; + } +} +CertificatePolicies.CLASS_NAME = "CertificatePolicies"; + +const TEMPLATE_ID = "templateID"; +const TEMPLATE_MAJOR_VERSION = "templateMajorVersion"; +const TEMPLATE_MINOR_VERSION = "templateMinorVersion"; +const CLEAR_PROPS$1m = [ + TEMPLATE_ID, + TEMPLATE_MAJOR_VERSION, + TEMPLATE_MINOR_VERSION +]; +class CertificateTemplate extends PkiObject { + constructor(parameters = {}) { + super(); + this.templateID = getParametersValue(parameters, TEMPLATE_ID, CertificateTemplate.defaultValues(TEMPLATE_ID)); + if (TEMPLATE_MAJOR_VERSION in parameters) { + this.templateMajorVersion = getParametersValue(parameters, TEMPLATE_MAJOR_VERSION, CertificateTemplate.defaultValues(TEMPLATE_MAJOR_VERSION)); + } + if (TEMPLATE_MINOR_VERSION in parameters) { + this.templateMinorVersion = getParametersValue(parameters, TEMPLATE_MINOR_VERSION, CertificateTemplate.defaultValues(TEMPLATE_MINOR_VERSION)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case TEMPLATE_ID: + return EMPTY_STRING; + case TEMPLATE_MAJOR_VERSION: + case TEMPLATE_MINOR_VERSION: + return 0; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.templateID || EMPTY_STRING) }), + new Integer({ + name: (names.templateMajorVersion || EMPTY_STRING), + optional: true + }), + new Integer({ + name: (names.templateMinorVersion || EMPTY_STRING), + optional: true + }), + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1m); + const asn1 = compareSchema(schema, schema, CertificateTemplate.schema({ + names: { + templateID: TEMPLATE_ID, + templateMajorVersion: TEMPLATE_MAJOR_VERSION, + templateMinorVersion: TEMPLATE_MINOR_VERSION + } + })); + AsnError.assertSchema(asn1, this.className); + this.templateID = asn1.result.templateID.valueBlock.toString(); + if (TEMPLATE_MAJOR_VERSION in asn1.result) { + this.templateMajorVersion = asn1.result.templateMajorVersion.valueBlock.valueDec; + } + if (TEMPLATE_MINOR_VERSION in asn1.result) { + this.templateMinorVersion = asn1.result.templateMinorVersion.valueBlock.valueDec; + } + } + toSchema() { + const outputArray = []; + outputArray.push(new ObjectIdentifier({ value: this.templateID })); + if (TEMPLATE_MAJOR_VERSION in this) { + outputArray.push(new Integer({ value: this.templateMajorVersion })); + } + if (TEMPLATE_MINOR_VERSION in this) { + outputArray.push(new Integer({ value: this.templateMinorVersion })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + templateID: this.templateID + }; + if (TEMPLATE_MAJOR_VERSION in this) + res.templateMajorVersion = this.templateMajorVersion; + if (TEMPLATE_MINOR_VERSION in this) + res.templateMinorVersion = this.templateMinorVersion; + return res; + } +} + +const DISTRIBUTION_POINT$1 = "distributionPoint"; +const DISTRIBUTION_POINT_NAMES$1 = "distributionPointNames"; +const REASONS = "reasons"; +const CRL_ISSUER = "cRLIssuer"; +const CRL_ISSUER_NAMES = "cRLIssuerNames"; +const CLEAR_PROPS$1l = [ + DISTRIBUTION_POINT$1, + DISTRIBUTION_POINT_NAMES$1, + REASONS, + CRL_ISSUER, + CRL_ISSUER_NAMES, +]; +class DistributionPoint extends PkiObject { + constructor(parameters = {}) { + super(); + if (DISTRIBUTION_POINT$1 in parameters) { + this.distributionPoint = getParametersValue(parameters, DISTRIBUTION_POINT$1, DistributionPoint.defaultValues(DISTRIBUTION_POINT$1)); + } + if (REASONS in parameters) { + this.reasons = getParametersValue(parameters, REASONS, DistributionPoint.defaultValues(REASONS)); + } + if (CRL_ISSUER in parameters) { + this.cRLIssuer = getParametersValue(parameters, CRL_ISSUER, DistributionPoint.defaultValues(CRL_ISSUER)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case DISTRIBUTION_POINT$1: + return []; + case REASONS: + return new BitString(); + case CRL_ISSUER: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Choice({ + value: [ + new Constructed({ + name: (names.distributionPoint || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Repeated({ + name: (names.distributionPointNames || EMPTY_STRING), + value: GeneralName.schema() + }) + ] + }), + new Constructed({ + name: (names.distributionPoint || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: RelativeDistinguishedNames.schema().valueBlock.value + }) + ] + }) + ] + }), + new Primitive({ + name: (names.reasons || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + } + }), + new Constructed({ + name: (names.cRLIssuer || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: [ + new Repeated({ + name: (names.cRLIssuerNames || EMPTY_STRING), + value: GeneralName.schema() + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1l); + const asn1 = compareSchema(schema, schema, DistributionPoint.schema({ + names: { + distributionPoint: DISTRIBUTION_POINT$1, + distributionPointNames: DISTRIBUTION_POINT_NAMES$1, + reasons: REASONS, + cRLIssuer: CRL_ISSUER, + cRLIssuerNames: CRL_ISSUER_NAMES + } + })); + AsnError.assertSchema(asn1, this.className); + if (DISTRIBUTION_POINT$1 in asn1.result) { + if (asn1.result.distributionPoint.idBlock.tagNumber === 0) { + this.distributionPoint = Array.from(asn1.result.distributionPointNames, element => new GeneralName({ schema: element })); + } + if (asn1.result.distributionPoint.idBlock.tagNumber === 1) { + this.distributionPoint = new RelativeDistinguishedNames({ + schema: new Sequence({ + value: asn1.result.distributionPoint.valueBlock.value + }) + }); + } + } + if (REASONS in asn1.result) { + this.reasons = new BitString({ valueHex: asn1.result.reasons.valueBlock.valueHex }); + } + if (CRL_ISSUER in asn1.result) { + this.cRLIssuer = Array.from(asn1.result.cRLIssuerNames, element => new GeneralName({ schema: element })); + } + } + toSchema() { + const outputArray = []; + if (this.distributionPoint) { + let internalValue; + if (this.distributionPoint instanceof Array) { + internalValue = new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: Array.from(this.distributionPoint, o => o.toSchema()) + }); + } + else { + internalValue = new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [this.distributionPoint.toSchema()] + }); + } + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [internalValue] + })); + } + if (this.reasons) { + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + valueHex: this.reasons.valueBlock.valueHexView + })); + } + if (this.cRLIssuer) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: Array.from(this.cRLIssuer, o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const object = {}; + if (this.distributionPoint) { + if (this.distributionPoint instanceof Array) { + object.distributionPoint = Array.from(this.distributionPoint, o => o.toJSON()); + } + else { + object.distributionPoint = this.distributionPoint.toJSON(); + } + } + if (this.reasons) { + object.reasons = this.reasons.toJSON(); + } + if (this.cRLIssuer) { + object.cRLIssuer = Array.from(this.cRLIssuer, o => o.toJSON()); + } + return object; + } +} +DistributionPoint.CLASS_NAME = "DistributionPoint"; + +const DISTRIBUTION_POINTS = "distributionPoints"; +const CLEAR_PROPS$1k = [ + DISTRIBUTION_POINTS +]; +class CRLDistributionPoints extends PkiObject { + constructor(parameters = {}) { + super(); + this.distributionPoints = getParametersValue(parameters, DISTRIBUTION_POINTS, CRLDistributionPoints.defaultValues(DISTRIBUTION_POINTS)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case DISTRIBUTION_POINTS: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.distributionPoints || EMPTY_STRING), + value: DistributionPoint.schema() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1k); + const asn1 = compareSchema(schema, schema, CRLDistributionPoints.schema({ + names: { + distributionPoints: DISTRIBUTION_POINTS + } + })); + AsnError.assertSchema(asn1, this.className); + this.distributionPoints = Array.from(asn1.result.distributionPoints, element => new DistributionPoint({ schema: element })); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.distributionPoints, o => o.toSchema()) + })); + } + toJSON() { + return { + distributionPoints: Array.from(this.distributionPoints, o => o.toJSON()) + }; + } +} +CRLDistributionPoints.CLASS_NAME = "CRLDistributionPoints"; + +const KEY_PURPOSES = "keyPurposes"; +const CLEAR_PROPS$1j = [ + KEY_PURPOSES, +]; +class ExtKeyUsage extends PkiObject { + constructor(parameters = {}) { + super(); + this.keyPurposes = getParametersValue(parameters, KEY_PURPOSES, ExtKeyUsage.defaultValues(KEY_PURPOSES)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case KEY_PURPOSES: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.keyPurposes || EMPTY_STRING), + value: new ObjectIdentifier() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1j); + const asn1 = compareSchema(schema, schema, ExtKeyUsage.schema({ + names: { + keyPurposes: KEY_PURPOSES + } + })); + AsnError.assertSchema(asn1, this.className); + this.keyPurposes = Array.from(asn1.result.keyPurposes, (element) => element.valueBlock.toString()); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.keyPurposes, element => new ObjectIdentifier({ value: element })) + })); + } + toJSON() { + return { + keyPurposes: Array.from(this.keyPurposes) + }; + } +} +ExtKeyUsage.CLASS_NAME = "ExtKeyUsage"; + +const ACCESS_DESCRIPTIONS = "accessDescriptions"; +class InfoAccess extends PkiObject { + constructor(parameters = {}) { + super(); + this.accessDescriptions = getParametersValue(parameters, ACCESS_DESCRIPTIONS, InfoAccess.defaultValues(ACCESS_DESCRIPTIONS)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ACCESS_DESCRIPTIONS: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.accessDescriptions || EMPTY_STRING), + value: AccessDescription.schema() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, [ + ACCESS_DESCRIPTIONS + ]); + const asn1 = compareSchema(schema, schema, InfoAccess.schema({ + names: { + accessDescriptions: ACCESS_DESCRIPTIONS + } + })); + AsnError.assertSchema(asn1, this.className); + this.accessDescriptions = Array.from(asn1.result.accessDescriptions, element => new AccessDescription({ schema: element })); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.accessDescriptions, o => o.toSchema()) + })); + } + toJSON() { + return { + accessDescriptions: Array.from(this.accessDescriptions, o => o.toJSON()) + }; + } +} +InfoAccess.CLASS_NAME = "InfoAccess"; + +const DISTRIBUTION_POINT = "distributionPoint"; +const DISTRIBUTION_POINT_NAMES = "distributionPointNames"; +const ONLY_CONTAINS_USER_CERTS = "onlyContainsUserCerts"; +const ONLY_CONTAINS_CA_CERTS = "onlyContainsCACerts"; +const ONLY_SOME_REASON = "onlySomeReasons"; +const INDIRECT_CRL = "indirectCRL"; +const ONLY_CONTAINS_ATTRIBUTE_CERTS = "onlyContainsAttributeCerts"; +const CLEAR_PROPS$1i = [ + DISTRIBUTION_POINT, + DISTRIBUTION_POINT_NAMES, + ONLY_CONTAINS_USER_CERTS, + ONLY_CONTAINS_CA_CERTS, + ONLY_SOME_REASON, + INDIRECT_CRL, + ONLY_CONTAINS_ATTRIBUTE_CERTS, +]; +class IssuingDistributionPoint extends PkiObject { + constructor(parameters = {}) { + super(); + if (DISTRIBUTION_POINT in parameters) { + this.distributionPoint = getParametersValue(parameters, DISTRIBUTION_POINT, IssuingDistributionPoint.defaultValues(DISTRIBUTION_POINT)); + } + this.onlyContainsUserCerts = getParametersValue(parameters, ONLY_CONTAINS_USER_CERTS, IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_USER_CERTS)); + this.onlyContainsCACerts = getParametersValue(parameters, ONLY_CONTAINS_CA_CERTS, IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_CA_CERTS)); + if (ONLY_SOME_REASON in parameters) { + this.onlySomeReasons = getParametersValue(parameters, ONLY_SOME_REASON, IssuingDistributionPoint.defaultValues(ONLY_SOME_REASON)); + } + this.indirectCRL = getParametersValue(parameters, INDIRECT_CRL, IssuingDistributionPoint.defaultValues(INDIRECT_CRL)); + this.onlyContainsAttributeCerts = getParametersValue(parameters, ONLY_CONTAINS_ATTRIBUTE_CERTS, IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_ATTRIBUTE_CERTS)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case DISTRIBUTION_POINT: + return []; + case ONLY_CONTAINS_USER_CERTS: + return false; + case ONLY_CONTAINS_CA_CERTS: + return false; + case ONLY_SOME_REASON: + return 0; + case INDIRECT_CRL: + return false; + case ONLY_CONTAINS_ATTRIBUTE_CERTS: + return false; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Choice({ + value: [ + new Constructed({ + name: (names.distributionPoint || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Repeated({ + name: (names.distributionPointNames || EMPTY_STRING), + value: GeneralName.schema() + }) + ] + }), + new Constructed({ + name: (names.distributionPoint || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: RelativeDistinguishedNames.schema().valueBlock.value + }) + ] + }) + ] + }), + new Primitive({ + name: (names.onlyContainsUserCerts || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + } + }), + new Primitive({ + name: (names.onlyContainsCACerts || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 2 + } + }), + new Primitive({ + name: (names.onlySomeReasons || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 3 + } + }), + new Primitive({ + name: (names.indirectCRL || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 4 + } + }), + new Primitive({ + name: (names.onlyContainsAttributeCerts || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 5 + } + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1i); + const asn1 = compareSchema(schema, schema, IssuingDistributionPoint.schema({ + names: { + distributionPoint: DISTRIBUTION_POINT, + distributionPointNames: DISTRIBUTION_POINT_NAMES, + onlyContainsUserCerts: ONLY_CONTAINS_USER_CERTS, + onlyContainsCACerts: ONLY_CONTAINS_CA_CERTS, + onlySomeReasons: ONLY_SOME_REASON, + indirectCRL: INDIRECT_CRL, + onlyContainsAttributeCerts: ONLY_CONTAINS_ATTRIBUTE_CERTS + } + })); + AsnError.assertSchema(asn1, this.className); + if (DISTRIBUTION_POINT in asn1.result) { + switch (true) { + case (asn1.result.distributionPoint.idBlock.tagNumber === 0): + this.distributionPoint = Array.from(asn1.result.distributionPointNames, element => new GeneralName({ schema: element })); + break; + case (asn1.result.distributionPoint.idBlock.tagNumber === 1): + { + this.distributionPoint = new RelativeDistinguishedNames({ + schema: new Sequence({ + value: asn1.result.distributionPoint.valueBlock.value + }) + }); + } + break; + default: + throw new Error("Unknown tagNumber for distributionPoint: {$asn1.result.distributionPoint.idBlock.tagNumber}"); + } + } + if (ONLY_CONTAINS_USER_CERTS in asn1.result) { + const view = new Uint8Array(asn1.result.onlyContainsUserCerts.valueBlock.valueHex); + this.onlyContainsUserCerts = (view[0] !== 0x00); + } + if (ONLY_CONTAINS_CA_CERTS in asn1.result) { + const view = new Uint8Array(asn1.result.onlyContainsCACerts.valueBlock.valueHex); + this.onlyContainsCACerts = (view[0] !== 0x00); + } + if (ONLY_SOME_REASON in asn1.result) { + const view = new Uint8Array(asn1.result.onlySomeReasons.valueBlock.valueHex); + this.onlySomeReasons = view[0]; + } + if (INDIRECT_CRL in asn1.result) { + const view = new Uint8Array(asn1.result.indirectCRL.valueBlock.valueHex); + this.indirectCRL = (view[0] !== 0x00); + } + if (ONLY_CONTAINS_ATTRIBUTE_CERTS in asn1.result) { + const view = new Uint8Array(asn1.result.onlyContainsAttributeCerts.valueBlock.valueHex); + this.onlyContainsAttributeCerts = (view[0] !== 0x00); + } + } + toSchema() { + const outputArray = []; + if (this.distributionPoint) { + let value; + if (this.distributionPoint instanceof Array) { + value = new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: Array.from(this.distributionPoint, o => o.toSchema()) + }); + } + else { + value = this.distributionPoint.toSchema(); + value.idBlock.tagClass = 3; + value.idBlock.tagNumber = 1; + } + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [value] + })); + } + if (this.onlyContainsUserCerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_USER_CERTS)) { + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + valueHex: (new Uint8Array([0xFF])).buffer + })); + } + if (this.onlyContainsCACerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_CA_CERTS)) { + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + valueHex: (new Uint8Array([0xFF])).buffer + })); + } + if (this.onlySomeReasons !== undefined) { + const buffer = new ArrayBuffer(1); + const view = new Uint8Array(buffer); + view[0] = this.onlySomeReasons; + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 3 + }, + valueHex: buffer + })); + } + if (this.indirectCRL !== IssuingDistributionPoint.defaultValues(INDIRECT_CRL)) { + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 4 + }, + valueHex: (new Uint8Array([0xFF])).buffer + })); + } + if (this.onlyContainsAttributeCerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_ATTRIBUTE_CERTS)) { + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 5 + }, + valueHex: (new Uint8Array([0xFF])).buffer + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const obj = {}; + if (this.distributionPoint) { + if (this.distributionPoint instanceof Array) { + obj.distributionPoint = Array.from(this.distributionPoint, o => o.toJSON()); + } + else { + obj.distributionPoint = this.distributionPoint.toJSON(); + } + } + if (this.onlyContainsUserCerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_USER_CERTS)) { + obj.onlyContainsUserCerts = this.onlyContainsUserCerts; + } + if (this.onlyContainsCACerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_CA_CERTS)) { + obj.onlyContainsCACerts = this.onlyContainsCACerts; + } + if (ONLY_SOME_REASON in this) { + obj.onlySomeReasons = this.onlySomeReasons; + } + if (this.indirectCRL !== IssuingDistributionPoint.defaultValues(INDIRECT_CRL)) { + obj.indirectCRL = this.indirectCRL; + } + if (this.onlyContainsAttributeCerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_ATTRIBUTE_CERTS)) { + obj.onlyContainsAttributeCerts = this.onlyContainsAttributeCerts; + } + return obj; + } +} +IssuingDistributionPoint.CLASS_NAME = "IssuingDistributionPoint"; + +const BASE = "base"; +const MINIMUM = "minimum"; +const MAXIMUM = "maximum"; +const CLEAR_PROPS$1h = [ + BASE, + MINIMUM, + MAXIMUM +]; +class GeneralSubtree extends PkiObject { + constructor(parameters = {}) { + super(); + this.base = getParametersValue(parameters, BASE, GeneralSubtree.defaultValues(BASE)); + this.minimum = getParametersValue(parameters, MINIMUM, GeneralSubtree.defaultValues(MINIMUM)); + if (MAXIMUM in parameters) { + this.maximum = getParametersValue(parameters, MAXIMUM, GeneralSubtree.defaultValues(MAXIMUM)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case BASE: + return new GeneralName(); + case MINIMUM: + return 0; + case MAXIMUM: + return 0; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + GeneralName.schema(names.base || {}), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Integer({ name: (names.minimum || EMPTY_STRING) })] + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [new Integer({ name: (names.maximum || EMPTY_STRING) })] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1h); + const asn1 = compareSchema(schema, schema, GeneralSubtree.schema({ + names: { + base: { + names: { + blockName: BASE + } + }, + minimum: MINIMUM, + maximum: MAXIMUM + } + })); + AsnError.assertSchema(asn1, this.className); + this.base = new GeneralName({ schema: asn1.result.base }); + if (MINIMUM in asn1.result) { + if (asn1.result.minimum.valueBlock.isHexOnly) + this.minimum = asn1.result.minimum; + else + this.minimum = asn1.result.minimum.valueBlock.valueDec; + } + if (MAXIMUM in asn1.result) { + if (asn1.result.maximum.valueBlock.isHexOnly) + this.maximum = asn1.result.maximum; + else + this.maximum = asn1.result.maximum.valueBlock.valueDec; + } + } + toSchema() { + const outputArray = []; + outputArray.push(this.base.toSchema()); + if (this.minimum !== 0) { + let valueMinimum = 0; + if (this.minimum instanceof Integer) { + valueMinimum = this.minimum; + } + else { + valueMinimum = new Integer({ value: this.minimum }); + } + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [valueMinimum] + })); + } + if (MAXIMUM in this) { + let valueMaximum = 0; + if (this.maximum instanceof Integer) { + valueMaximum = this.maximum; + } + else { + valueMaximum = new Integer({ value: this.maximum }); + } + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [valueMaximum] + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + base: this.base.toJSON() + }; + if (this.minimum !== 0) { + if (typeof this.minimum === "number") { + res.minimum = this.minimum; + } + else { + res.minimum = this.minimum.toJSON(); + } + } + if (this.maximum !== undefined) { + if (typeof this.maximum === "number") { + res.maximum = this.maximum; + } + else { + res.maximum = this.maximum.toJSON(); + } + } + return res; + } +} +GeneralSubtree.CLASS_NAME = "GeneralSubtree"; + +const PERMITTED_SUBTREES = "permittedSubtrees"; +const EXCLUDED_SUBTREES = "excludedSubtrees"; +const CLEAR_PROPS$1g = [ + PERMITTED_SUBTREES, + EXCLUDED_SUBTREES +]; +class NameConstraints extends PkiObject { + constructor(parameters = {}) { + super(); + if (PERMITTED_SUBTREES in parameters) { + this.permittedSubtrees = getParametersValue(parameters, PERMITTED_SUBTREES, NameConstraints.defaultValues(PERMITTED_SUBTREES)); + } + if (EXCLUDED_SUBTREES in parameters) { + this.excludedSubtrees = getParametersValue(parameters, EXCLUDED_SUBTREES, NameConstraints.defaultValues(EXCLUDED_SUBTREES)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case PERMITTED_SUBTREES: + case EXCLUDED_SUBTREES: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Repeated({ + name: (names.permittedSubtrees || EMPTY_STRING), + value: GeneralSubtree.schema() + }) + ] + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [ + new Repeated({ + name: (names.excludedSubtrees || EMPTY_STRING), + value: GeneralSubtree.schema() + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1g); + const asn1 = compareSchema(schema, schema, NameConstraints.schema({ + names: { + permittedSubtrees: PERMITTED_SUBTREES, + excludedSubtrees: EXCLUDED_SUBTREES + } + })); + AsnError.assertSchema(asn1, this.className); + if (PERMITTED_SUBTREES in asn1.result) + this.permittedSubtrees = Array.from(asn1.result.permittedSubtrees, element => new GeneralSubtree({ schema: element })); + if (EXCLUDED_SUBTREES in asn1.result) + this.excludedSubtrees = Array.from(asn1.result.excludedSubtrees, element => new GeneralSubtree({ schema: element })); + } + toSchema() { + const outputArray = []; + if (this.permittedSubtrees) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: Array.from(this.permittedSubtrees, o => o.toSchema()) + })); + } + if (this.excludedSubtrees) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: Array.from(this.excludedSubtrees, o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const object = {}; + if (this.permittedSubtrees) { + object.permittedSubtrees = Array.from(this.permittedSubtrees, o => o.toJSON()); + } + if (this.excludedSubtrees) { + object.excludedSubtrees = Array.from(this.excludedSubtrees, o => o.toJSON()); + } + return object; + } +} +NameConstraints.CLASS_NAME = "NameConstraints"; + +const REQUIRE_EXPLICIT_POLICY = "requireExplicitPolicy"; +const INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping"; +const CLEAR_PROPS$1f = [ + REQUIRE_EXPLICIT_POLICY, + INHIBIT_POLICY_MAPPING, +]; +class PolicyConstraints extends PkiObject { + constructor(parameters = {}) { + super(); + if (REQUIRE_EXPLICIT_POLICY in parameters) { + this.requireExplicitPolicy = getParametersValue(parameters, REQUIRE_EXPLICIT_POLICY, PolicyConstraints.defaultValues(REQUIRE_EXPLICIT_POLICY)); + } + if (INHIBIT_POLICY_MAPPING in parameters) { + this.inhibitPolicyMapping = getParametersValue(parameters, INHIBIT_POLICY_MAPPING, PolicyConstraints.defaultValues(INHIBIT_POLICY_MAPPING)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case REQUIRE_EXPLICIT_POLICY: + return 0; + case INHIBIT_POLICY_MAPPING: + return 0; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Primitive({ + name: (names.requireExplicitPolicy || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + } + }), + new Primitive({ + name: (names.inhibitPolicyMapping || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + } + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1f); + const asn1 = compareSchema(schema, schema, PolicyConstraints.schema({ + names: { + requireExplicitPolicy: REQUIRE_EXPLICIT_POLICY, + inhibitPolicyMapping: INHIBIT_POLICY_MAPPING + } + })); + AsnError.assertSchema(asn1, this.className); + if (REQUIRE_EXPLICIT_POLICY in asn1.result) { + const field1 = asn1.result.requireExplicitPolicy; + field1.idBlock.tagClass = 1; + field1.idBlock.tagNumber = 2; + const ber1 = field1.toBER(false); + const int1 = fromBER(ber1); + AsnError.assert(int1, "Integer"); + this.requireExplicitPolicy = int1.result.valueBlock.valueDec; + } + if (INHIBIT_POLICY_MAPPING in asn1.result) { + const field2 = asn1.result.inhibitPolicyMapping; + field2.idBlock.tagClass = 1; + field2.idBlock.tagNumber = 2; + const ber2 = field2.toBER(false); + const int2 = fromBER(ber2); + AsnError.assert(int2, "Integer"); + this.inhibitPolicyMapping = int2.result.valueBlock.valueDec; + } + } + toSchema() { + const outputArray = []; + if (REQUIRE_EXPLICIT_POLICY in this) { + const int1 = new Integer({ value: this.requireExplicitPolicy }); + int1.idBlock.tagClass = 3; + int1.idBlock.tagNumber = 0; + outputArray.push(int1); + } + if (INHIBIT_POLICY_MAPPING in this) { + const int2 = new Integer({ value: this.inhibitPolicyMapping }); + int2.idBlock.tagClass = 3; + int2.idBlock.tagNumber = 1; + outputArray.push(int2); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = {}; + if (REQUIRE_EXPLICIT_POLICY in this) { + res.requireExplicitPolicy = this.requireExplicitPolicy; + } + if (INHIBIT_POLICY_MAPPING in this) { + res.inhibitPolicyMapping = this.inhibitPolicyMapping; + } + return res; + } +} +PolicyConstraints.CLASS_NAME = "PolicyConstraints"; + +const ISSUER_DOMAIN_POLICY = "issuerDomainPolicy"; +const SUBJECT_DOMAIN_POLICY = "subjectDomainPolicy"; +const CLEAR_PROPS$1e = [ + ISSUER_DOMAIN_POLICY, + SUBJECT_DOMAIN_POLICY +]; +class PolicyMapping extends PkiObject { + constructor(parameters = {}) { + super(); + this.issuerDomainPolicy = getParametersValue(parameters, ISSUER_DOMAIN_POLICY, PolicyMapping.defaultValues(ISSUER_DOMAIN_POLICY)); + this.subjectDomainPolicy = getParametersValue(parameters, SUBJECT_DOMAIN_POLICY, PolicyMapping.defaultValues(SUBJECT_DOMAIN_POLICY)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ISSUER_DOMAIN_POLICY: + return EMPTY_STRING; + case SUBJECT_DOMAIN_POLICY: + return EMPTY_STRING; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.issuerDomainPolicy || EMPTY_STRING) }), + new ObjectIdentifier({ name: (names.subjectDomainPolicy || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1e); + const asn1 = compareSchema(schema, schema, PolicyMapping.schema({ + names: { + issuerDomainPolicy: ISSUER_DOMAIN_POLICY, + subjectDomainPolicy: SUBJECT_DOMAIN_POLICY + } + })); + AsnError.assertSchema(asn1, this.className); + this.issuerDomainPolicy = asn1.result.issuerDomainPolicy.valueBlock.toString(); + this.subjectDomainPolicy = asn1.result.subjectDomainPolicy.valueBlock.toString(); + } + toSchema() { + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.issuerDomainPolicy }), + new ObjectIdentifier({ value: this.subjectDomainPolicy }) + ] + })); + } + toJSON() { + return { + issuerDomainPolicy: this.issuerDomainPolicy, + subjectDomainPolicy: this.subjectDomainPolicy + }; + } +} +PolicyMapping.CLASS_NAME = "PolicyMapping"; + +const MAPPINGS = "mappings"; +const CLEAR_PROPS$1d = [ + MAPPINGS, +]; +class PolicyMappings extends PkiObject { + constructor(parameters = {}) { + super(); + this.mappings = getParametersValue(parameters, MAPPINGS, PolicyMappings.defaultValues(MAPPINGS)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case MAPPINGS: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.mappings || EMPTY_STRING), + value: PolicyMapping.schema() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1d); + const asn1 = compareSchema(schema, schema, PolicyMappings.schema({ + names: { + mappings: MAPPINGS + } + })); + AsnError.assertSchema(asn1, this.className); + this.mappings = Array.from(asn1.result.mappings, element => new PolicyMapping({ schema: element })); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.mappings, o => o.toSchema()) + })); + } + toJSON() { + return { + mappings: Array.from(this.mappings, o => o.toJSON()) + }; + } +} +PolicyMappings.CLASS_NAME = "PolicyMappings"; + +const NOT_BEFORE$1 = "notBefore"; +const NOT_AFTER$1 = "notAfter"; +const CLEAR_PROPS$1c = [ + NOT_BEFORE$1, + NOT_AFTER$1 +]; +class PrivateKeyUsagePeriod extends PkiObject { + constructor(parameters = {}) { + super(); + if (NOT_BEFORE$1 in parameters) { + this.notBefore = getParametersValue(parameters, NOT_BEFORE$1, PrivateKeyUsagePeriod.defaultValues(NOT_BEFORE$1)); + } + if (NOT_AFTER$1 in parameters) { + this.notAfter = getParametersValue(parameters, NOT_AFTER$1, PrivateKeyUsagePeriod.defaultValues(NOT_AFTER$1)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case NOT_BEFORE$1: + return new Date(); + case NOT_AFTER$1: + return new Date(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Primitive({ + name: (names.notBefore || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + } + }), + new Primitive({ + name: (names.notAfter || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + } + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1c); + const asn1 = compareSchema(schema, schema, PrivateKeyUsagePeriod.schema({ + names: { + notBefore: NOT_BEFORE$1, + notAfter: NOT_AFTER$1 + } + })); + AsnError.assertSchema(asn1, this.className); + if (NOT_BEFORE$1 in asn1.result) { + const localNotBefore = new GeneralizedTime(); + localNotBefore.fromBuffer(asn1.result.notBefore.valueBlock.valueHex); + this.notBefore = localNotBefore.toDate(); + } + if (NOT_AFTER$1 in asn1.result) { + const localNotAfter = new GeneralizedTime({ valueHex: asn1.result.notAfter.valueBlock.valueHex }); + localNotAfter.fromBuffer(asn1.result.notAfter.valueBlock.valueHex); + this.notAfter = localNotAfter.toDate(); + } + } + toSchema() { + const outputArray = []; + if (NOT_BEFORE$1 in this) { + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + valueHex: (new GeneralizedTime({ valueDate: this.notBefore })).valueBlock.valueHexView + })); + } + if (NOT_AFTER$1 in this) { + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + valueHex: (new GeneralizedTime({ valueDate: this.notAfter })).valueBlock.valueHexView + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = {}; + if (this.notBefore) { + res.notBefore = this.notBefore; + } + if (this.notAfter) { + res.notAfter = this.notAfter; + } + return res; + } +} +PrivateKeyUsagePeriod.CLASS_NAME = "PrivateKeyUsagePeriod"; + +const ID = "id"; +const TYPE$2 = "type"; +const VALUES = "values"; +const QC_STATEMENT_CLEAR_PROPS = [ + ID, + TYPE$2 +]; +const QC_STATEMENTS_CLEAR_PROPS = [ + VALUES +]; +class QCStatement extends PkiObject { + constructor(parameters = {}) { + super(); + this.id = getParametersValue(parameters, ID, QCStatement.defaultValues(ID)); + if (TYPE$2 in parameters) { + this.type = getParametersValue(parameters, TYPE$2, QCStatement.defaultValues(TYPE$2)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ID: + return EMPTY_STRING; + case TYPE$2: + return new Null(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case ID: + return (memberValue === EMPTY_STRING); + case TYPE$2: + return (memberValue instanceof Null); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.id || EMPTY_STRING) }), + new Any({ + name: (names.type || EMPTY_STRING), + optional: true + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, QC_STATEMENT_CLEAR_PROPS); + const asn1 = compareSchema(schema, schema, QCStatement.schema({ + names: { + id: ID, + type: TYPE$2 + } + })); + AsnError.assertSchema(asn1, this.className); + this.id = asn1.result.id.valueBlock.toString(); + if (TYPE$2 in asn1.result) + this.type = asn1.result.type; + } + toSchema() { + const value = [ + new ObjectIdentifier({ value: this.id }) + ]; + if (TYPE$2 in this) + value.push(this.type); + return (new Sequence({ + value, + })); + } + toJSON() { + const object = { + id: this.id + }; + if (this.type) { + object.type = this.type.toJSON(); + } + return object; + } +} +QCStatement.CLASS_NAME = "QCStatement"; +class QCStatements extends PkiObject { + constructor(parameters = {}) { + super(); + this.values = getParametersValue(parameters, VALUES, QCStatements.defaultValues(VALUES)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VALUES: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VALUES: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.values || EMPTY_STRING), + value: QCStatement.schema(names.value || {}) + }), + ] + })); + } + fromSchema(schema) { + clearProps(schema, QC_STATEMENTS_CLEAR_PROPS); + const asn1 = compareSchema(schema, schema, QCStatements.schema({ + names: { + values: VALUES + } + })); + AsnError.assertSchema(asn1, this.className); + this.values = Array.from(asn1.result.values, element => new QCStatement({ schema: element })); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.values, o => o.toSchema()) + })); + } + toJSON() { + return { + values: Array.from(this.values, o => o.toJSON()) + }; + } +} +QCStatements.CLASS_NAME = "QCStatements"; + +class ByteStream { + constructor(parameters = {}) { + if ("view" in parameters) { + this.fromUint8Array(parameters.view); + } + else if ("buffer" in parameters) { + this.fromArrayBuffer(parameters.buffer); + } + else if ("string" in parameters) { + this.fromString(parameters.string); + } + else if ("hexstring" in parameters) { + this.fromHexString(parameters.hexstring); + } + else { + if ("length" in parameters && parameters.length > 0) { + this.length = parameters.length; + if (parameters.stub) { + for (let i = 0; i < this._view.length; i++) { + this._view[i] = parameters.stub; + } + } + } + else { + this.length = 0; + } + } + } + set buffer(value) { + this._buffer = value; + this._view = new Uint8Array(this._buffer); + } + get buffer() { + return this._buffer; + } + set view(value) { + this._buffer = new ArrayBuffer(value.length); + this._view = new Uint8Array(this._buffer); + this._view.set(value); + } + get view() { + return this._view; + } + get length() { + return this.view.byteLength; + } + set length(value) { + this._buffer = new ArrayBuffer(value); + this._view = new Uint8Array(this._buffer); + } + clear() { + this._buffer = new ArrayBuffer(0); + this._view = new Uint8Array(this._buffer); + } + fromArrayBuffer(array) { + this._buffer = array; + this._view = new Uint8Array(this._buffer); + } + fromUint8Array(array) { + this.fromArrayBuffer(new Uint8Array(array).buffer); + } + fromString(string) { + const stringLength = string.length; + this.length = stringLength; + for (let i = 0; i < stringLength; i++) + this.view[i] = string.charCodeAt(i); + } + toString(start = 0, length = (this.view.length - start)) { + let result = ""; + if ((start >= this.view.length) || (start < 0)) { + start = 0; + } + if ((length >= this.view.length) || (length < 0)) { + length = this.view.length - start; + } + for (let i = start; i < (start + length); i++) + result += String.fromCharCode(this.view[i]); + return result; + } + fromHexString(hexString) { + const stringLength = hexString.length; + this.buffer = new ArrayBuffer(stringLength >> 1); + this.view = new Uint8Array(this.buffer); + const hexMap = new Map(); + hexMap.set("0", 0x00); + hexMap.set("1", 0x01); + hexMap.set("2", 0x02); + hexMap.set("3", 0x03); + hexMap.set("4", 0x04); + hexMap.set("5", 0x05); + hexMap.set("6", 0x06); + hexMap.set("7", 0x07); + hexMap.set("8", 0x08); + hexMap.set("9", 0x09); + hexMap.set("A", 0x0A); + hexMap.set("a", 0x0A); + hexMap.set("B", 0x0B); + hexMap.set("b", 0x0B); + hexMap.set("C", 0x0C); + hexMap.set("c", 0x0C); + hexMap.set("D", 0x0D); + hexMap.set("d", 0x0D); + hexMap.set("E", 0x0E); + hexMap.set("e", 0x0E); + hexMap.set("F", 0x0F); + hexMap.set("f", 0x0F); + let j = 0; + let temp = 0x00; + for (let i = 0; i < stringLength; i++) { + if (!(i % 2)) { + temp = hexMap.get(hexString.charAt(i)) << 4; + } + else { + temp |= hexMap.get(hexString.charAt(i)); + this.view[j] = temp; + j++; + } + } + } + toHexString(start = 0, length = (this.view.length - start)) { + let result = ""; + if ((start >= this.view.length) || (start < 0)) { + start = 0; + } + if ((length >= this.view.length) || (length < 0)) { + length = this.view.length - start; + } + for (let i = start; i < (start + length); i++) { + const str = this.view[i].toString(16).toUpperCase(); + result = result + ((str.length == 1) ? "0" : "") + str; + } + return result; + } + copy(start = 0, length = (this.length - start)) { + if (!start && !this.length) { + return new ByteStream(); + } + if ((start < 0) || (start > (this.length - 1))) { + throw new Error(`Wrong start position: ${start}`); + } + const stream = new ByteStream({ + buffer: this._buffer.slice(start, start + length) + }); + return stream; + } + slice(start = 0, end = this.length) { + if (!start && !this.length) { + return new ByteStream(); + } + if ((start < 0) || (start > (this.length - 1))) { + throw new Error(`Wrong start position: ${start}`); + } + const stream = new ByteStream({ + buffer: this._buffer.slice(start, end), + }); + return stream; + } + realloc(size) { + const buffer = new ArrayBuffer(size); + const view = new Uint8Array(buffer); + if (size > this._view.length) + view.set(this._view); + else { + view.set(new Uint8Array(this._buffer, 0, size)); + } + this._buffer = buffer; + this._view = new Uint8Array(this._buffer); + } + append(stream) { + const initialSize = this.length; + const streamViewLength = stream.length; + const subarrayView = stream._view.subarray(); + this.realloc(initialSize + streamViewLength); + this._view.set(subarrayView, initialSize); + } + insert(stream, start = 0, length = (this.length - start)) { + if (start > (this.length - 1)) + return false; + if (length > (this.length - start)) { + length = this.length - start; + } + if (length > stream.length) { + length = stream.length; + } + if (length == stream.length) + this._view.set(stream._view, start); + else { + this._view.set(stream._view.subarray(0, length), start); + } + return true; + } + isEqual(stream) { + if (this.length != stream.length) + return false; + for (let i = 0; i < stream.length; i++) { + if (this.view[i] != stream.view[i]) + return false; + } + return true; + } + isEqualView(view) { + if (view.length != this.view.length) + return false; + for (let i = 0; i < view.length; i++) { + if (this.view[i] != view[i]) + return false; + } + return true; + } + findPattern(pattern, start_, length_, backward_) { + const { start, length, backward } = this.prepareFindParameters(start_, length_, backward_); + const patternLength = pattern.length; + if (patternLength > length) { + return (-1); + } + const patternArray = []; + for (let i = 0; i < patternLength; i++) + patternArray.push(pattern.view[i]); + for (let i = 0; i <= (length - patternLength); i++) { + let equal = true; + const equalStart = (backward) ? (start - patternLength - i) : (start + i); + for (let j = 0; j < patternLength; j++) { + if (this.view[j + equalStart] != patternArray[j]) { + equal = false; + break; + } + } + if (equal) { + return (backward) ? (start - patternLength - i) : (start + patternLength + i); + } + } + return (-1); + } + findFirstIn(patterns, start_, length_, backward_) { + const { start, length, backward } = this.prepareFindParameters(start_, length_, backward_); + const result = { + id: (-1), + position: (backward) ? 0 : (start + length), + length: 0 + }; + for (let i = 0; i < patterns.length; i++) { + const position = this.findPattern(patterns[i], start, length, backward); + if (position != (-1)) { + let valid = false; + const patternLength = patterns[i].length; + if (backward) { + if ((position - patternLength) >= (result.position - result.length)) + valid = true; + } + else { + if ((position - patternLength) <= (result.position - result.length)) + valid = true; + } + if (valid) { + result.position = position; + result.id = i; + result.length = patternLength; + } + } + } + return result; + } + findAllIn(patterns, start_, length_) { + let { start, length } = this.prepareFindParameters(start_, length_); + const result = []; + let patternFound = { + id: (-1), + position: start + }; + do { + const position = patternFound.position; + patternFound = this.findFirstIn(patterns, patternFound.position, length); + if (patternFound.id == (-1)) { + break; + } + length -= (patternFound.position - position); + result.push({ + id: patternFound.id, + position: patternFound.position + }); + } while (true); + return result; + } + findAllPatternIn(pattern, start_, length_) { + const { start, length } = this.prepareFindParameters(start_, length_); + const result = []; + const patternLength = pattern.length; + if (patternLength > length) { + return (-1); + } + const patternArray = Array.from(pattern.view); + for (let i = 0; i <= (length - patternLength); i++) { + let equal = true; + const equalStart = start + i; + for (let j = 0; j < patternLength; j++) { + if (this.view[j + equalStart] != patternArray[j]) { + equal = false; + break; + } + } + if (equal) { + result.push(start + patternLength + i); + i += (patternLength - 1); + } + } + return result; + } + findFirstNotIn(patterns, start_, length_, backward_) { + let { start, length, backward } = this.prepareFindParameters(start_, length_, backward_); + const result = { + left: { + id: (-1), + position: start + }, + right: { + id: (-1), + position: 0 + }, + value: new ByteStream() + }; + let currentLength = length; + while (currentLength > 0) { + result.right = this.findFirstIn(patterns, (backward) ? (start - length + currentLength) : (start + length - currentLength), currentLength, backward); + if (result.right.id == (-1)) { + length = currentLength; + if (backward) { + start -= length; + } + else { + start = result.left.position; + } + result.value = new ByteStream({ + buffer: this._buffer.slice(start, start + length), + }); + break; + } + if (result.right.position != ((backward) ? (result.left.position - patterns[result.right.id].length) : (result.left.position + patterns[result.right.id].length))) { + if (backward) { + start = result.right.position + patterns[result.right.id].length; + length = result.left.position - result.right.position - patterns[result.right.id].length; + } + else { + start = result.left.position; + length = result.right.position - result.left.position - patterns[result.right.id].length; + } + result.value = new ByteStream({ + buffer: this._buffer.slice(start, start + length), + }); + break; + } + result.left = result.right; + currentLength -= patterns[result.right.id].length; + } + if (backward) { + const temp = result.right; + result.right = result.left; + result.left = temp; + } + return result; + } + findAllNotIn(patterns, start_, length_) { + let { start, length } = this.prepareFindParameters(start_, length_); + const result = []; + let patternFound = { + left: { + id: (-1), + position: start + }, + right: { + id: (-1), + position: start + }, + value: new ByteStream() + }; + do { + const position = patternFound.right.position; + patternFound = this.findFirstNotIn(patterns, patternFound.right.position, length); + length -= (patternFound.right.position - position); + result.push({ + left: { + id: patternFound.left.id, + position: patternFound.left.position + }, + right: { + id: patternFound.right.id, + position: patternFound.right.position + }, + value: patternFound.value + }); + } while (patternFound.right.id != (-1)); + return result; + } + findFirstSequence(patterns, start_, length_, backward_) { + let { start, length, backward } = this.prepareFindParameters(start_, length_, backward_); + const firstIn = this.skipNotPatterns(patterns, start, length, backward); + if (firstIn == (-1)) { + return { + position: (-1), + value: new ByteStream() + }; + } + const firstNotIn = this.skipPatterns(patterns, firstIn, length - ((backward) ? (start - firstIn) : (firstIn - start)), backward); + if (backward) { + start = firstNotIn; + length = (firstIn - firstNotIn); + } + else { + start = firstIn; + length = (firstNotIn - firstIn); + } + const value = new ByteStream({ + buffer: this._buffer.slice(start, start + length), + }); + return { + position: firstNotIn, + value + }; + } + findAllSequences(patterns, start_, length_) { + let { start, length } = this.prepareFindParameters(start_, length_); + const result = []; + let patternFound = { + position: start, + value: new ByteStream() + }; + do { + const position = patternFound.position; + patternFound = this.findFirstSequence(patterns, patternFound.position, length); + if (patternFound.position != (-1)) { + length -= (patternFound.position - position); + result.push({ + position: patternFound.position, + value: patternFound.value, + }); + } + } while (patternFound.position != (-1)); + return result; + } + findPairedPatterns(leftPattern, rightPattern, start_, length_) { + const result = []; + if (leftPattern.isEqual(rightPattern)) + return result; + const { start, length } = this.prepareFindParameters(start_, length_); + let currentPositionLeft = 0; + const leftPatterns = this.findAllPatternIn(leftPattern, start, length); + if (!Array.isArray(leftPatterns) || leftPatterns.length == 0) { + return result; + } + const rightPatterns = this.findAllPatternIn(rightPattern, start, length); + if (!Array.isArray(rightPatterns) || rightPatterns.length == 0) { + return result; + } + while (currentPositionLeft < leftPatterns.length) { + if (rightPatterns.length == 0) { + break; + } + if (leftPatterns[0] == rightPatterns[0]) { + result.push({ + left: leftPatterns[0], + right: rightPatterns[0] + }); + leftPatterns.splice(0, 1); + rightPatterns.splice(0, 1); + continue; + } + if (leftPatterns[currentPositionLeft] > rightPatterns[0]) { + break; + } + while (leftPatterns[currentPositionLeft] < rightPatterns[0]) { + currentPositionLeft++; + if (currentPositionLeft >= leftPatterns.length) { + break; + } + } + result.push({ + left: leftPatterns[currentPositionLeft - 1], + right: rightPatterns[0] + }); + leftPatterns.splice(currentPositionLeft - 1, 1); + rightPatterns.splice(0, 1); + currentPositionLeft = 0; + } + result.sort((a, b) => (a.left - b.left)); + return result; + } + findPairedArrays(inputLeftPatterns, inputRightPatterns, start_, length_) { + const { start, length } = this.prepareFindParameters(start_, length_); + const result = []; + let currentPositionLeft = 0; + const leftPatterns = this.findAllIn(inputLeftPatterns, start, length); + if (leftPatterns.length == 0) + return result; + const rightPatterns = this.findAllIn(inputRightPatterns, start, length); + if (rightPatterns.length == 0) + return result; + while (currentPositionLeft < leftPatterns.length) { + if (rightPatterns.length == 0) { + break; + } + if (leftPatterns[0].position == rightPatterns[0].position) { + result.push({ + left: leftPatterns[0], + right: rightPatterns[0] + }); + leftPatterns.splice(0, 1); + rightPatterns.splice(0, 1); + continue; + } + if (leftPatterns[currentPositionLeft].position > rightPatterns[0].position) { + break; + } + while (leftPatterns[currentPositionLeft].position < rightPatterns[0].position) { + currentPositionLeft++; + if (currentPositionLeft >= leftPatterns.length) { + break; + } + } + result.push({ + left: leftPatterns[currentPositionLeft - 1], + right: rightPatterns[0] + }); + leftPatterns.splice(currentPositionLeft - 1, 1); + rightPatterns.splice(0, 1); + currentPositionLeft = 0; + } + result.sort((a, b) => (a.left.position - b.left.position)); + return result; + } + replacePattern(searchPattern, replacePattern, start_, length_, findAllResult = null) { + let result = []; + let i; + const output = { + status: (-1), + searchPatternPositions: [], + replacePatternPositions: [] + }; + const { start, length } = this.prepareFindParameters(start_, length_); + if (findAllResult == null) { + result = this.findAllIn([searchPattern], start, length); + if (result.length == 0) { + return output; + } + } + else { + result = findAllResult; + } + output.searchPatternPositions.push(...Array.from(result, element => element.position)); + const patternDifference = searchPattern.length - replacePattern.length; + const changedBuffer = new ArrayBuffer(this.view.length - (result.length * patternDifference)); + const changedView = new Uint8Array(changedBuffer); + changedView.set(new Uint8Array(this.buffer, 0, start)); + for (i = 0; i < result.length; i++) { + const currentPosition = (i == 0) ? start : result[i - 1].position; + changedView.set(new Uint8Array(this.buffer, currentPosition, result[i].position - searchPattern.length - currentPosition), currentPosition - i * patternDifference); + changedView.set(replacePattern.view, result[i].position - searchPattern.length - i * patternDifference); + output.replacePatternPositions.push(result[i].position - searchPattern.length - i * patternDifference); + } + i--; + changedView.set(new Uint8Array(this.buffer, result[i].position, this.length - result[i].position), result[i].position - searchPattern.length + replacePattern.length - i * patternDifference); + this.buffer = changedBuffer; + this.view = new Uint8Array(this.buffer); + output.status = 1; + return output; + } + skipPatterns(patterns, start_, length_, backward_) { + const { start, length, backward } = this.prepareFindParameters(start_, length_, backward_); + let result = start; + for (let k = 0; k < patterns.length; k++) { + const patternLength = patterns[k].length; + const equalStart = (backward) ? (result - patternLength) : (result); + let equal = true; + for (let j = 0; j < patternLength; j++) { + if (this.view[j + equalStart] != patterns[k].view[j]) { + equal = false; + break; + } + } + if (equal) { + k = (-1); + if (backward) { + result -= patternLength; + if (result <= 0) + return result; + } + else { + result += patternLength; + if (result >= (start + length)) + return result; + } + } + } + return result; + } + skipNotPatterns(patterns, start_, length_, backward_) { + const { start, length, backward } = this.prepareFindParameters(start_, length_, backward_); + let result = (-1); + for (let i = 0; i < length; i++) { + for (let k = 0; k < patterns.length; k++) { + const patternLength = patterns[k].length; + const equalStart = (backward) ? (start - i - patternLength) : (start + i); + let equal = true; + for (let j = 0; j < patternLength; j++) { + if (this.view[j + equalStart] != patterns[k].view[j]) { + equal = false; + break; + } + } + if (equal) { + result = (backward) ? (start - i) : (start + i); + break; + } + } + if (result != (-1)) { + break; + } + } + return result; + } + prepareFindParameters(start = null, length = null, backward = false) { + if (start === null) { + start = (backward) ? this.length : 0; + } + if (start > this.length) { + start = this.length; + } + if (backward) { + if (length === null) { + length = start; + } + if (length > start) { + length = start; + } + } + else { + if (length === null) { + length = this.length - start; + } + if (length > (this.length - start)) { + length = this.length - start; + } + } + return { start, length, backward }; + } +} + +class SeqStream { + constructor(parameters = {}) { + this._stream = new ByteStream(); + this._length = 0; + this._start = 0; + this.backward = false; + this.appendBlock = 0; + this.prevLength = 0; + this.prevStart = 0; + if ("view" in parameters) { + this.stream = new ByteStream({ view: parameters.view }); + } + else if ("buffer" in parameters) { + this.stream = new ByteStream({ buffer: parameters.buffer }); + } + else if ("string" in parameters) { + this.stream = new ByteStream({ string: parameters.string }); + } + else if ("hexstring" in parameters) { + this.stream = new ByteStream({ hexstring: parameters.hexstring }); + } + else if ("stream" in parameters) { + this.stream = parameters.stream.slice(); + } + else { + this.stream = new ByteStream(); + } + if ("backward" in parameters && parameters.backward) { + this.backward = parameters.backward; + this._start = this.stream.length; + } + if ("length" in parameters && parameters.length > 0) { + this._length = parameters.length; + } + if ("start" in parameters && parameters.start && parameters.start > 0) { + this._start = parameters.start; + } + if ("appendBlock" in parameters && parameters.appendBlock && parameters.appendBlock > 0) { + this.appendBlock = parameters.appendBlock; + } + } + set stream(value) { + this._stream = value; + this.prevLength = this._length; + this._length = value.length; + this.prevStart = this._start; + this._start = 0; + } + get stream() { + return this._stream; + } + set length(value) { + this.prevLength = this._length; + this._length = value; + } + get length() { + if (this.appendBlock) { + return this.start; + } + return this._length; + } + set start(value) { + if (value > this.stream.length) + return; + this.prevStart = this._start; + this.prevLength = this._length; + this._length -= (this.backward) ? (this._start - value) : (value - this._start); + this._start = value; + } + get start() { + return this._start; + } + get buffer() { + return this._stream.buffer.slice(0, this._length); + } + resetPosition() { + this._start = this.prevStart; + this._length = this.prevLength; + } + findPattern(pattern, gap = null) { + if ((gap == null) || (gap > this.length)) { + gap = this.length; + } + const result = this.stream.findPattern(pattern, this.start, this.length, this.backward); + if (result == (-1)) + return result; + if (this.backward) { + if (result < (this.start - pattern.length - gap)) { + return (-1); + } + } + else { + if (result > (this.start + pattern.length + gap)) { + return (-1); + } + } + this.start = result; + return result; + } + findFirstIn(patterns, gap = null) { + if ((gap == null) || (gap > this.length)) { + gap = this.length; + } + const result = this.stream.findFirstIn(patterns, this.start, this.length, this.backward); + if (result.id == (-1)) + return result; + if (this.backward) { + if (result.position < (this.start - patterns[result.id].length - gap)) { + return { + id: (-1), + position: (this.backward) ? 0 : (this.start + this.length) + }; + } + } + else { + if (result.position > (this.start + patterns[result.id].length + gap)) { + return { + id: (-1), + position: (this.backward) ? 0 : (this.start + this.length) + }; + } + } + this.start = result.position; + return result; + } + findAllIn(patterns) { + const start = (this.backward) ? (this.start - this.length) : this.start; + return this.stream.findAllIn(patterns, start, this.length); + } + findFirstNotIn(patterns, gap = null) { + if ((gap == null) || (gap > this._length)) { + gap = this._length; + } + const result = this._stream.findFirstNotIn(patterns, this._start, this._length, this.backward); + if ((result.left.id == (-1)) && (result.right.id == (-1))) { + return result; + } + if (this.backward) { + if (result.right.id != (-1)) { + if (result.right.position < (this._start - patterns[result.right.id].length - gap)) { + return { + left: { + id: (-1), + position: this._start + }, + right: { + id: (-1), + position: 0 + }, + value: new ByteStream() + }; + } + } + } + else { + if (result.left.id != (-1)) { + if (result.left.position > (this._start + patterns[result.left.id].length + gap)) { + return { + left: { + id: (-1), + position: this._start + }, + right: { + id: (-1), + position: 0 + }, + value: new ByteStream() + }; + } + } + } + if (this.backward) { + if (result.left.id == (-1)) { + this.start = 0; + } + else { + this.start = result.left.position; + } + } + else { + if (result.right.id == (-1)) { + this.start = (this._start + this._length); + } + else { + this.start = result.right.position; + } + } + return result; + } + findAllNotIn(patterns) { + const start = (this.backward) ? (this._start - this._length) : this._start; + return this._stream.findAllNotIn(patterns, start, this._length); + } + findFirstSequence(patterns, length = null, gap = null) { + if ((length == null) || (length > this._length)) { + length = this._length; + } + if ((gap == null) || (gap > length)) { + gap = length; + } + const result = this._stream.findFirstSequence(patterns, this._start, length, this.backward); + if (result.value.length == 0) { + return result; + } + if (this.backward) { + if (result.position < (this._start - result.value.length - gap)) { + return { + position: (-1), + value: new ByteStream() + }; + } + } + else { + if (result.position > (this._start + result.value.length + gap)) { + return { + position: (-1), + value: new ByteStream() + }; + } + } + this.start = result.position; + return result; + } + findAllSequences(patterns) { + const start = (this.backward) ? (this.start - this.length) : this.start; + return this.stream.findAllSequences(patterns, start, this.length); + } + findPairedPatterns(leftPattern, rightPattern, gap = null) { + if ((gap == null) || (gap > this.length)) { + gap = this.length; + } + const start = (this.backward) ? (this.start - this.length) : this.start; + const result = this.stream.findPairedPatterns(leftPattern, rightPattern, start, this.length); + if (result.length) { + if (this.backward) { + if (result[0].right < (this.start - rightPattern.length - gap)) { + return []; + } + } + else { + if (result[0].left > (this.start + leftPattern.length + gap)) { + return []; + } + } + } + return result; + } + findPairedArrays(leftPatterns, rightPatterns, gap = null) { + if ((gap == null) || (gap > this.length)) { + gap = this.length; + } + const start = (this.backward) ? (this.start - this.length) : this.start; + const result = this.stream.findPairedArrays(leftPatterns, rightPatterns, start, this.length); + if (result.length) { + if (this.backward) { + if (result[0].right.position < (this.start - rightPatterns[result[0].right.id].length - gap)) { + return []; + } + } + else { + if (result[0].left.position > (this.start + leftPatterns[result[0].left.id].length + gap)) { + return []; + } + } + } + return result; + } + replacePattern(searchPattern, replacePattern) { + const start = (this.backward) ? (this.start - this.length) : this.start; + return this.stream.replacePattern(searchPattern, replacePattern, start, this.length); + } + skipPatterns(patterns) { + const result = this.stream.skipPatterns(patterns, this.start, this.length, this.backward); + this.start = result; + return result; + } + skipNotPatterns(patterns) { + const result = this.stream.skipNotPatterns(patterns, this.start, this.length, this.backward); + if (result == (-1)) + return (-1); + this.start = result; + return result; + } + append(stream) { + this.beforeAppend(stream.length); + this._stream.view.set(stream.view, this._start); + this._length += (stream.length * 2); + this.start = (this._start + stream.length); + this.prevLength -= (stream.length * 2); + } + appendView(view) { + this.beforeAppend(view.length); + this._stream.view.set(view, this._start); + this._length += (view.length * 2); + this.start = (this._start + view.length); + this.prevLength -= (view.length * 2); + } + appendChar(char) { + this.beforeAppend(1); + this._stream.view[this._start] = char; + this._length += 2; + this.start = (this._start + 1); + this.prevLength -= 2; + } + appendUint16(number) { + this.beforeAppend(2); + const value = new Uint16Array([number]); + const view = new Uint8Array(value.buffer); + this.stream.view[this._start] = view[1]; + this._stream.view[this._start + 1] = view[0]; + this._length += 4; + this.start = this._start + 2; + this.prevLength -= 4; + } + appendUint24(number) { + this.beforeAppend(3); + const value = new Uint32Array([number]); + const view = new Uint8Array(value.buffer); + this._stream.view[this._start] = view[2]; + this._stream.view[this._start + 1] = view[1]; + this._stream.view[this._start + 2] = view[0]; + this._length += 6; + this.start = (this._start + 3); + this.prevLength -= 6; + } + appendUint32(number) { + this.beforeAppend(4); + const value = new Uint32Array([number]); + const view = new Uint8Array(value.buffer); + this._stream.view[this._start] = view[3]; + this._stream.view[this._start + 1] = view[2]; + this._stream.view[this._start + 2] = view[1]; + this._stream.view[this._start + 3] = view[0]; + this._length += 8; + this.start = (this._start + 4); + this.prevLength -= 8; + } + appendInt16(number) { + this.beforeAppend(2); + const value = new Int16Array([number]); + const view = new Uint8Array(value.buffer); + this._stream.view[this._start] = view[1]; + this._stream.view[this._start + 1] = view[0]; + this._length += 4; + this.start = (this._start + 2); + this.prevLength -= 4; + } + appendInt32(number) { + this.beforeAppend(4); + const value = new Int32Array([number]); + const view = new Uint8Array(value.buffer); + this._stream.view[this._start] = view[3]; + this._stream.view[this._start + 1] = view[2]; + this._stream.view[this._start + 2] = view[1]; + this._stream.view[this._start + 3] = view[0]; + this._length += 8; + this.start = (this._start + 4); + this.prevLength -= 8; + } + getBlock(size, changeLength = true) { + if (this._length <= 0) { + return new Uint8Array(0); + } + if (this._length < size) { + size = this._length; + } + let result; + if (this.backward) { + const view = this._stream.view.subarray(this._length - size, this._length); + result = new Uint8Array(size); + for (let i = 0; i < size; i++) { + result[size - 1 - i] = view[i]; + } + } + else { + result = this._stream.view.subarray(this._start, this._start + size); + } + if (changeLength) { + this.start += ((this.backward) ? ((-1) * size) : size); + } + return result; + } + getUint16(changeLength = true) { + const block = this.getBlock(2, changeLength); + if (block.length < 2) + return 0; + const value = new Uint16Array(1); + const view = new Uint8Array(value.buffer); + view[0] = block[1]; + view[1] = block[0]; + return value[0]; + } + getInt16(changeLength = true) { + const block = this.getBlock(2, changeLength); + if (block.length < 2) + return 0; + const value = new Int16Array(1); + const view = new Uint8Array(value.buffer); + view[0] = block[1]; + view[1] = block[0]; + return value[0]; + } + getUint24(changeLength = true) { + const block = this.getBlock(3, changeLength); + if (block.length < 3) + return 0; + const value = new Uint32Array(1); + const view = new Uint8Array(value.buffer); + for (let i = 3; i >= 1; i--) { + view[3 - i] = block[i - 1]; + } + return value[0]; + } + getUint32(changeLength = true) { + const block = this.getBlock(4, changeLength); + if (block.length < 4) { + return 0; + } + const value = new Uint32Array(1); + const view = new Uint8Array(value.buffer); + for (let i = 3; i >= 0; i--) { + view[3 - i] = block[i]; + } + return value[0]; + } + getInt32(changeLength = true) { + const block = this.getBlock(4, changeLength); + if (block.length < 4) + return 0; + const value = new Int32Array(1); + const view = new Uint8Array(value.buffer); + for (let i = 3; i >= 0; i--) { + view[3 - i] = block[i]; + } + return value[0]; + } + beforeAppend(size) { + if ((this._start + size) > this._stream.length) { + if (size > this.appendBlock) { + this.appendBlock = size + SeqStream.APPEND_BLOCK; + } + this._stream.realloc(this._stream.length + this.appendBlock); + } + } +} +SeqStream.APPEND_BLOCK = 1000; + +/****************************************************************************** +Copyright (c) Microsoft Corporation. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR +OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. +***************************************************************************** */ + +function __awaiter(thisArg, _arguments, P, generator) { + function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } + return new (P || (P = Promise))(function (resolve, reject) { + function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } + function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } + function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); +} + +var _a; +class ECNamedCurves { + static register(name, id, size) { + this.namedCurves[name.toLowerCase()] = this.namedCurves[id] = { name, id, size }; + } + static find(nameOrId) { + return this.namedCurves[nameOrId.toLowerCase()] || null; + } +} +_a = ECNamedCurves; +ECNamedCurves.namedCurves = {}; +(() => { + _a.register("P-256", "1.2.840.10045.3.1.7", 32); + _a.register("P-384", "1.3.132.0.34", 48); + _a.register("P-521", "1.3.132.0.35", 66); + _a.register("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", 32); + _a.register("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", 48); + _a.register("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", 64); +})(); + +const X = "x"; +const Y = "y"; +const NAMED_CURVE$1 = "namedCurve"; +class ECPublicKey extends PkiObject { + constructor(parameters = {}) { + super(); + this.x = getParametersValue(parameters, X, ECPublicKey.defaultValues(X)); + this.y = getParametersValue(parameters, Y, ECPublicKey.defaultValues(Y)); + this.namedCurve = getParametersValue(parameters, NAMED_CURVE$1, ECPublicKey.defaultValues(NAMED_CURVE$1)); + if (parameters.json) { + this.fromJSON(parameters.json); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case X: + case Y: + return EMPTY_BUFFER; + case NAMED_CURVE$1: + return EMPTY_STRING; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case X: + case Y: + return memberValue instanceof ArrayBuffer && + (isEqualBuffer(memberValue, ECPublicKey.defaultValues(memberName))); + case NAMED_CURVE$1: + return typeof memberValue === "string" && + memberValue === ECPublicKey.defaultValues(memberName); + default: + return super.defaultValues(memberName); + } + } + static schema() { + return new RawData(); + } + fromSchema(schema1) { + const view = BufferSourceConverter.toUint8Array(schema1); + if (view[0] !== 0x04) { + throw new Error("Object's schema was not verified against input data for ECPublicKey"); + } + const namedCurve = ECNamedCurves.find(this.namedCurve); + if (!namedCurve) { + throw new Error(`Incorrect curve OID: ${this.namedCurve}`); + } + const coordinateLength = namedCurve.size; + if (view.byteLength !== (coordinateLength * 2 + 1)) { + throw new Error("Object's schema was not verified against input data for ECPublicKey"); + } + this.namedCurve = namedCurve.name; + this.x = view.slice(1, coordinateLength + 1).buffer; + this.y = view.slice(1 + coordinateLength, coordinateLength * 2 + 1).buffer; + } + toSchema() { + return new RawData({ + data: utilConcatBuf((new Uint8Array([0x04])).buffer, this.x, this.y) + }); + } + toJSON() { + const namedCurve = ECNamedCurves.find(this.namedCurve); + return { + crv: namedCurve ? namedCurve.name : this.namedCurve, + x: toBase64(arrayBufferToString(this.x), true, true, false), + y: toBase64(arrayBufferToString(this.y), true, true, false) + }; + } + fromJSON(json) { + ParameterError.assert("json", json, "crv", "x", "y"); + let coordinateLength = 0; + const namedCurve = ECNamedCurves.find(json.crv); + if (namedCurve) { + this.namedCurve = namedCurve.id; + coordinateLength = namedCurve.size; + } + const xConvertBuffer = stringToArrayBuffer(fromBase64(json.x, true)); + if (xConvertBuffer.byteLength < coordinateLength) { + this.x = new ArrayBuffer(coordinateLength); + const view = new Uint8Array(this.x); + const convertBufferView = new Uint8Array(xConvertBuffer); + view.set(convertBufferView, 1); + } + else { + this.x = xConvertBuffer.slice(0, coordinateLength); + } + const yConvertBuffer = stringToArrayBuffer(fromBase64(json.y, true)); + if (yConvertBuffer.byteLength < coordinateLength) { + this.y = new ArrayBuffer(coordinateLength); + const view = new Uint8Array(this.y); + const convertBufferView = new Uint8Array(yConvertBuffer); + view.set(convertBufferView, 1); + } + else { + this.y = yConvertBuffer.slice(0, coordinateLength); + } + } +} +ECPublicKey.CLASS_NAME = "ECPublicKey"; + +const MODULUS$1 = "modulus"; +const PUBLIC_EXPONENT$1 = "publicExponent"; +const CLEAR_PROPS$1b = [MODULUS$1, PUBLIC_EXPONENT$1]; +class RSAPublicKey extends PkiObject { + constructor(parameters = {}) { + super(); + this.modulus = getParametersValue(parameters, MODULUS$1, RSAPublicKey.defaultValues(MODULUS$1)); + this.publicExponent = getParametersValue(parameters, PUBLIC_EXPONENT$1, RSAPublicKey.defaultValues(PUBLIC_EXPONENT$1)); + if (parameters.json) { + this.fromJSON(parameters.json); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case MODULUS$1: + return new Integer(); + case PUBLIC_EXPONENT$1: + return new Integer(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.modulus || EMPTY_STRING) }), + new Integer({ name: (names.publicExponent || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1b); + const asn1 = compareSchema(schema, schema, RSAPublicKey.schema({ + names: { + modulus: MODULUS$1, + publicExponent: PUBLIC_EXPONENT$1 + } + })); + AsnError.assertSchema(asn1, this.className); + this.modulus = asn1.result.modulus.convertFromDER(256); + this.publicExponent = asn1.result.publicExponent; + } + toSchema() { + return (new Sequence({ + value: [ + this.modulus.convertToDER(), + this.publicExponent + ] + })); + } + toJSON() { + return { + n: Convert.ToBase64Url(this.modulus.valueBlock.valueHexView), + e: Convert.ToBase64Url(this.publicExponent.valueBlock.valueHexView), + }; + } + fromJSON(json) { + ParameterError.assert("json", json, "n", "e"); + const array = stringToArrayBuffer(fromBase64(json.n, true)); + this.modulus = new Integer({ valueHex: array.slice(0, Math.pow(2, nearestPowerOf2(array.byteLength))) }); + this.publicExponent = new Integer({ valueHex: stringToArrayBuffer(fromBase64(json.e, true)).slice(0, 3) }); + } +} +RSAPublicKey.CLASS_NAME = "RSAPublicKey"; + +const ALGORITHM$1 = "algorithm"; +const SUBJECT_PUBLIC_KEY = "subjectPublicKey"; +const CLEAR_PROPS$1a = [ALGORITHM$1, SUBJECT_PUBLIC_KEY]; +class PublicKeyInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.algorithm = getParametersValue(parameters, ALGORITHM$1, PublicKeyInfo.defaultValues(ALGORITHM$1)); + this.subjectPublicKey = getParametersValue(parameters, SUBJECT_PUBLIC_KEY, PublicKeyInfo.defaultValues(SUBJECT_PUBLIC_KEY)); + const parsedKey = getParametersValue(parameters, "parsedKey", null); + if (parsedKey) { + this.parsedKey = parsedKey; + } + if (parameters.json) { + this.fromJSON(parameters.json); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + get parsedKey() { + if (this._parsedKey === undefined) { + switch (this.algorithm.algorithmId) { + case "1.2.840.10045.2.1": + if ("algorithmParams" in this.algorithm) { + if (this.algorithm.algorithmParams.constructor.blockName() === ObjectIdentifier.blockName()) { + try { + this._parsedKey = new ECPublicKey({ + namedCurve: this.algorithm.algorithmParams.valueBlock.toString(), + schema: this.subjectPublicKey.valueBlock.valueHexView + }); + } + catch (ex) { + } + } + } + break; + case "1.2.840.113549.1.1.1": + { + const publicKeyASN1 = fromBER(this.subjectPublicKey.valueBlock.valueHexView); + if (publicKeyASN1.offset !== -1) { + try { + this._parsedKey = new RSAPublicKey({ schema: publicKeyASN1.result }); + } + catch (ex) { + } + } + } + break; + } + this._parsedKey || (this._parsedKey = null); + } + return this._parsedKey || undefined; + } + set parsedKey(value) { + this._parsedKey = value; + } + static defaultValues(memberName) { + switch (memberName) { + case ALGORITHM$1: + return new AlgorithmIdentifier(); + case SUBJECT_PUBLIC_KEY: + return new BitString(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + AlgorithmIdentifier.schema(names.algorithm || {}), + new BitString({ name: (names.subjectPublicKey || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1a); + const asn1 = compareSchema(schema, schema, PublicKeyInfo.schema({ + names: { + algorithm: { + names: { + blockName: ALGORITHM$1 + } + }, + subjectPublicKey: SUBJECT_PUBLIC_KEY + } + })); + AsnError.assertSchema(asn1, this.className); + this.algorithm = new AlgorithmIdentifier({ schema: asn1.result.algorithm }); + this.subjectPublicKey = asn1.result.subjectPublicKey; + } + toSchema() { + return (new Sequence({ + value: [ + this.algorithm.toSchema(), + this.subjectPublicKey + ] + })); + } + toJSON() { + if (!this.parsedKey) { + return { + algorithm: this.algorithm.toJSON(), + subjectPublicKey: this.subjectPublicKey.toJSON(), + }; + } + const jwk = {}; + switch (this.algorithm.algorithmId) { + case "1.2.840.10045.2.1": + jwk.kty = "EC"; + break; + case "1.2.840.113549.1.1.1": + jwk.kty = "RSA"; + break; + } + const publicKeyJWK = this.parsedKey.toJSON(); + Object.assign(jwk, publicKeyJWK); + return jwk; + } + fromJSON(json) { + if ("kty" in json) { + switch (json.kty.toUpperCase()) { + case "EC": + this.parsedKey = new ECPublicKey({ json }); + this.algorithm = new AlgorithmIdentifier({ + algorithmId: "1.2.840.10045.2.1", + algorithmParams: new ObjectIdentifier({ value: this.parsedKey.namedCurve }) + }); + break; + case "RSA": + this.parsedKey = new RSAPublicKey({ json }); + this.algorithm = new AlgorithmIdentifier({ + algorithmId: "1.2.840.113549.1.1.1", + algorithmParams: new Null() + }); + break; + default: + throw new Error(`Invalid value for "kty" parameter: ${json.kty}`); + } + this.subjectPublicKey = new BitString({ valueHex: this.parsedKey.toSchema().toBER(false) }); + } + } + importKey(publicKey, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + try { + if (!publicKey) { + throw new Error("Need to provide publicKey input parameter"); + } + const exportedKey = yield crypto.exportKey("spki", publicKey); + const asn1 = fromBER(exportedKey); + try { + this.fromSchema(asn1.result); + } + catch (exception) { + throw new Error("Error during initializing object from schema"); + } + } + catch (e) { + const message = e instanceof Error ? e.message : `${e}`; + throw new Error(`Error during exporting public key: ${message}`); + } + }); + } +} +PublicKeyInfo.CLASS_NAME = "PublicKeyInfo"; + +const VERSION$l = "version"; +const PRIVATE_KEY$1 = "privateKey"; +const NAMED_CURVE = "namedCurve"; +const PUBLIC_KEY$1 = "publicKey"; +const CLEAR_PROPS$19 = [ + VERSION$l, + PRIVATE_KEY$1, + NAMED_CURVE, + PUBLIC_KEY$1 +]; +class ECPrivateKey extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$l, ECPrivateKey.defaultValues(VERSION$l)); + this.privateKey = getParametersValue(parameters, PRIVATE_KEY$1, ECPrivateKey.defaultValues(PRIVATE_KEY$1)); + if (NAMED_CURVE in parameters) { + this.namedCurve = getParametersValue(parameters, NAMED_CURVE, ECPrivateKey.defaultValues(NAMED_CURVE)); + } + if (PUBLIC_KEY$1 in parameters) { + this.publicKey = getParametersValue(parameters, PUBLIC_KEY$1, ECPrivateKey.defaultValues(PUBLIC_KEY$1)); + } + if (parameters.json) { + this.fromJSON(parameters.json); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$l: + return 1; + case PRIVATE_KEY$1: + return new OctetString(); + case NAMED_CURVE: + return EMPTY_STRING; + case PUBLIC_KEY$1: + return new ECPublicKey(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VERSION$l: + return (memberValue === ECPrivateKey.defaultValues(memberName)); + case PRIVATE_KEY$1: + return (memberValue.isEqual(ECPrivateKey.defaultValues(memberName))); + case NAMED_CURVE: + return (memberValue === EMPTY_STRING); + case PUBLIC_KEY$1: + return ((ECPublicKey.compareWithDefault(NAMED_CURVE, memberValue.namedCurve)) && + (ECPublicKey.compareWithDefault("x", memberValue.x)) && + (ECPublicKey.compareWithDefault("y", memberValue.y))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.version || EMPTY_STRING) }), + new OctetString({ name: (names.privateKey || EMPTY_STRING) }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new ObjectIdentifier({ name: (names.namedCurve || EMPTY_STRING) }) + ] + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [ + new BitString({ name: (names.publicKey || EMPTY_STRING) }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$19); + const asn1 = compareSchema(schema, schema, ECPrivateKey.schema({ + names: { + version: VERSION$l, + privateKey: PRIVATE_KEY$1, + namedCurve: NAMED_CURVE, + publicKey: PUBLIC_KEY$1 + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + this.privateKey = asn1.result.privateKey; + if (NAMED_CURVE in asn1.result) { + this.namedCurve = asn1.result.namedCurve.valueBlock.toString(); + } + if (PUBLIC_KEY$1 in asn1.result) { + const publicKeyData = { schema: asn1.result.publicKey.valueBlock.valueHex }; + if (NAMED_CURVE in this) { + publicKeyData.namedCurve = this.namedCurve; + } + this.publicKey = new ECPublicKey(publicKeyData); + } + } + toSchema() { + const outputArray = [ + new Integer({ value: this.version }), + this.privateKey + ]; + if (this.namedCurve) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new ObjectIdentifier({ value: this.namedCurve }) + ] + })); + } + if (this.publicKey) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [ + new BitString({ valueHex: this.publicKey.toSchema().toBER(false) }) + ] + })); + } + return new Sequence({ + value: outputArray + }); + } + toJSON() { + if (!this.namedCurve || ECPrivateKey.compareWithDefault(NAMED_CURVE, this.namedCurve)) { + throw new Error("Not enough information for making JSON: absent \"namedCurve\" value"); + } + const curve = ECNamedCurves.find(this.namedCurve); + const privateKeyJSON = { + crv: curve ? curve.name : this.namedCurve, + d: Convert.ToBase64Url(this.privateKey.valueBlock.valueHexView), + }; + if (this.publicKey) { + const publicKeyJSON = this.publicKey.toJSON(); + privateKeyJSON.x = publicKeyJSON.x; + privateKeyJSON.y = publicKeyJSON.y; + } + return privateKeyJSON; + } + fromJSON(json) { + ParameterError.assert("json", json, "crv", "d"); + let coordinateLength = 0; + const curve = ECNamedCurves.find(json.crv); + if (curve) { + this.namedCurve = curve.id; + coordinateLength = curve.size; + } + const convertBuffer = Convert.FromBase64Url(json.d); + if (convertBuffer.byteLength < coordinateLength) { + const buffer = new ArrayBuffer(coordinateLength); + const view = new Uint8Array(buffer); + const convertBufferView = new Uint8Array(convertBuffer); + view.set(convertBufferView, 1); + this.privateKey = new OctetString({ valueHex: buffer }); + } + else { + this.privateKey = new OctetString({ valueHex: convertBuffer.slice(0, coordinateLength) }); + } + if (json.x && json.y) { + this.publicKey = new ECPublicKey({ json }); + } + } +} +ECPrivateKey.CLASS_NAME = "ECPrivateKey"; + +const PRIME = "prime"; +const EXPONENT = "exponent"; +const COEFFICIENT$1 = "coefficient"; +const CLEAR_PROPS$18 = [ + PRIME, + EXPONENT, + COEFFICIENT$1, +]; +class OtherPrimeInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.prime = getParametersValue(parameters, PRIME, OtherPrimeInfo.defaultValues(PRIME)); + this.exponent = getParametersValue(parameters, EXPONENT, OtherPrimeInfo.defaultValues(EXPONENT)); + this.coefficient = getParametersValue(parameters, COEFFICIENT$1, OtherPrimeInfo.defaultValues(COEFFICIENT$1)); + if (parameters.json) { + this.fromJSON(parameters.json); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case PRIME: + return new Integer(); + case EXPONENT: + return new Integer(); + case COEFFICIENT$1: + return new Integer(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.prime || EMPTY_STRING) }), + new Integer({ name: (names.exponent || EMPTY_STRING) }), + new Integer({ name: (names.coefficient || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$18); + const asn1 = compareSchema(schema, schema, OtherPrimeInfo.schema({ + names: { + prime: PRIME, + exponent: EXPONENT, + coefficient: COEFFICIENT$1 + } + })); + AsnError.assertSchema(asn1, this.className); + this.prime = asn1.result.prime.convertFromDER(); + this.exponent = asn1.result.exponent.convertFromDER(); + this.coefficient = asn1.result.coefficient.convertFromDER(); + } + toSchema() { + return (new Sequence({ + value: [ + this.prime.convertToDER(), + this.exponent.convertToDER(), + this.coefficient.convertToDER() + ] + })); + } + toJSON() { + return { + r: Convert.ToBase64Url(this.prime.valueBlock.valueHexView), + d: Convert.ToBase64Url(this.exponent.valueBlock.valueHexView), + t: Convert.ToBase64Url(this.coefficient.valueBlock.valueHexView), + }; + } + fromJSON(json) { + ParameterError.assert("json", json, "r", "d", "r"); + this.prime = new Integer({ valueHex: Convert.FromBase64Url(json.r) }); + this.exponent = new Integer({ valueHex: Convert.FromBase64Url(json.d) }); + this.coefficient = new Integer({ valueHex: Convert.FromBase64Url(json.t) }); + } +} +OtherPrimeInfo.CLASS_NAME = "OtherPrimeInfo"; + +const VERSION$k = "version"; +const MODULUS = "modulus"; +const PUBLIC_EXPONENT = "publicExponent"; +const PRIVATE_EXPONENT = "privateExponent"; +const PRIME1 = "prime1"; +const PRIME2 = "prime2"; +const EXPONENT1 = "exponent1"; +const EXPONENT2 = "exponent2"; +const COEFFICIENT = "coefficient"; +const OTHER_PRIME_INFOS = "otherPrimeInfos"; +const CLEAR_PROPS$17 = [ + VERSION$k, + MODULUS, + PUBLIC_EXPONENT, + PRIVATE_EXPONENT, + PRIME1, + PRIME2, + EXPONENT1, + EXPONENT2, + COEFFICIENT, + OTHER_PRIME_INFOS +]; +class RSAPrivateKey extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$k, RSAPrivateKey.defaultValues(VERSION$k)); + this.modulus = getParametersValue(parameters, MODULUS, RSAPrivateKey.defaultValues(MODULUS)); + this.publicExponent = getParametersValue(parameters, PUBLIC_EXPONENT, RSAPrivateKey.defaultValues(PUBLIC_EXPONENT)); + this.privateExponent = getParametersValue(parameters, PRIVATE_EXPONENT, RSAPrivateKey.defaultValues(PRIVATE_EXPONENT)); + this.prime1 = getParametersValue(parameters, PRIME1, RSAPrivateKey.defaultValues(PRIME1)); + this.prime2 = getParametersValue(parameters, PRIME2, RSAPrivateKey.defaultValues(PRIME2)); + this.exponent1 = getParametersValue(parameters, EXPONENT1, RSAPrivateKey.defaultValues(EXPONENT1)); + this.exponent2 = getParametersValue(parameters, EXPONENT2, RSAPrivateKey.defaultValues(EXPONENT2)); + this.coefficient = getParametersValue(parameters, COEFFICIENT, RSAPrivateKey.defaultValues(COEFFICIENT)); + if (OTHER_PRIME_INFOS in parameters) { + this.otherPrimeInfos = getParametersValue(parameters, OTHER_PRIME_INFOS, RSAPrivateKey.defaultValues(OTHER_PRIME_INFOS)); + } + if (parameters.json) { + this.fromJSON(parameters.json); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$k: + return 0; + case MODULUS: + return new Integer(); + case PUBLIC_EXPONENT: + return new Integer(); + case PRIVATE_EXPONENT: + return new Integer(); + case PRIME1: + return new Integer(); + case PRIME2: + return new Integer(); + case EXPONENT1: + return new Integer(); + case EXPONENT2: + return new Integer(); + case COEFFICIENT: + return new Integer(); + case OTHER_PRIME_INFOS: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.version || EMPTY_STRING) }), + new Integer({ name: (names.modulus || EMPTY_STRING) }), + new Integer({ name: (names.publicExponent || EMPTY_STRING) }), + new Integer({ name: (names.privateExponent || EMPTY_STRING) }), + new Integer({ name: (names.prime1 || EMPTY_STRING) }), + new Integer({ name: (names.prime2 || EMPTY_STRING) }), + new Integer({ name: (names.exponent1 || EMPTY_STRING) }), + new Integer({ name: (names.exponent2 || EMPTY_STRING) }), + new Integer({ name: (names.coefficient || EMPTY_STRING) }), + new Sequence({ + optional: true, + value: [ + new Repeated({ + name: (names.otherPrimeInfosName || EMPTY_STRING), + value: OtherPrimeInfo.schema(names.otherPrimeInfo || {}) + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$17); + const asn1 = compareSchema(schema, schema, RSAPrivateKey.schema({ + names: { + version: VERSION$k, + modulus: MODULUS, + publicExponent: PUBLIC_EXPONENT, + privateExponent: PRIVATE_EXPONENT, + prime1: PRIME1, + prime2: PRIME2, + exponent1: EXPONENT1, + exponent2: EXPONENT2, + coefficient: COEFFICIENT, + otherPrimeInfo: { + names: { + blockName: OTHER_PRIME_INFOS + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + this.modulus = asn1.result.modulus.convertFromDER(256); + this.publicExponent = asn1.result.publicExponent; + this.privateExponent = asn1.result.privateExponent.convertFromDER(256); + this.prime1 = asn1.result.prime1.convertFromDER(128); + this.prime2 = asn1.result.prime2.convertFromDER(128); + this.exponent1 = asn1.result.exponent1.convertFromDER(128); + this.exponent2 = asn1.result.exponent2.convertFromDER(128); + this.coefficient = asn1.result.coefficient.convertFromDER(128); + if (OTHER_PRIME_INFOS in asn1.result) + this.otherPrimeInfos = Array.from(asn1.result.otherPrimeInfos, element => new OtherPrimeInfo({ schema: element })); + } + toSchema() { + const outputArray = []; + outputArray.push(new Integer({ value: this.version })); + outputArray.push(this.modulus.convertToDER()); + outputArray.push(this.publicExponent); + outputArray.push(this.privateExponent.convertToDER()); + outputArray.push(this.prime1.convertToDER()); + outputArray.push(this.prime2.convertToDER()); + outputArray.push(this.exponent1.convertToDER()); + outputArray.push(this.exponent2.convertToDER()); + outputArray.push(this.coefficient.convertToDER()); + if (this.otherPrimeInfos) { + outputArray.push(new Sequence({ + value: Array.from(this.otherPrimeInfos, o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const jwk = { + n: Convert.ToBase64Url(this.modulus.valueBlock.valueHexView), + e: Convert.ToBase64Url(this.publicExponent.valueBlock.valueHexView), + d: Convert.ToBase64Url(this.privateExponent.valueBlock.valueHexView), + p: Convert.ToBase64Url(this.prime1.valueBlock.valueHexView), + q: Convert.ToBase64Url(this.prime2.valueBlock.valueHexView), + dp: Convert.ToBase64Url(this.exponent1.valueBlock.valueHexView), + dq: Convert.ToBase64Url(this.exponent2.valueBlock.valueHexView), + qi: Convert.ToBase64Url(this.coefficient.valueBlock.valueHexView), + }; + if (this.otherPrimeInfos) { + jwk.oth = Array.from(this.otherPrimeInfos, o => o.toJSON()); + } + return jwk; + } + fromJSON(json) { + ParameterError.assert("json", json, "n", "e", "d", "p", "q", "dp", "dq", "qi"); + this.modulus = new Integer({ valueHex: Convert.FromBase64Url(json.n) }); + this.publicExponent = new Integer({ valueHex: Convert.FromBase64Url(json.e) }); + this.privateExponent = new Integer({ valueHex: Convert.FromBase64Url(json.d) }); + this.prime1 = new Integer({ valueHex: Convert.FromBase64Url(json.p) }); + this.prime2 = new Integer({ valueHex: Convert.FromBase64Url(json.q) }); + this.exponent1 = new Integer({ valueHex: Convert.FromBase64Url(json.dp) }); + this.exponent2 = new Integer({ valueHex: Convert.FromBase64Url(json.dq) }); + this.coefficient = new Integer({ valueHex: Convert.FromBase64Url(json.qi) }); + if (json.oth) { + this.otherPrimeInfos = Array.from(json.oth, (element) => new OtherPrimeInfo({ json: element })); + } + } +} +RSAPrivateKey.CLASS_NAME = "RSAPrivateKey"; + +const VERSION$j = "version"; +const PRIVATE_KEY_ALGORITHM = "privateKeyAlgorithm"; +const PRIVATE_KEY = "privateKey"; +const ATTRIBUTES$5 = "attributes"; +const PARSED_KEY = "parsedKey"; +const CLEAR_PROPS$16 = [ + VERSION$j, + PRIVATE_KEY_ALGORITHM, + PRIVATE_KEY, + ATTRIBUTES$5 +]; +class PrivateKeyInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$j, PrivateKeyInfo.defaultValues(VERSION$j)); + this.privateKeyAlgorithm = getParametersValue(parameters, PRIVATE_KEY_ALGORITHM, PrivateKeyInfo.defaultValues(PRIVATE_KEY_ALGORITHM)); + this.privateKey = getParametersValue(parameters, PRIVATE_KEY, PrivateKeyInfo.defaultValues(PRIVATE_KEY)); + if (ATTRIBUTES$5 in parameters) { + this.attributes = getParametersValue(parameters, ATTRIBUTES$5, PrivateKeyInfo.defaultValues(ATTRIBUTES$5)); + } + if (PARSED_KEY in parameters) { + this.parsedKey = getParametersValue(parameters, PARSED_KEY, PrivateKeyInfo.defaultValues(PARSED_KEY)); + } + if (parameters.json) { + this.fromJSON(parameters.json); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$j: + return 0; + case PRIVATE_KEY_ALGORITHM: + return new AlgorithmIdentifier(); + case PRIVATE_KEY: + return new OctetString(); + case ATTRIBUTES$5: + return []; + case PARSED_KEY: + return {}; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.version || EMPTY_STRING) }), + AlgorithmIdentifier.schema(names.privateKeyAlgorithm || {}), + new OctetString({ name: (names.privateKey || EMPTY_STRING) }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Repeated({ + name: (names.attributes || EMPTY_STRING), + value: Attribute.schema() + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$16); + const asn1 = compareSchema(schema, schema, PrivateKeyInfo.schema({ + names: { + version: VERSION$j, + privateKeyAlgorithm: { + names: { + blockName: PRIVATE_KEY_ALGORITHM + } + }, + privateKey: PRIVATE_KEY, + attributes: ATTRIBUTES$5 + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + this.privateKeyAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.privateKeyAlgorithm }); + this.privateKey = asn1.result.privateKey; + if (ATTRIBUTES$5 in asn1.result) + this.attributes = Array.from(asn1.result.attributes, element => new Attribute({ schema: element })); + switch (this.privateKeyAlgorithm.algorithmId) { + case "1.2.840.113549.1.1.1": + { + const privateKeyASN1 = fromBER(this.privateKey.valueBlock.valueHexView); + if (privateKeyASN1.offset !== -1) + this.parsedKey = new RSAPrivateKey({ schema: privateKeyASN1.result }); + } + break; + case "1.2.840.10045.2.1": + if ("algorithmParams" in this.privateKeyAlgorithm) { + if (this.privateKeyAlgorithm.algorithmParams instanceof ObjectIdentifier) { + const privateKeyASN1 = fromBER(this.privateKey.valueBlock.valueHexView); + if (privateKeyASN1.offset !== -1) { + this.parsedKey = new ECPrivateKey({ + namedCurve: this.privateKeyAlgorithm.algorithmParams.valueBlock.toString(), + schema: privateKeyASN1.result + }); + } + } + } + break; + } + } + toSchema() { + const outputArray = [ + new Integer({ value: this.version }), + this.privateKeyAlgorithm.toSchema(), + this.privateKey + ]; + if (this.attributes) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: Array.from(this.attributes, o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + if (!this.parsedKey) { + const object = { + version: this.version, + privateKeyAlgorithm: this.privateKeyAlgorithm.toJSON(), + privateKey: this.privateKey.toJSON(), + }; + if (this.attributes) { + object.attributes = Array.from(this.attributes, o => o.toJSON()); + } + return object; + } + const jwk = {}; + switch (this.privateKeyAlgorithm.algorithmId) { + case "1.2.840.10045.2.1": + jwk.kty = "EC"; + break; + case "1.2.840.113549.1.1.1": + jwk.kty = "RSA"; + break; + } + const publicKeyJWK = this.parsedKey.toJSON(); + Object.assign(jwk, publicKeyJWK); + return jwk; + } + fromJSON(json) { + if ("kty" in json) { + switch (json.kty.toUpperCase()) { + case "EC": + this.parsedKey = new ECPrivateKey({ json }); + this.privateKeyAlgorithm = new AlgorithmIdentifier({ + algorithmId: "1.2.840.10045.2.1", + algorithmParams: new ObjectIdentifier({ value: this.parsedKey.namedCurve }) + }); + break; + case "RSA": + this.parsedKey = new RSAPrivateKey({ json }); + this.privateKeyAlgorithm = new AlgorithmIdentifier({ + algorithmId: "1.2.840.113549.1.1.1", + algorithmParams: new Null() + }); + break; + default: + throw new Error(`Invalid value for "kty" parameter: ${json.kty}`); + } + this.privateKey = new OctetString({ valueHex: this.parsedKey.toSchema().toBER(false) }); + } + } +} +PrivateKeyInfo.CLASS_NAME = "PrivateKeyInfo"; + +const CONTENT_TYPE$1 = "contentType"; +const CONTENT_ENCRYPTION_ALGORITHM = "contentEncryptionAlgorithm"; +const ENCRYPTED_CONTENT = "encryptedContent"; +const CLEAR_PROPS$15 = [ + CONTENT_TYPE$1, + CONTENT_ENCRYPTION_ALGORITHM, + ENCRYPTED_CONTENT, +]; +class EncryptedContentInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.contentType = getParametersValue(parameters, CONTENT_TYPE$1, EncryptedContentInfo.defaultValues(CONTENT_TYPE$1)); + this.contentEncryptionAlgorithm = getParametersValue(parameters, CONTENT_ENCRYPTION_ALGORITHM, EncryptedContentInfo.defaultValues(CONTENT_ENCRYPTION_ALGORITHM)); + if (ENCRYPTED_CONTENT in parameters && parameters.encryptedContent) { + this.encryptedContent = parameters.encryptedContent; + if ((this.encryptedContent.idBlock.tagClass === 1) && + (this.encryptedContent.idBlock.tagNumber === 4)) { + if (this.encryptedContent.idBlock.isConstructed === false) { + const constrString = new OctetString({ + idBlock: { isConstructed: true }, + isConstructed: true + }); + let offset = 0; + const valueHex = this.encryptedContent.valueBlock.valueHexView.slice().buffer; + let length = valueHex.byteLength; + const pieceSize = 1024; + while (length > 0) { + const pieceView = new Uint8Array(valueHex, offset, ((offset + pieceSize) > valueHex.byteLength) ? (valueHex.byteLength - offset) : pieceSize); + const _array = new ArrayBuffer(pieceView.length); + const _view = new Uint8Array(_array); + for (let i = 0; i < _view.length; i++) + _view[i] = pieceView[i]; + constrString.valueBlock.value.push(new OctetString({ valueHex: _array })); + length -= pieceView.length; + offset += pieceView.length; + } + this.encryptedContent = constrString; + } + } + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case CONTENT_TYPE$1: + return EMPTY_STRING; + case CONTENT_ENCRYPTION_ALGORITHM: + return new AlgorithmIdentifier(); + case ENCRYPTED_CONTENT: + return new OctetString(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case CONTENT_TYPE$1: + return (memberValue === EMPTY_STRING); + case CONTENT_ENCRYPTION_ALGORITHM: + return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false)); + case ENCRYPTED_CONTENT: + return (memberValue.isEqual(EncryptedContentInfo.defaultValues(ENCRYPTED_CONTENT))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.contentType || EMPTY_STRING) }), + AlgorithmIdentifier.schema(names.contentEncryptionAlgorithm || {}), + new Choice({ + value: [ + new Constructed({ + name: (names.encryptedContent || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Repeated({ + value: new OctetString() + }) + ] + }), + new Primitive({ + name: (names.encryptedContent || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 0 + } + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$15); + const asn1 = compareSchema(schema, schema, EncryptedContentInfo.schema({ + names: { + contentType: CONTENT_TYPE$1, + contentEncryptionAlgorithm: { + names: { + blockName: CONTENT_ENCRYPTION_ALGORITHM + } + }, + encryptedContent: ENCRYPTED_CONTENT + } + })); + AsnError.assertSchema(asn1, this.className); + this.contentType = asn1.result.contentType.valueBlock.toString(); + this.contentEncryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.contentEncryptionAlgorithm }); + if (ENCRYPTED_CONTENT in asn1.result) { + this.encryptedContent = asn1.result.encryptedContent; + this.encryptedContent.idBlock.tagClass = 1; + this.encryptedContent.idBlock.tagNumber = 4; + } + } + toSchema() { + const sequenceLengthBlock = { + isIndefiniteForm: false + }; + const outputArray = []; + outputArray.push(new ObjectIdentifier({ value: this.contentType })); + outputArray.push(this.contentEncryptionAlgorithm.toSchema()); + if (this.encryptedContent) { + sequenceLengthBlock.isIndefiniteForm = this.encryptedContent.idBlock.isConstructed; + const encryptedValue = this.encryptedContent; + encryptedValue.idBlock.tagClass = 3; + encryptedValue.idBlock.tagNumber = 0; + encryptedValue.lenBlock.isIndefiniteForm = this.encryptedContent.idBlock.isConstructed; + outputArray.push(encryptedValue); + } + return (new Sequence({ + lenBlock: sequenceLengthBlock, + value: outputArray + })); + } + toJSON() { + const res = { + contentType: this.contentType, + contentEncryptionAlgorithm: this.contentEncryptionAlgorithm.toJSON() + }; + if (this.encryptedContent) { + res.encryptedContent = this.encryptedContent.toJSON(); + } + return res; + } + getEncryptedContent() { + if (!this.encryptedContent) { + throw new Error("Parameter 'encryptedContent' is undefined"); + } + return OctetString.prototype.getValue.call(this.encryptedContent); + } +} +EncryptedContentInfo.CLASS_NAME = "EncryptedContentInfo"; + +const HASH_ALGORITHM$4 = "hashAlgorithm"; +const MASK_GEN_ALGORITHM$1 = "maskGenAlgorithm"; +const SALT_LENGTH = "saltLength"; +const TRAILER_FIELD = "trailerField"; +const CLEAR_PROPS$14 = [ + HASH_ALGORITHM$4, + MASK_GEN_ALGORITHM$1, + SALT_LENGTH, + TRAILER_FIELD +]; +class RSASSAPSSParams extends PkiObject { + constructor(parameters = {}) { + super(); + this.hashAlgorithm = getParametersValue(parameters, HASH_ALGORITHM$4, RSASSAPSSParams.defaultValues(HASH_ALGORITHM$4)); + this.maskGenAlgorithm = getParametersValue(parameters, MASK_GEN_ALGORITHM$1, RSASSAPSSParams.defaultValues(MASK_GEN_ALGORITHM$1)); + this.saltLength = getParametersValue(parameters, SALT_LENGTH, RSASSAPSSParams.defaultValues(SALT_LENGTH)); + this.trailerField = getParametersValue(parameters, TRAILER_FIELD, RSASSAPSSParams.defaultValues(TRAILER_FIELD)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case HASH_ALGORITHM$4: + return new AlgorithmIdentifier({ + algorithmId: "1.3.14.3.2.26", + algorithmParams: new Null() + }); + case MASK_GEN_ALGORITHM$1: + return new AlgorithmIdentifier({ + algorithmId: "1.2.840.113549.1.1.8", + algorithmParams: (new AlgorithmIdentifier({ + algorithmId: "1.3.14.3.2.26", + algorithmParams: new Null() + })).toSchema() + }); + case SALT_LENGTH: + return 20; + case TRAILER_FIELD: + return 1; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + optional: true, + value: [AlgorithmIdentifier.schema(names.hashAlgorithm || {})] + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + optional: true, + value: [AlgorithmIdentifier.schema(names.maskGenAlgorithm || {})] + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + optional: true, + value: [new Integer({ name: (names.saltLength || EMPTY_STRING) })] + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 3 + }, + optional: true, + value: [new Integer({ name: (names.trailerField || EMPTY_STRING) })] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$14); + const asn1 = compareSchema(schema, schema, RSASSAPSSParams.schema({ + names: { + hashAlgorithm: { + names: { + blockName: HASH_ALGORITHM$4 + } + }, + maskGenAlgorithm: { + names: { + blockName: MASK_GEN_ALGORITHM$1 + } + }, + saltLength: SALT_LENGTH, + trailerField: TRAILER_FIELD + } + })); + AsnError.assertSchema(asn1, this.className); + if (HASH_ALGORITHM$4 in asn1.result) + this.hashAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.hashAlgorithm }); + if (MASK_GEN_ALGORITHM$1 in asn1.result) + this.maskGenAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.maskGenAlgorithm }); + if (SALT_LENGTH in asn1.result) + this.saltLength = asn1.result.saltLength.valueBlock.valueDec; + if (TRAILER_FIELD in asn1.result) + this.trailerField = asn1.result.trailerField.valueBlock.valueDec; + } + toSchema() { + const outputArray = []; + if (!this.hashAlgorithm.isEqual(RSASSAPSSParams.defaultValues(HASH_ALGORITHM$4))) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [this.hashAlgorithm.toSchema()] + })); + } + if (!this.maskGenAlgorithm.isEqual(RSASSAPSSParams.defaultValues(MASK_GEN_ALGORITHM$1))) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [this.maskGenAlgorithm.toSchema()] + })); + } + if (this.saltLength !== RSASSAPSSParams.defaultValues(SALT_LENGTH)) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: [new Integer({ value: this.saltLength })] + })); + } + if (this.trailerField !== RSASSAPSSParams.defaultValues(TRAILER_FIELD)) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 3 + }, + value: [new Integer({ value: this.trailerField })] + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = {}; + if (!this.hashAlgorithm.isEqual(RSASSAPSSParams.defaultValues(HASH_ALGORITHM$4))) { + res.hashAlgorithm = this.hashAlgorithm.toJSON(); + } + if (!this.maskGenAlgorithm.isEqual(RSASSAPSSParams.defaultValues(MASK_GEN_ALGORITHM$1))) { + res.maskGenAlgorithm = this.maskGenAlgorithm.toJSON(); + } + if (this.saltLength !== RSASSAPSSParams.defaultValues(SALT_LENGTH)) { + res.saltLength = this.saltLength; + } + if (this.trailerField !== RSASSAPSSParams.defaultValues(TRAILER_FIELD)) { + res.trailerField = this.trailerField; + } + return res; + } +} +RSASSAPSSParams.CLASS_NAME = "RSASSAPSSParams"; + +const SALT = "salt"; +const ITERATION_COUNT = "iterationCount"; +const KEY_LENGTH = "keyLength"; +const PRF = "prf"; +const CLEAR_PROPS$13 = [ + SALT, + ITERATION_COUNT, + KEY_LENGTH, + PRF +]; +class PBKDF2Params extends PkiObject { + constructor(parameters = {}) { + super(); + this.salt = getParametersValue(parameters, SALT, PBKDF2Params.defaultValues(SALT)); + this.iterationCount = getParametersValue(parameters, ITERATION_COUNT, PBKDF2Params.defaultValues(ITERATION_COUNT)); + if (KEY_LENGTH in parameters) { + this.keyLength = getParametersValue(parameters, KEY_LENGTH, PBKDF2Params.defaultValues(KEY_LENGTH)); + } + if (PRF in parameters) { + this.prf = getParametersValue(parameters, PRF, PBKDF2Params.defaultValues(PRF)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case SALT: + return {}; + case ITERATION_COUNT: + return (-1); + case KEY_LENGTH: + return 0; + case PRF: + return new AlgorithmIdentifier({ + algorithmId: "1.3.14.3.2.26", + algorithmParams: new Null() + }); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Choice({ + value: [ + new OctetString({ name: (names.saltPrimitive || EMPTY_STRING) }), + AlgorithmIdentifier.schema(names.saltConstructed || {}) + ] + }), + new Integer({ name: (names.iterationCount || EMPTY_STRING) }), + new Integer({ + name: (names.keyLength || EMPTY_STRING), + optional: true + }), + AlgorithmIdentifier.schema(names.prf || { + names: { + optional: true + } + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$13); + const asn1 = compareSchema(schema, schema, PBKDF2Params.schema({ + names: { + saltPrimitive: SALT, + saltConstructed: { + names: { + blockName: SALT + } + }, + iterationCount: ITERATION_COUNT, + keyLength: KEY_LENGTH, + prf: { + names: { + blockName: PRF, + optional: true + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.salt = asn1.result.salt; + this.iterationCount = asn1.result.iterationCount.valueBlock.valueDec; + if (KEY_LENGTH in asn1.result) + this.keyLength = asn1.result.keyLength.valueBlock.valueDec; + if (PRF in asn1.result) + this.prf = new AlgorithmIdentifier({ schema: asn1.result.prf }); + } + toSchema() { + const outputArray = []; + outputArray.push(this.salt); + outputArray.push(new Integer({ value: this.iterationCount })); + if (KEY_LENGTH in this) { + if (PBKDF2Params.defaultValues(KEY_LENGTH) !== this.keyLength) + outputArray.push(new Integer({ value: this.keyLength })); + } + if (this.prf) { + if (PBKDF2Params.defaultValues(PRF).isEqual(this.prf) === false) + outputArray.push(this.prf.toSchema()); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + salt: this.salt.toJSON(), + iterationCount: this.iterationCount + }; + if (KEY_LENGTH in this) { + if (PBKDF2Params.defaultValues(KEY_LENGTH) !== this.keyLength) + res.keyLength = this.keyLength; + } + if (this.prf) { + if (PBKDF2Params.defaultValues(PRF).isEqual(this.prf) === false) + res.prf = this.prf.toJSON(); + } + return res; + } +} +PBKDF2Params.CLASS_NAME = "PBKDF2Params"; + +const KEY_DERIVATION_FUNC = "keyDerivationFunc"; +const ENCRYPTION_SCHEME = "encryptionScheme"; +const CLEAR_PROPS$12 = [ + KEY_DERIVATION_FUNC, + ENCRYPTION_SCHEME +]; +class PBES2Params extends PkiObject { + constructor(parameters = {}) { + super(); + this.keyDerivationFunc = getParametersValue(parameters, KEY_DERIVATION_FUNC, PBES2Params.defaultValues(KEY_DERIVATION_FUNC)); + this.encryptionScheme = getParametersValue(parameters, ENCRYPTION_SCHEME, PBES2Params.defaultValues(ENCRYPTION_SCHEME)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case KEY_DERIVATION_FUNC: + return new AlgorithmIdentifier(); + case ENCRYPTION_SCHEME: + return new AlgorithmIdentifier(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + AlgorithmIdentifier.schema(names.keyDerivationFunc || {}), + AlgorithmIdentifier.schema(names.encryptionScheme || {}) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$12); + const asn1 = compareSchema(schema, schema, PBES2Params.schema({ + names: { + keyDerivationFunc: { + names: { + blockName: KEY_DERIVATION_FUNC + } + }, + encryptionScheme: { + names: { + blockName: ENCRYPTION_SCHEME + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.keyDerivationFunc = new AlgorithmIdentifier({ schema: asn1.result.keyDerivationFunc }); + this.encryptionScheme = new AlgorithmIdentifier({ schema: asn1.result.encryptionScheme }); + } + toSchema() { + return (new Sequence({ + value: [ + this.keyDerivationFunc.toSchema(), + this.encryptionScheme.toSchema() + ] + })); + } + toJSON() { + return { + keyDerivationFunc: this.keyDerivationFunc.toJSON(), + encryptionScheme: this.encryptionScheme.toJSON() + }; + } +} +PBES2Params.CLASS_NAME = "PBES2Params"; + +class AbstractCryptoEngine { + constructor(parameters) { + this.crypto = parameters.crypto; + this.subtle = "webkitSubtle" in parameters.crypto + ? parameters.crypto.webkitSubtle + : parameters.crypto.subtle; + this.name = getParametersValue(parameters, "name", EMPTY_STRING); + } + encrypt(...args) { + return __awaiter(this, void 0, void 0, function* () { + return this.subtle.encrypt(...args); + }); + } + decrypt(...args) { + return __awaiter(this, void 0, void 0, function* () { + return this.subtle.decrypt(...args); + }); + } + sign(...args) { + return this.subtle.sign(...args); + } + verify(...args) { + return __awaiter(this, void 0, void 0, function* () { + return this.subtle.verify(...args); + }); + } + digest(...args) { + return __awaiter(this, void 0, void 0, function* () { + return this.subtle.digest(...args); + }); + } + generateKey(...args) { + return __awaiter(this, void 0, void 0, function* () { + return this.subtle.generateKey(...args); + }); + } + deriveKey(...args) { + return __awaiter(this, void 0, void 0, function* () { + return this.subtle.deriveKey(...args); + }); + } + deriveBits(...args) { + return __awaiter(this, void 0, void 0, function* () { + return this.subtle.deriveBits(...args); + }); + } + wrapKey(...args) { + return __awaiter(this, void 0, void 0, function* () { + return this.subtle.wrapKey(...args); + }); + } + unwrapKey(...args) { + return __awaiter(this, void 0, void 0, function* () { + return this.subtle.unwrapKey(...args); + }); + } + exportKey(...args) { + return this.subtle.exportKey(...args); + } + importKey(...args) { + return this.subtle.importKey(...args); + } + getRandomValues(array) { + return this.crypto.getRandomValues(array); + } +} + +function makePKCS12B2Key(cryptoEngine, hashAlgorithm, keyLength, password, salt, iterationCount) { + return __awaiter(this, void 0, void 0, function* () { + let u; + let v; + const result = []; + switch (hashAlgorithm.toUpperCase()) { + case "SHA-1": + u = 20; + v = 64; + break; + case "SHA-256": + u = 32; + v = 64; + break; + case "SHA-384": + u = 48; + v = 128; + break; + case "SHA-512": + u = 64; + v = 128; + break; + default: + throw new Error("Unsupported hashing algorithm"); + } + const passwordViewInitial = new Uint8Array(password); + const passwordTransformed = new ArrayBuffer((password.byteLength * 2) + 2); + const passwordTransformedView = new Uint8Array(passwordTransformed); + for (let i = 0; i < passwordViewInitial.length; i++) { + passwordTransformedView[i * 2] = 0x00; + passwordTransformedView[i * 2 + 1] = passwordViewInitial[i]; + } + passwordTransformedView[passwordTransformedView.length - 2] = 0x00; + passwordTransformedView[passwordTransformedView.length - 1] = 0x00; + password = passwordTransformed.slice(0); + const D = new ArrayBuffer(v); + const dView = new Uint8Array(D); + for (let i = 0; i < D.byteLength; i++) + dView[i] = 3; + const saltLength = salt.byteLength; + const sLen = v * Math.ceil(saltLength / v); + const S = new ArrayBuffer(sLen); + const sView = new Uint8Array(S); + const saltView = new Uint8Array(salt); + for (let i = 0; i < sLen; i++) + sView[i] = saltView[i % saltLength]; + const passwordLength = password.byteLength; + const pLen = v * Math.ceil(passwordLength / v); + const P = new ArrayBuffer(pLen); + const pView = new Uint8Array(P); + const passwordView = new Uint8Array(password); + for (let i = 0; i < pLen; i++) + pView[i] = passwordView[i % passwordLength]; + const sPlusPLength = S.byteLength + P.byteLength; + let I = new ArrayBuffer(sPlusPLength); + let iView = new Uint8Array(I); + iView.set(sView); + iView.set(pView, sView.length); + const c = Math.ceil((keyLength >> 3) / u); + let internalSequence = Promise.resolve(I); + for (let i = 0; i <= c; i++) { + internalSequence = internalSequence.then(_I => { + const dAndI = new ArrayBuffer(D.byteLength + _I.byteLength); + const dAndIView = new Uint8Array(dAndI); + dAndIView.set(dView); + dAndIView.set(iView, dView.length); + return dAndI; + }); + for (let j = 0; j < iterationCount; j++) + internalSequence = internalSequence.then(roundBuffer => cryptoEngine.digest({ name: hashAlgorithm }, new Uint8Array(roundBuffer))); + internalSequence = internalSequence.then(roundBuffer => { + const B = new ArrayBuffer(v); + const bView = new Uint8Array(B); + for (let j = 0; j < B.byteLength; j++) + bView[j] = roundBuffer[j % roundBuffer.byteLength]; + const k = Math.ceil(saltLength / v) + Math.ceil(passwordLength / v); + const iRound = []; + let sliceStart = 0; + let sliceLength = v; + for (let j = 0; j < k; j++) { + const chunk = Array.from(new Uint8Array(I.slice(sliceStart, sliceStart + sliceLength))); + sliceStart += v; + if ((sliceStart + v) > I.byteLength) + sliceLength = I.byteLength - sliceStart; + let x = 0x1ff; + for (let l = (B.byteLength - 1); l >= 0; l--) { + x >>= 8; + x += bView[l] + chunk[l]; + chunk[l] = (x & 0xff); + } + iRound.push(...chunk); + } + I = new ArrayBuffer(iRound.length); + iView = new Uint8Array(I); + iView.set(iRound); + result.push(...(new Uint8Array(roundBuffer))); + return I; + }); + } + internalSequence = internalSequence.then(() => { + const resultBuffer = new ArrayBuffer(keyLength >> 3); + const resultView = new Uint8Array(resultBuffer); + resultView.set((new Uint8Array(result)).slice(0, keyLength >> 3)); + return resultBuffer; + }); + return internalSequence; + }); +} +function prepareAlgorithm(data) { + const res = typeof data === "string" + ? { name: data } + : data; + if ("hash" in res) { + return Object.assign(Object.assign({}, res), { hash: prepareAlgorithm(res.hash) }); + } + return res; +} +class CryptoEngine extends AbstractCryptoEngine { + importKey(format, keyData, algorithm, extractable, keyUsages) { + var _a, _b, _c, _d, _e, _f; + return __awaiter(this, void 0, void 0, function* () { + let jwk = {}; + const alg = prepareAlgorithm(algorithm); + switch (format.toLowerCase()) { + case "raw": + return this.subtle.importKey("raw", keyData, algorithm, extractable, keyUsages); + case "spki": + { + const asn1 = fromBER(BufferSourceConverter.toArrayBuffer(keyData)); + AsnError.assert(asn1, "keyData"); + const publicKeyInfo = new PublicKeyInfo(); + try { + publicKeyInfo.fromSchema(asn1.result); + } + catch (_g) { + throw new ArgumentError("Incorrect keyData"); + } + switch (alg.name.toUpperCase()) { + case "RSA-PSS": + { + if (!alg.hash) { + throw new ParameterError("hash", "algorithm.hash", "Incorrect hash algorithm: Hash algorithm is missed"); + } + switch (alg.hash.name.toUpperCase()) { + case "SHA-1": + jwk.alg = "PS1"; + break; + case "SHA-256": + jwk.alg = "PS256"; + break; + case "SHA-384": + jwk.alg = "PS384"; + break; + case "SHA-512": + jwk.alg = "PS512"; + break; + default: + throw new Error(`Incorrect hash algorithm: ${alg.hash.name.toUpperCase()}`); + } + } + case "RSASSA-PKCS1-V1_5": + { + keyUsages = ["verify"]; + jwk.kty = "RSA"; + jwk.ext = extractable; + jwk.key_ops = keyUsages; + if (publicKeyInfo.algorithm.algorithmId !== "1.2.840.113549.1.1.1") + throw new Error(`Incorrect public key algorithm: ${publicKeyInfo.algorithm.algorithmId}`); + if (!jwk.alg) { + if (!alg.hash) { + throw new ParameterError("hash", "algorithm.hash", "Incorrect hash algorithm: Hash algorithm is missed"); + } + switch (alg.hash.name.toUpperCase()) { + case "SHA-1": + jwk.alg = "RS1"; + break; + case "SHA-256": + jwk.alg = "RS256"; + break; + case "SHA-384": + jwk.alg = "RS384"; + break; + case "SHA-512": + jwk.alg = "RS512"; + break; + default: + throw new Error(`Incorrect hash algorithm: ${alg.hash.name.toUpperCase()}`); + } + } + const publicKeyJSON = publicKeyInfo.toJSON(); + Object.assign(jwk, publicKeyJSON); + } + break; + case "ECDSA": + keyUsages = ["verify"]; + case "ECDH": + { + jwk = { + kty: "EC", + ext: extractable, + key_ops: keyUsages + }; + if (publicKeyInfo.algorithm.algorithmId !== "1.2.840.10045.2.1") { + throw new Error(`Incorrect public key algorithm: ${publicKeyInfo.algorithm.algorithmId}`); + } + const publicKeyJSON = publicKeyInfo.toJSON(); + Object.assign(jwk, publicKeyJSON); + } + break; + case "RSA-OAEP": + { + jwk.kty = "RSA"; + jwk.ext = extractable; + jwk.key_ops = keyUsages; + if (this.name.toLowerCase() === "safari") + jwk.alg = "RSA-OAEP"; + else { + if (!alg.hash) { + throw new ParameterError("hash", "algorithm.hash", "Incorrect hash algorithm: Hash algorithm is missed"); + } + switch (alg.hash.name.toUpperCase()) { + case "SHA-1": + jwk.alg = "RSA-OAEP"; + break; + case "SHA-256": + jwk.alg = "RSA-OAEP-256"; + break; + case "SHA-384": + jwk.alg = "RSA-OAEP-384"; + break; + case "SHA-512": + jwk.alg = "RSA-OAEP-512"; + break; + default: + throw new Error(`Incorrect hash algorithm: ${alg.hash.name.toUpperCase()}`); + } + } + const publicKeyJSON = publicKeyInfo.toJSON(); + Object.assign(jwk, publicKeyJSON); + } + break; + case "RSAES-PKCS1-V1_5": + { + jwk.kty = "RSA"; + jwk.ext = extractable; + jwk.key_ops = keyUsages; + jwk.alg = "PS1"; + const publicKeyJSON = publicKeyInfo.toJSON(); + Object.assign(jwk, publicKeyJSON); + } + break; + default: + throw new Error(`Incorrect algorithm name: ${alg.name.toUpperCase()}`); + } + } + break; + case "pkcs8": + { + const privateKeyInfo = new PrivateKeyInfo(); + const asn1 = fromBER(BufferSourceConverter.toArrayBuffer(keyData)); + AsnError.assert(asn1, "keyData"); + try { + privateKeyInfo.fromSchema(asn1.result); + } + catch (ex) { + throw new Error("Incorrect keyData"); + } + if (!privateKeyInfo.parsedKey) + throw new Error("Incorrect keyData"); + switch (alg.name.toUpperCase()) { + case "RSA-PSS": + { + switch ((_a = alg.hash) === null || _a === void 0 ? void 0 : _a.name.toUpperCase()) { + case "SHA-1": + jwk.alg = "PS1"; + break; + case "SHA-256": + jwk.alg = "PS256"; + break; + case "SHA-384": + jwk.alg = "PS384"; + break; + case "SHA-512": + jwk.alg = "PS512"; + break; + default: + throw new Error(`Incorrect hash algorithm: ${(_b = alg.hash) === null || _b === void 0 ? void 0 : _b.name.toUpperCase()}`); + } + } + case "RSASSA-PKCS1-V1_5": + { + keyUsages = ["sign"]; + jwk.kty = "RSA"; + jwk.ext = extractable; + jwk.key_ops = keyUsages; + if (privateKeyInfo.privateKeyAlgorithm.algorithmId !== "1.2.840.113549.1.1.1") + throw new Error(`Incorrect private key algorithm: ${privateKeyInfo.privateKeyAlgorithm.algorithmId}`); + if (("alg" in jwk) === false) { + switch ((_c = alg.hash) === null || _c === void 0 ? void 0 : _c.name.toUpperCase()) { + case "SHA-1": + jwk.alg = "RS1"; + break; + case "SHA-256": + jwk.alg = "RS256"; + break; + case "SHA-384": + jwk.alg = "RS384"; + break; + case "SHA-512": + jwk.alg = "RS512"; + break; + default: + throw new Error(`Incorrect hash algorithm: ${(_d = alg.hash) === null || _d === void 0 ? void 0 : _d.name.toUpperCase()}`); + } + } + const privateKeyJSON = privateKeyInfo.toJSON(); + Object.assign(jwk, privateKeyJSON); + } + break; + case "ECDSA": + keyUsages = ["sign"]; + case "ECDH": + { + jwk = { + kty: "EC", + ext: extractable, + key_ops: keyUsages + }; + if (privateKeyInfo.privateKeyAlgorithm.algorithmId !== "1.2.840.10045.2.1") + throw new Error(`Incorrect algorithm: ${privateKeyInfo.privateKeyAlgorithm.algorithmId}`); + const privateKeyJSON = privateKeyInfo.toJSON(); + Object.assign(jwk, privateKeyJSON); + } + break; + case "RSA-OAEP": + { + jwk.kty = "RSA"; + jwk.ext = extractable; + jwk.key_ops = keyUsages; + if (this.name.toLowerCase() === "safari") + jwk.alg = "RSA-OAEP"; + else { + switch ((_e = alg.hash) === null || _e === void 0 ? void 0 : _e.name.toUpperCase()) { + case "SHA-1": + jwk.alg = "RSA-OAEP"; + break; + case "SHA-256": + jwk.alg = "RSA-OAEP-256"; + break; + case "SHA-384": + jwk.alg = "RSA-OAEP-384"; + break; + case "SHA-512": + jwk.alg = "RSA-OAEP-512"; + break; + default: + throw new Error(`Incorrect hash algorithm: ${(_f = alg.hash) === null || _f === void 0 ? void 0 : _f.name.toUpperCase()}`); + } + } + const privateKeyJSON = privateKeyInfo.toJSON(); + Object.assign(jwk, privateKeyJSON); + } + break; + case "RSAES-PKCS1-V1_5": + { + keyUsages = ["decrypt"]; + jwk.kty = "RSA"; + jwk.ext = extractable; + jwk.key_ops = keyUsages; + jwk.alg = "PS1"; + const privateKeyJSON = privateKeyInfo.toJSON(); + Object.assign(jwk, privateKeyJSON); + } + break; + default: + throw new Error(`Incorrect algorithm name: ${alg.name.toUpperCase()}`); + } + } + break; + case "jwk": + jwk = keyData; + break; + default: + throw new Error(`Incorrect format: ${format}`); + } + if (this.name.toLowerCase() === "safari") { + try { + return this.subtle.importKey("jwk", stringToArrayBuffer(JSON.stringify(jwk)), algorithm, extractable, keyUsages); + } + catch (_h) { + return this.subtle.importKey("jwk", jwk, algorithm, extractable, keyUsages); + } + } + return this.subtle.importKey("jwk", jwk, algorithm, extractable, keyUsages); + }); + } + exportKey(format, key) { + return __awaiter(this, void 0, void 0, function* () { + let jwk = yield this.subtle.exportKey("jwk", key); + if (this.name.toLowerCase() === "safari") { + if (jwk instanceof ArrayBuffer) { + jwk = JSON.parse(arrayBufferToString(jwk)); + } + } + switch (format.toLowerCase()) { + case "raw": + return this.subtle.exportKey("raw", key); + case "spki": { + const publicKeyInfo = new PublicKeyInfo(); + try { + publicKeyInfo.fromJSON(jwk); + } + catch (ex) { + throw new Error("Incorrect key data"); + } + return publicKeyInfo.toSchema().toBER(false); + } + case "pkcs8": { + const privateKeyInfo = new PrivateKeyInfo(); + try { + privateKeyInfo.fromJSON(jwk); + } + catch (ex) { + throw new Error("Incorrect key data"); + } + return privateKeyInfo.toSchema().toBER(false); + } + case "jwk": + return jwk; + default: + throw new Error(`Incorrect format: ${format}`); + } + }); + } + convert(inputFormat, outputFormat, keyData, algorithm, extractable, keyUsages) { + return __awaiter(this, void 0, void 0, function* () { + if (inputFormat.toLowerCase() === outputFormat.toLowerCase()) { + return keyData; + } + const key = yield this.importKey(inputFormat, keyData, algorithm, extractable, keyUsages); + return this.exportKey(outputFormat, key); + }); + } + getAlgorithmByOID(oid, safety = false, target) { + switch (oid) { + case "1.2.840.113549.1.1.1": + return { + name: "RSAES-PKCS1-v1_5" + }; + case "1.2.840.113549.1.1.5": + return { + name: "RSASSA-PKCS1-v1_5", + hash: { + name: "SHA-1" + } + }; + case "1.2.840.113549.1.1.11": + return { + name: "RSASSA-PKCS1-v1_5", + hash: { + name: "SHA-256" + } + }; + case "1.2.840.113549.1.1.12": + return { + name: "RSASSA-PKCS1-v1_5", + hash: { + name: "SHA-384" + } + }; + case "1.2.840.113549.1.1.13": + return { + name: "RSASSA-PKCS1-v1_5", + hash: { + name: "SHA-512" + } + }; + case "1.2.840.113549.1.1.10": + return { + name: "RSA-PSS" + }; + case "1.2.840.113549.1.1.7": + return { + name: "RSA-OAEP" + }; + case "1.2.840.10045.2.1": + case "1.2.840.10045.4.1": + return { + name: "ECDSA", + hash: { + name: "SHA-1" + } + }; + case "1.2.840.10045.4.3.2": + return { + name: "ECDSA", + hash: { + name: "SHA-256" + } + }; + case "1.2.840.10045.4.3.3": + return { + name: "ECDSA", + hash: { + name: "SHA-384" + } + }; + case "1.2.840.10045.4.3.4": + return { + name: "ECDSA", + hash: { + name: "SHA-512" + } + }; + case "1.3.133.16.840.63.0.2": + return { + name: "ECDH", + kdf: "SHA-1" + }; + case "1.3.132.1.11.1": + return { + name: "ECDH", + kdf: "SHA-256" + }; + case "1.3.132.1.11.2": + return { + name: "ECDH", + kdf: "SHA-384" + }; + case "1.3.132.1.11.3": + return { + name: "ECDH", + kdf: "SHA-512" + }; + case "2.16.840.1.101.3.4.1.2": + return { + name: "AES-CBC", + length: 128 + }; + case "2.16.840.1.101.3.4.1.22": + return { + name: "AES-CBC", + length: 192 + }; + case "2.16.840.1.101.3.4.1.42": + return { + name: "AES-CBC", + length: 256 + }; + case "2.16.840.1.101.3.4.1.6": + return { + name: "AES-GCM", + length: 128 + }; + case "2.16.840.1.101.3.4.1.26": + return { + name: "AES-GCM", + length: 192 + }; + case "2.16.840.1.101.3.4.1.46": + return { + name: "AES-GCM", + length: 256 + }; + case "2.16.840.1.101.3.4.1.4": + return { + name: "AES-CFB", + length: 128 + }; + case "2.16.840.1.101.3.4.1.24": + return { + name: "AES-CFB", + length: 192 + }; + case "2.16.840.1.101.3.4.1.44": + return { + name: "AES-CFB", + length: 256 + }; + case "2.16.840.1.101.3.4.1.5": + return { + name: "AES-KW", + length: 128 + }; + case "2.16.840.1.101.3.4.1.25": + return { + name: "AES-KW", + length: 192 + }; + case "2.16.840.1.101.3.4.1.45": + return { + name: "AES-KW", + length: 256 + }; + case "1.2.840.113549.2.7": + return { + name: "HMAC", + hash: { + name: "SHA-1" + } + }; + case "1.2.840.113549.2.9": + return { + name: "HMAC", + hash: { + name: "SHA-256" + } + }; + case "1.2.840.113549.2.10": + return { + name: "HMAC", + hash: { + name: "SHA-384" + } + }; + case "1.2.840.113549.2.11": + return { + name: "HMAC", + hash: { + name: "SHA-512" + } + }; + case "1.2.840.113549.1.9.16.3.5": + return { + name: "DH" + }; + case "1.3.14.3.2.26": + return { + name: "SHA-1" + }; + case "2.16.840.1.101.3.4.2.1": + return { + name: "SHA-256" + }; + case "2.16.840.1.101.3.4.2.2": + return { + name: "SHA-384" + }; + case "2.16.840.1.101.3.4.2.3": + return { + name: "SHA-512" + }; + case "1.2.840.113549.1.5.12": + return { + name: "PBKDF2" + }; + case "1.2.840.10045.3.1.7": + return { + name: "P-256" + }; + case "1.3.132.0.34": + return { + name: "P-384" + }; + case "1.3.132.0.35": + return { + name: "P-521" + }; + } + if (safety) { + throw new Error(`Unsupported algorithm identifier ${target ? `for ${target} ` : EMPTY_STRING}: ${oid}`); + } + return {}; + } + getOIDByAlgorithm(algorithm, safety = false, target) { + let result = EMPTY_STRING; + switch (algorithm.name.toUpperCase()) { + case "RSAES-PKCS1-V1_5": + result = "1.2.840.113549.1.1.1"; + break; + case "RSASSA-PKCS1-V1_5": + switch (algorithm.hash.name.toUpperCase()) { + case "SHA-1": + result = "1.2.840.113549.1.1.5"; + break; + case "SHA-256": + result = "1.2.840.113549.1.1.11"; + break; + case "SHA-384": + result = "1.2.840.113549.1.1.12"; + break; + case "SHA-512": + result = "1.2.840.113549.1.1.13"; + break; + } + break; + case "RSA-PSS": + result = "1.2.840.113549.1.1.10"; + break; + case "RSA-OAEP": + result = "1.2.840.113549.1.1.7"; + break; + case "ECDSA": + switch (algorithm.hash.name.toUpperCase()) { + case "SHA-1": + result = "1.2.840.10045.4.1"; + break; + case "SHA-256": + result = "1.2.840.10045.4.3.2"; + break; + case "SHA-384": + result = "1.2.840.10045.4.3.3"; + break; + case "SHA-512": + result = "1.2.840.10045.4.3.4"; + break; + } + break; + case "ECDH": + switch (algorithm.kdf.toUpperCase()) { + case "SHA-1": + result = "1.3.133.16.840.63.0.2"; + break; + case "SHA-256": + result = "1.3.132.1.11.1"; + break; + case "SHA-384": + result = "1.3.132.1.11.2"; + break; + case "SHA-512": + result = "1.3.132.1.11.3"; + break; + } + break; + case "AES-CTR": + break; + case "AES-CBC": + switch (algorithm.length) { + case 128: + result = "2.16.840.1.101.3.4.1.2"; + break; + case 192: + result = "2.16.840.1.101.3.4.1.22"; + break; + case 256: + result = "2.16.840.1.101.3.4.1.42"; + break; + } + break; + case "AES-CMAC": + break; + case "AES-GCM": + switch (algorithm.length) { + case 128: + result = "2.16.840.1.101.3.4.1.6"; + break; + case 192: + result = "2.16.840.1.101.3.4.1.26"; + break; + case 256: + result = "2.16.840.1.101.3.4.1.46"; + break; + } + break; + case "AES-CFB": + switch (algorithm.length) { + case 128: + result = "2.16.840.1.101.3.4.1.4"; + break; + case 192: + result = "2.16.840.1.101.3.4.1.24"; + break; + case 256: + result = "2.16.840.1.101.3.4.1.44"; + break; + } + break; + case "AES-KW": + switch (algorithm.length) { + case 128: + result = "2.16.840.1.101.3.4.1.5"; + break; + case 192: + result = "2.16.840.1.101.3.4.1.25"; + break; + case 256: + result = "2.16.840.1.101.3.4.1.45"; + break; + } + break; + case "HMAC": + switch (algorithm.hash.name.toUpperCase()) { + case "SHA-1": + result = "1.2.840.113549.2.7"; + break; + case "SHA-256": + result = "1.2.840.113549.2.9"; + break; + case "SHA-384": + result = "1.2.840.113549.2.10"; + break; + case "SHA-512": + result = "1.2.840.113549.2.11"; + break; + } + break; + case "DH": + result = "1.2.840.113549.1.9.16.3.5"; + break; + case "SHA-1": + result = "1.3.14.3.2.26"; + break; + case "SHA-256": + result = "2.16.840.1.101.3.4.2.1"; + break; + case "SHA-384": + result = "2.16.840.1.101.3.4.2.2"; + break; + case "SHA-512": + result = "2.16.840.1.101.3.4.2.3"; + break; + case "CONCAT": + break; + case "HKDF": + break; + case "PBKDF2": + result = "1.2.840.113549.1.5.12"; + break; + case "P-256": + result = "1.2.840.10045.3.1.7"; + break; + case "P-384": + result = "1.3.132.0.34"; + break; + case "P-521": + result = "1.3.132.0.35"; + break; + } + if (!result && safety) { + throw new Error(`Unsupported algorithm ${target ? `for ${target} ` : EMPTY_STRING}: ${algorithm.name}`); + } + return result; + } + getAlgorithmParameters(algorithmName, operation) { + let result = { + algorithm: {}, + usages: [] + }; + switch (algorithmName.toUpperCase()) { + case "RSAES-PKCS1-V1_5": + case "RSASSA-PKCS1-V1_5": + switch (operation.toLowerCase()) { + case "generatekey": + result = { + algorithm: { + name: "RSASSA-PKCS1-v1_5", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]), + hash: { + name: "SHA-256" + } + }, + usages: ["sign", "verify"] + }; + break; + case "verify": + case "sign": + case "importkey": + result = { + algorithm: { + name: "RSASSA-PKCS1-v1_5", + hash: { + name: "SHA-256" + } + }, + usages: ["verify"] + }; + break; + case "exportkey": + default: + return { + algorithm: { + name: "RSASSA-PKCS1-v1_5" + }, + usages: [] + }; + } + break; + case "RSA-PSS": + switch (operation.toLowerCase()) { + case "sign": + case "verify": + result = { + algorithm: { + name: "RSA-PSS", + hash: { + name: "SHA-1" + }, + saltLength: 20 + }, + usages: ["sign", "verify"] + }; + break; + case "generatekey": + result = { + algorithm: { + name: "RSA-PSS", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]), + hash: { + name: "SHA-1" + } + }, + usages: ["sign", "verify"] + }; + break; + case "importkey": + result = { + algorithm: { + name: "RSA-PSS", + hash: { + name: "SHA-1" + } + }, + usages: ["verify"] + }; + break; + case "exportkey": + default: + return { + algorithm: { + name: "RSA-PSS" + }, + usages: [] + }; + } + break; + case "RSA-OAEP": + switch (operation.toLowerCase()) { + case "encrypt": + case "decrypt": + result = { + algorithm: { + name: "RSA-OAEP" + }, + usages: ["encrypt", "decrypt"] + }; + break; + case "generatekey": + result = { + algorithm: { + name: "RSA-OAEP", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]), + hash: { + name: "SHA-256" + } + }, + usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"] + }; + break; + case "importkey": + result = { + algorithm: { + name: "RSA-OAEP", + hash: { + name: "SHA-256" + } + }, + usages: ["encrypt"] + }; + break; + case "exportkey": + default: + return { + algorithm: { + name: "RSA-OAEP" + }, + usages: [] + }; + } + break; + case "ECDSA": + switch (operation.toLowerCase()) { + case "generatekey": + result = { + algorithm: { + name: "ECDSA", + namedCurve: "P-256" + }, + usages: ["sign", "verify"] + }; + break; + case "importkey": + result = { + algorithm: { + name: "ECDSA", + namedCurve: "P-256" + }, + usages: ["verify"] + }; + break; + case "verify": + case "sign": + result = { + algorithm: { + name: "ECDSA", + hash: { + name: "SHA-256" + } + }, + usages: ["sign"] + }; + break; + default: + return { + algorithm: { + name: "ECDSA" + }, + usages: [] + }; + } + break; + case "ECDH": + switch (operation.toLowerCase()) { + case "exportkey": + case "importkey": + case "generatekey": + result = { + algorithm: { + name: "ECDH", + namedCurve: "P-256" + }, + usages: ["deriveKey", "deriveBits"] + }; + break; + case "derivekey": + case "derivebits": + result = { + algorithm: { + name: "ECDH", + namedCurve: "P-256", + public: [] + }, + usages: ["encrypt", "decrypt"] + }; + break; + default: + return { + algorithm: { + name: "ECDH" + }, + usages: [] + }; + } + break; + case "AES-CTR": + switch (operation.toLowerCase()) { + case "importkey": + case "exportkey": + case "generatekey": + result = { + algorithm: { + name: "AES-CTR", + length: 256 + }, + usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"] + }; + break; + case "decrypt": + case "encrypt": + result = { + algorithm: { + name: "AES-CTR", + counter: new Uint8Array(16), + length: 10 + }, + usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"] + }; + break; + default: + return { + algorithm: { + name: "AES-CTR" + }, + usages: [] + }; + } + break; + case "AES-CBC": + switch (operation.toLowerCase()) { + case "importkey": + case "exportkey": + case "generatekey": + result = { + algorithm: { + name: "AES-CBC", + length: 256 + }, + usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"] + }; + break; + case "decrypt": + case "encrypt": + result = { + algorithm: { + name: "AES-CBC", + iv: this.getRandomValues(new Uint8Array(16)) + }, + usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"] + }; + break; + default: + return { + algorithm: { + name: "AES-CBC" + }, + usages: [] + }; + } + break; + case "AES-GCM": + switch (operation.toLowerCase()) { + case "importkey": + case "exportkey": + case "generatekey": + result = { + algorithm: { + name: "AES-GCM", + length: 256 + }, + usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"] + }; + break; + case "decrypt": + case "encrypt": + result = { + algorithm: { + name: "AES-GCM", + iv: this.getRandomValues(new Uint8Array(16)) + }, + usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"] + }; + break; + default: + return { + algorithm: { + name: "AES-GCM" + }, + usages: [] + }; + } + break; + case "AES-KW": + switch (operation.toLowerCase()) { + case "importkey": + case "exportkey": + case "generatekey": + case "wrapkey": + case "unwrapkey": + result = { + algorithm: { + name: "AES-KW", + length: 256 + }, + usages: ["wrapKey", "unwrapKey"] + }; + break; + default: + return { + algorithm: { + name: "AES-KW" + }, + usages: [] + }; + } + break; + case "HMAC": + switch (operation.toLowerCase()) { + case "sign": + case "verify": + result = { + algorithm: { + name: "HMAC" + }, + usages: ["sign", "verify"] + }; + break; + case "importkey": + case "exportkey": + case "generatekey": + result = { + algorithm: { + name: "HMAC", + length: 32, + hash: { + name: "SHA-256" + } + }, + usages: ["sign", "verify"] + }; + break; + default: + return { + algorithm: { + name: "HMAC" + }, + usages: [] + }; + } + break; + case "HKDF": + switch (operation.toLowerCase()) { + case "derivekey": + result = { + algorithm: { + name: "HKDF", + hash: "SHA-256", + salt: new Uint8Array([]), + info: new Uint8Array([]) + }, + usages: ["encrypt", "decrypt"] + }; + break; + default: + return { + algorithm: { + name: "HKDF" + }, + usages: [] + }; + } + break; + case "PBKDF2": + switch (operation.toLowerCase()) { + case "derivekey": + result = { + algorithm: { + name: "PBKDF2", + hash: { name: "SHA-256" }, + salt: new Uint8Array([]), + iterations: 10000 + }, + usages: ["encrypt", "decrypt"] + }; + break; + default: + return { + algorithm: { + name: "PBKDF2" + }, + usages: [] + }; + } + break; + } + return result; + } + getHashAlgorithm(signatureAlgorithm) { + let result = EMPTY_STRING; + switch (signatureAlgorithm.algorithmId) { + case "1.2.840.10045.4.1": + case "1.2.840.113549.1.1.5": + result = "SHA-1"; + break; + case "1.2.840.10045.4.3.2": + case "1.2.840.113549.1.1.11": + result = "SHA-256"; + break; + case "1.2.840.10045.4.3.3": + case "1.2.840.113549.1.1.12": + result = "SHA-384"; + break; + case "1.2.840.10045.4.3.4": + case "1.2.840.113549.1.1.13": + result = "SHA-512"; + break; + case "1.2.840.113549.1.1.10": + { + try { + const params = new RSASSAPSSParams({ schema: signatureAlgorithm.algorithmParams }); + if (params.hashAlgorithm) { + const algorithm = this.getAlgorithmByOID(params.hashAlgorithm.algorithmId); + if ("name" in algorithm) { + result = algorithm.name; + } + else { + return EMPTY_STRING; + } + } + else + result = "SHA-1"; + } + catch (_a) { + } + } + break; + } + return result; + } + encryptEncryptedContentInfo(parameters) { + return __awaiter(this, void 0, void 0, function* () { + ParameterError.assert(parameters, "password", "contentEncryptionAlgorithm", "hmacHashAlgorithm", "iterationCount", "contentToEncrypt", "contentToEncrypt", "contentType"); + const contentEncryptionOID = this.getOIDByAlgorithm(parameters.contentEncryptionAlgorithm, true, "contentEncryptionAlgorithm"); + const pbkdf2OID = this.getOIDByAlgorithm({ + name: "PBKDF2" + }, true, "PBKDF2"); + const hmacOID = this.getOIDByAlgorithm({ + name: "HMAC", + hash: { + name: parameters.hmacHashAlgorithm + } + }, true, "hmacHashAlgorithm"); + const ivBuffer = new ArrayBuffer(16); + const ivView = new Uint8Array(ivBuffer); + this.getRandomValues(ivView); + const saltBuffer = new ArrayBuffer(64); + const saltView = new Uint8Array(saltBuffer); + this.getRandomValues(saltView); + const contentView = new Uint8Array(parameters.contentToEncrypt); + const pbkdf2Params = new PBKDF2Params({ + salt: new OctetString({ valueHex: saltBuffer }), + iterationCount: parameters.iterationCount, + prf: new AlgorithmIdentifier({ + algorithmId: hmacOID, + algorithmParams: new Null() + }) + }); + const passwordView = new Uint8Array(parameters.password); + const pbkdfKey = yield this.importKey("raw", passwordView, "PBKDF2", false, ["deriveKey"]); + const derivedKey = yield this.deriveKey({ + name: "PBKDF2", + hash: { + name: parameters.hmacHashAlgorithm + }, + salt: saltView, + iterations: parameters.iterationCount + }, pbkdfKey, parameters.contentEncryptionAlgorithm, false, ["encrypt"]); + const encryptedData = yield this.encrypt({ + name: parameters.contentEncryptionAlgorithm.name, + iv: ivView + }, derivedKey, contentView); + const pbes2Parameters = new PBES2Params({ + keyDerivationFunc: new AlgorithmIdentifier({ + algorithmId: pbkdf2OID, + algorithmParams: pbkdf2Params.toSchema() + }), + encryptionScheme: new AlgorithmIdentifier({ + algorithmId: contentEncryptionOID, + algorithmParams: new OctetString({ valueHex: ivBuffer }) + }) + }); + return new EncryptedContentInfo({ + contentType: parameters.contentType, + contentEncryptionAlgorithm: new AlgorithmIdentifier({ + algorithmId: "1.2.840.113549.1.5.13", + algorithmParams: pbes2Parameters.toSchema() + }), + encryptedContent: new OctetString({ valueHex: encryptedData }) + }); + }); + } + decryptEncryptedContentInfo(parameters) { + return __awaiter(this, void 0, void 0, function* () { + ParameterError.assert(parameters, "password", "encryptedContentInfo"); + if (parameters.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId !== "1.2.840.113549.1.5.13") + throw new Error(`Unknown "contentEncryptionAlgorithm": ${parameters.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId}`); + let pbes2Parameters; + try { + pbes2Parameters = new PBES2Params({ schema: parameters.encryptedContentInfo.contentEncryptionAlgorithm.algorithmParams }); + } + catch (ex) { + throw new Error("Incorrectly encoded \"pbes2Parameters\""); + } + let pbkdf2Params; + try { + pbkdf2Params = new PBKDF2Params({ schema: pbes2Parameters.keyDerivationFunc.algorithmParams }); + } + catch (ex) { + throw new Error("Incorrectly encoded \"pbkdf2Params\""); + } + const contentEncryptionAlgorithm = this.getAlgorithmByOID(pbes2Parameters.encryptionScheme.algorithmId, true); + const ivBuffer = pbes2Parameters.encryptionScheme.algorithmParams.valueBlock.valueHex; + const ivView = new Uint8Array(ivBuffer); + const saltBuffer = pbkdf2Params.salt.valueBlock.valueHex; + const saltView = new Uint8Array(saltBuffer); + const iterationCount = pbkdf2Params.iterationCount; + let hmacHashAlgorithm = "SHA-1"; + if (pbkdf2Params.prf) { + const algorithm = this.getAlgorithmByOID(pbkdf2Params.prf.algorithmId, true); + hmacHashAlgorithm = algorithm.hash.name; + } + const pbkdfKey = yield this.importKey("raw", parameters.password, "PBKDF2", false, ["deriveKey"]); + const result = yield this.deriveKey({ + name: "PBKDF2", + hash: { + name: hmacHashAlgorithm + }, + salt: saltView, + iterations: iterationCount + }, pbkdfKey, contentEncryptionAlgorithm, false, ["decrypt"]); + const dataBuffer = parameters.encryptedContentInfo.getEncryptedContent(); + return this.decrypt({ + name: contentEncryptionAlgorithm.name, + iv: ivView + }, result, dataBuffer); + }); + } + stampDataWithPassword(parameters) { + return __awaiter(this, void 0, void 0, function* () { + if ((parameters instanceof Object) === false) + throw new Error("Parameters must have type \"Object\""); + ParameterError.assert(parameters, "password", "hashAlgorithm", "iterationCount", "salt", "contentToStamp"); + let length; + switch (parameters.hashAlgorithm.toLowerCase()) { + case "sha-1": + length = 160; + break; + case "sha-256": + length = 256; + break; + case "sha-384": + length = 384; + break; + case "sha-512": + length = 512; + break; + default: + throw new Error(`Incorrect "parameters.hashAlgorithm" parameter: ${parameters.hashAlgorithm}`); + } + const hmacAlgorithm = { + name: "HMAC", + length, + hash: { + name: parameters.hashAlgorithm + } + }; + const pkcsKey = yield makePKCS12B2Key(this, parameters.hashAlgorithm, length, parameters.password, parameters.salt, parameters.iterationCount); + const hmacKey = yield this.importKey("raw", new Uint8Array(pkcsKey), hmacAlgorithm, false, ["sign"]); + return this.sign(hmacAlgorithm, hmacKey, new Uint8Array(parameters.contentToStamp)); + }); + } + verifyDataStampedWithPassword(parameters) { + return __awaiter(this, void 0, void 0, function* () { + ParameterError.assert(parameters, "password", "hashAlgorithm", "salt", "iterationCount", "contentToVerify", "signatureToVerify"); + let length = 0; + switch (parameters.hashAlgorithm.toLowerCase()) { + case "sha-1": + length = 160; + break; + case "sha-256": + length = 256; + break; + case "sha-384": + length = 384; + break; + case "sha-512": + length = 512; + break; + default: + throw new Error(`Incorrect "parameters.hashAlgorithm" parameter: ${parameters.hashAlgorithm}`); + } + const hmacAlgorithm = { + name: "HMAC", + length, + hash: { + name: parameters.hashAlgorithm + } + }; + const pkcsKey = yield makePKCS12B2Key(this, parameters.hashAlgorithm, length, parameters.password, parameters.salt, parameters.iterationCount); + const hmacKey = yield this.importKey("raw", new Uint8Array(pkcsKey), hmacAlgorithm, false, ["verify"]); + return this.verify(hmacAlgorithm, hmacKey, new Uint8Array(parameters.signatureToVerify), new Uint8Array(parameters.contentToVerify)); + }); + } + getSignatureParameters(privateKey, hashAlgorithm = "SHA-1") { + return __awaiter(this, void 0, void 0, function* () { + this.getOIDByAlgorithm({ name: hashAlgorithm }, true, "hashAlgorithm"); + const signatureAlgorithm = new AlgorithmIdentifier(); + const parameters = this.getAlgorithmParameters(privateKey.algorithm.name, "sign"); + if (!Object.keys(parameters.algorithm).length) { + throw new Error("Parameter 'algorithm' is empty"); + } + const algorithm = parameters.algorithm; + algorithm.hash.name = hashAlgorithm; + switch (privateKey.algorithm.name.toUpperCase()) { + case "RSASSA-PKCS1-V1_5": + case "ECDSA": + signatureAlgorithm.algorithmId = this.getOIDByAlgorithm(algorithm, true); + break; + case "RSA-PSS": + { + switch (hashAlgorithm.toUpperCase()) { + case "SHA-256": + algorithm.saltLength = 32; + break; + case "SHA-384": + algorithm.saltLength = 48; + break; + case "SHA-512": + algorithm.saltLength = 64; + break; + } + const paramsObject = {}; + if (hashAlgorithm.toUpperCase() !== "SHA-1") { + const hashAlgorithmOID = this.getOIDByAlgorithm({ name: hashAlgorithm }, true, "hashAlgorithm"); + paramsObject.hashAlgorithm = new AlgorithmIdentifier({ + algorithmId: hashAlgorithmOID, + algorithmParams: new Null() + }); + paramsObject.maskGenAlgorithm = new AlgorithmIdentifier({ + algorithmId: "1.2.840.113549.1.1.8", + algorithmParams: paramsObject.hashAlgorithm.toSchema() + }); + } + if (algorithm.saltLength !== 20) + paramsObject.saltLength = algorithm.saltLength; + const pssParameters = new RSASSAPSSParams(paramsObject); + signatureAlgorithm.algorithmId = "1.2.840.113549.1.1.10"; + signatureAlgorithm.algorithmParams = pssParameters.toSchema(); + } + break; + default: + throw new Error(`Unsupported signature algorithm: ${privateKey.algorithm.name}`); + } + return { + signatureAlgorithm, + parameters + }; + }); + } + signWithPrivateKey(data, privateKey, parameters) { + return __awaiter(this, void 0, void 0, function* () { + const signature = yield this.sign(parameters.algorithm, privateKey, data); + if (parameters.algorithm.name === "ECDSA") { + return createCMSECDSASignature(signature); + } + return signature; + }); + } + fillPublicKeyParameters(publicKeyInfo, signatureAlgorithm) { + const parameters = {}; + const shaAlgorithm = this.getHashAlgorithm(signatureAlgorithm); + if (shaAlgorithm === EMPTY_STRING) + throw new Error(`Unsupported signature algorithm: ${signatureAlgorithm.algorithmId}`); + let algorithmId; + if (signatureAlgorithm.algorithmId === "1.2.840.113549.1.1.10") + algorithmId = signatureAlgorithm.algorithmId; + else + algorithmId = publicKeyInfo.algorithm.algorithmId; + const algorithmObject = this.getAlgorithmByOID(algorithmId, true); + parameters.algorithm = this.getAlgorithmParameters(algorithmObject.name, "importKey"); + if ("hash" in parameters.algorithm.algorithm) + parameters.algorithm.algorithm.hash.name = shaAlgorithm; + if (algorithmObject.name === "ECDSA") { + const publicKeyAlgorithm = publicKeyInfo.algorithm; + if (!publicKeyAlgorithm.algorithmParams) { + throw new Error("Algorithm parameters for ECDSA public key are missed"); + } + const publicKeyAlgorithmParams = publicKeyAlgorithm.algorithmParams; + if ("idBlock" in publicKeyAlgorithm.algorithmParams) { + if (!((publicKeyAlgorithmParams.idBlock.tagClass === 1) && (publicKeyAlgorithmParams.idBlock.tagNumber === 6))) { + throw new Error("Incorrect type for ECDSA public key parameters"); + } + } + const curveObject = this.getAlgorithmByOID(publicKeyAlgorithmParams.valueBlock.toString(), true); + parameters.algorithm.algorithm.namedCurve = curveObject.name; + } + return parameters; + } + getPublicKey(publicKeyInfo, signatureAlgorithm, parameters) { + return __awaiter(this, void 0, void 0, function* () { + if (!parameters) { + parameters = this.fillPublicKeyParameters(publicKeyInfo, signatureAlgorithm); + } + const publicKeyInfoBuffer = publicKeyInfo.toSchema().toBER(false); + return this.importKey("spki", publicKeyInfoBuffer, parameters.algorithm.algorithm, true, parameters.algorithm.usages); + }); + } + verifyWithPublicKey(data, signature, publicKeyInfo, signatureAlgorithm, shaAlgorithm) { + return __awaiter(this, void 0, void 0, function* () { + let publicKey; + if (!shaAlgorithm) { + shaAlgorithm = this.getHashAlgorithm(signatureAlgorithm); + if (!shaAlgorithm) + throw new Error(`Unsupported signature algorithm: ${signatureAlgorithm.algorithmId}`); + publicKey = yield this.getPublicKey(publicKeyInfo, signatureAlgorithm); + } + else { + const parameters = {}; + let algorithmId; + if (signatureAlgorithm.algorithmId === "1.2.840.113549.1.1.10") + algorithmId = signatureAlgorithm.algorithmId; + else + algorithmId = publicKeyInfo.algorithm.algorithmId; + const algorithmObject = this.getAlgorithmByOID(algorithmId, true); + parameters.algorithm = this.getAlgorithmParameters(algorithmObject.name, "importKey"); + if ("hash" in parameters.algorithm.algorithm) + parameters.algorithm.algorithm.hash.name = shaAlgorithm; + if (algorithmObject.name === "ECDSA") { + let algorithmParamsChecked = false; + if (("algorithmParams" in publicKeyInfo.algorithm) === true) { + if ("idBlock" in publicKeyInfo.algorithm.algorithmParams) { + if ((publicKeyInfo.algorithm.algorithmParams.idBlock.tagClass === 1) && (publicKeyInfo.algorithm.algorithmParams.idBlock.tagNumber === 6)) + algorithmParamsChecked = true; + } + } + if (algorithmParamsChecked === false) { + throw new Error("Incorrect type for ECDSA public key parameters"); + } + const curveObject = this.getAlgorithmByOID(publicKeyInfo.algorithm.algorithmParams.valueBlock.toString(), true); + parameters.algorithm.algorithm.namedCurve = curveObject.name; + } + publicKey = yield this.getPublicKey(publicKeyInfo, null, parameters); + } + const algorithm = this.getAlgorithmParameters(publicKey.algorithm.name, "verify"); + if ("hash" in algorithm.algorithm) + algorithm.algorithm.hash.name = shaAlgorithm; + let signatureValue = signature.valueBlock.valueHexView; + if (publicKey.algorithm.name === "ECDSA") { + const namedCurve = ECNamedCurves.find(publicKey.algorithm.namedCurve); + if (!namedCurve) { + throw new Error("Unsupported named curve in use"); + } + const asn1 = fromBER(signatureValue); + AsnError.assert(asn1, "Signature value"); + signatureValue = createECDSASignatureFromCMS(asn1.result, namedCurve.size); + } + if (publicKey.algorithm.name === "RSA-PSS") { + const pssParameters = new RSASSAPSSParams({ schema: signatureAlgorithm.algorithmParams }); + if ("saltLength" in pssParameters) + algorithm.algorithm.saltLength = pssParameters.saltLength; + else + algorithm.algorithm.saltLength = 20; + let hashAlgo = "SHA-1"; + if ("hashAlgorithm" in pssParameters) { + const hashAlgorithm = this.getAlgorithmByOID(pssParameters.hashAlgorithm.algorithmId, true); + hashAlgo = hashAlgorithm.name; + } + algorithm.algorithm.hash.name = hashAlgo; + } + return this.verify(algorithm.algorithm, publicKey, signatureValue, data); + }); + } +} + +let engine = { + name: "none", + crypto: null, +}; +function isCryptoEngine(engine) { + return engine + && typeof engine === "object" + && "crypto" in engine + ? true + : false; +} +function setEngine(name, ...args) { + let crypto = null; + if (args.length < 2) { + if (args.length) { + crypto = args[0]; + } + else { + crypto = typeof self !== "undefined" && self.crypto ? new CryptoEngine({ name: "browser", crypto: self.crypto }) : null; + } + } + else { + const cryptoArg = args[0]; + const subtleArg = args[1]; + if (isCryptoEngine(subtleArg)) { + crypto = subtleArg; + } + else if (isCryptoEngine(cryptoArg)) { + crypto = cryptoArg; + } + else if ("subtle" in cryptoArg && "getRandomValues" in cryptoArg) { + crypto = new CryptoEngine({ + crypto: cryptoArg, + }); + } + } + if ((typeof process !== "undefined") && ("pid" in process) && (typeof global !== "undefined") && (typeof window === "undefined")) { + if (typeof global[process.pid] === "undefined") { + global[process.pid] = {}; + } + else { + if (typeof global[process.pid] !== "object") { + throw new Error(`Name global.${process.pid} already exists and it is not an object`); + } + } + if (typeof global[process.pid].pkijs === "undefined") { + global[process.pid].pkijs = {}; + } + else { + if (typeof global[process.pid].pkijs !== "object") { + throw new Error(`Name global.${process.pid}.pkijs already exists and it is not an object`); + } + } + global[process.pid].pkijs.engine = { + name: name, + crypto, + }; + } + else { + engine = { + name: name, + crypto, + }; + } +} +function getEngine() { + if ((typeof process !== "undefined") && ("pid" in process) && (typeof global !== "undefined") && (typeof window === "undefined")) { + let _engine; + try { + _engine = global[process.pid].pkijs.engine; + } + catch (ex) { + throw new Error("Please call 'setEngine' before call to 'getEngine'"); + } + return _engine; + } + return engine; +} +function getCrypto(safety = false) { + const _engine = getEngine(); + if (!_engine.crypto && safety) { + throw new Error("Unable to create WebCrypto object"); + } + return _engine.crypto; +} +function getRandomValues(view) { + return getCrypto(true).getRandomValues(view); +} +function getOIDByAlgorithm(algorithm, safety, target) { + return getCrypto(true).getOIDByAlgorithm(algorithm, safety, target); +} +function getAlgorithmParameters(algorithmName, operation) { + return getCrypto(true).getAlgorithmParameters(algorithmName, operation); +} +function createCMSECDSASignature(signatureBuffer) { + if ((signatureBuffer.byteLength % 2) !== 0) + return EMPTY_BUFFER; + const length = signatureBuffer.byteLength / 2; + const rBuffer = new ArrayBuffer(length); + const rView = new Uint8Array(rBuffer); + rView.set(new Uint8Array(signatureBuffer, 0, length)); + const rInteger = new Integer({ valueHex: rBuffer }); + const sBuffer = new ArrayBuffer(length); + const sView = new Uint8Array(sBuffer); + sView.set(new Uint8Array(signatureBuffer, length, length)); + const sInteger = new Integer({ valueHex: sBuffer }); + return (new Sequence({ + value: [ + rInteger.convertToDER(), + sInteger.convertToDER() + ] + })).toBER(false); +} +function createECDSASignatureFromCMS(cmsSignature, pointSize) { + if (!(cmsSignature instanceof Sequence + && cmsSignature.valueBlock.value.length === 2 + && cmsSignature.valueBlock.value[0] instanceof Integer + && cmsSignature.valueBlock.value[1] instanceof Integer)) + return EMPTY_BUFFER; + const rValueView = cmsSignature.valueBlock.value[0].convertFromDER().valueBlock.valueHexView; + const sValueView = cmsSignature.valueBlock.value[1].convertFromDER().valueBlock.valueHexView; + const res = new Uint8Array(pointSize * 2); + res.set(rValueView, pointSize - rValueView.byteLength); + res.set(sValueView, (2 * pointSize) - sValueView.byteLength); + return res.buffer; +} +function getAlgorithmByOID(oid, safety = false, target) { + return getCrypto(true).getAlgorithmByOID(oid, safety, target); +} +function getHashAlgorithm(signatureAlgorithm) { + return getCrypto(true).getHashAlgorithm(signatureAlgorithm); +} +function kdfWithCounter(hashFunction, zBuffer, Counter, SharedInfo, crypto) { + return __awaiter(this, void 0, void 0, function* () { + switch (hashFunction.toUpperCase()) { + case "SHA-1": + case "SHA-256": + case "SHA-384": + case "SHA-512": + break; + default: + throw new ArgumentError(`Unknown hash function: ${hashFunction}`); + } + ArgumentError.assert(zBuffer, "zBuffer", "ArrayBuffer"); + if (zBuffer.byteLength === 0) + throw new ArgumentError("'zBuffer' has zero length, error"); + ArgumentError.assert(SharedInfo, "SharedInfo", "ArrayBuffer"); + if (Counter > 255) + throw new ArgumentError("Please set 'Counter' argument to value less or equal to 255"); + const counterBuffer = new ArrayBuffer(4); + const counterView = new Uint8Array(counterBuffer); + counterView[0] = 0x00; + counterView[1] = 0x00; + counterView[2] = 0x00; + counterView[3] = Counter; + let combinedBuffer = EMPTY_BUFFER; + combinedBuffer = utilConcatBuf(combinedBuffer, zBuffer); + combinedBuffer = utilConcatBuf(combinedBuffer, counterBuffer); + combinedBuffer = utilConcatBuf(combinedBuffer, SharedInfo); + const result = yield crypto.digest({ name: hashFunction }, combinedBuffer); + return { + counter: Counter, + result + }; + }); +} +function kdf(hashFunction, Zbuffer, keydatalen, SharedInfo, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + let hashLength = 0; + let maxCounter = 1; + switch (hashFunction.toUpperCase()) { + case "SHA-1": + hashLength = 160; + break; + case "SHA-256": + hashLength = 256; + break; + case "SHA-384": + hashLength = 384; + break; + case "SHA-512": + hashLength = 512; + break; + default: + throw new ArgumentError(`Unknown hash function: ${hashFunction}`); + } + ArgumentError.assert(Zbuffer, "Zbuffer", "ArrayBuffer"); + if (Zbuffer.byteLength === 0) + throw new ArgumentError("'Zbuffer' has zero length, error"); + ArgumentError.assert(SharedInfo, "SharedInfo", "ArrayBuffer"); + const quotient = keydatalen / hashLength; + if (Math.floor(quotient) > 0) { + maxCounter = Math.floor(quotient); + if ((quotient - maxCounter) > 0) + maxCounter++; + } + const incomingResult = []; + for (let i = 1; i <= maxCounter; i++) + incomingResult.push(yield kdfWithCounter(hashFunction, Zbuffer, i, SharedInfo, crypto)); + let combinedBuffer = EMPTY_BUFFER; + let currentCounter = 1; + let found = true; + while (found) { + found = false; + for (const result of incomingResult) { + if (result.counter === currentCounter) { + combinedBuffer = utilConcatBuf(combinedBuffer, result.result); + found = true; + break; + } + } + currentCounter++; + } + keydatalen >>= 3; + if (combinedBuffer.byteLength > keydatalen) { + const newBuffer = new ArrayBuffer(keydatalen); + const newView = new Uint8Array(newBuffer); + const combinedView = new Uint8Array(combinedBuffer); + for (let i = 0; i < keydatalen; i++) + newView[i] = combinedView[i]; + return newBuffer; + } + return combinedBuffer; + }); +} + +const VERSION$i = "version"; +const LOG_ID = "logID"; +const EXTENSIONS$6 = "extensions"; +const TIMESTAMP = "timestamp"; +const HASH_ALGORITHM$3 = "hashAlgorithm"; +const SIGNATURE_ALGORITHM$8 = "signatureAlgorithm"; +const SIGNATURE$7 = "signature"; +const NONE = "none"; +const MD5 = "md5"; +const SHA1 = "sha1"; +const SHA224 = "sha224"; +const SHA256 = "sha256"; +const SHA384 = "sha384"; +const SHA512 = "sha512"; +const ANONYMOUS = "anonymous"; +const RSA = "rsa"; +const DSA = "dsa"; +const ECDSA = "ecdsa"; +class SignedCertificateTimestamp extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$i, SignedCertificateTimestamp.defaultValues(VERSION$i)); + this.logID = getParametersValue(parameters, LOG_ID, SignedCertificateTimestamp.defaultValues(LOG_ID)); + this.timestamp = getParametersValue(parameters, TIMESTAMP, SignedCertificateTimestamp.defaultValues(TIMESTAMP)); + this.extensions = getParametersValue(parameters, EXTENSIONS$6, SignedCertificateTimestamp.defaultValues(EXTENSIONS$6)); + this.hashAlgorithm = getParametersValue(parameters, HASH_ALGORITHM$3, SignedCertificateTimestamp.defaultValues(HASH_ALGORITHM$3)); + this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$8, SignedCertificateTimestamp.defaultValues(SIGNATURE_ALGORITHM$8)); + this.signature = getParametersValue(parameters, SIGNATURE$7, SignedCertificateTimestamp.defaultValues(SIGNATURE$7)); + if ("stream" in parameters && parameters.stream) { + this.fromStream(parameters.stream); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$i: + return 0; + case LOG_ID: + case EXTENSIONS$6: + return EMPTY_BUFFER; + case TIMESTAMP: + return new Date(0); + case HASH_ALGORITHM$3: + case SIGNATURE_ALGORITHM$8: + return EMPTY_STRING; + case SIGNATURE$7: + return new Any(); + default: + return super.defaultValues(memberName); + } + } + fromSchema(schema) { + if ((schema instanceof RawData) === false) + throw new Error("Object's schema was not verified against input data for SignedCertificateTimestamp"); + const seqStream = new SeqStream({ + stream: new ByteStream({ + buffer: schema.data + }) + }); + this.fromStream(seqStream); + } + fromStream(stream) { + const blockLength = stream.getUint16(); + this.version = (stream.getBlock(1))[0]; + if (this.version === 0) { + this.logID = (new Uint8Array(stream.getBlock(32))).buffer.slice(0); + this.timestamp = new Date(utilFromBase(new Uint8Array(stream.getBlock(8)), 8)); + const extensionsLength = stream.getUint16(); + this.extensions = (new Uint8Array(stream.getBlock(extensionsLength))).buffer.slice(0); + switch ((stream.getBlock(1))[0]) { + case 0: + this.hashAlgorithm = NONE; + break; + case 1: + this.hashAlgorithm = MD5; + break; + case 2: + this.hashAlgorithm = SHA1; + break; + case 3: + this.hashAlgorithm = SHA224; + break; + case 4: + this.hashAlgorithm = SHA256; + break; + case 5: + this.hashAlgorithm = SHA384; + break; + case 6: + this.hashAlgorithm = SHA512; + break; + default: + throw new Error("Object's stream was not correct for SignedCertificateTimestamp"); + } + switch ((stream.getBlock(1))[0]) { + case 0: + this.signatureAlgorithm = ANONYMOUS; + break; + case 1: + this.signatureAlgorithm = RSA; + break; + case 2: + this.signatureAlgorithm = DSA; + break; + case 3: + this.signatureAlgorithm = ECDSA; + break; + default: + throw new Error("Object's stream was not correct for SignedCertificateTimestamp"); + } + const signatureLength = stream.getUint16(); + const signatureData = new Uint8Array(stream.getBlock(signatureLength)).buffer.slice(0); + const asn1 = fromBER(signatureData); + AsnError.assert(asn1, "SignedCertificateTimestamp"); + this.signature = asn1.result; + if (blockLength !== (47 + extensionsLength + signatureLength)) { + throw new Error("Object's stream was not correct for SignedCertificateTimestamp"); + } + } + } + toSchema() { + const stream = this.toStream(); + return new RawData({ data: stream.stream.buffer }); + } + toStream() { + const stream = new SeqStream(); + stream.appendUint16(47 + this.extensions.byteLength + this.signature.valueBeforeDecodeView.byteLength); + stream.appendChar(this.version); + stream.appendView(new Uint8Array(this.logID)); + const timeBuffer = new ArrayBuffer(8); + const timeView = new Uint8Array(timeBuffer); + const baseArray = utilToBase(this.timestamp.valueOf(), 8); + timeView.set(new Uint8Array(baseArray), 8 - baseArray.byteLength); + stream.appendView(timeView); + stream.appendUint16(this.extensions.byteLength); + if (this.extensions.byteLength) + stream.appendView(new Uint8Array(this.extensions)); + let _hashAlgorithm; + switch (this.hashAlgorithm.toLowerCase()) { + case NONE: + _hashAlgorithm = 0; + break; + case MD5: + _hashAlgorithm = 1; + break; + case SHA1: + _hashAlgorithm = 2; + break; + case SHA224: + _hashAlgorithm = 3; + break; + case SHA256: + _hashAlgorithm = 4; + break; + case SHA384: + _hashAlgorithm = 5; + break; + case SHA512: + _hashAlgorithm = 6; + break; + default: + throw new Error(`Incorrect data for hashAlgorithm: ${this.hashAlgorithm}`); + } + stream.appendChar(_hashAlgorithm); + let _signatureAlgorithm; + switch (this.signatureAlgorithm.toLowerCase()) { + case ANONYMOUS: + _signatureAlgorithm = 0; + break; + case RSA: + _signatureAlgorithm = 1; + break; + case DSA: + _signatureAlgorithm = 2; + break; + case ECDSA: + _signatureAlgorithm = 3; + break; + default: + throw new Error(`Incorrect data for signatureAlgorithm: ${this.signatureAlgorithm}`); + } + stream.appendChar(_signatureAlgorithm); + const _signature = this.signature.toBER(false); + stream.appendUint16(_signature.byteLength); + stream.appendView(new Uint8Array(_signature)); + return stream; + } + toJSON() { + return { + version: this.version, + logID: bufferToHexCodes(this.logID), + timestamp: this.timestamp, + extensions: bufferToHexCodes(this.extensions), + hashAlgorithm: this.hashAlgorithm, + signatureAlgorithm: this.signatureAlgorithm, + signature: this.signature.toJSON() + }; + } + verify(logs, data, dataType = 0, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + const logId = toBase64(arrayBufferToString(this.logID)); + let publicKeyBase64 = null; + const stream = new SeqStream(); + for (const log of logs) { + if (log.log_id === logId) { + publicKeyBase64 = log.key; + break; + } + } + if (!publicKeyBase64) { + throw new Error(`Public key not found for CT with logId: ${logId}`); + } + const pki = stringToArrayBuffer(fromBase64(publicKeyBase64)); + const publicKeyInfo = PublicKeyInfo.fromBER(pki); + stream.appendChar(0x00); + stream.appendChar(0x00); + const timeBuffer = new ArrayBuffer(8); + const timeView = new Uint8Array(timeBuffer); + const baseArray = utilToBase(this.timestamp.valueOf(), 8); + timeView.set(new Uint8Array(baseArray), 8 - baseArray.byteLength); + stream.appendView(timeView); + stream.appendUint16(dataType); + if (dataType === 0) + stream.appendUint24(data.byteLength); + stream.appendView(new Uint8Array(data)); + stream.appendUint16(this.extensions.byteLength); + if (this.extensions.byteLength !== 0) + stream.appendView(new Uint8Array(this.extensions)); + return crypto.verifyWithPublicKey(stream.buffer.slice(0, stream.length), new OctetString({ valueHex: this.signature.toBER(false) }), publicKeyInfo, { algorithmId: EMPTY_STRING }, "SHA-256"); + }); + } +} +SignedCertificateTimestamp.CLASS_NAME = "SignedCertificateTimestamp"; +function verifySCTsForCertificate(certificate, issuerCertificate, logs, index = (-1), crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + let parsedValue = null; + const stream = new SeqStream(); + for (let i = 0; certificate.extensions && i < certificate.extensions.length; i++) { + switch (certificate.extensions[i].extnID) { + case id_SignedCertificateTimestampList: + { + parsedValue = certificate.extensions[i].parsedValue; + if (!parsedValue || parsedValue.timestamps.length === 0) + throw new Error("Nothing to verify in the certificate"); + certificate.extensions.splice(i, 1); + } + break; + } + } + if (parsedValue === null) + throw new Error("No SignedCertificateTimestampList extension in the specified certificate"); + const tbs = certificate.encodeTBS().toBER(); + const issuerId = yield crypto.digest({ name: "SHA-256" }, new Uint8Array(issuerCertificate.subjectPublicKeyInfo.toSchema().toBER(false))); + stream.appendView(new Uint8Array(issuerId)); + stream.appendUint24(tbs.byteLength); + stream.appendView(new Uint8Array(tbs)); + const preCert = stream.stream.slice(0, stream.length); + if (index === (-1)) { + const verifyArray = []; + for (const timestamp of parsedValue.timestamps) { + const verifyResult = yield timestamp.verify(logs, preCert.buffer, 1, crypto); + verifyArray.push(verifyResult); + } + return verifyArray; + } + if (index >= parsedValue.timestamps.length) + index = (parsedValue.timestamps.length - 1); + return [yield parsedValue.timestamps[index].verify(logs, preCert.buffer, 1, crypto)]; + }); +} + +const TIMESTAMPS = "timestamps"; +class SignedCertificateTimestampList extends PkiObject { + constructor(parameters = {}) { + super(); + this.timestamps = getParametersValue(parameters, TIMESTAMPS, SignedCertificateTimestampList.defaultValues(TIMESTAMPS)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case TIMESTAMPS: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case TIMESTAMPS: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + var _a; + const names = getParametersValue(parameters, "names", {}); + (_a = names.optional) !== null && _a !== void 0 ? _a : (names.optional = false); + return (new OctetString({ + name: (names.blockName || "SignedCertificateTimestampList"), + optional: names.optional + })); + } + fromSchema(schema) { + if ((schema instanceof OctetString) === false) { + throw new Error("Object's schema was not verified against input data for SignedCertificateTimestampList"); + } + const seqStream = new SeqStream({ + stream: new ByteStream({ + buffer: schema.valueBlock.valueHex + }) + }); + const dataLength = seqStream.getUint16(); + if (dataLength !== seqStream.length) { + throw new Error("Object's schema was not verified against input data for SignedCertificateTimestampList"); + } + while (seqStream.length) { + this.timestamps.push(new SignedCertificateTimestamp({ stream: seqStream })); + } + } + toSchema() { + const stream = new SeqStream(); + let overallLength = 0; + const timestampsData = []; + for (const timestamp of this.timestamps) { + const timestampStream = timestamp.toStream(); + timestampsData.push(timestampStream); + overallLength += timestampStream.stream.buffer.byteLength; + } + stream.appendUint16(overallLength); + for (const timestamp of timestampsData) { + stream.appendView(timestamp.stream.view); + } + return new OctetString({ valueHex: stream.stream.buffer.slice(0) }); + } + toJSON() { + return { + timestamps: Array.from(this.timestamps, o => o.toJSON()) + }; + } +} +SignedCertificateTimestampList.CLASS_NAME = "SignedCertificateTimestampList"; + +const ATTRIBUTES$4 = "attributes"; +const CLEAR_PROPS$11 = [ + ATTRIBUTES$4 +]; +class SubjectDirectoryAttributes extends PkiObject { + constructor(parameters = {}) { + super(); + this.attributes = getParametersValue(parameters, ATTRIBUTES$4, SubjectDirectoryAttributes.defaultValues(ATTRIBUTES$4)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ATTRIBUTES$4: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.attributes || EMPTY_STRING), + value: Attribute.schema() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$11); + const asn1 = compareSchema(schema, schema, SubjectDirectoryAttributes.schema({ + names: { + attributes: ATTRIBUTES$4 + } + })); + AsnError.assertSchema(asn1, this.className); + this.attributes = Array.from(asn1.result.attributes, element => new Attribute({ schema: element })); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.attributes, o => o.toSchema()) + })); + } + toJSON() { + return { + attributes: Array.from(this.attributes, o => o.toJSON()) + }; + } +} +SubjectDirectoryAttributes.CLASS_NAME = "SubjectDirectoryAttributes"; + +class ExtensionValueFactory { + static getItems() { + if (!this.types) { + this.types = {}; + ExtensionValueFactory.register(id_SubjectAltName, "SubjectAltName", AltName); + ExtensionValueFactory.register(id_IssuerAltName, "IssuerAltName", AltName); + ExtensionValueFactory.register(id_AuthorityKeyIdentifier, "AuthorityKeyIdentifier", AuthorityKeyIdentifier); + ExtensionValueFactory.register(id_BasicConstraints, "BasicConstraints", BasicConstraints); + ExtensionValueFactory.register(id_MicrosoftCaVersion, "MicrosoftCaVersion", CAVersion); + ExtensionValueFactory.register(id_CertificatePolicies, "CertificatePolicies", CertificatePolicies); + ExtensionValueFactory.register(id_MicrosoftAppPolicies, "CertificatePoliciesMicrosoft", CertificatePolicies); + ExtensionValueFactory.register(id_MicrosoftCertTemplateV2, "MicrosoftCertTemplateV2", CertificateTemplate); + ExtensionValueFactory.register(id_CRLDistributionPoints, "CRLDistributionPoints", CRLDistributionPoints); + ExtensionValueFactory.register(id_FreshestCRL, "FreshestCRL", CRLDistributionPoints); + ExtensionValueFactory.register(id_ExtKeyUsage, "ExtKeyUsage", ExtKeyUsage); + ExtensionValueFactory.register(id_CertificateIssuer, "CertificateIssuer", GeneralNames); + ExtensionValueFactory.register(id_AuthorityInfoAccess, "AuthorityInfoAccess", InfoAccess); + ExtensionValueFactory.register(id_SubjectInfoAccess, "SubjectInfoAccess", InfoAccess); + ExtensionValueFactory.register(id_IssuingDistributionPoint, "IssuingDistributionPoint", IssuingDistributionPoint); + ExtensionValueFactory.register(id_NameConstraints, "NameConstraints", NameConstraints); + ExtensionValueFactory.register(id_PolicyConstraints, "PolicyConstraints", PolicyConstraints); + ExtensionValueFactory.register(id_PolicyMappings, "PolicyMappings", PolicyMappings); + ExtensionValueFactory.register(id_PrivateKeyUsagePeriod, "PrivateKeyUsagePeriod", PrivateKeyUsagePeriod); + ExtensionValueFactory.register(id_QCStatements, "QCStatements", QCStatements); + ExtensionValueFactory.register(id_SignedCertificateTimestampList, "SignedCertificateTimestampList", SignedCertificateTimestampList); + ExtensionValueFactory.register(id_SubjectDirectoryAttributes, "SubjectDirectoryAttributes", SubjectDirectoryAttributes); + } + return this.types; + } + static fromBER(id, raw) { + const asn1 = fromBER(raw); + if (asn1.offset === -1) { + return null; + } + const item = this.find(id); + if (item) { + try { + return new item.type({ schema: asn1.result }); + } + catch (ex) { + const res = new item.type(); + res.parsingError = `Incorrectly formatted value of extension ${item.name} (${id})`; + return res; + } + } + return asn1.result; + } + static find(id) { + const types = this.getItems(); + return types[id] || null; + } + static register(id, name, type) { + this.getItems()[id] = { name, type }; + } +} + +const EXTN_ID = "extnID"; +const CRITICAL = "critical"; +const EXTN_VALUE = "extnValue"; +const PARSED_VALUE$5 = "parsedValue"; +const CLEAR_PROPS$10 = [ + EXTN_ID, + CRITICAL, + EXTN_VALUE +]; +class Extension extends PkiObject { + constructor(parameters = {}) { + super(); + this.extnID = getParametersValue(parameters, EXTN_ID, Extension.defaultValues(EXTN_ID)); + this.critical = getParametersValue(parameters, CRITICAL, Extension.defaultValues(CRITICAL)); + if (EXTN_VALUE in parameters) { + this.extnValue = new OctetString({ valueHex: parameters.extnValue }); + } + else { + this.extnValue = Extension.defaultValues(EXTN_VALUE); + } + if (PARSED_VALUE$5 in parameters) { + this.parsedValue = getParametersValue(parameters, PARSED_VALUE$5, Extension.defaultValues(PARSED_VALUE$5)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + get parsedValue() { + if (this._parsedValue === undefined) { + const parsedValue = ExtensionValueFactory.fromBER(this.extnID, this.extnValue.valueBlock.valueHexView); + this._parsedValue = parsedValue; + } + return this._parsedValue || undefined; + } + set parsedValue(value) { + this._parsedValue = value; + } + static defaultValues(memberName) { + switch (memberName) { + case EXTN_ID: + return EMPTY_STRING; + case CRITICAL: + return false; + case EXTN_VALUE: + return new OctetString(); + case PARSED_VALUE$5: + return {}; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.extnID || EMPTY_STRING) }), + new Boolean({ + name: (names.critical || EMPTY_STRING), + optional: true + }), + new OctetString({ name: (names.extnValue || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$10); + const asn1 = compareSchema(schema, schema, Extension.schema({ + names: { + extnID: EXTN_ID, + critical: CRITICAL, + extnValue: EXTN_VALUE + } + })); + AsnError.assertSchema(asn1, this.className); + this.extnID = asn1.result.extnID.valueBlock.toString(); + if (CRITICAL in asn1.result) { + this.critical = asn1.result.critical.valueBlock.value; + } + this.extnValue = asn1.result.extnValue; + } + toSchema() { + const outputArray = []; + outputArray.push(new ObjectIdentifier({ value: this.extnID })); + if (this.critical !== Extension.defaultValues(CRITICAL)) { + outputArray.push(new Boolean({ value: this.critical })); + } + outputArray.push(this.extnValue); + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const object = { + extnID: this.extnID, + extnValue: this.extnValue.toJSON(), + }; + if (this.critical !== Extension.defaultValues(CRITICAL)) { + object.critical = this.critical; + } + if (this.parsedValue && this.parsedValue.toJSON) { + object.parsedValue = this.parsedValue.toJSON(); + } + return object; + } +} +Extension.CLASS_NAME = "Extension"; + +const EXTENSIONS$5 = "extensions"; +const CLEAR_PROPS$$ = [ + EXTENSIONS$5, +]; +class Extensions extends PkiObject { + constructor(parameters = {}) { + super(); + this.extensions = getParametersValue(parameters, EXTENSIONS$5, Extensions.defaultValues(EXTENSIONS$5)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case EXTENSIONS$5: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}, optional = false) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + optional, + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.extensions || EMPTY_STRING), + value: Extension.schema(names.extension || {}) + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$$); + const asn1 = compareSchema(schema, schema, Extensions.schema({ + names: { + extensions: EXTENSIONS$5 + } + })); + AsnError.assertSchema(asn1, this.className); + this.extensions = Array.from(asn1.result.extensions, element => new Extension({ schema: element })); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.extensions, o => o.toSchema()) + })); + } + toJSON() { + return { + extensions: this.extensions.map(o => o.toJSON()) + }; + } +} +Extensions.CLASS_NAME = "Extensions"; + +const ISSUER$5 = "issuer"; +const SERIAL_NUMBER$6 = "serialNumber"; +const ISSUER_UID = "issuerUID"; +const CLEAR_PROPS$_ = [ + ISSUER$5, + SERIAL_NUMBER$6, + ISSUER_UID, +]; +class IssuerSerial extends PkiObject { + constructor(parameters = {}) { + super(); + this.issuer = getParametersValue(parameters, ISSUER$5, IssuerSerial.defaultValues(ISSUER$5)); + this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$6, IssuerSerial.defaultValues(SERIAL_NUMBER$6)); + if (ISSUER_UID in parameters) { + this.issuerUID = getParametersValue(parameters, ISSUER_UID, IssuerSerial.defaultValues(ISSUER_UID)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ISSUER$5: + return new GeneralNames(); + case SERIAL_NUMBER$6: + return new Integer(); + case ISSUER_UID: + return new BitString(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + GeneralNames.schema(names.issuer || {}), + new Integer({ name: (names.serialNumber || EMPTY_STRING) }), + new BitString({ + optional: true, + name: (names.issuerUID || EMPTY_STRING) + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$_); + const asn1 = compareSchema(schema, schema, IssuerSerial.schema({ + names: { + issuer: { + names: { + blockName: ISSUER$5 + } + }, + serialNumber: SERIAL_NUMBER$6, + issuerUID: ISSUER_UID + } + })); + AsnError.assertSchema(asn1, this.className); + this.issuer = new GeneralNames({ schema: asn1.result.issuer }); + this.serialNumber = asn1.result.serialNumber; + if (ISSUER_UID in asn1.result) + this.issuerUID = asn1.result.issuerUID; + } + toSchema() { + const result = new Sequence({ + value: [ + this.issuer.toSchema(), + this.serialNumber + ] + }); + if (this.issuerUID) { + result.valueBlock.value.push(this.issuerUID); + } + return result; + } + toJSON() { + const result = { + issuer: this.issuer.toJSON(), + serialNumber: this.serialNumber.toJSON() + }; + if (this.issuerUID) { + result.issuerUID = this.issuerUID.toJSON(); + } + return result; + } +} +IssuerSerial.CLASS_NAME = "IssuerSerial"; + +const VERSION$h = "version"; +const BASE_CERTIFICATE_ID$2 = "baseCertificateID"; +const SUBJECT_NAME = "subjectName"; +const ISSUER$4 = "issuer"; +const SIGNATURE$6 = "signature"; +const SERIAL_NUMBER$5 = "serialNumber"; +const ATTR_CERT_VALIDITY_PERIOD$1 = "attrCertValidityPeriod"; +const ATTRIBUTES$3 = "attributes"; +const ISSUER_UNIQUE_ID$2 = "issuerUniqueID"; +const EXTENSIONS$4 = "extensions"; +const CLEAR_PROPS$Z = [ + VERSION$h, + BASE_CERTIFICATE_ID$2, + SUBJECT_NAME, + ISSUER$4, + SIGNATURE$6, + SERIAL_NUMBER$5, + ATTR_CERT_VALIDITY_PERIOD$1, + ATTRIBUTES$3, + ISSUER_UNIQUE_ID$2, + EXTENSIONS$4, +]; +class AttributeCertificateInfoV1 extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$h, AttributeCertificateInfoV1.defaultValues(VERSION$h)); + if (BASE_CERTIFICATE_ID$2 in parameters) { + this.baseCertificateID = getParametersValue(parameters, BASE_CERTIFICATE_ID$2, AttributeCertificateInfoV1.defaultValues(BASE_CERTIFICATE_ID$2)); + } + if (SUBJECT_NAME in parameters) { + this.subjectName = getParametersValue(parameters, SUBJECT_NAME, AttributeCertificateInfoV1.defaultValues(SUBJECT_NAME)); + } + this.issuer = getParametersValue(parameters, ISSUER$4, AttributeCertificateInfoV1.defaultValues(ISSUER$4)); + this.signature = getParametersValue(parameters, SIGNATURE$6, AttributeCertificateInfoV1.defaultValues(SIGNATURE$6)); + this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$5, AttributeCertificateInfoV1.defaultValues(SERIAL_NUMBER$5)); + this.attrCertValidityPeriod = getParametersValue(parameters, ATTR_CERT_VALIDITY_PERIOD$1, AttributeCertificateInfoV1.defaultValues(ATTR_CERT_VALIDITY_PERIOD$1)); + this.attributes = getParametersValue(parameters, ATTRIBUTES$3, AttributeCertificateInfoV1.defaultValues(ATTRIBUTES$3)); + if (ISSUER_UNIQUE_ID$2 in parameters) + this.issuerUniqueID = getParametersValue(parameters, ISSUER_UNIQUE_ID$2, AttributeCertificateInfoV1.defaultValues(ISSUER_UNIQUE_ID$2)); + if (EXTENSIONS$4 in parameters) { + this.extensions = getParametersValue(parameters, EXTENSIONS$4, AttributeCertificateInfoV1.defaultValues(EXTENSIONS$4)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$h: + return 0; + case BASE_CERTIFICATE_ID$2: + return new IssuerSerial(); + case SUBJECT_NAME: + return new GeneralNames(); + case ISSUER$4: + return new GeneralNames(); + case SIGNATURE$6: + return new AlgorithmIdentifier(); + case SERIAL_NUMBER$5: + return new Integer(); + case ATTR_CERT_VALIDITY_PERIOD$1: + return new AttCertValidityPeriod(); + case ATTRIBUTES$3: + return []; + case ISSUER_UNIQUE_ID$2: + return new BitString(); + case EXTENSIONS$4: + return new Extensions(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.version || EMPTY_STRING) }), + new Choice({ + value: [ + new Constructed({ + name: (names.baseCertificateID || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: IssuerSerial.schema().valueBlock.value + }), + new Constructed({ + name: (names.subjectName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: GeneralNames.schema().valueBlock.value + }), + ] + }), + GeneralNames.schema({ + names: { + blockName: (names.issuer || EMPTY_STRING) + } + }), + AlgorithmIdentifier.schema(names.signature || {}), + new Integer({ name: (names.serialNumber || EMPTY_STRING) }), + AttCertValidityPeriod.schema(names.attrCertValidityPeriod || {}), + new Sequence({ + name: (names.attributes || EMPTY_STRING), + value: [ + new Repeated({ + value: Attribute.schema() + }) + ] + }), + new BitString({ + optional: true, + name: (names.issuerUniqueID || EMPTY_STRING) + }), + Extensions.schema(names.extensions || {}, true) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$Z); + const asn1 = compareSchema(schema, schema, AttributeCertificateInfoV1.schema({ + names: { + version: VERSION$h, + baseCertificateID: BASE_CERTIFICATE_ID$2, + subjectName: SUBJECT_NAME, + issuer: ISSUER$4, + signature: { + names: { + blockName: SIGNATURE$6 + } + }, + serialNumber: SERIAL_NUMBER$5, + attrCertValidityPeriod: { + names: { + blockName: ATTR_CERT_VALIDITY_PERIOD$1 + } + }, + attributes: ATTRIBUTES$3, + issuerUniqueID: ISSUER_UNIQUE_ID$2, + extensions: { + names: { + blockName: EXTENSIONS$4 + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + if (BASE_CERTIFICATE_ID$2 in asn1.result) { + this.baseCertificateID = new IssuerSerial({ + schema: new Sequence({ + value: asn1.result.baseCertificateID.valueBlock.value + }) + }); + } + if (SUBJECT_NAME in asn1.result) { + this.subjectName = new GeneralNames({ + schema: new Sequence({ + value: asn1.result.subjectName.valueBlock.value + }) + }); + } + this.issuer = asn1.result.issuer; + this.signature = new AlgorithmIdentifier({ schema: asn1.result.signature }); + this.serialNumber = asn1.result.serialNumber; + this.attrCertValidityPeriod = new AttCertValidityPeriod({ schema: asn1.result.attrCertValidityPeriod }); + this.attributes = Array.from(asn1.result.attributes.valueBlock.value, element => new Attribute({ schema: element })); + if (ISSUER_UNIQUE_ID$2 in asn1.result) { + this.issuerUniqueID = asn1.result.issuerUniqueID; + } + if (EXTENSIONS$4 in asn1.result) { + this.extensions = new Extensions({ schema: asn1.result.extensions }); + } + } + toSchema() { + const result = new Sequence({ + value: [new Integer({ value: this.version })] + }); + if (this.baseCertificateID) { + result.valueBlock.value.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: this.baseCertificateID.toSchema().valueBlock.value + })); + } + if (this.subjectName) { + result.valueBlock.value.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: this.subjectName.toSchema().valueBlock.value + })); + } + result.valueBlock.value.push(this.issuer.toSchema()); + result.valueBlock.value.push(this.signature.toSchema()); + result.valueBlock.value.push(this.serialNumber); + result.valueBlock.value.push(this.attrCertValidityPeriod.toSchema()); + result.valueBlock.value.push(new Sequence({ + value: Array.from(this.attributes, o => o.toSchema()) + })); + if (this.issuerUniqueID) { + result.valueBlock.value.push(this.issuerUniqueID); + } + if (this.extensions) { + result.valueBlock.value.push(this.extensions.toSchema()); + } + return result; + } + toJSON() { + const result = { + version: this.version + }; + if (this.baseCertificateID) { + result.baseCertificateID = this.baseCertificateID.toJSON(); + } + if (this.subjectName) { + result.subjectName = this.subjectName.toJSON(); + } + result.issuer = this.issuer.toJSON(); + result.signature = this.signature.toJSON(); + result.serialNumber = this.serialNumber.toJSON(); + result.attrCertValidityPeriod = this.attrCertValidityPeriod.toJSON(); + result.attributes = Array.from(this.attributes, o => o.toJSON()); + if (this.issuerUniqueID) { + result.issuerUniqueID = this.issuerUniqueID.toJSON(); + } + if (this.extensions) { + result.extensions = this.extensions.toJSON(); + } + return result; + } +} +AttributeCertificateInfoV1.CLASS_NAME = "AttributeCertificateInfoV1"; + +const ACINFO$1 = "acinfo"; +const SIGNATURE_ALGORITHM$7 = "signatureAlgorithm"; +const SIGNATURE_VALUE$4 = "signatureValue"; +const CLEAR_PROPS$Y = [ + ACINFO$1, + SIGNATURE_VALUE$4, + SIGNATURE_ALGORITHM$7 +]; +class AttributeCertificateV1 extends PkiObject { + constructor(parameters = {}) { + super(); + this.acinfo = getParametersValue(parameters, ACINFO$1, AttributeCertificateV1.defaultValues(ACINFO$1)); + this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$7, AttributeCertificateV1.defaultValues(SIGNATURE_ALGORITHM$7)); + this.signatureValue = getParametersValue(parameters, SIGNATURE_VALUE$4, AttributeCertificateV1.defaultValues(SIGNATURE_VALUE$4)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ACINFO$1: + return new AttributeCertificateInfoV1(); + case SIGNATURE_ALGORITHM$7: + return new AlgorithmIdentifier(); + case SIGNATURE_VALUE$4: + return new BitString(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + AttributeCertificateInfoV1.schema(names.acinfo || {}), + AlgorithmIdentifier.schema(names.signatureAlgorithm || {}), + new BitString({ name: (names.signatureValue || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$Y); + const asn1 = compareSchema(schema, schema, AttributeCertificateV1.schema({ + names: { + acinfo: { + names: { + blockName: ACINFO$1 + } + }, + signatureAlgorithm: { + names: { + blockName: SIGNATURE_ALGORITHM$7 + } + }, + signatureValue: SIGNATURE_VALUE$4 + } + })); + AsnError.assertSchema(asn1, this.className); + this.acinfo = new AttributeCertificateInfoV1({ schema: asn1.result.acinfo }); + this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm }); + this.signatureValue = asn1.result.signatureValue; + } + toSchema() { + return (new Sequence({ + value: [ + this.acinfo.toSchema(), + this.signatureAlgorithm.toSchema(), + this.signatureValue + ] + })); + } + toJSON() { + return { + acinfo: this.acinfo.toJSON(), + signatureAlgorithm: this.signatureAlgorithm.toJSON(), + signatureValue: this.signatureValue.toJSON(), + }; + } +} +AttributeCertificateV1.CLASS_NAME = "AttributeCertificateV1"; + +const DIGESTED_OBJECT_TYPE = "digestedObjectType"; +const OTHER_OBJECT_TYPE_ID = "otherObjectTypeID"; +const DIGEST_ALGORITHM$2 = "digestAlgorithm"; +const OBJECT_DIGEST = "objectDigest"; +const CLEAR_PROPS$X = [ + DIGESTED_OBJECT_TYPE, + OTHER_OBJECT_TYPE_ID, + DIGEST_ALGORITHM$2, + OBJECT_DIGEST, +]; +class ObjectDigestInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.digestedObjectType = getParametersValue(parameters, DIGESTED_OBJECT_TYPE, ObjectDigestInfo.defaultValues(DIGESTED_OBJECT_TYPE)); + if (OTHER_OBJECT_TYPE_ID in parameters) { + this.otherObjectTypeID = getParametersValue(parameters, OTHER_OBJECT_TYPE_ID, ObjectDigestInfo.defaultValues(OTHER_OBJECT_TYPE_ID)); + } + this.digestAlgorithm = getParametersValue(parameters, DIGEST_ALGORITHM$2, ObjectDigestInfo.defaultValues(DIGEST_ALGORITHM$2)); + this.objectDigest = getParametersValue(parameters, OBJECT_DIGEST, ObjectDigestInfo.defaultValues(OBJECT_DIGEST)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case DIGESTED_OBJECT_TYPE: + return new Enumerated(); + case OTHER_OBJECT_TYPE_ID: + return new ObjectIdentifier(); + case DIGEST_ALGORITHM$2: + return new AlgorithmIdentifier(); + case OBJECT_DIGEST: + return new BitString(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Enumerated({ name: (names.digestedObjectType || EMPTY_STRING) }), + new ObjectIdentifier({ + optional: true, + name: (names.otherObjectTypeID || EMPTY_STRING) + }), + AlgorithmIdentifier.schema(names.digestAlgorithm || {}), + new BitString({ name: (names.objectDigest || EMPTY_STRING) }), + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$X); + const asn1 = compareSchema(schema, schema, ObjectDigestInfo.schema({ + names: { + digestedObjectType: DIGESTED_OBJECT_TYPE, + otherObjectTypeID: OTHER_OBJECT_TYPE_ID, + digestAlgorithm: { + names: { + blockName: DIGEST_ALGORITHM$2 + } + }, + objectDigest: OBJECT_DIGEST + } + })); + AsnError.assertSchema(asn1, this.className); + this.digestedObjectType = asn1.result.digestedObjectType; + if (OTHER_OBJECT_TYPE_ID in asn1.result) { + this.otherObjectTypeID = asn1.result.otherObjectTypeID; + } + this.digestAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.digestAlgorithm }); + this.objectDigest = asn1.result.objectDigest; + } + toSchema() { + const result = new Sequence({ + value: [this.digestedObjectType] + }); + if (this.otherObjectTypeID) { + result.valueBlock.value.push(this.otherObjectTypeID); + } + result.valueBlock.value.push(this.digestAlgorithm.toSchema()); + result.valueBlock.value.push(this.objectDigest); + return result; + } + toJSON() { + const result = { + digestedObjectType: this.digestedObjectType.toJSON(), + digestAlgorithm: this.digestAlgorithm.toJSON(), + objectDigest: this.objectDigest.toJSON(), + }; + if (this.otherObjectTypeID) { + result.otherObjectTypeID = this.otherObjectTypeID.toJSON(); + } + return result; + } +} +ObjectDigestInfo.CLASS_NAME = "ObjectDigestInfo"; + +const ISSUER_NAME = "issuerName"; +const BASE_CERTIFICATE_ID$1 = "baseCertificateID"; +const OBJECT_DIGEST_INFO$1 = "objectDigestInfo"; +const CLEAR_PROPS$W = [ + ISSUER_NAME, + BASE_CERTIFICATE_ID$1, + OBJECT_DIGEST_INFO$1 +]; +class V2Form extends PkiObject { + constructor(parameters = {}) { + super(); + if (ISSUER_NAME in parameters) { + this.issuerName = getParametersValue(parameters, ISSUER_NAME, V2Form.defaultValues(ISSUER_NAME)); + } + if (BASE_CERTIFICATE_ID$1 in parameters) { + this.baseCertificateID = getParametersValue(parameters, BASE_CERTIFICATE_ID$1, V2Form.defaultValues(BASE_CERTIFICATE_ID$1)); + } + if (OBJECT_DIGEST_INFO$1 in parameters) { + this.objectDigestInfo = getParametersValue(parameters, OBJECT_DIGEST_INFO$1, V2Form.defaultValues(OBJECT_DIGEST_INFO$1)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ISSUER_NAME: + return new GeneralNames(); + case BASE_CERTIFICATE_ID$1: + return new IssuerSerial(); + case OBJECT_DIGEST_INFO$1: + return new ObjectDigestInfo(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + GeneralNames.schema({ + names: { + blockName: names.issuerName + } + }, true), + new Constructed({ + optional: true, + name: (names.baseCertificateID || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: IssuerSerial.schema().valueBlock.value + }), + new Constructed({ + optional: true, + name: (names.objectDigestInfo || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: ObjectDigestInfo.schema().valueBlock.value + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$W); + const asn1 = compareSchema(schema, schema, V2Form.schema({ + names: { + issuerName: ISSUER_NAME, + baseCertificateID: BASE_CERTIFICATE_ID$1, + objectDigestInfo: OBJECT_DIGEST_INFO$1 + } + })); + AsnError.assertSchema(asn1, this.className); + if (ISSUER_NAME in asn1.result) + this.issuerName = new GeneralNames({ schema: asn1.result.issuerName }); + if (BASE_CERTIFICATE_ID$1 in asn1.result) { + this.baseCertificateID = new IssuerSerial({ + schema: new Sequence({ + value: asn1.result.baseCertificateID.valueBlock.value + }) + }); + } + if (OBJECT_DIGEST_INFO$1 in asn1.result) { + this.objectDigestInfo = new ObjectDigestInfo({ + schema: new Sequence({ + value: asn1.result.objectDigestInfo.valueBlock.value + }) + }); + } + } + toSchema() { + const result = new Sequence(); + if (this.issuerName) + result.valueBlock.value.push(this.issuerName.toSchema()); + if (this.baseCertificateID) { + result.valueBlock.value.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: this.baseCertificateID.toSchema().valueBlock.value + })); + } + if (this.objectDigestInfo) { + result.valueBlock.value.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: this.objectDigestInfo.toSchema().valueBlock.value + })); + } + return result; + } + toJSON() { + const result = {}; + if (this.issuerName) { + result.issuerName = this.issuerName.toJSON(); + } + if (this.baseCertificateID) { + result.baseCertificateID = this.baseCertificateID.toJSON(); + } + if (this.objectDigestInfo) { + result.objectDigestInfo = this.objectDigestInfo.toJSON(); + } + return result; + } +} +V2Form.CLASS_NAME = "V2Form"; + +const BASE_CERTIFICATE_ID = "baseCertificateID"; +const ENTITY_NAME = "entityName"; +const OBJECT_DIGEST_INFO = "objectDigestInfo"; +const CLEAR_PROPS$V = [ + BASE_CERTIFICATE_ID, + ENTITY_NAME, + OBJECT_DIGEST_INFO +]; +class Holder extends PkiObject { + constructor(parameters = {}) { + super(); + if (BASE_CERTIFICATE_ID in parameters) { + this.baseCertificateID = getParametersValue(parameters, BASE_CERTIFICATE_ID, Holder.defaultValues(BASE_CERTIFICATE_ID)); + } + if (ENTITY_NAME in parameters) { + this.entityName = getParametersValue(parameters, ENTITY_NAME, Holder.defaultValues(ENTITY_NAME)); + } + if (OBJECT_DIGEST_INFO in parameters) { + this.objectDigestInfo = getParametersValue(parameters, OBJECT_DIGEST_INFO, Holder.defaultValues(OBJECT_DIGEST_INFO)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case BASE_CERTIFICATE_ID: + return new IssuerSerial(); + case ENTITY_NAME: + return new GeneralNames(); + case OBJECT_DIGEST_INFO: + return new ObjectDigestInfo(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Constructed({ + optional: true, + name: (names.baseCertificateID || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: IssuerSerial.schema().valueBlock.value + }), + new Constructed({ + optional: true, + name: (names.entityName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: GeneralNames.schema().valueBlock.value + }), + new Constructed({ + optional: true, + name: (names.objectDigestInfo || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: ObjectDigestInfo.schema().valueBlock.value + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$V); + const asn1 = compareSchema(schema, schema, Holder.schema({ + names: { + baseCertificateID: BASE_CERTIFICATE_ID, + entityName: ENTITY_NAME, + objectDigestInfo: OBJECT_DIGEST_INFO + } + })); + AsnError.assertSchema(asn1, this.className); + if (BASE_CERTIFICATE_ID in asn1.result) { + this.baseCertificateID = new IssuerSerial({ + schema: new Sequence({ + value: asn1.result.baseCertificateID.valueBlock.value + }) + }); + } + if (ENTITY_NAME in asn1.result) { + this.entityName = new GeneralNames({ + schema: new Sequence({ + value: asn1.result.entityName.valueBlock.value + }) + }); + } + if (OBJECT_DIGEST_INFO in asn1.result) { + this.objectDigestInfo = new ObjectDigestInfo({ + schema: new Sequence({ + value: asn1.result.objectDigestInfo.valueBlock.value + }) + }); + } + } + toSchema() { + const result = new Sequence(); + if (this.baseCertificateID) { + result.valueBlock.value.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: this.baseCertificateID.toSchema().valueBlock.value + })); + } + if (this.entityName) { + result.valueBlock.value.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: this.entityName.toSchema().valueBlock.value + })); + } + if (this.objectDigestInfo) { + result.valueBlock.value.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: this.objectDigestInfo.toSchema().valueBlock.value + })); + } + return result; + } + toJSON() { + const result = {}; + if (this.baseCertificateID) { + result.baseCertificateID = this.baseCertificateID.toJSON(); + } + if (this.entityName) { + result.entityName = this.entityName.toJSON(); + } + if (this.objectDigestInfo) { + result.objectDigestInfo = this.objectDigestInfo.toJSON(); + } + return result; + } +} +Holder.CLASS_NAME = "Holder"; + +const VERSION$g = "version"; +const HOLDER = "holder"; +const ISSUER$3 = "issuer"; +const SIGNATURE$5 = "signature"; +const SERIAL_NUMBER$4 = "serialNumber"; +const ATTR_CERT_VALIDITY_PERIOD = "attrCertValidityPeriod"; +const ATTRIBUTES$2 = "attributes"; +const ISSUER_UNIQUE_ID$1 = "issuerUniqueID"; +const EXTENSIONS$3 = "extensions"; +const CLEAR_PROPS$U = [ + VERSION$g, + HOLDER, + ISSUER$3, + SIGNATURE$5, + SERIAL_NUMBER$4, + ATTR_CERT_VALIDITY_PERIOD, + ATTRIBUTES$2, + ISSUER_UNIQUE_ID$1, + EXTENSIONS$3 +]; +class AttributeCertificateInfoV2 extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$g, AttributeCertificateInfoV2.defaultValues(VERSION$g)); + this.holder = getParametersValue(parameters, HOLDER, AttributeCertificateInfoV2.defaultValues(HOLDER)); + this.issuer = getParametersValue(parameters, ISSUER$3, AttributeCertificateInfoV2.defaultValues(ISSUER$3)); + this.signature = getParametersValue(parameters, SIGNATURE$5, AttributeCertificateInfoV2.defaultValues(SIGNATURE$5)); + this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$4, AttributeCertificateInfoV2.defaultValues(SERIAL_NUMBER$4)); + this.attrCertValidityPeriod = getParametersValue(parameters, ATTR_CERT_VALIDITY_PERIOD, AttributeCertificateInfoV2.defaultValues(ATTR_CERT_VALIDITY_PERIOD)); + this.attributes = getParametersValue(parameters, ATTRIBUTES$2, AttributeCertificateInfoV2.defaultValues(ATTRIBUTES$2)); + if (ISSUER_UNIQUE_ID$1 in parameters) { + this.issuerUniqueID = getParametersValue(parameters, ISSUER_UNIQUE_ID$1, AttributeCertificateInfoV2.defaultValues(ISSUER_UNIQUE_ID$1)); + } + if (EXTENSIONS$3 in parameters) { + this.extensions = getParametersValue(parameters, EXTENSIONS$3, AttributeCertificateInfoV2.defaultValues(EXTENSIONS$3)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$g: + return 1; + case HOLDER: + return new Holder(); + case ISSUER$3: + return {}; + case SIGNATURE$5: + return new AlgorithmIdentifier(); + case SERIAL_NUMBER$4: + return new Integer(); + case ATTR_CERT_VALIDITY_PERIOD: + return new AttCertValidityPeriod(); + case ATTRIBUTES$2: + return []; + case ISSUER_UNIQUE_ID$1: + return new BitString(); + case EXTENSIONS$3: + return new Extensions(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.version || EMPTY_STRING) }), + Holder.schema(names.holder || {}), + new Choice({ + value: [ + GeneralNames.schema({ + names: { + blockName: (names.issuer || EMPTY_STRING) + } + }), + new Constructed({ + name: (names.issuer || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: V2Form.schema().valueBlock.value + }) + ] + }), + AlgorithmIdentifier.schema(names.signature || {}), + new Integer({ name: (names.serialNumber || EMPTY_STRING) }), + AttCertValidityPeriod.schema(names.attrCertValidityPeriod || {}), + new Sequence({ + name: (names.attributes || EMPTY_STRING), + value: [ + new Repeated({ + value: Attribute.schema() + }) + ] + }), + new BitString({ + optional: true, + name: (names.issuerUniqueID || EMPTY_STRING) + }), + Extensions.schema(names.extensions || {}, true) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$U); + const asn1 = compareSchema(schema, schema, AttributeCertificateInfoV2.schema({ + names: { + version: VERSION$g, + holder: { + names: { + blockName: HOLDER + } + }, + issuer: ISSUER$3, + signature: { + names: { + blockName: SIGNATURE$5 + } + }, + serialNumber: SERIAL_NUMBER$4, + attrCertValidityPeriod: { + names: { + blockName: ATTR_CERT_VALIDITY_PERIOD + } + }, + attributes: ATTRIBUTES$2, + issuerUniqueID: ISSUER_UNIQUE_ID$1, + extensions: { + names: { + blockName: EXTENSIONS$3 + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + this.holder = new Holder({ schema: asn1.result.holder }); + switch (asn1.result.issuer.idBlock.tagClass) { + case 3: + this.issuer = new V2Form({ + schema: new Sequence({ + value: asn1.result.issuer.valueBlock.value + }) + }); + break; + case 1: + default: + throw new Error("Incorrect value for 'issuer' in AttributeCertificateInfoV2"); + } + this.signature = new AlgorithmIdentifier({ schema: asn1.result.signature }); + this.serialNumber = asn1.result.serialNumber; + this.attrCertValidityPeriod = new AttCertValidityPeriod({ schema: asn1.result.attrCertValidityPeriod }); + this.attributes = Array.from(asn1.result.attributes.valueBlock.value, element => new Attribute({ schema: element })); + if (ISSUER_UNIQUE_ID$1 in asn1.result) { + this.issuerUniqueID = asn1.result.issuerUniqueID; + } + if (EXTENSIONS$3 in asn1.result) { + this.extensions = new Extensions({ schema: asn1.result.extensions }); + } + } + toSchema() { + const result = new Sequence({ + value: [ + new Integer({ value: this.version }), + this.holder.toSchema(), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: this.issuer.toSchema().valueBlock.value + }), + this.signature.toSchema(), + this.serialNumber, + this.attrCertValidityPeriod.toSchema(), + new Sequence({ + value: Array.from(this.attributes, o => o.toSchema()) + }) + ] + }); + if (this.issuerUniqueID) { + result.valueBlock.value.push(this.issuerUniqueID); + } + if (this.extensions) { + result.valueBlock.value.push(this.extensions.toSchema()); + } + return result; + } + toJSON() { + const result = { + version: this.version, + holder: this.holder.toJSON(), + issuer: this.issuer.toJSON(), + signature: this.signature.toJSON(), + serialNumber: this.serialNumber.toJSON(), + attrCertValidityPeriod: this.attrCertValidityPeriod.toJSON(), + attributes: Array.from(this.attributes, o => o.toJSON()) + }; + if (this.issuerUniqueID) { + result.issuerUniqueID = this.issuerUniqueID.toJSON(); + } + if (this.extensions) { + result.extensions = this.extensions.toJSON(); + } + return result; + } +} +AttributeCertificateInfoV2.CLASS_NAME = "AttributeCertificateInfoV2"; + +const ACINFO = "acinfo"; +const SIGNATURE_ALGORITHM$6 = "signatureAlgorithm"; +const SIGNATURE_VALUE$3 = "signatureValue"; +const CLEAR_PROPS$T = [ + ACINFO, + SIGNATURE_ALGORITHM$6, + SIGNATURE_VALUE$3, +]; +class AttributeCertificateV2 extends PkiObject { + constructor(parameters = {}) { + super(); + this.acinfo = getParametersValue(parameters, ACINFO, AttributeCertificateV2.defaultValues(ACINFO)); + this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$6, AttributeCertificateV2.defaultValues(SIGNATURE_ALGORITHM$6)); + this.signatureValue = getParametersValue(parameters, SIGNATURE_VALUE$3, AttributeCertificateV2.defaultValues(SIGNATURE_VALUE$3)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ACINFO: + return new AttributeCertificateInfoV2(); + case SIGNATURE_ALGORITHM$6: + return new AlgorithmIdentifier(); + case SIGNATURE_VALUE$3: + return new BitString(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + AttributeCertificateInfoV2.schema(names.acinfo || {}), + AlgorithmIdentifier.schema(names.signatureAlgorithm || {}), + new BitString({ name: (names.signatureValue || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$T); + const asn1 = compareSchema(schema, schema, AttributeCertificateV2.schema({ + names: { + acinfo: { + names: { + blockName: ACINFO + } + }, + signatureAlgorithm: { + names: { + blockName: SIGNATURE_ALGORITHM$6 + } + }, + signatureValue: SIGNATURE_VALUE$3 + } + })); + AsnError.assertSchema(asn1, this.className); + this.acinfo = new AttributeCertificateInfoV2({ schema: asn1.result.acinfo }); + this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm }); + this.signatureValue = asn1.result.signatureValue; + } + toSchema() { + return (new Sequence({ + value: [ + this.acinfo.toSchema(), + this.signatureAlgorithm.toSchema(), + this.signatureValue + ] + })); + } + toJSON() { + return { + acinfo: this.acinfo.toJSON(), + signatureAlgorithm: this.signatureAlgorithm.toJSON(), + signatureValue: this.signatureValue.toJSON(), + }; + } +} +AttributeCertificateV2.CLASS_NAME = "AttributeCertificateV2"; + +const CONTENT_TYPE = "contentType"; +const CONTENT = "content"; +const CLEAR_PROPS$S = [CONTENT_TYPE, CONTENT]; +class ContentInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.contentType = getParametersValue(parameters, CONTENT_TYPE, ContentInfo.defaultValues(CONTENT_TYPE)); + this.content = getParametersValue(parameters, CONTENT, ContentInfo.defaultValues(CONTENT)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case CONTENT_TYPE: + return EMPTY_STRING; + case CONTENT: + return new Any(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case CONTENT_TYPE: + return (typeof memberValue === "string" && + memberValue === this.defaultValues(CONTENT_TYPE)); + case CONTENT: + return (memberValue instanceof Any); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + if (("optional" in names) === false) { + names.optional = false; + } + return (new Sequence({ + name: (names.blockName || "ContentInfo"), + optional: names.optional, + value: [ + new ObjectIdentifier({ name: (names.contentType || CONTENT_TYPE) }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Any({ name: (names.content || CONTENT) })] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$S); + const asn1 = compareSchema(schema, schema, ContentInfo.schema()); + AsnError.assertSchema(asn1, this.className); + this.contentType = asn1.result.contentType.valueBlock.toString(); + this.content = asn1.result.content; + } + toSchema() { + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.contentType }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [this.content] + }) + ] + })); + } + toJSON() { + const object = { + contentType: this.contentType + }; + if (!(this.content instanceof Any)) { + object.content = this.content.toJSON(); + } + return object; + } +} +ContentInfo.CLASS_NAME = "ContentInfo"; +ContentInfo.DATA = id_ContentType_Data; +ContentInfo.SIGNED_DATA = id_ContentType_SignedData; +ContentInfo.ENVELOPED_DATA = id_ContentType_EnvelopedData; +ContentInfo.ENCRYPTED_DATA = id_ContentType_EncryptedData; + +const TYPE$1 = "type"; +const VALUE$4 = "value"; +const UTC_TIME_NAME = "utcTimeName"; +const GENERAL_TIME_NAME = "generalTimeName"; +const CLEAR_PROPS$R = [UTC_TIME_NAME, GENERAL_TIME_NAME]; +var TimeType; +(function (TimeType) { + TimeType[TimeType["UTCTime"] = 0] = "UTCTime"; + TimeType[TimeType["GeneralizedTime"] = 1] = "GeneralizedTime"; + TimeType[TimeType["empty"] = 2] = "empty"; +})(TimeType || (TimeType = {})); +class Time extends PkiObject { + constructor(parameters = {}) { + super(); + this.type = getParametersValue(parameters, TYPE$1, Time.defaultValues(TYPE$1)); + this.value = getParametersValue(parameters, VALUE$4, Time.defaultValues(VALUE$4)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case TYPE$1: + return 0; + case VALUE$4: + return new Date(0, 0, 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}, optional = false) { + const names = getParametersValue(parameters, "names", {}); + return (new Choice({ + optional, + value: [ + new UTCTime({ name: (names.utcTimeName || EMPTY_STRING) }), + new GeneralizedTime({ name: (names.generalTimeName || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$R); + const asn1 = compareSchema(schema, schema, Time.schema({ + names: { + utcTimeName: UTC_TIME_NAME, + generalTimeName: GENERAL_TIME_NAME + } + })); + AsnError.assertSchema(asn1, this.className); + if (UTC_TIME_NAME in asn1.result) { + this.type = 0; + this.value = asn1.result.utcTimeName.toDate(); + } + if (GENERAL_TIME_NAME in asn1.result) { + this.type = 1; + this.value = asn1.result.generalTimeName.toDate(); + } + } + toSchema() { + if (this.type === 0) { + return new UTCTime({ valueDate: this.value }); + } + else if (this.type === 1) { + return new GeneralizedTime({ valueDate: this.value }); + } + return {}; + } + toJSON() { + return { + type: this.type, + value: this.value + }; + } +} +Time.CLASS_NAME = "Time"; + +const TBS$4 = "tbs"; +const VERSION$f = "version"; +const SERIAL_NUMBER$3 = "serialNumber"; +const SIGNATURE$4 = "signature"; +const ISSUER$2 = "issuer"; +const NOT_BEFORE = "notBefore"; +const NOT_AFTER = "notAfter"; +const SUBJECT$1 = "subject"; +const SUBJECT_PUBLIC_KEY_INFO = "subjectPublicKeyInfo"; +const ISSUER_UNIQUE_ID = "issuerUniqueID"; +const SUBJECT_UNIQUE_ID = "subjectUniqueID"; +const EXTENSIONS$2 = "extensions"; +const SIGNATURE_ALGORITHM$5 = "signatureAlgorithm"; +const SIGNATURE_VALUE$2 = "signatureValue"; +const TBS_CERTIFICATE = "tbsCertificate"; +const TBS_CERTIFICATE_VERSION = `${TBS_CERTIFICATE}.${VERSION$f}`; +const TBS_CERTIFICATE_SERIAL_NUMBER = `${TBS_CERTIFICATE}.${SERIAL_NUMBER$3}`; +const TBS_CERTIFICATE_SIGNATURE = `${TBS_CERTIFICATE}.${SIGNATURE$4}`; +const TBS_CERTIFICATE_ISSUER = `${TBS_CERTIFICATE}.${ISSUER$2}`; +const TBS_CERTIFICATE_NOT_BEFORE = `${TBS_CERTIFICATE}.${NOT_BEFORE}`; +const TBS_CERTIFICATE_NOT_AFTER = `${TBS_CERTIFICATE}.${NOT_AFTER}`; +const TBS_CERTIFICATE_SUBJECT = `${TBS_CERTIFICATE}.${SUBJECT$1}`; +const TBS_CERTIFICATE_SUBJECT_PUBLIC_KEY = `${TBS_CERTIFICATE}.${SUBJECT_PUBLIC_KEY_INFO}`; +const TBS_CERTIFICATE_ISSUER_UNIQUE_ID = `${TBS_CERTIFICATE}.${ISSUER_UNIQUE_ID}`; +const TBS_CERTIFICATE_SUBJECT_UNIQUE_ID = `${TBS_CERTIFICATE}.${SUBJECT_UNIQUE_ID}`; +const TBS_CERTIFICATE_EXTENSIONS = `${TBS_CERTIFICATE}.${EXTENSIONS$2}`; +const CLEAR_PROPS$Q = [ + TBS_CERTIFICATE, + TBS_CERTIFICATE_VERSION, + TBS_CERTIFICATE_SERIAL_NUMBER, + TBS_CERTIFICATE_SIGNATURE, + TBS_CERTIFICATE_ISSUER, + TBS_CERTIFICATE_NOT_BEFORE, + TBS_CERTIFICATE_NOT_AFTER, + TBS_CERTIFICATE_SUBJECT, + TBS_CERTIFICATE_SUBJECT_PUBLIC_KEY, + TBS_CERTIFICATE_ISSUER_UNIQUE_ID, + TBS_CERTIFICATE_SUBJECT_UNIQUE_ID, + TBS_CERTIFICATE_EXTENSIONS, + SIGNATURE_ALGORITHM$5, + SIGNATURE_VALUE$2 +]; +function tbsCertificate(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || TBS_CERTIFICATE), + value: [ + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Integer({ name: (names.tbsCertificateVersion || TBS_CERTIFICATE_VERSION) }) + ] + }), + new Integer({ name: (names.tbsCertificateSerialNumber || TBS_CERTIFICATE_SERIAL_NUMBER) }), + AlgorithmIdentifier.schema(names.signature || { + names: { + blockName: TBS_CERTIFICATE_SIGNATURE + } + }), + RelativeDistinguishedNames.schema(names.issuer || { + names: { + blockName: TBS_CERTIFICATE_ISSUER + } + }), + new Sequence({ + name: (names.tbsCertificateValidity || "tbsCertificate.validity"), + value: [ + Time.schema(names.notBefore || { + names: { + utcTimeName: TBS_CERTIFICATE_NOT_BEFORE, + generalTimeName: TBS_CERTIFICATE_NOT_BEFORE + } + }), + Time.schema(names.notAfter || { + names: { + utcTimeName: TBS_CERTIFICATE_NOT_AFTER, + generalTimeName: TBS_CERTIFICATE_NOT_AFTER + } + }) + ] + }), + RelativeDistinguishedNames.schema(names.subject || { + names: { + blockName: TBS_CERTIFICATE_SUBJECT + } + }), + PublicKeyInfo.schema(names.subjectPublicKeyInfo || { + names: { + blockName: TBS_CERTIFICATE_SUBJECT_PUBLIC_KEY + } + }), + new Primitive({ + name: (names.tbsCertificateIssuerUniqueID || TBS_CERTIFICATE_ISSUER_UNIQUE_ID), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + } + }), + new Primitive({ + name: (names.tbsCertificateSubjectUniqueID || TBS_CERTIFICATE_SUBJECT_UNIQUE_ID), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 2 + } + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 3 + }, + value: [Extensions.schema(names.extensions || { + names: { + blockName: TBS_CERTIFICATE_EXTENSIONS + } + })] + }) + ] + })); +} +class Certificate extends PkiObject { + constructor(parameters = {}) { + super(); + this.tbsView = new Uint8Array(getParametersValue(parameters, TBS$4, Certificate.defaultValues(TBS$4))); + this.version = getParametersValue(parameters, VERSION$f, Certificate.defaultValues(VERSION$f)); + this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$3, Certificate.defaultValues(SERIAL_NUMBER$3)); + this.signature = getParametersValue(parameters, SIGNATURE$4, Certificate.defaultValues(SIGNATURE$4)); + this.issuer = getParametersValue(parameters, ISSUER$2, Certificate.defaultValues(ISSUER$2)); + this.notBefore = getParametersValue(parameters, NOT_BEFORE, Certificate.defaultValues(NOT_BEFORE)); + this.notAfter = getParametersValue(parameters, NOT_AFTER, Certificate.defaultValues(NOT_AFTER)); + this.subject = getParametersValue(parameters, SUBJECT$1, Certificate.defaultValues(SUBJECT$1)); + this.subjectPublicKeyInfo = getParametersValue(parameters, SUBJECT_PUBLIC_KEY_INFO, Certificate.defaultValues(SUBJECT_PUBLIC_KEY_INFO)); + if (ISSUER_UNIQUE_ID in parameters) { + this.issuerUniqueID = getParametersValue(parameters, ISSUER_UNIQUE_ID, Certificate.defaultValues(ISSUER_UNIQUE_ID)); + } + if (SUBJECT_UNIQUE_ID in parameters) { + this.subjectUniqueID = getParametersValue(parameters, SUBJECT_UNIQUE_ID, Certificate.defaultValues(SUBJECT_UNIQUE_ID)); + } + if (EXTENSIONS$2 in parameters) { + this.extensions = getParametersValue(parameters, EXTENSIONS$2, Certificate.defaultValues(EXTENSIONS$2)); + } + this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$5, Certificate.defaultValues(SIGNATURE_ALGORITHM$5)); + this.signatureValue = getParametersValue(parameters, SIGNATURE_VALUE$2, Certificate.defaultValues(SIGNATURE_VALUE$2)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + get tbs() { + return BufferSourceConverter.toArrayBuffer(this.tbsView); + } + set tbs(value) { + this.tbsView = new Uint8Array(value); + } + static defaultValues(memberName) { + switch (memberName) { + case TBS$4: + return EMPTY_BUFFER; + case VERSION$f: + return 0; + case SERIAL_NUMBER$3: + return new Integer(); + case SIGNATURE$4: + return new AlgorithmIdentifier(); + case ISSUER$2: + return new RelativeDistinguishedNames(); + case NOT_BEFORE: + return new Time(); + case NOT_AFTER: + return new Time(); + case SUBJECT$1: + return new RelativeDistinguishedNames(); + case SUBJECT_PUBLIC_KEY_INFO: + return new PublicKeyInfo(); + case ISSUER_UNIQUE_ID: + return EMPTY_BUFFER; + case SUBJECT_UNIQUE_ID: + return EMPTY_BUFFER; + case EXTENSIONS$2: + return []; + case SIGNATURE_ALGORITHM$5: + return new AlgorithmIdentifier(); + case SIGNATURE_VALUE$2: + return new BitString(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + tbsCertificate(names.tbsCertificate), + AlgorithmIdentifier.schema(names.signatureAlgorithm || { + names: { + blockName: SIGNATURE_ALGORITHM$5 + } + }), + new BitString({ name: (names.signatureValue || SIGNATURE_VALUE$2) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$Q); + const asn1 = compareSchema(schema, schema, Certificate.schema({ + names: { + tbsCertificate: { + names: { + extensions: { + names: { + extensions: TBS_CERTIFICATE_EXTENSIONS + } + } + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.tbsView = asn1.result.tbsCertificate.valueBeforeDecodeView; + if (TBS_CERTIFICATE_VERSION in asn1.result) + this.version = asn1.result[TBS_CERTIFICATE_VERSION].valueBlock.valueDec; + this.serialNumber = asn1.result[TBS_CERTIFICATE_SERIAL_NUMBER]; + this.signature = new AlgorithmIdentifier({ schema: asn1.result[TBS_CERTIFICATE_SIGNATURE] }); + this.issuer = new RelativeDistinguishedNames({ schema: asn1.result[TBS_CERTIFICATE_ISSUER] }); + this.notBefore = new Time({ schema: asn1.result[TBS_CERTIFICATE_NOT_BEFORE] }); + this.notAfter = new Time({ schema: asn1.result[TBS_CERTIFICATE_NOT_AFTER] }); + this.subject = new RelativeDistinguishedNames({ schema: asn1.result[TBS_CERTIFICATE_SUBJECT] }); + this.subjectPublicKeyInfo = new PublicKeyInfo({ schema: asn1.result[TBS_CERTIFICATE_SUBJECT_PUBLIC_KEY] }); + if (TBS_CERTIFICATE_ISSUER_UNIQUE_ID in asn1.result) + this.issuerUniqueID = asn1.result[TBS_CERTIFICATE_ISSUER_UNIQUE_ID].valueBlock.valueHex; + if (TBS_CERTIFICATE_SUBJECT_UNIQUE_ID in asn1.result) + this.subjectUniqueID = asn1.result[TBS_CERTIFICATE_SUBJECT_UNIQUE_ID].valueBlock.valueHex; + if (TBS_CERTIFICATE_EXTENSIONS in asn1.result) + this.extensions = Array.from(asn1.result[TBS_CERTIFICATE_EXTENSIONS], element => new Extension({ schema: element })); + this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm }); + this.signatureValue = asn1.result.signatureValue; + } + encodeTBS() { + const outputArray = []; + if ((VERSION$f in this) && (this.version !== Certificate.defaultValues(VERSION$f))) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Integer({ value: this.version }) + ] + })); + } + outputArray.push(this.serialNumber); + outputArray.push(this.signature.toSchema()); + outputArray.push(this.issuer.toSchema()); + outputArray.push(new Sequence({ + value: [ + this.notBefore.toSchema(), + this.notAfter.toSchema() + ] + })); + outputArray.push(this.subject.toSchema()); + outputArray.push(this.subjectPublicKeyInfo.toSchema()); + if (this.issuerUniqueID) { + outputArray.push(new Primitive({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + valueHex: this.issuerUniqueID + })); + } + if (this.subjectUniqueID) { + outputArray.push(new Primitive({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + valueHex: this.subjectUniqueID + })); + } + if (this.extensions) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 3 + }, + value: [new Sequence({ + value: Array.from(this.extensions, o => o.toSchema()) + })] + })); + } + return (new Sequence({ + value: outputArray + })); + } + toSchema(encodeFlag = false) { + let tbsSchema; + if (encodeFlag === false) { + if (!this.tbsView.byteLength) { + return Certificate.schema().value[0]; + } + const asn1 = fromBER(this.tbsView); + AsnError.assert(asn1, "TBS Certificate"); + tbsSchema = asn1.result; + } + else { + tbsSchema = this.encodeTBS(); + } + return (new Sequence({ + value: [ + tbsSchema, + this.signatureAlgorithm.toSchema(), + this.signatureValue + ] + })); + } + toJSON() { + const res = { + tbs: Convert.ToHex(this.tbsView), + version: this.version, + serialNumber: this.serialNumber.toJSON(), + signature: this.signature.toJSON(), + issuer: this.issuer.toJSON(), + notBefore: this.notBefore.toJSON(), + notAfter: this.notAfter.toJSON(), + subject: this.subject.toJSON(), + subjectPublicKeyInfo: this.subjectPublicKeyInfo.toJSON(), + signatureAlgorithm: this.signatureAlgorithm.toJSON(), + signatureValue: this.signatureValue.toJSON(), + }; + if ((VERSION$f in this) && (this.version !== Certificate.defaultValues(VERSION$f))) { + res.version = this.version; + } + if (this.issuerUniqueID) { + res.issuerUniqueID = Convert.ToHex(this.issuerUniqueID); + } + if (this.subjectUniqueID) { + res.subjectUniqueID = Convert.ToHex(this.subjectUniqueID); + } + if (this.extensions) { + res.extensions = Array.from(this.extensions, o => o.toJSON()); + } + return res; + } + getPublicKey(parameters, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + return crypto.getPublicKey(this.subjectPublicKeyInfo, this.signatureAlgorithm, parameters); + }); + } + getKeyHash(hashAlgorithm = "SHA-1", crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + return crypto.digest({ name: hashAlgorithm }, this.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHexView); + }); + } + sign(privateKey, hashAlgorithm = "SHA-1", crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + if (!privateKey) { + throw new Error("Need to provide a private key for signing"); + } + const signatureParameters = yield crypto.getSignatureParameters(privateKey, hashAlgorithm); + const parameters = signatureParameters.parameters; + this.signature = signatureParameters.signatureAlgorithm; + this.signatureAlgorithm = signatureParameters.signatureAlgorithm; + this.tbsView = new Uint8Array(this.encodeTBS().toBER()); + const signature = yield crypto.signWithPrivateKey(this.tbsView, privateKey, parameters); + this.signatureValue = new BitString({ valueHex: signature }); + }); + } + verify(issuerCertificate, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + let subjectPublicKeyInfo; + if (issuerCertificate) { + subjectPublicKeyInfo = issuerCertificate.subjectPublicKeyInfo; + } + else if (this.issuer.isEqual(this.subject)) { + subjectPublicKeyInfo = this.subjectPublicKeyInfo; + } + if (!(subjectPublicKeyInfo instanceof PublicKeyInfo)) { + throw new Error("Please provide issuer certificate as a parameter"); + } + return crypto.verifyWithPublicKey(this.tbsView, this.signatureValue, subjectPublicKeyInfo, this.signatureAlgorithm); + }); + } +} +Certificate.CLASS_NAME = "Certificate"; +function checkCA(cert, signerCert = null) { + if (signerCert && cert.issuer.isEqual(signerCert.issuer) && cert.serialNumber.isEqual(signerCert.serialNumber)) { + return null; + } + let isCA = false; + if (cert.extensions) { + for (const extension of cert.extensions) { + if (extension.extnID === id_BasicConstraints && extension.parsedValue instanceof BasicConstraints) { + if (extension.parsedValue.cA) { + isCA = true; + break; + } + } + } + } + if (isCA) { + return cert; + } + return null; +} + +const CERT_ID$1 = "certId"; +const CERT_VALUE = "certValue"; +const PARSED_VALUE$4 = "parsedValue"; +const CLEAR_PROPS$P = [ + CERT_ID$1, + CERT_VALUE +]; +class CertBag extends PkiObject { + constructor(parameters = {}) { + super(); + this.certId = getParametersValue(parameters, CERT_ID$1, CertBag.defaultValues(CERT_ID$1)); + this.certValue = getParametersValue(parameters, CERT_VALUE, CertBag.defaultValues(CERT_VALUE)); + if (PARSED_VALUE$4 in parameters) { + this.parsedValue = getParametersValue(parameters, PARSED_VALUE$4, CertBag.defaultValues(PARSED_VALUE$4)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case CERT_ID$1: + return EMPTY_STRING; + case CERT_VALUE: + return (new Any()); + case PARSED_VALUE$4: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case CERT_ID$1: + return (memberValue === EMPTY_STRING); + case CERT_VALUE: + return (memberValue instanceof Any); + case PARSED_VALUE$4: + return ((memberValue instanceof Object) && (Object.keys(memberValue).length === 0)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.id || "id") }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Any({ name: (names.value || "value") })] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$P); + const asn1 = compareSchema(schema, schema, CertBag.schema({ + names: { + id: CERT_ID$1, + value: CERT_VALUE + } + })); + AsnError.assertSchema(asn1, this.className); + this.certId = asn1.result.certId.valueBlock.toString(); + this.certValue = asn1.result.certValue; + const certValueHex = this.certValue.valueBlock.valueHexView; + switch (this.certId) { + case id_CertBag_X509Certificate: + { + try { + this.parsedValue = Certificate.fromBER(certValueHex); + } + catch (ex) { + AttributeCertificateV2.fromBER(certValueHex); + } + } + break; + case id_CertBag_AttributeCertificate: + { + this.parsedValue = AttributeCertificateV2.fromBER(certValueHex); + } + break; + case id_CertBag_SDSICertificate: + default: + throw new Error(`Incorrect CERT_ID value in CertBag: ${this.certId}`); + } + } + toSchema() { + if (PARSED_VALUE$4 in this) { + if ("acinfo" in this.parsedValue) { + this.certId = id_CertBag_AttributeCertificate; + } + else { + this.certId = id_CertBag_X509Certificate; + } + this.certValue = new OctetString({ valueHex: this.parsedValue.toSchema().toBER(false) }); + } + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.certId }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [(("toSchema" in this.certValue) ? this.certValue.toSchema() : this.certValue)] + }) + ] + })); + } + toJSON() { + return { + certId: this.certId, + certValue: this.certValue.toJSON() + }; + } +} +CertBag.CLASS_NAME = "CertBag"; + +const USER_CERTIFICATE = "userCertificate"; +const REVOCATION_DATE = "revocationDate"; +const CRL_ENTRY_EXTENSIONS = "crlEntryExtensions"; +const CLEAR_PROPS$O = [ + USER_CERTIFICATE, + REVOCATION_DATE, + CRL_ENTRY_EXTENSIONS +]; +class RevokedCertificate extends PkiObject { + constructor(parameters = {}) { + super(); + this.userCertificate = getParametersValue(parameters, USER_CERTIFICATE, RevokedCertificate.defaultValues(USER_CERTIFICATE)); + this.revocationDate = getParametersValue(parameters, REVOCATION_DATE, RevokedCertificate.defaultValues(REVOCATION_DATE)); + if (CRL_ENTRY_EXTENSIONS in parameters) { + this.crlEntryExtensions = getParametersValue(parameters, CRL_ENTRY_EXTENSIONS, RevokedCertificate.defaultValues(CRL_ENTRY_EXTENSIONS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case USER_CERTIFICATE: + return new Integer(); + case REVOCATION_DATE: + return new Time(); + case CRL_ENTRY_EXTENSIONS: + return new Extensions(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.userCertificate || USER_CERTIFICATE) }), + Time.schema({ + names: { + utcTimeName: (names.revocationDate || REVOCATION_DATE), + generalTimeName: (names.revocationDate || REVOCATION_DATE) + } + }), + Extensions.schema({ + names: { + blockName: (names.crlEntryExtensions || CRL_ENTRY_EXTENSIONS) + } + }, true) + ] + }); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$O); + const asn1 = compareSchema(schema, schema, RevokedCertificate.schema()); + AsnError.assertSchema(asn1, this.className); + this.userCertificate = asn1.result.userCertificate; + this.revocationDate = new Time({ schema: asn1.result.revocationDate }); + if (CRL_ENTRY_EXTENSIONS in asn1.result) { + this.crlEntryExtensions = new Extensions({ schema: asn1.result.crlEntryExtensions }); + } + } + toSchema() { + const outputArray = [ + this.userCertificate, + this.revocationDate.toSchema() + ]; + if (this.crlEntryExtensions) { + outputArray.push(this.crlEntryExtensions.toSchema()); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + userCertificate: this.userCertificate.toJSON(), + revocationDate: this.revocationDate.toJSON(), + }; + if (this.crlEntryExtensions) { + res.crlEntryExtensions = this.crlEntryExtensions.toJSON(); + } + return res; + } +} +RevokedCertificate.CLASS_NAME = "RevokedCertificate"; + +const TBS$3 = "tbs"; +const VERSION$e = "version"; +const SIGNATURE$3 = "signature"; +const ISSUER$1 = "issuer"; +const THIS_UPDATE$1 = "thisUpdate"; +const NEXT_UPDATE$1 = "nextUpdate"; +const REVOKED_CERTIFICATES = "revokedCertificates"; +const CRL_EXTENSIONS = "crlExtensions"; +const SIGNATURE_ALGORITHM$4 = "signatureAlgorithm"; +const SIGNATURE_VALUE$1 = "signatureValue"; +const TBS_CERT_LIST = "tbsCertList"; +const TBS_CERT_LIST_VERSION = `${TBS_CERT_LIST}.version`; +const TBS_CERT_LIST_SIGNATURE = `${TBS_CERT_LIST}.signature`; +const TBS_CERT_LIST_ISSUER = `${TBS_CERT_LIST}.issuer`; +const TBS_CERT_LIST_THIS_UPDATE = `${TBS_CERT_LIST}.thisUpdate`; +const TBS_CERT_LIST_NEXT_UPDATE = `${TBS_CERT_LIST}.nextUpdate`; +const TBS_CERT_LIST_REVOKED_CERTIFICATES = `${TBS_CERT_LIST}.revokedCertificates`; +const TBS_CERT_LIST_EXTENSIONS = `${TBS_CERT_LIST}.extensions`; +const CLEAR_PROPS$N = [ + TBS_CERT_LIST, + TBS_CERT_LIST_VERSION, + TBS_CERT_LIST_SIGNATURE, + TBS_CERT_LIST_ISSUER, + TBS_CERT_LIST_THIS_UPDATE, + TBS_CERT_LIST_NEXT_UPDATE, + TBS_CERT_LIST_REVOKED_CERTIFICATES, + TBS_CERT_LIST_EXTENSIONS, + SIGNATURE_ALGORITHM$4, + SIGNATURE_VALUE$1 +]; +function tbsCertList(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || TBS_CERT_LIST), + value: [ + new Integer({ + optional: true, + name: (names.tbsCertListVersion || TBS_CERT_LIST_VERSION), + value: 2 + }), + AlgorithmIdentifier.schema(names.signature || { + names: { + blockName: TBS_CERT_LIST_SIGNATURE + } + }), + RelativeDistinguishedNames.schema(names.issuer || { + names: { + blockName: TBS_CERT_LIST_ISSUER + } + }), + Time.schema(names.tbsCertListThisUpdate || { + names: { + utcTimeName: TBS_CERT_LIST_THIS_UPDATE, + generalTimeName: TBS_CERT_LIST_THIS_UPDATE + } + }), + Time.schema(names.tbsCertListNextUpdate || { + names: { + utcTimeName: TBS_CERT_LIST_NEXT_UPDATE, + generalTimeName: TBS_CERT_LIST_NEXT_UPDATE + } + }, true), + new Sequence({ + optional: true, + value: [ + new Repeated({ + name: (names.tbsCertListRevokedCertificates || TBS_CERT_LIST_REVOKED_CERTIFICATES), + value: new Sequence({ + value: [ + new Integer(), + Time.schema(), + Extensions.schema({}, true) + ] + }) + }) + ] + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [Extensions.schema(names.crlExtensions || { + names: { + blockName: TBS_CERT_LIST_EXTENSIONS + } + })] + }) + ] + })); +} +const WELL_KNOWN_EXTENSIONS = [ + id_AuthorityKeyIdentifier, + id_IssuerAltName, + id_CRLNumber, + id_BaseCRLNumber, + id_IssuingDistributionPoint, + id_FreshestCRL, + id_AuthorityInfoAccess, + id_CRLReason, + id_InvalidityDate, + id_CertificateIssuer, +]; +class CertificateRevocationList extends PkiObject { + constructor(parameters = {}) { + super(); + this.tbsView = new Uint8Array(getParametersValue(parameters, TBS$3, CertificateRevocationList.defaultValues(TBS$3))); + this.version = getParametersValue(parameters, VERSION$e, CertificateRevocationList.defaultValues(VERSION$e)); + this.signature = getParametersValue(parameters, SIGNATURE$3, CertificateRevocationList.defaultValues(SIGNATURE$3)); + this.issuer = getParametersValue(parameters, ISSUER$1, CertificateRevocationList.defaultValues(ISSUER$1)); + this.thisUpdate = getParametersValue(parameters, THIS_UPDATE$1, CertificateRevocationList.defaultValues(THIS_UPDATE$1)); + if (NEXT_UPDATE$1 in parameters) { + this.nextUpdate = getParametersValue(parameters, NEXT_UPDATE$1, CertificateRevocationList.defaultValues(NEXT_UPDATE$1)); + } + if (REVOKED_CERTIFICATES in parameters) { + this.revokedCertificates = getParametersValue(parameters, REVOKED_CERTIFICATES, CertificateRevocationList.defaultValues(REVOKED_CERTIFICATES)); + } + if (CRL_EXTENSIONS in parameters) { + this.crlExtensions = getParametersValue(parameters, CRL_EXTENSIONS, CertificateRevocationList.defaultValues(CRL_EXTENSIONS)); + } + this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$4, CertificateRevocationList.defaultValues(SIGNATURE_ALGORITHM$4)); + this.signatureValue = getParametersValue(parameters, SIGNATURE_VALUE$1, CertificateRevocationList.defaultValues(SIGNATURE_VALUE$1)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + get tbs() { + return BufferSourceConverter.toArrayBuffer(this.tbsView); + } + set tbs(value) { + this.tbsView = new Uint8Array(value); + } + static defaultValues(memberName) { + switch (memberName) { + case TBS$3: + return EMPTY_BUFFER; + case VERSION$e: + return 0; + case SIGNATURE$3: + return new AlgorithmIdentifier(); + case ISSUER$1: + return new RelativeDistinguishedNames(); + case THIS_UPDATE$1: + return new Time(); + case NEXT_UPDATE$1: + return new Time(); + case REVOKED_CERTIFICATES: + return []; + case CRL_EXTENSIONS: + return new Extensions(); + case SIGNATURE_ALGORITHM$4: + return new AlgorithmIdentifier(); + case SIGNATURE_VALUE$1: + return new BitString(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || "CertificateList"), + value: [ + tbsCertList(parameters), + AlgorithmIdentifier.schema(names.signatureAlgorithm || { + names: { + blockName: SIGNATURE_ALGORITHM$4 + } + }), + new BitString({ name: (names.signatureValue || SIGNATURE_VALUE$1) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$N); + const asn1 = compareSchema(schema, schema, CertificateRevocationList.schema()); + AsnError.assertSchema(asn1, this.className); + this.tbsView = asn1.result.tbsCertList.valueBeforeDecodeView; + if (TBS_CERT_LIST_VERSION in asn1.result) { + this.version = asn1.result[TBS_CERT_LIST_VERSION].valueBlock.valueDec; + } + this.signature = new AlgorithmIdentifier({ schema: asn1.result[TBS_CERT_LIST_SIGNATURE] }); + this.issuer = new RelativeDistinguishedNames({ schema: asn1.result[TBS_CERT_LIST_ISSUER] }); + this.thisUpdate = new Time({ schema: asn1.result[TBS_CERT_LIST_THIS_UPDATE] }); + if (TBS_CERT_LIST_NEXT_UPDATE in asn1.result) { + this.nextUpdate = new Time({ schema: asn1.result[TBS_CERT_LIST_NEXT_UPDATE] }); + } + if (TBS_CERT_LIST_REVOKED_CERTIFICATES in asn1.result) { + this.revokedCertificates = Array.from(asn1.result[TBS_CERT_LIST_REVOKED_CERTIFICATES], element => new RevokedCertificate({ schema: element })); + } + if (TBS_CERT_LIST_EXTENSIONS in asn1.result) { + this.crlExtensions = new Extensions({ schema: asn1.result[TBS_CERT_LIST_EXTENSIONS] }); + } + this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm }); + this.signatureValue = asn1.result.signatureValue; + } + encodeTBS() { + const outputArray = []; + if (this.version !== CertificateRevocationList.defaultValues(VERSION$e)) { + outputArray.push(new Integer({ value: this.version })); + } + outputArray.push(this.signature.toSchema()); + outputArray.push(this.issuer.toSchema()); + outputArray.push(this.thisUpdate.toSchema()); + if (this.nextUpdate) { + outputArray.push(this.nextUpdate.toSchema()); + } + if (this.revokedCertificates) { + outputArray.push(new Sequence({ + value: Array.from(this.revokedCertificates, o => o.toSchema()) + })); + } + if (this.crlExtensions) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + this.crlExtensions.toSchema() + ] + })); + } + return (new Sequence({ + value: outputArray + })); + } + toSchema(encodeFlag = false) { + let tbsSchema; + if (!encodeFlag) { + if (!this.tbsView.byteLength) { + return CertificateRevocationList.schema(); + } + const asn1 = fromBER(this.tbsView); + AsnError.assert(asn1, "TBS Certificate Revocation List"); + tbsSchema = asn1.result; + } + else { + tbsSchema = this.encodeTBS(); + } + return (new Sequence({ + value: [ + tbsSchema, + this.signatureAlgorithm.toSchema(), + this.signatureValue + ] + })); + } + toJSON() { + const res = { + tbs: Convert.ToHex(this.tbsView), + version: this.version, + signature: this.signature.toJSON(), + issuer: this.issuer.toJSON(), + thisUpdate: this.thisUpdate.toJSON(), + signatureAlgorithm: this.signatureAlgorithm.toJSON(), + signatureValue: this.signatureValue.toJSON() + }; + if (this.version !== CertificateRevocationList.defaultValues(VERSION$e)) + res.version = this.version; + if (this.nextUpdate) { + res.nextUpdate = this.nextUpdate.toJSON(); + } + if (this.revokedCertificates) { + res.revokedCertificates = Array.from(this.revokedCertificates, o => o.toJSON()); + } + if (this.crlExtensions) { + res.crlExtensions = this.crlExtensions.toJSON(); + } + return res; + } + isCertificateRevoked(certificate) { + if (!this.issuer.isEqual(certificate.issuer)) { + return false; + } + if (!this.revokedCertificates) { + return false; + } + for (const revokedCertificate of this.revokedCertificates) { + if (revokedCertificate.userCertificate.isEqual(certificate.serialNumber)) { + return true; + } + } + return false; + } + sign(privateKey, hashAlgorithm = "SHA-1", crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + if (!privateKey) { + throw new Error("Need to provide a private key for signing"); + } + const signatureParameters = yield crypto.getSignatureParameters(privateKey, hashAlgorithm); + const { parameters } = signatureParameters; + this.signature = signatureParameters.signatureAlgorithm; + this.signatureAlgorithm = signatureParameters.signatureAlgorithm; + this.tbsView = new Uint8Array(this.encodeTBS().toBER()); + const signature = yield crypto.signWithPrivateKey(this.tbsView, privateKey, parameters); + this.signatureValue = new BitString({ valueHex: signature }); + }); + } + verify(parameters = {}, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + let subjectPublicKeyInfo; + if (parameters.issuerCertificate) { + subjectPublicKeyInfo = parameters.issuerCertificate.subjectPublicKeyInfo; + if (!this.issuer.isEqual(parameters.issuerCertificate.subject)) { + return false; + } + } + if (parameters.publicKeyInfo) { + subjectPublicKeyInfo = parameters.publicKeyInfo; + } + if (!subjectPublicKeyInfo) { + throw new Error("Issuer's certificate must be provided as an input parameter"); + } + if (this.crlExtensions) { + for (const extension of this.crlExtensions.extensions) { + if (extension.critical) { + if (!WELL_KNOWN_EXTENSIONS.includes(extension.extnID)) + return false; + } + } + } + return crypto.verifyWithPublicKey(this.tbsView, this.signatureValue, subjectPublicKeyInfo, this.signatureAlgorithm); + }); + } +} +CertificateRevocationList.CLASS_NAME = "CertificateRevocationList"; + +const CRL_ID = "crlId"; +const CRL_VALUE = "crlValue"; +const PARSED_VALUE$3 = "parsedValue"; +const CLEAR_PROPS$M = [ + CRL_ID, + CRL_VALUE, +]; +class CRLBag extends PkiObject { + constructor(parameters = {}) { + super(); + this.crlId = getParametersValue(parameters, CRL_ID, CRLBag.defaultValues(CRL_ID)); + this.crlValue = getParametersValue(parameters, CRL_VALUE, CRLBag.defaultValues(CRL_VALUE)); + if (PARSED_VALUE$3 in parameters) { + this.parsedValue = getParametersValue(parameters, PARSED_VALUE$3, CRLBag.defaultValues(PARSED_VALUE$3)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case CRL_ID: + return EMPTY_STRING; + case CRL_VALUE: + return (new Any()); + case PARSED_VALUE$3: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case CRL_ID: + return (memberValue === EMPTY_STRING); + case CRL_VALUE: + return (memberValue instanceof Any); + case PARSED_VALUE$3: + return ((memberValue instanceof Object) && (Object.keys(memberValue).length === 0)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.id || "id") }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Any({ name: (names.value || "value") })] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$M); + const asn1 = compareSchema(schema, schema, CRLBag.schema({ + names: { + id: CRL_ID, + value: CRL_VALUE + } + })); + AsnError.assertSchema(asn1, this.className); + this.crlId = asn1.result.crlId.valueBlock.toString(); + this.crlValue = asn1.result.crlValue; + switch (this.crlId) { + case id_CRLBag_X509CRL: + { + this.parsedValue = CertificateRevocationList.fromBER(this.certValue.valueBlock.valueHex); + } + break; + default: + throw new Error(`Incorrect CRL_ID value in CRLBag: ${this.crlId}`); + } + } + toSchema() { + if (this.parsedValue) { + this.crlId = id_CRLBag_X509CRL; + this.crlValue = new OctetString({ valueHex: this.parsedValue.toSchema().toBER(false) }); + } + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.crlId }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [this.crlValue.toSchema()] + }) + ] + })); + } + toJSON() { + return { + crlId: this.crlId, + crlValue: this.crlValue.toJSON() + }; + } +} +CRLBag.CLASS_NAME = "CRLBag"; + +const VERSION$d = "version"; +const ENCRYPTED_CONTENT_INFO$1 = "encryptedContentInfo"; +const UNPROTECTED_ATTRS$1 = "unprotectedAttrs"; +const CLEAR_PROPS$L = [ + VERSION$d, + ENCRYPTED_CONTENT_INFO$1, + UNPROTECTED_ATTRS$1, +]; +class EncryptedData extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$d, EncryptedData.defaultValues(VERSION$d)); + this.encryptedContentInfo = getParametersValue(parameters, ENCRYPTED_CONTENT_INFO$1, EncryptedData.defaultValues(ENCRYPTED_CONTENT_INFO$1)); + if (UNPROTECTED_ATTRS$1 in parameters) { + this.unprotectedAttrs = getParametersValue(parameters, UNPROTECTED_ATTRS$1, EncryptedData.defaultValues(UNPROTECTED_ATTRS$1)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$d: + return 0; + case ENCRYPTED_CONTENT_INFO$1: + return new EncryptedContentInfo(); + case UNPROTECTED_ATTRS$1: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VERSION$d: + return (memberValue === 0); + case ENCRYPTED_CONTENT_INFO$1: + return ((EncryptedContentInfo.compareWithDefault("contentType", memberValue.contentType)) && + (EncryptedContentInfo.compareWithDefault("contentEncryptionAlgorithm", memberValue.contentEncryptionAlgorithm)) && + (EncryptedContentInfo.compareWithDefault("encryptedContent", memberValue.encryptedContent))); + case UNPROTECTED_ATTRS$1: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.version || EMPTY_STRING) }), + EncryptedContentInfo.schema(names.encryptedContentInfo || {}), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [ + new Repeated({ + name: (names.unprotectedAttrs || EMPTY_STRING), + value: Attribute.schema() + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$L); + const asn1 = compareSchema(schema, schema, EncryptedData.schema({ + names: { + version: VERSION$d, + encryptedContentInfo: { + names: { + blockName: ENCRYPTED_CONTENT_INFO$1 + } + }, + unprotectedAttrs: UNPROTECTED_ATTRS$1 + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + this.encryptedContentInfo = new EncryptedContentInfo({ schema: asn1.result.encryptedContentInfo }); + if (UNPROTECTED_ATTRS$1 in asn1.result) + this.unprotectedAttrs = Array.from(asn1.result.unprotectedAttrs, element => new Attribute({ schema: element })); + } + toSchema() { + const outputArray = []; + outputArray.push(new Integer({ value: this.version })); + outputArray.push(this.encryptedContentInfo.toSchema()); + if (this.unprotectedAttrs) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: Array.from(this.unprotectedAttrs, o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + version: this.version, + encryptedContentInfo: this.encryptedContentInfo.toJSON() + }; + if (this.unprotectedAttrs) + res.unprotectedAttrs = Array.from(this.unprotectedAttrs, o => o.toJSON()); + return res; + } + encrypt(parameters) { + return __awaiter(this, void 0, void 0, function* () { + ArgumentError.assert(parameters, "parameters", "object"); + const encryptParams = Object.assign(Object.assign({}, parameters), { contentType: "1.2.840.113549.1.7.1" }); + this.encryptedContentInfo = yield getCrypto(true).encryptEncryptedContentInfo(encryptParams); + }); + } + decrypt(parameters, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + ArgumentError.assert(parameters, "parameters", "object"); + const decryptParams = Object.assign(Object.assign({}, parameters), { encryptedContentInfo: this.encryptedContentInfo }); + return crypto.decryptEncryptedContentInfo(decryptParams); + }); + } +} +EncryptedData.CLASS_NAME = "EncryptedData"; + +const ENCRYPTION_ALGORITHM = "encryptionAlgorithm"; +const ENCRYPTED_DATA = "encryptedData"; +const PARSED_VALUE$2 = "parsedValue"; +const CLEAR_PROPS$K = [ + ENCRYPTION_ALGORITHM, + ENCRYPTED_DATA, +]; +class PKCS8ShroudedKeyBag extends PkiObject { + constructor(parameters = {}) { + super(); + this.encryptionAlgorithm = getParametersValue(parameters, ENCRYPTION_ALGORITHM, PKCS8ShroudedKeyBag.defaultValues(ENCRYPTION_ALGORITHM)); + this.encryptedData = getParametersValue(parameters, ENCRYPTED_DATA, PKCS8ShroudedKeyBag.defaultValues(ENCRYPTED_DATA)); + if (PARSED_VALUE$2 in parameters) { + this.parsedValue = getParametersValue(parameters, PARSED_VALUE$2, PKCS8ShroudedKeyBag.defaultValues(PARSED_VALUE$2)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ENCRYPTION_ALGORITHM: + return (new AlgorithmIdentifier()); + case ENCRYPTED_DATA: + return (new OctetString()); + case PARSED_VALUE$2: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case ENCRYPTION_ALGORITHM: + return ((AlgorithmIdentifier.compareWithDefault("algorithmId", memberValue.algorithmId)) && + (("algorithmParams" in memberValue) === false)); + case ENCRYPTED_DATA: + return (memberValue.isEqual(PKCS8ShroudedKeyBag.defaultValues(memberName))); + case PARSED_VALUE$2: + return ((memberValue instanceof Object) && (Object.keys(memberValue).length === 0)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + AlgorithmIdentifier.schema(names.encryptionAlgorithm || { + names: { + blockName: ENCRYPTION_ALGORITHM + } + }), + new Choice({ + value: [ + new OctetString({ name: (names.encryptedData || ENCRYPTED_DATA) }), + new OctetString({ + idBlock: { + isConstructed: true + }, + name: (names.encryptedData || ENCRYPTED_DATA) + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$K); + const asn1 = compareSchema(schema, schema, PKCS8ShroudedKeyBag.schema({ + names: { + encryptionAlgorithm: { + names: { + blockName: ENCRYPTION_ALGORITHM + } + }, + encryptedData: ENCRYPTED_DATA + } + })); + AsnError.assertSchema(asn1, this.className); + this.encryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.encryptionAlgorithm }); + this.encryptedData = asn1.result.encryptedData; + } + toSchema() { + return (new Sequence({ + value: [ + this.encryptionAlgorithm.toSchema(), + this.encryptedData + ] + })); + } + toJSON() { + return { + encryptionAlgorithm: this.encryptionAlgorithm.toJSON(), + encryptedData: this.encryptedData.toJSON(), + }; + } + parseInternalValues(parameters, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + const cmsEncrypted = new EncryptedData({ + encryptedContentInfo: new EncryptedContentInfo({ + contentEncryptionAlgorithm: this.encryptionAlgorithm, + encryptedContent: this.encryptedData + }) + }); + const decryptedData = yield cmsEncrypted.decrypt(parameters, crypto); + this.parsedValue = PrivateKeyInfo.fromBER(decryptedData); + }); + } + makeInternalValues(parameters) { + return __awaiter(this, void 0, void 0, function* () { + if (!this.parsedValue) { + throw new Error("Please initialize \"parsedValue\" first"); + } + const cmsEncrypted = new EncryptedData(); + const encryptParams = Object.assign(Object.assign({}, parameters), { contentToEncrypt: this.parsedValue.toSchema().toBER(false) }); + yield cmsEncrypted.encrypt(encryptParams); + if (!cmsEncrypted.encryptedContentInfo.encryptedContent) { + throw new Error("The filed `encryptedContent` in EncryptedContentInfo is empty"); + } + this.encryptionAlgorithm = cmsEncrypted.encryptedContentInfo.contentEncryptionAlgorithm; + this.encryptedData = cmsEncrypted.encryptedContentInfo.encryptedContent; + }); + } +} +PKCS8ShroudedKeyBag.CLASS_NAME = "PKCS8ShroudedKeyBag"; + +const SECRET_TYPE_ID = "secretTypeId"; +const SECRET_VALUE = "secretValue"; +const CLEAR_PROPS$J = [ + SECRET_TYPE_ID, + SECRET_VALUE, +]; +class SecretBag extends PkiObject { + constructor(parameters = {}) { + super(); + this.secretTypeId = getParametersValue(parameters, SECRET_TYPE_ID, SecretBag.defaultValues(SECRET_TYPE_ID)); + this.secretValue = getParametersValue(parameters, SECRET_VALUE, SecretBag.defaultValues(SECRET_VALUE)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case SECRET_TYPE_ID: + return EMPTY_STRING; + case SECRET_VALUE: + return (new Any()); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case SECRET_TYPE_ID: + return (memberValue === EMPTY_STRING); + case SECRET_VALUE: + return (memberValue instanceof Any); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.id || "id") }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Any({ name: (names.value || "value") })] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$J); + const asn1 = compareSchema(schema, schema, SecretBag.schema({ + names: { + id: SECRET_TYPE_ID, + value: SECRET_VALUE + } + })); + AsnError.assertSchema(asn1, this.className); + this.secretTypeId = asn1.result.secretTypeId.valueBlock.toString(); + this.secretValue = asn1.result.secretValue; + } + toSchema() { + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.secretTypeId }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [this.secretValue.toSchema()] + }) + ] + })); + } + toJSON() { + return { + secretTypeId: this.secretTypeId, + secretValue: this.secretValue.toJSON() + }; + } +} +SecretBag.CLASS_NAME = "SecretBag"; + +class SafeBagValueFactory { + static getItems() { + if (!this.items) { + this.items = {}; + SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.1", PrivateKeyInfo); + SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.2", PKCS8ShroudedKeyBag); + SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.3", CertBag); + SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.4", CRLBag); + SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.5", SecretBag); + SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.6", SafeContents); + } + return this.items; + } + static register(id, type) { + this.getItems()[id] = type; + } + static find(id) { + return this.getItems()[id] || null; + } +} + +const BAG_ID = "bagId"; +const BAG_VALUE = "bagValue"; +const BAG_ATTRIBUTES = "bagAttributes"; +const CLEAR_PROPS$I = [ + BAG_ID, + BAG_VALUE, + BAG_ATTRIBUTES +]; +class SafeBag extends PkiObject { + constructor(parameters = {}) { + super(); + this.bagId = getParametersValue(parameters, BAG_ID, SafeBag.defaultValues(BAG_ID)); + this.bagValue = getParametersValue(parameters, BAG_VALUE, SafeBag.defaultValues(BAG_VALUE)); + if (BAG_ATTRIBUTES in parameters) { + this.bagAttributes = getParametersValue(parameters, BAG_ATTRIBUTES, SafeBag.defaultValues(BAG_ATTRIBUTES)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case BAG_ID: + return EMPTY_STRING; + case BAG_VALUE: + return (new Any()); + case BAG_ATTRIBUTES: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case BAG_ID: + return (memberValue === EMPTY_STRING); + case BAG_VALUE: + return (memberValue instanceof Any); + case BAG_ATTRIBUTES: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.bagId || BAG_ID) }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Any({ name: (names.bagValue || BAG_VALUE) })] + }), + new Set({ + optional: true, + value: [ + new Repeated({ + name: (names.bagAttributes || BAG_ATTRIBUTES), + value: Attribute.schema() + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$I); + const asn1 = compareSchema(schema, schema, SafeBag.schema({ + names: { + bagId: BAG_ID, + bagValue: BAG_VALUE, + bagAttributes: BAG_ATTRIBUTES + } + })); + AsnError.assertSchema(asn1, this.className); + this.bagId = asn1.result.bagId.valueBlock.toString(); + const bagType = SafeBagValueFactory.find(this.bagId); + if (!bagType) { + throw new Error(`Invalid BAG_ID for SafeBag: ${this.bagId}`); + } + this.bagValue = new bagType({ schema: asn1.result.bagValue }); + if (BAG_ATTRIBUTES in asn1.result) { + this.bagAttributes = Array.from(asn1.result.bagAttributes, element => new Attribute({ schema: element })); + } + } + toSchema() { + const outputArray = [ + new ObjectIdentifier({ value: this.bagId }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [this.bagValue.toSchema()] + }) + ]; + if (this.bagAttributes) { + outputArray.push(new Set({ + value: Array.from(this.bagAttributes, o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const output = { + bagId: this.bagId, + bagValue: this.bagValue.toJSON() + }; + if (this.bagAttributes) { + output.bagAttributes = Array.from(this.bagAttributes, o => o.toJSON()); + } + return output; + } +} +SafeBag.CLASS_NAME = "SafeBag"; + +const SAFE_BUGS = "safeBags"; +class SafeContents extends PkiObject { + constructor(parameters = {}) { + super(); + this.safeBags = getParametersValue(parameters, SAFE_BUGS, SafeContents.defaultValues(SAFE_BUGS)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case SAFE_BUGS: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case SAFE_BUGS: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.safeBags || EMPTY_STRING), + value: SafeBag.schema() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, [ + SAFE_BUGS + ]); + const asn1 = compareSchema(schema, schema, SafeContents.schema({ + names: { + safeBags: SAFE_BUGS + } + })); + AsnError.assertSchema(asn1, this.className); + this.safeBags = Array.from(asn1.result.safeBags, element => new SafeBag({ schema: element })); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.safeBags, o => o.toSchema()) + })); + } + toJSON() { + return { + safeBags: Array.from(this.safeBags, o => o.toJSON()) + }; + } +} +SafeContents.CLASS_NAME = "SafeContents"; + +const OTHER_CERT_FORMAT = "otherCertFormat"; +const OTHER_CERT = "otherCert"; +const CLEAR_PROPS$H = [ + OTHER_CERT_FORMAT, + OTHER_CERT +]; +class OtherCertificateFormat extends PkiObject { + constructor(parameters = {}) { + super(); + this.otherCertFormat = getParametersValue(parameters, OTHER_CERT_FORMAT, OtherCertificateFormat.defaultValues(OTHER_CERT_FORMAT)); + this.otherCert = getParametersValue(parameters, OTHER_CERT, OtherCertificateFormat.defaultValues(OTHER_CERT)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case OTHER_CERT_FORMAT: + return EMPTY_STRING; + case OTHER_CERT: + return new Any(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.otherCertFormat || OTHER_CERT_FORMAT) }), + new Any({ name: (names.otherCert || OTHER_CERT) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$H); + const asn1 = compareSchema(schema, schema, OtherCertificateFormat.schema()); + AsnError.assertSchema(asn1, this.className); + this.otherCertFormat = asn1.result.otherCertFormat.valueBlock.toString(); + this.otherCert = asn1.result.otherCert; + } + toSchema() { + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.otherCertFormat }), + this.otherCert + ] + })); + } + toJSON() { + const res = { + otherCertFormat: this.otherCertFormat + }; + if (!(this.otherCert instanceof Any)) { + res.otherCert = this.otherCert.toJSON(); + } + return res; + } +} + +const CERTIFICATES$1 = "certificates"; +const CLEAR_PROPS$G = [ + CERTIFICATES$1, +]; +class CertificateSet extends PkiObject { + constructor(parameters = {}) { + super(); + this.certificates = getParametersValue(parameters, CERTIFICATES$1, CertificateSet.defaultValues(CERTIFICATES$1)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case CERTIFICATES$1: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Set({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.certificates || CERTIFICATES$1), + value: new Choice({ + value: [ + Certificate.schema(), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Any() + ] + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [ + new Sequence + ] + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: AttributeCertificateV2.schema().valueBlock.value + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 3 + }, + value: OtherCertificateFormat.schema().valueBlock.value + }) + ] + }) + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$G); + const asn1 = compareSchema(schema, schema, CertificateSet.schema()); + AsnError.assertSchema(asn1, this.className); + this.certificates = Array.from(asn1.result.certificates || [], (element) => { + const initialTagNumber = element.idBlock.tagNumber; + if (element.idBlock.tagClass === 1) + return new Certificate({ schema: element }); + const elementSequence = new Sequence({ + value: element.valueBlock.value + }); + switch (initialTagNumber) { + case 1: + if (elementSequence.valueBlock.value[0].valueBlock.value[0].valueBlock.valueDec === 1) { + return new AttributeCertificateV2({ schema: elementSequence }); + } + else { + return new AttributeCertificateV1({ schema: elementSequence }); + } + case 2: + return new AttributeCertificateV2({ schema: elementSequence }); + case 3: + return new OtherCertificateFormat({ schema: elementSequence }); + } + return element; + }); + } + toSchema() { + return (new Set({ + value: Array.from(this.certificates, element => { + switch (true) { + case (element instanceof Certificate): + return element.toSchema(); + case (element instanceof AttributeCertificateV1): + return new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: element.toSchema().valueBlock.value + }); + case (element instanceof AttributeCertificateV2): + return new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: element.toSchema().valueBlock.value + }); + case (element instanceof OtherCertificateFormat): + return new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 3 + }, + value: element.toSchema().valueBlock.value + }); + } + return element.toSchema(); + }) + })); + } + toJSON() { + return { + certificates: Array.from(this.certificates, o => o.toJSON()) + }; + } +} +CertificateSet.CLASS_NAME = "CertificateSet"; + +const OTHER_REV_INFO_FORMAT = "otherRevInfoFormat"; +const OTHER_REV_INFO = "otherRevInfo"; +const CLEAR_PROPS$F = [ + OTHER_REV_INFO_FORMAT, + OTHER_REV_INFO +]; +class OtherRevocationInfoFormat extends PkiObject { + constructor(parameters = {}) { + super(); + this.otherRevInfoFormat = getParametersValue(parameters, OTHER_REV_INFO_FORMAT, OtherRevocationInfoFormat.defaultValues(OTHER_REV_INFO_FORMAT)); + this.otherRevInfo = getParametersValue(parameters, OTHER_REV_INFO, OtherRevocationInfoFormat.defaultValues(OTHER_REV_INFO)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case OTHER_REV_INFO_FORMAT: + return EMPTY_STRING; + case OTHER_REV_INFO: + return new Any(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.otherRevInfoFormat || OTHER_REV_INFO_FORMAT) }), + new Any({ name: (names.otherRevInfo || OTHER_REV_INFO) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$F); + const asn1 = compareSchema(schema, schema, OtherRevocationInfoFormat.schema()); + AsnError.assertSchema(asn1, this.className); + this.otherRevInfoFormat = asn1.result.otherRevInfoFormat.valueBlock.toString(); + this.otherRevInfo = asn1.result.otherRevInfo; + } + toSchema() { + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.otherRevInfoFormat }), + this.otherRevInfo + ] + })); + } + toJSON() { + const res = { + otherRevInfoFormat: this.otherRevInfoFormat + }; + if (!(this.otherRevInfo instanceof Any)) { + res.otherRevInfo = this.otherRevInfo.toJSON(); + } + return res; + } +} +OtherRevocationInfoFormat.CLASS_NAME = "OtherRevocationInfoFormat"; + +const CRLS$3 = "crls"; +const OTHER_REVOCATION_INFOS = "otherRevocationInfos"; +const CLEAR_PROPS$E = [ + CRLS$3 +]; +class RevocationInfoChoices extends PkiObject { + constructor(parameters = {}) { + super(); + this.crls = getParametersValue(parameters, CRLS$3, RevocationInfoChoices.defaultValues(CRLS$3)); + this.otherRevocationInfos = getParametersValue(parameters, OTHER_REVOCATION_INFOS, RevocationInfoChoices.defaultValues(OTHER_REVOCATION_INFOS)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case CRLS$3: + return []; + case OTHER_REVOCATION_INFOS: + return []; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Set({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.crls || EMPTY_STRING), + value: new Choice({ + value: [ + CertificateRevocationList.schema(), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [ + new ObjectIdentifier(), + new Any() + ] + }) + ] + }) + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$E); + const asn1 = compareSchema(schema, schema, RevocationInfoChoices.schema({ + names: { + crls: CRLS$3 + } + })); + AsnError.assertSchema(asn1, this.className); + if (asn1.result.crls) { + for (const element of asn1.result.crls) { + if (element.idBlock.tagClass === 1) + this.crls.push(new CertificateRevocationList({ schema: element })); + else + this.otherRevocationInfos.push(new OtherRevocationInfoFormat({ schema: element })); + } + } + } + toSchema() { + const outputArray = []; + outputArray.push(...Array.from(this.crls, o => o.toSchema())); + outputArray.push(...Array.from(this.otherRevocationInfos, element => { + const schema = element.toSchema(); + schema.idBlock.tagClass = 3; + schema.idBlock.tagNumber = 1; + return schema; + })); + return (new Set({ + value: outputArray + })); + } + toJSON() { + return { + crls: Array.from(this.crls, o => o.toJSON()), + otherRevocationInfos: Array.from(this.otherRevocationInfos, o => o.toJSON()) + }; + } +} +RevocationInfoChoices.CLASS_NAME = "RevocationInfoChoices"; + +const CERTS$3 = "certs"; +const CRLS$2 = "crls"; +const CLEAR_PROPS$D = [ + CERTS$3, + CRLS$2, +]; +class OriginatorInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.crls = getParametersValue(parameters, CRLS$2, OriginatorInfo.defaultValues(CRLS$2)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case CERTS$3: + return new CertificateSet(); + case CRLS$2: + return new RevocationInfoChoices(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case CERTS$3: + return (memberValue.certificates.length === 0); + case CRLS$2: + return ((memberValue.crls.length === 0) && (memberValue.otherRevocationInfos.length === 0)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Constructed({ + name: (names.certs || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: CertificateSet.schema().valueBlock.value + }), + new Constructed({ + name: (names.crls || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: RevocationInfoChoices.schema().valueBlock.value + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$D); + const asn1 = compareSchema(schema, schema, OriginatorInfo.schema({ + names: { + certs: CERTS$3, + crls: CRLS$2 + } + })); + AsnError.assertSchema(asn1, this.className); + if (CERTS$3 in asn1.result) { + this.certs = new CertificateSet({ + schema: new Set({ + value: asn1.result.certs.valueBlock.value + }) + }); + } + if (CRLS$2 in asn1.result) { + this.crls = new RevocationInfoChoices({ + schema: new Set({ + value: asn1.result.crls.valueBlock.value + }) + }); + } + } + toSchema() { + const sequenceValue = []; + if (this.certs) { + sequenceValue.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: this.certs.toSchema().valueBlock.value + })); + } + if (this.crls) { + sequenceValue.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: this.crls.toSchema().valueBlock.value + })); + } + return (new Sequence({ + value: sequenceValue + })); + } + toJSON() { + const res = {}; + if (this.certs) { + res.certs = this.certs.toJSON(); + } + if (this.crls) { + res.crls = this.crls.toJSON(); + } + return res; + } +} +OriginatorInfo.CLASS_NAME = "OriginatorInfo"; + +const ISSUER = "issuer"; +const SERIAL_NUMBER$2 = "serialNumber"; +const CLEAR_PROPS$C = [ + ISSUER, + SERIAL_NUMBER$2, +]; +class IssuerAndSerialNumber extends PkiObject { + constructor(parameters = {}) { + super(); + this.issuer = getParametersValue(parameters, ISSUER, IssuerAndSerialNumber.defaultValues(ISSUER)); + this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$2, IssuerAndSerialNumber.defaultValues(SERIAL_NUMBER$2)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ISSUER: + return new RelativeDistinguishedNames(); + case SERIAL_NUMBER$2: + return new Integer(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + RelativeDistinguishedNames.schema(names.issuer || {}), + new Integer({ name: (names.serialNumber || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$C); + const asn1 = compareSchema(schema, schema, IssuerAndSerialNumber.schema({ + names: { + issuer: { + names: { + blockName: ISSUER + } + }, + serialNumber: SERIAL_NUMBER$2 + } + })); + AsnError.assertSchema(asn1, this.className); + this.issuer = new RelativeDistinguishedNames({ schema: asn1.result.issuer }); + this.serialNumber = asn1.result.serialNumber; + } + toSchema() { + return (new Sequence({ + value: [ + this.issuer.toSchema(), + this.serialNumber + ] + })); + } + toJSON() { + return { + issuer: this.issuer.toJSON(), + serialNumber: this.serialNumber.toJSON(), + }; + } +} +IssuerAndSerialNumber.CLASS_NAME = "IssuerAndSerialNumber"; + +const VARIANT$3 = "variant"; +const VALUE$3 = "value"; +const CLEAR_PROPS$B = [ + "blockName" +]; +class RecipientIdentifier extends PkiObject { + constructor(parameters = {}) { + super(); + this.variant = getParametersValue(parameters, VARIANT$3, RecipientIdentifier.defaultValues(VARIANT$3)); + if (VALUE$3 in parameters) { + this.value = getParametersValue(parameters, VALUE$3, RecipientIdentifier.defaultValues(VALUE$3)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VARIANT$3: + return (-1); + case VALUE$3: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VARIANT$3: + return (memberValue === (-1)); + case VALUE$3: + return (Object.keys(memberValue).length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Choice({ + value: [ + IssuerAndSerialNumber.schema({ + names: { + blockName: (names.blockName || EMPTY_STRING) + } + }), + new Primitive({ + name: (names.blockName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 0 + } + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$B); + const asn1 = compareSchema(schema, schema, RecipientIdentifier.schema({ + names: { + blockName: "blockName" + } + })); + AsnError.assertSchema(asn1, this.className); + if (asn1.result.blockName.idBlock.tagClass === 1) { + this.variant = 1; + this.value = new IssuerAndSerialNumber({ schema: asn1.result.blockName }); + } + else { + this.variant = 2; + this.value = new OctetString({ valueHex: asn1.result.blockName.valueBlock.valueHex }); + } + } + toSchema() { + switch (this.variant) { + case 1: + if (!(this.value instanceof IssuerAndSerialNumber)) { + throw new Error("Incorrect type of RecipientIdentifier.value. It should be IssuerAndSerialNumber."); + } + return this.value.toSchema(); + case 2: + if (!(this.value instanceof OctetString)) { + throw new Error("Incorrect type of RecipientIdentifier.value. It should be ASN.1 OctetString."); + } + return new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + valueHex: this.value.valueBlock.valueHexView + }); + default: + return new Any(); + } + } + toJSON() { + const res = { + variant: this.variant + }; + if ((this.variant === 1 || this.variant === 2) && this.value) { + res.value = this.value.toJSON(); + } + return res; + } +} +RecipientIdentifier.CLASS_NAME = "RecipientIdentifier"; + +const VERSION$c = "version"; +const RID$1 = "rid"; +const KEY_ENCRYPTION_ALGORITHM$3 = "keyEncryptionAlgorithm"; +const ENCRYPTED_KEY$3 = "encryptedKey"; +const RECIPIENT_CERTIFICATE$1 = "recipientCertificate"; +const CLEAR_PROPS$A = [ + VERSION$c, + RID$1, + KEY_ENCRYPTION_ALGORITHM$3, + ENCRYPTED_KEY$3, +]; +class KeyTransRecipientInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$c, KeyTransRecipientInfo.defaultValues(VERSION$c)); + this.rid = getParametersValue(parameters, RID$1, KeyTransRecipientInfo.defaultValues(RID$1)); + this.keyEncryptionAlgorithm = getParametersValue(parameters, KEY_ENCRYPTION_ALGORITHM$3, KeyTransRecipientInfo.defaultValues(KEY_ENCRYPTION_ALGORITHM$3)); + this.encryptedKey = getParametersValue(parameters, ENCRYPTED_KEY$3, KeyTransRecipientInfo.defaultValues(ENCRYPTED_KEY$3)); + this.recipientCertificate = getParametersValue(parameters, RECIPIENT_CERTIFICATE$1, KeyTransRecipientInfo.defaultValues(RECIPIENT_CERTIFICATE$1)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$c: + return (-1); + case RID$1: + return {}; + case KEY_ENCRYPTION_ALGORITHM$3: + return new AlgorithmIdentifier(); + case ENCRYPTED_KEY$3: + return new OctetString(); + case RECIPIENT_CERTIFICATE$1: + return new Certificate(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VERSION$c: + return (memberValue === KeyTransRecipientInfo.defaultValues(VERSION$c)); + case RID$1: + return (Object.keys(memberValue).length === 0); + case KEY_ENCRYPTION_ALGORITHM$3: + case ENCRYPTED_KEY$3: + return memberValue.isEqual(KeyTransRecipientInfo.defaultValues(memberName)); + case RECIPIENT_CERTIFICATE$1: + return false; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.version || EMPTY_STRING) }), + RecipientIdentifier.schema(names.rid || {}), + AlgorithmIdentifier.schema(names.keyEncryptionAlgorithm || {}), + new OctetString({ name: (names.encryptedKey || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$A); + const asn1 = compareSchema(schema, schema, KeyTransRecipientInfo.schema({ + names: { + version: VERSION$c, + rid: { + names: { + blockName: RID$1 + } + }, + keyEncryptionAlgorithm: { + names: { + blockName: KEY_ENCRYPTION_ALGORITHM$3 + } + }, + encryptedKey: ENCRYPTED_KEY$3 + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + if (asn1.result.rid.idBlock.tagClass === 3) { + this.rid = new OctetString({ valueHex: asn1.result.rid.valueBlock.valueHex }); + } + else { + this.rid = new IssuerAndSerialNumber({ schema: asn1.result.rid }); + } + this.keyEncryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.keyEncryptionAlgorithm }); + this.encryptedKey = asn1.result.encryptedKey; + } + toSchema() { + const outputArray = []; + if (this.rid instanceof IssuerAndSerialNumber) { + this.version = 0; + outputArray.push(new Integer({ value: this.version })); + outputArray.push(this.rid.toSchema()); + } + else { + this.version = 2; + outputArray.push(new Integer({ value: this.version })); + outputArray.push(new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + valueHex: this.rid.valueBlock.valueHexView + })); + } + outputArray.push(this.keyEncryptionAlgorithm.toSchema()); + outputArray.push(this.encryptedKey); + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + return { + version: this.version, + rid: this.rid.toJSON(), + keyEncryptionAlgorithm: this.keyEncryptionAlgorithm.toJSON(), + encryptedKey: this.encryptedKey.toJSON(), + }; + } +} +KeyTransRecipientInfo.CLASS_NAME = "KeyTransRecipientInfo"; + +const ALGORITHM = "algorithm"; +const PUBLIC_KEY = "publicKey"; +const CLEAR_PROPS$z = [ + ALGORITHM, + PUBLIC_KEY +]; +class OriginatorPublicKey extends PkiObject { + constructor(parameters = {}) { + super(); + this.algorithm = getParametersValue(parameters, ALGORITHM, OriginatorPublicKey.defaultValues(ALGORITHM)); + this.publicKey = getParametersValue(parameters, PUBLIC_KEY, OriginatorPublicKey.defaultValues(PUBLIC_KEY)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ALGORITHM: + return new AlgorithmIdentifier(); + case PUBLIC_KEY: + return new BitString(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case ALGORITHM: + case PUBLIC_KEY: + return (memberValue.isEqual(OriginatorPublicKey.defaultValues(memberName))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + AlgorithmIdentifier.schema(names.algorithm || {}), + new BitString({ name: (names.publicKey || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$z); + const asn1 = compareSchema(schema, schema, OriginatorPublicKey.schema({ + names: { + algorithm: { + names: { + blockName: ALGORITHM + } + }, + publicKey: PUBLIC_KEY + } + })); + AsnError.assertSchema(asn1, this.className); + this.algorithm = new AlgorithmIdentifier({ schema: asn1.result.algorithm }); + this.publicKey = asn1.result.publicKey; + } + toSchema() { + return (new Sequence({ + value: [ + this.algorithm.toSchema(), + this.publicKey + ] + })); + } + toJSON() { + return { + algorithm: this.algorithm.toJSON(), + publicKey: this.publicKey.toJSON(), + }; + } +} +OriginatorPublicKey.CLASS_NAME = "OriginatorPublicKey"; + +const VARIANT$2 = "variant"; +const VALUE$2 = "value"; +const CLEAR_PROPS$y = [ + "blockName", +]; +class OriginatorIdentifierOrKey extends PkiObject { + constructor(parameters = {}) { + super(); + this.variant = getParametersValue(parameters, VARIANT$2, OriginatorIdentifierOrKey.defaultValues(VARIANT$2)); + if (VALUE$2 in parameters) { + this.value = getParametersValue(parameters, VALUE$2, OriginatorIdentifierOrKey.defaultValues(VALUE$2)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VARIANT$2: + return (-1); + case VALUE$2: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VARIANT$2: + return (memberValue === (-1)); + case VALUE$2: + return (Object.keys(memberValue).length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Choice({ + value: [ + IssuerAndSerialNumber.schema({ + names: { + blockName: (names.blockName || EMPTY_STRING) + } + }), + new Primitive({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + name: (names.blockName || EMPTY_STRING) + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + name: (names.blockName || EMPTY_STRING), + value: OriginatorPublicKey.schema().valueBlock.value + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$y); + const asn1 = compareSchema(schema, schema, OriginatorIdentifierOrKey.schema({ + names: { + blockName: "blockName" + } + })); + AsnError.assertSchema(asn1, this.className); + if (asn1.result.blockName.idBlock.tagClass === 1) { + this.variant = 1; + this.value = new IssuerAndSerialNumber({ schema: asn1.result.blockName }); + } + else { + if (asn1.result.blockName.idBlock.tagNumber === 0) { + asn1.result.blockName.idBlock.tagClass = 1; + asn1.result.blockName.idBlock.tagNumber = 4; + this.variant = 2; + this.value = asn1.result.blockName; + } + else { + this.variant = 3; + this.value = new OriginatorPublicKey({ + schema: new Sequence({ + value: asn1.result.blockName.valueBlock.value + }) + }); + } + } + } + toSchema() { + switch (this.variant) { + case 1: + return this.value.toSchema(); + case 2: + this.value.idBlock.tagClass = 3; + this.value.idBlock.tagNumber = 0; + return this.value; + case 3: + { + const _schema = this.value.toSchema(); + _schema.idBlock.tagClass = 3; + _schema.idBlock.tagNumber = 1; + return _schema; + } + default: + return new Any(); + } + } + toJSON() { + const res = { + variant: this.variant + }; + if ((this.variant === 1) || (this.variant === 2) || (this.variant === 3)) { + res.value = this.value.toJSON(); + } + return res; + } +} +OriginatorIdentifierOrKey.CLASS_NAME = "OriginatorIdentifierOrKey"; + +const KEY_ATTR_ID = "keyAttrId"; +const KEY_ATTR = "keyAttr"; +const CLEAR_PROPS$x = [ + KEY_ATTR_ID, + KEY_ATTR, +]; +class OtherKeyAttribute extends PkiObject { + constructor(parameters = {}) { + super(); + this.keyAttrId = getParametersValue(parameters, KEY_ATTR_ID, OtherKeyAttribute.defaultValues(KEY_ATTR_ID)); + if (KEY_ATTR in parameters) { + this.keyAttr = getParametersValue(parameters, KEY_ATTR, OtherKeyAttribute.defaultValues(KEY_ATTR)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case KEY_ATTR_ID: + return EMPTY_STRING; + case KEY_ATTR: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case KEY_ATTR_ID: + return (typeof memberValue === "string" && memberValue === EMPTY_STRING); + case KEY_ATTR: + return (Object.keys(memberValue).length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + optional: (names.optional || true), + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.keyAttrId || EMPTY_STRING) }), + new Any({ + optional: true, + name: (names.keyAttr || EMPTY_STRING) + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$x); + const asn1 = compareSchema(schema, schema, OtherKeyAttribute.schema({ + names: { + keyAttrId: KEY_ATTR_ID, + keyAttr: KEY_ATTR + } + })); + AsnError.assertSchema(asn1, this.className); + this.keyAttrId = asn1.result.keyAttrId.valueBlock.toString(); + if (KEY_ATTR in asn1.result) { + this.keyAttr = asn1.result.keyAttr; + } + } + toSchema() { + const outputArray = []; + outputArray.push(new ObjectIdentifier({ value: this.keyAttrId })); + if (KEY_ATTR in this) { + outputArray.push(this.keyAttr); + } + return (new Sequence({ + value: outputArray, + })); + } + toJSON() { + const res = { + keyAttrId: this.keyAttrId + }; + if (KEY_ATTR in this) { + res.keyAttr = this.keyAttr.toJSON(); + } + return res; + } +} +OtherKeyAttribute.CLASS_NAME = "OtherKeyAttribute"; + +const SUBJECT_KEY_IDENTIFIER = "subjectKeyIdentifier"; +const DATE$1 = "date"; +const OTHER$1 = "other"; +const CLEAR_PROPS$w = [ + SUBJECT_KEY_IDENTIFIER, + DATE$1, + OTHER$1, +]; +class RecipientKeyIdentifier extends PkiObject { + constructor(parameters = {}) { + super(); + this.subjectKeyIdentifier = getParametersValue(parameters, SUBJECT_KEY_IDENTIFIER, RecipientKeyIdentifier.defaultValues(SUBJECT_KEY_IDENTIFIER)); + if (DATE$1 in parameters) { + this.date = getParametersValue(parameters, DATE$1, RecipientKeyIdentifier.defaultValues(DATE$1)); + } + if (OTHER$1 in parameters) { + this.other = getParametersValue(parameters, OTHER$1, RecipientKeyIdentifier.defaultValues(OTHER$1)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case SUBJECT_KEY_IDENTIFIER: + return new OctetString(); + case DATE$1: + return new GeneralizedTime(); + case OTHER$1: + return new OtherKeyAttribute(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case SUBJECT_KEY_IDENTIFIER: + return (memberValue.isEqual(RecipientKeyIdentifier.defaultValues(SUBJECT_KEY_IDENTIFIER))); + case DATE$1: + return ((memberValue.year === 0) && + (memberValue.month === 0) && + (memberValue.day === 0) && + (memberValue.hour === 0) && + (memberValue.minute === 0) && + (memberValue.second === 0) && + (memberValue.millisecond === 0)); + case OTHER$1: + return ((memberValue.keyAttrId === EMPTY_STRING) && (("keyAttr" in memberValue) === false)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new OctetString({ name: (names.subjectKeyIdentifier || EMPTY_STRING) }), + new GeneralizedTime({ + optional: true, + name: (names.date || EMPTY_STRING) + }), + OtherKeyAttribute.schema(names.other || {}) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$w); + const asn1 = compareSchema(schema, schema, RecipientKeyIdentifier.schema({ + names: { + subjectKeyIdentifier: SUBJECT_KEY_IDENTIFIER, + date: DATE$1, + other: { + names: { + blockName: OTHER$1 + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.subjectKeyIdentifier = asn1.result.subjectKeyIdentifier; + if (DATE$1 in asn1.result) + this.date = asn1.result.date; + if (OTHER$1 in asn1.result) + this.other = new OtherKeyAttribute({ schema: asn1.result.other }); + } + toSchema() { + const outputArray = []; + outputArray.push(this.subjectKeyIdentifier); + if (this.date) { + outputArray.push(this.date); + } + if (this.other) { + outputArray.push(this.other.toSchema()); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + subjectKeyIdentifier: this.subjectKeyIdentifier.toJSON() + }; + if (this.date) { + res.date = this.date.toJSON(); + } + if (this.other) { + res.other = this.other.toJSON(); + } + return res; + } +} +RecipientKeyIdentifier.CLASS_NAME = "RecipientKeyIdentifier"; + +const VARIANT$1 = "variant"; +const VALUE$1 = "value"; +const CLEAR_PROPS$v = [ + "blockName", +]; +class KeyAgreeRecipientIdentifier extends PkiObject { + constructor(parameters = {}) { + super(); + this.variant = getParametersValue(parameters, VARIANT$1, KeyAgreeRecipientIdentifier.defaultValues(VARIANT$1)); + this.value = getParametersValue(parameters, VALUE$1, KeyAgreeRecipientIdentifier.defaultValues(VALUE$1)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VARIANT$1: + return (-1); + case VALUE$1: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VARIANT$1: + return (memberValue === (-1)); + case VALUE$1: + return (Object.keys(memberValue).length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Choice({ + value: [ + IssuerAndSerialNumber.schema(names.issuerAndSerialNumber || { + names: { + blockName: (names.blockName || EMPTY_STRING) + } + }), + new Constructed({ + name: (names.blockName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: RecipientKeyIdentifier.schema(names.rKeyId || { + names: { + blockName: (names.blockName || EMPTY_STRING) + } + }).valueBlock.value + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$v); + const asn1 = compareSchema(schema, schema, KeyAgreeRecipientIdentifier.schema({ + names: { + blockName: "blockName" + } + })); + AsnError.assertSchema(asn1, this.className); + if (asn1.result.blockName.idBlock.tagClass === 1) { + this.variant = 1; + this.value = new IssuerAndSerialNumber({ schema: asn1.result.blockName }); + } + else { + this.variant = 2; + this.value = new RecipientKeyIdentifier({ + schema: new Sequence({ + value: asn1.result.blockName.valueBlock.value + }) + }); + } + } + toSchema() { + switch (this.variant) { + case 1: + return this.value.toSchema(); + case 2: + return new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: this.value.toSchema().valueBlock.value + }); + default: + return new Any(); + } + } + toJSON() { + const res = { + variant: this.variant, + }; + if ((this.variant === 1) || (this.variant === 2)) { + res.value = this.value.toJSON(); + } + return res; + } +} +KeyAgreeRecipientIdentifier.CLASS_NAME = "KeyAgreeRecipientIdentifier"; + +const RID = "rid"; +const ENCRYPTED_KEY$2 = "encryptedKey"; +const CLEAR_PROPS$u = [ + RID, + ENCRYPTED_KEY$2, +]; +class RecipientEncryptedKey extends PkiObject { + constructor(parameters = {}) { + super(); + this.rid = getParametersValue(parameters, RID, RecipientEncryptedKey.defaultValues(RID)); + this.encryptedKey = getParametersValue(parameters, ENCRYPTED_KEY$2, RecipientEncryptedKey.defaultValues(ENCRYPTED_KEY$2)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case RID: + return new KeyAgreeRecipientIdentifier(); + case ENCRYPTED_KEY$2: + return new OctetString(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case RID: + return ((memberValue.variant === (-1)) && (("value" in memberValue) === false)); + case ENCRYPTED_KEY$2: + return (memberValue.isEqual(RecipientEncryptedKey.defaultValues(ENCRYPTED_KEY$2))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + KeyAgreeRecipientIdentifier.schema(names.rid || {}), + new OctetString({ name: (names.encryptedKey || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$u); + const asn1 = compareSchema(schema, schema, RecipientEncryptedKey.schema({ + names: { + rid: { + names: { + blockName: RID + } + }, + encryptedKey: ENCRYPTED_KEY$2 + } + })); + AsnError.assertSchema(asn1, this.className); + this.rid = new KeyAgreeRecipientIdentifier({ schema: asn1.result.rid }); + this.encryptedKey = asn1.result.encryptedKey; + } + toSchema() { + return (new Sequence({ + value: [ + this.rid.toSchema(), + this.encryptedKey + ] + })); + } + toJSON() { + return { + rid: this.rid.toJSON(), + encryptedKey: this.encryptedKey.toJSON(), + }; + } +} +RecipientEncryptedKey.CLASS_NAME = "RecipientEncryptedKey"; + +const ENCRYPTED_KEYS = "encryptedKeys"; +const RECIPIENT_ENCRYPTED_KEYS = "RecipientEncryptedKeys"; +const CLEAR_PROPS$t = [ + RECIPIENT_ENCRYPTED_KEYS, +]; +class RecipientEncryptedKeys extends PkiObject { + constructor(parameters = {}) { + super(); + this.encryptedKeys = getParametersValue(parameters, ENCRYPTED_KEYS, RecipientEncryptedKeys.defaultValues(ENCRYPTED_KEYS)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ENCRYPTED_KEYS: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case ENCRYPTED_KEYS: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.RecipientEncryptedKeys || EMPTY_STRING), + value: RecipientEncryptedKey.schema() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$t); + const asn1 = compareSchema(schema, schema, RecipientEncryptedKeys.schema({ + names: { + RecipientEncryptedKeys: RECIPIENT_ENCRYPTED_KEYS + } + })); + AsnError.assertSchema(asn1, this.className); + this.encryptedKeys = Array.from(asn1.result.RecipientEncryptedKeys, element => new RecipientEncryptedKey({ schema: element })); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.encryptedKeys, o => o.toSchema()) + })); + } + toJSON() { + return { + encryptedKeys: Array.from(this.encryptedKeys, o => o.toJSON()) + }; + } +} +RecipientEncryptedKeys.CLASS_NAME = "RecipientEncryptedKeys"; + +const VERSION$b = "version"; +const ORIGINATOR = "originator"; +const UKM = "ukm"; +const KEY_ENCRYPTION_ALGORITHM$2 = "keyEncryptionAlgorithm"; +const RECIPIENT_ENCRYPTED_KEY = "recipientEncryptedKeys"; +const RECIPIENT_CERTIFICATE = "recipientCertificate"; +const RECIPIENT_PUBLIC_KEY = "recipientPublicKey"; +const CLEAR_PROPS$s = [ + VERSION$b, + ORIGINATOR, + UKM, + KEY_ENCRYPTION_ALGORITHM$2, + RECIPIENT_ENCRYPTED_KEY, +]; +class KeyAgreeRecipientInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$b, KeyAgreeRecipientInfo.defaultValues(VERSION$b)); + this.originator = getParametersValue(parameters, ORIGINATOR, KeyAgreeRecipientInfo.defaultValues(ORIGINATOR)); + if (UKM in parameters) { + this.ukm = getParametersValue(parameters, UKM, KeyAgreeRecipientInfo.defaultValues(UKM)); + } + this.keyEncryptionAlgorithm = getParametersValue(parameters, KEY_ENCRYPTION_ALGORITHM$2, KeyAgreeRecipientInfo.defaultValues(KEY_ENCRYPTION_ALGORITHM$2)); + this.recipientEncryptedKeys = getParametersValue(parameters, RECIPIENT_ENCRYPTED_KEY, KeyAgreeRecipientInfo.defaultValues(RECIPIENT_ENCRYPTED_KEY)); + this.recipientCertificate = getParametersValue(parameters, RECIPIENT_CERTIFICATE, KeyAgreeRecipientInfo.defaultValues(RECIPIENT_CERTIFICATE)); + this.recipientPublicKey = getParametersValue(parameters, RECIPIENT_PUBLIC_KEY, KeyAgreeRecipientInfo.defaultValues(RECIPIENT_PUBLIC_KEY)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$b: + return 0; + case ORIGINATOR: + return new OriginatorIdentifierOrKey(); + case UKM: + return new OctetString(); + case KEY_ENCRYPTION_ALGORITHM$2: + return new AlgorithmIdentifier(); + case RECIPIENT_ENCRYPTED_KEY: + return new RecipientEncryptedKeys(); + case RECIPIENT_CERTIFICATE: + return new Certificate(); + case RECIPIENT_PUBLIC_KEY: + return null; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VERSION$b: + return (memberValue === 0); + case ORIGINATOR: + return ((memberValue.variant === (-1)) && (("value" in memberValue) === false)); + case UKM: + return (memberValue.isEqual(KeyAgreeRecipientInfo.defaultValues(UKM))); + case KEY_ENCRYPTION_ALGORITHM$2: + return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false)); + case RECIPIENT_ENCRYPTED_KEY: + return (memberValue.encryptedKeys.length === 0); + case RECIPIENT_CERTIFICATE: + return false; + case RECIPIENT_PUBLIC_KEY: + return false; + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: names.blockName || EMPTY_STRING, + value: [ + new Integer({ name: names.version || EMPTY_STRING }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + OriginatorIdentifierOrKey.schema(names.originator || {}) + ] + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [new OctetString({ name: names.ukm || EMPTY_STRING })] + }), + AlgorithmIdentifier.schema(names.keyEncryptionAlgorithm || {}), + RecipientEncryptedKeys.schema(names.recipientEncryptedKeys || {}) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$s); + const asn1 = compareSchema(schema, schema, KeyAgreeRecipientInfo.schema({ + names: { + version: VERSION$b, + originator: { + names: { + blockName: ORIGINATOR + } + }, + ukm: UKM, + keyEncryptionAlgorithm: { + names: { + blockName: KEY_ENCRYPTION_ALGORITHM$2 + } + }, + recipientEncryptedKeys: { + names: { + blockName: RECIPIENT_ENCRYPTED_KEY + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + this.originator = new OriginatorIdentifierOrKey({ schema: asn1.result.originator }); + if (UKM in asn1.result) + this.ukm = asn1.result.ukm; + this.keyEncryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.keyEncryptionAlgorithm }); + this.recipientEncryptedKeys = new RecipientEncryptedKeys({ schema: asn1.result.recipientEncryptedKeys }); + } + toSchema() { + const outputArray = []; + outputArray.push(new Integer({ value: this.version })); + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [this.originator.toSchema()] + })); + if (this.ukm) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [this.ukm] + })); + } + outputArray.push(this.keyEncryptionAlgorithm.toSchema()); + outputArray.push(this.recipientEncryptedKeys.toSchema()); + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + version: this.version, + originator: this.originator.toJSON(), + keyEncryptionAlgorithm: this.keyEncryptionAlgorithm.toJSON(), + recipientEncryptedKeys: this.recipientEncryptedKeys.toJSON(), + }; + if (this.ukm) { + res.ukm = this.ukm.toJSON(); + } + return res; + } +} +KeyAgreeRecipientInfo.CLASS_NAME = "KeyAgreeRecipientInfo"; + +const KEY_IDENTIFIER = "keyIdentifier"; +const DATE = "date"; +const OTHER = "other"; +const CLEAR_PROPS$r = [ + KEY_IDENTIFIER, + DATE, + OTHER, +]; +class KEKIdentifier extends PkiObject { + constructor(parameters = {}) { + super(); + this.keyIdentifier = getParametersValue(parameters, KEY_IDENTIFIER, KEKIdentifier.defaultValues(KEY_IDENTIFIER)); + if (DATE in parameters) { + this.date = getParametersValue(parameters, DATE, KEKIdentifier.defaultValues(DATE)); + } + if (OTHER in parameters) { + this.other = getParametersValue(parameters, OTHER, KEKIdentifier.defaultValues(OTHER)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case KEY_IDENTIFIER: + return new OctetString(); + case DATE: + return new GeneralizedTime(); + case OTHER: + return new OtherKeyAttribute(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case KEY_IDENTIFIER: + return (memberValue.isEqual(KEKIdentifier.defaultValues(KEY_IDENTIFIER))); + case DATE: + return ((memberValue.year === 0) && + (memberValue.month === 0) && + (memberValue.day === 0) && + (memberValue.hour === 0) && + (memberValue.minute === 0) && + (memberValue.second === 0) && + (memberValue.millisecond === 0)); + case OTHER: + return ((memberValue.compareWithDefault("keyAttrId", memberValue.keyAttrId)) && + (("keyAttr" in memberValue) === false)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new OctetString({ name: (names.keyIdentifier || EMPTY_STRING) }), + new GeneralizedTime({ + optional: true, + name: (names.date || EMPTY_STRING) + }), + OtherKeyAttribute.schema(names.other || {}) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$r); + const asn1 = compareSchema(schema, schema, KEKIdentifier.schema({ + names: { + keyIdentifier: KEY_IDENTIFIER, + date: DATE, + other: { + names: { + blockName: OTHER + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.keyIdentifier = asn1.result.keyIdentifier; + if (DATE in asn1.result) + this.date = asn1.result.date; + if (OTHER in asn1.result) + this.other = new OtherKeyAttribute({ schema: asn1.result.other }); + } + toSchema() { + const outputArray = []; + outputArray.push(this.keyIdentifier); + if (this.date) { + outputArray.push(this.date); + } + if (this.other) { + outputArray.push(this.other.toSchema()); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + keyIdentifier: this.keyIdentifier.toJSON() + }; + if (this.date) { + res.date = this.date; + } + if (this.other) { + res.other = this.other.toJSON(); + } + return res; + } +} +KEKIdentifier.CLASS_NAME = "KEKIdentifier"; + +const VERSION$a = "version"; +const KEK_ID = "kekid"; +const KEY_ENCRYPTION_ALGORITHM$1 = "keyEncryptionAlgorithm"; +const ENCRYPTED_KEY$1 = "encryptedKey"; +const PER_DEFINED_KEK = "preDefinedKEK"; +const CLEAR_PROPS$q = [ + VERSION$a, + KEK_ID, + KEY_ENCRYPTION_ALGORITHM$1, + ENCRYPTED_KEY$1, +]; +class KEKRecipientInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$a, KEKRecipientInfo.defaultValues(VERSION$a)); + this.kekid = getParametersValue(parameters, KEK_ID, KEKRecipientInfo.defaultValues(KEK_ID)); + this.keyEncryptionAlgorithm = getParametersValue(parameters, KEY_ENCRYPTION_ALGORITHM$1, KEKRecipientInfo.defaultValues(KEY_ENCRYPTION_ALGORITHM$1)); + this.encryptedKey = getParametersValue(parameters, ENCRYPTED_KEY$1, KEKRecipientInfo.defaultValues(ENCRYPTED_KEY$1)); + this.preDefinedKEK = getParametersValue(parameters, PER_DEFINED_KEK, KEKRecipientInfo.defaultValues(PER_DEFINED_KEK)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$a: + return 0; + case KEK_ID: + return new KEKIdentifier(); + case KEY_ENCRYPTION_ALGORITHM$1: + return new AlgorithmIdentifier(); + case ENCRYPTED_KEY$1: + return new OctetString(); + case PER_DEFINED_KEK: + return EMPTY_BUFFER; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case "KEKRecipientInfo": + return (memberValue === KEKRecipientInfo.defaultValues(VERSION$a)); + case KEK_ID: + return ((memberValue.compareWithDefault("keyIdentifier", memberValue.keyIdentifier)) && + (("date" in memberValue) === false) && + (("other" in memberValue) === false)); + case KEY_ENCRYPTION_ALGORITHM$1: + return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false)); + case ENCRYPTED_KEY$1: + return (memberValue.isEqual(KEKRecipientInfo.defaultValues(ENCRYPTED_KEY$1))); + case PER_DEFINED_KEK: + return (memberValue.byteLength === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.version || EMPTY_STRING) }), + KEKIdentifier.schema(names.kekid || {}), + AlgorithmIdentifier.schema(names.keyEncryptionAlgorithm || {}), + new OctetString({ name: (names.encryptedKey || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$q); + const asn1 = compareSchema(schema, schema, KEKRecipientInfo.schema({ + names: { + version: VERSION$a, + kekid: { + names: { + blockName: KEK_ID + } + }, + keyEncryptionAlgorithm: { + names: { + blockName: KEY_ENCRYPTION_ALGORITHM$1 + } + }, + encryptedKey: ENCRYPTED_KEY$1 + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + this.kekid = new KEKIdentifier({ schema: asn1.result.kekid }); + this.keyEncryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.keyEncryptionAlgorithm }); + this.encryptedKey = asn1.result.encryptedKey; + } + toSchema() { + return (new Sequence({ + value: [ + new Integer({ value: this.version }), + this.kekid.toSchema(), + this.keyEncryptionAlgorithm.toSchema(), + this.encryptedKey + ] + })); + } + toJSON() { + return { + version: this.version, + kekid: this.kekid.toJSON(), + keyEncryptionAlgorithm: this.keyEncryptionAlgorithm.toJSON(), + encryptedKey: this.encryptedKey.toJSON(), + }; + } +} +KEKRecipientInfo.CLASS_NAME = "KEKRecipientInfo"; + +const VERSION$9 = "version"; +const KEY_DERIVATION_ALGORITHM = "keyDerivationAlgorithm"; +const KEY_ENCRYPTION_ALGORITHM = "keyEncryptionAlgorithm"; +const ENCRYPTED_KEY = "encryptedKey"; +const PASSWORD = "password"; +const CLEAR_PROPS$p = [ + VERSION$9, + KEY_DERIVATION_ALGORITHM, + KEY_ENCRYPTION_ALGORITHM, + ENCRYPTED_KEY +]; +class PasswordRecipientinfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$9, PasswordRecipientinfo.defaultValues(VERSION$9)); + if (KEY_DERIVATION_ALGORITHM in parameters) { + this.keyDerivationAlgorithm = getParametersValue(parameters, KEY_DERIVATION_ALGORITHM, PasswordRecipientinfo.defaultValues(KEY_DERIVATION_ALGORITHM)); + } + this.keyEncryptionAlgorithm = getParametersValue(parameters, KEY_ENCRYPTION_ALGORITHM, PasswordRecipientinfo.defaultValues(KEY_ENCRYPTION_ALGORITHM)); + this.encryptedKey = getParametersValue(parameters, ENCRYPTED_KEY, PasswordRecipientinfo.defaultValues(ENCRYPTED_KEY)); + this.password = getParametersValue(parameters, PASSWORD, PasswordRecipientinfo.defaultValues(PASSWORD)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$9: + return (-1); + case KEY_DERIVATION_ALGORITHM: + return new AlgorithmIdentifier(); + case KEY_ENCRYPTION_ALGORITHM: + return new AlgorithmIdentifier(); + case ENCRYPTED_KEY: + return new OctetString(); + case PASSWORD: + return EMPTY_BUFFER; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VERSION$9: + return (memberValue === (-1)); + case KEY_DERIVATION_ALGORITHM: + case KEY_ENCRYPTION_ALGORITHM: + return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false)); + case ENCRYPTED_KEY: + return (memberValue.isEqual(PasswordRecipientinfo.defaultValues(ENCRYPTED_KEY))); + case PASSWORD: + return (memberValue.byteLength === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.version || EMPTY_STRING) }), + new Constructed({ + name: (names.keyDerivationAlgorithm || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: AlgorithmIdentifier.schema().valueBlock.value + }), + AlgorithmIdentifier.schema(names.keyEncryptionAlgorithm || {}), + new OctetString({ name: (names.encryptedKey || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$p); + const asn1 = compareSchema(schema, schema, PasswordRecipientinfo.schema({ + names: { + version: VERSION$9, + keyDerivationAlgorithm: KEY_DERIVATION_ALGORITHM, + keyEncryptionAlgorithm: { + names: { + blockName: KEY_ENCRYPTION_ALGORITHM + } + }, + encryptedKey: ENCRYPTED_KEY + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + if (KEY_DERIVATION_ALGORITHM in asn1.result) { + this.keyDerivationAlgorithm = new AlgorithmIdentifier({ + schema: new Sequence({ + value: asn1.result.keyDerivationAlgorithm.valueBlock.value + }) + }); + } + this.keyEncryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.keyEncryptionAlgorithm }); + this.encryptedKey = asn1.result.encryptedKey; + } + toSchema() { + const outputArray = []; + outputArray.push(new Integer({ value: this.version })); + if (this.keyDerivationAlgorithm) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: this.keyDerivationAlgorithm.toSchema().valueBlock.value + })); + } + outputArray.push(this.keyEncryptionAlgorithm.toSchema()); + outputArray.push(this.encryptedKey); + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + version: this.version, + keyEncryptionAlgorithm: this.keyEncryptionAlgorithm.toJSON(), + encryptedKey: this.encryptedKey.toJSON(), + }; + if (this.keyDerivationAlgorithm) { + res.keyDerivationAlgorithm = this.keyDerivationAlgorithm.toJSON(); + } + return res; + } +} +PasswordRecipientinfo.CLASS_NAME = "PasswordRecipientInfo"; + +const ORI_TYPE = "oriType"; +const ORI_VALUE = "oriValue"; +const CLEAR_PROPS$o = [ + ORI_TYPE, + ORI_VALUE +]; +class OtherRecipientInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.oriType = getParametersValue(parameters, ORI_TYPE, OtherRecipientInfo.defaultValues(ORI_TYPE)); + this.oriValue = getParametersValue(parameters, ORI_VALUE, OtherRecipientInfo.defaultValues(ORI_VALUE)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case ORI_TYPE: + return EMPTY_STRING; + case ORI_VALUE: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case ORI_TYPE: + return (memberValue === EMPTY_STRING); + case ORI_VALUE: + return (Object.keys(memberValue).length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.oriType || EMPTY_STRING) }), + new Any({ name: (names.oriValue || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$o); + const asn1 = compareSchema(schema, schema, OtherRecipientInfo.schema({ + names: { + oriType: ORI_TYPE, + oriValue: ORI_VALUE + } + })); + AsnError.assertSchema(asn1, this.className); + this.oriType = asn1.result.oriType.valueBlock.toString(); + this.oriValue = asn1.result.oriValue; + } + toSchema() { + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.oriType }), + this.oriValue + ] + })); + } + toJSON() { + const res = { + oriType: this.oriType + }; + if (!OtherRecipientInfo.compareWithDefault(ORI_VALUE, this.oriValue)) { + res.oriValue = this.oriValue.toJSON(); + } + return res; + } +} +OtherRecipientInfo.CLASS_NAME = "OtherRecipientInfo"; + +const VARIANT = "variant"; +const VALUE = "value"; +const CLEAR_PROPS$n = [ + "blockName" +]; +class RecipientInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.variant = getParametersValue(parameters, VARIANT, RecipientInfo.defaultValues(VARIANT)); + if (VALUE in parameters) { + this.value = getParametersValue(parameters, VALUE, RecipientInfo.defaultValues(VALUE)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VARIANT: + return (-1); + case VALUE: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VARIANT: + return (memberValue === RecipientInfo.defaultValues(memberName)); + case VALUE: + return (Object.keys(memberValue).length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Choice({ + value: [ + KeyTransRecipientInfo.schema({ + names: { + blockName: (names.blockName || EMPTY_STRING) + } + }), + new Constructed({ + name: (names.blockName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: KeyAgreeRecipientInfo.schema().valueBlock.value + }), + new Constructed({ + name: (names.blockName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: KEKRecipientInfo.schema().valueBlock.value + }), + new Constructed({ + name: (names.blockName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 3 + }, + value: PasswordRecipientinfo.schema().valueBlock.value + }), + new Constructed({ + name: (names.blockName || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 4 + }, + value: OtherRecipientInfo.schema().valueBlock.value + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$n); + const asn1 = compareSchema(schema, schema, RecipientInfo.schema({ + names: { + blockName: "blockName" + } + })); + AsnError.assertSchema(asn1, this.className); + if (asn1.result.blockName.idBlock.tagClass === 1) { + this.variant = 1; + this.value = new KeyTransRecipientInfo({ schema: asn1.result.blockName }); + } + else { + const blockSequence = new Sequence({ + value: asn1.result.blockName.valueBlock.value + }); + switch (asn1.result.blockName.idBlock.tagNumber) { + case 1: + this.variant = 2; + this.value = new KeyAgreeRecipientInfo({ schema: blockSequence }); + break; + case 2: + this.variant = 3; + this.value = new KEKRecipientInfo({ schema: blockSequence }); + break; + case 3: + this.variant = 4; + this.value = new PasswordRecipientinfo({ schema: blockSequence }); + break; + case 4: + this.variant = 5; + this.value = new OtherRecipientInfo({ schema: blockSequence }); + break; + default: + throw new Error("Incorrect structure of RecipientInfo block"); + } + } + } + toSchema() { + ParameterError.assertEmpty(this.value, "value", "RecipientInfo"); + const _schema = this.value.toSchema(); + switch (this.variant) { + case 1: + return _schema; + case 2: + case 3: + case 4: + _schema.idBlock.tagClass = 3; + _schema.idBlock.tagNumber = (this.variant - 1); + return _schema; + default: + return new Any(); + } + } + toJSON() { + const res = { + variant: this.variant + }; + if (this.value && (this.variant >= 1) && (this.variant <= 4)) { + res.value = this.value.toJSON(); + } + return res; + } +} +RecipientInfo.CLASS_NAME = "RecipientInfo"; + +const HASH_ALGORITHM$2 = "hashAlgorithm"; +const MASK_GEN_ALGORITHM = "maskGenAlgorithm"; +const P_SOURCE_ALGORITHM = "pSourceAlgorithm"; +const CLEAR_PROPS$m = [ + HASH_ALGORITHM$2, + MASK_GEN_ALGORITHM, + P_SOURCE_ALGORITHM +]; +class RSAESOAEPParams extends PkiObject { + constructor(parameters = {}) { + super(); + this.hashAlgorithm = getParametersValue(parameters, HASH_ALGORITHM$2, RSAESOAEPParams.defaultValues(HASH_ALGORITHM$2)); + this.maskGenAlgorithm = getParametersValue(parameters, MASK_GEN_ALGORITHM, RSAESOAEPParams.defaultValues(MASK_GEN_ALGORITHM)); + this.pSourceAlgorithm = getParametersValue(parameters, P_SOURCE_ALGORITHM, RSAESOAEPParams.defaultValues(P_SOURCE_ALGORITHM)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case HASH_ALGORITHM$2: + return new AlgorithmIdentifier({ + algorithmId: "1.3.14.3.2.26", + algorithmParams: new Null() + }); + case MASK_GEN_ALGORITHM: + return new AlgorithmIdentifier({ + algorithmId: "1.2.840.113549.1.1.8", + algorithmParams: (new AlgorithmIdentifier({ + algorithmId: "1.3.14.3.2.26", + algorithmParams: new Null() + })).toSchema() + }); + case P_SOURCE_ALGORITHM: + return new AlgorithmIdentifier({ + algorithmId: "1.2.840.113549.1.1.9", + algorithmParams: new OctetString({ valueHex: (new Uint8Array([0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09])).buffer }) + }); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + optional: true, + value: [AlgorithmIdentifier.schema(names.hashAlgorithm || {})] + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + optional: true, + value: [AlgorithmIdentifier.schema(names.maskGenAlgorithm || {})] + }), + new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + optional: true, + value: [AlgorithmIdentifier.schema(names.pSourceAlgorithm || {})] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$m); + const asn1 = compareSchema(schema, schema, RSAESOAEPParams.schema({ + names: { + hashAlgorithm: { + names: { + blockName: HASH_ALGORITHM$2 + } + }, + maskGenAlgorithm: { + names: { + blockName: MASK_GEN_ALGORITHM + } + }, + pSourceAlgorithm: { + names: { + blockName: P_SOURCE_ALGORITHM + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + if (HASH_ALGORITHM$2 in asn1.result) + this.hashAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.hashAlgorithm }); + if (MASK_GEN_ALGORITHM in asn1.result) + this.maskGenAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.maskGenAlgorithm }); + if (P_SOURCE_ALGORITHM in asn1.result) + this.pSourceAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.pSourceAlgorithm }); + } + toSchema() { + const outputArray = []; + if (!this.hashAlgorithm.isEqual(RSAESOAEPParams.defaultValues(HASH_ALGORITHM$2))) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [this.hashAlgorithm.toSchema()] + })); + } + if (!this.maskGenAlgorithm.isEqual(RSAESOAEPParams.defaultValues(MASK_GEN_ALGORITHM))) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [this.maskGenAlgorithm.toSchema()] + })); + } + if (!this.pSourceAlgorithm.isEqual(RSAESOAEPParams.defaultValues(P_SOURCE_ALGORITHM))) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: [this.pSourceAlgorithm.toSchema()] + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = {}; + if (!this.hashAlgorithm.isEqual(RSAESOAEPParams.defaultValues(HASH_ALGORITHM$2))) { + res.hashAlgorithm = this.hashAlgorithm.toJSON(); + } + if (!this.maskGenAlgorithm.isEqual(RSAESOAEPParams.defaultValues(MASK_GEN_ALGORITHM))) { + res.maskGenAlgorithm = this.maskGenAlgorithm.toJSON(); + } + if (!this.pSourceAlgorithm.isEqual(RSAESOAEPParams.defaultValues(P_SOURCE_ALGORITHM))) { + res.pSourceAlgorithm = this.pSourceAlgorithm.toJSON(); + } + return res; + } +} +RSAESOAEPParams.CLASS_NAME = "RSAESOAEPParams"; + +const KEY_INFO = "keyInfo"; +const ENTITY_U_INFO = "entityUInfo"; +const SUPP_PUB_INFO = "suppPubInfo"; +const CLEAR_PROPS$l = [ + KEY_INFO, + ENTITY_U_INFO, + SUPP_PUB_INFO +]; +class ECCCMSSharedInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.keyInfo = getParametersValue(parameters, KEY_INFO, ECCCMSSharedInfo.defaultValues(KEY_INFO)); + if (ENTITY_U_INFO in parameters) { + this.entityUInfo = getParametersValue(parameters, ENTITY_U_INFO, ECCCMSSharedInfo.defaultValues(ENTITY_U_INFO)); + } + this.suppPubInfo = getParametersValue(parameters, SUPP_PUB_INFO, ECCCMSSharedInfo.defaultValues(SUPP_PUB_INFO)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case KEY_INFO: + return new AlgorithmIdentifier(); + case ENTITY_U_INFO: + return new OctetString(); + case SUPP_PUB_INFO: + return new OctetString(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case KEY_INFO: + case ENTITY_U_INFO: + case SUPP_PUB_INFO: + return (memberValue.isEqual(ECCCMSSharedInfo.defaultValues(memberName))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + AlgorithmIdentifier.schema(names.keyInfo || {}), + new Constructed({ + name: (names.entityUInfo || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + optional: true, + value: [new OctetString()] + }), + new Constructed({ + name: (names.suppPubInfo || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: [new OctetString()] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$l); + const asn1 = compareSchema(schema, schema, ECCCMSSharedInfo.schema({ + names: { + keyInfo: { + names: { + blockName: KEY_INFO + } + }, + entityUInfo: ENTITY_U_INFO, + suppPubInfo: SUPP_PUB_INFO + } + })); + AsnError.assertSchema(asn1, this.className); + this.keyInfo = new AlgorithmIdentifier({ schema: asn1.result.keyInfo }); + if (ENTITY_U_INFO in asn1.result) + this.entityUInfo = asn1.result.entityUInfo.valueBlock.value[0]; + this.suppPubInfo = asn1.result.suppPubInfo.valueBlock.value[0]; + } + toSchema() { + const outputArray = []; + outputArray.push(this.keyInfo.toSchema()); + if (this.entityUInfo) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [this.entityUInfo] + })); + } + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: [this.suppPubInfo] + })); + return new Sequence({ + value: outputArray + }); + } + toJSON() { + const res = { + keyInfo: this.keyInfo.toJSON(), + suppPubInfo: this.suppPubInfo.toJSON(), + }; + if (this.entityUInfo) { + res.entityUInfo = this.entityUInfo.toJSON(); + } + return res; + } +} +ECCCMSSharedInfo.CLASS_NAME = "ECCCMSSharedInfo"; + +const VERSION$8 = "version"; +const ORIGINATOR_INFO = "originatorInfo"; +const RECIPIENT_INFOS = "recipientInfos"; +const ENCRYPTED_CONTENT_INFO = "encryptedContentInfo"; +const UNPROTECTED_ATTRS = "unprotectedAttrs"; +const CLEAR_PROPS$k = [ + VERSION$8, + ORIGINATOR_INFO, + RECIPIENT_INFOS, + ENCRYPTED_CONTENT_INFO, + UNPROTECTED_ATTRS +]; +const defaultEncryptionParams = { + kdfAlgorithm: "SHA-512", + kekEncryptionLength: 256 +}; +const curveLengthByName = { + "P-256": 256, + "P-384": 384, + "P-521": 528 +}; +class EnvelopedData extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$8, EnvelopedData.defaultValues(VERSION$8)); + if (ORIGINATOR_INFO in parameters) { + this.originatorInfo = getParametersValue(parameters, ORIGINATOR_INFO, EnvelopedData.defaultValues(ORIGINATOR_INFO)); + } + this.recipientInfos = getParametersValue(parameters, RECIPIENT_INFOS, EnvelopedData.defaultValues(RECIPIENT_INFOS)); + this.encryptedContentInfo = getParametersValue(parameters, ENCRYPTED_CONTENT_INFO, EnvelopedData.defaultValues(ENCRYPTED_CONTENT_INFO)); + if (UNPROTECTED_ATTRS in parameters) { + this.unprotectedAttrs = getParametersValue(parameters, UNPROTECTED_ATTRS, EnvelopedData.defaultValues(UNPROTECTED_ATTRS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$8: + return 0; + case ORIGINATOR_INFO: + return new OriginatorInfo(); + case RECIPIENT_INFOS: + return []; + case ENCRYPTED_CONTENT_INFO: + return new EncryptedContentInfo(); + case UNPROTECTED_ATTRS: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VERSION$8: + return (memberValue === EnvelopedData.defaultValues(memberName)); + case ORIGINATOR_INFO: + return ((memberValue.certs.certificates.length === 0) && (memberValue.crls.crls.length === 0)); + case RECIPIENT_INFOS: + case UNPROTECTED_ATTRS: + return (memberValue.length === 0); + case ENCRYPTED_CONTENT_INFO: + return ((EncryptedContentInfo.compareWithDefault("contentType", memberValue.contentType)) && + (EncryptedContentInfo.compareWithDefault("contentEncryptionAlgorithm", memberValue.contentEncryptionAlgorithm) && + (EncryptedContentInfo.compareWithDefault("encryptedContent", memberValue.encryptedContent)))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.version || EMPTY_STRING) }), + new Constructed({ + name: (names.originatorInfo || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: OriginatorInfo.schema().valueBlock.value + }), + new Set({ + value: [ + new Repeated({ + name: (names.recipientInfos || EMPTY_STRING), + value: RecipientInfo.schema() + }) + ] + }), + EncryptedContentInfo.schema(names.encryptedContentInfo || {}), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [ + new Repeated({ + name: (names.unprotectedAttrs || EMPTY_STRING), + value: Attribute.schema() + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$k); + const asn1 = compareSchema(schema, schema, EnvelopedData.schema({ + names: { + version: VERSION$8, + originatorInfo: ORIGINATOR_INFO, + recipientInfos: RECIPIENT_INFOS, + encryptedContentInfo: { + names: { + blockName: ENCRYPTED_CONTENT_INFO + } + }, + unprotectedAttrs: UNPROTECTED_ATTRS + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + if (ORIGINATOR_INFO in asn1.result) { + this.originatorInfo = new OriginatorInfo({ + schema: new Sequence({ + value: asn1.result.originatorInfo.valueBlock.value + }) + }); + } + this.recipientInfos = Array.from(asn1.result.recipientInfos, o => new RecipientInfo({ schema: o })); + this.encryptedContentInfo = new EncryptedContentInfo({ schema: asn1.result.encryptedContentInfo }); + if (UNPROTECTED_ATTRS in asn1.result) + this.unprotectedAttrs = Array.from(asn1.result.unprotectedAttrs, o => new Attribute({ schema: o })); + } + toSchema() { + const outputArray = []; + outputArray.push(new Integer({ value: this.version })); + if (this.originatorInfo) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: this.originatorInfo.toSchema().valueBlock.value + })); + } + outputArray.push(new Set({ + value: Array.from(this.recipientInfos, o => o.toSchema()) + })); + outputArray.push(this.encryptedContentInfo.toSchema()); + if (this.unprotectedAttrs) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: Array.from(this.unprotectedAttrs, o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + version: this.version, + recipientInfos: Array.from(this.recipientInfos, o => o.toJSON()), + encryptedContentInfo: this.encryptedContentInfo.toJSON(), + }; + if (this.originatorInfo) + res.originatorInfo = this.originatorInfo.toJSON(); + if (this.unprotectedAttrs) + res.unprotectedAttrs = Array.from(this.unprotectedAttrs, o => o.toJSON()); + return res; + } + addRecipientByCertificate(certificate, parameters, variant, crypto = getCrypto(true)) { + const encryptionParameters = Object.assign({ useOAEP: true, oaepHashAlgorithm: "SHA-512" }, defaultEncryptionParams, parameters || {}); + if (certificate.subjectPublicKeyInfo.algorithm.algorithmId.indexOf("1.2.840.113549") !== (-1)) + variant = 1; + else { + if (certificate.subjectPublicKeyInfo.algorithm.algorithmId.indexOf("1.2.840.10045") !== (-1)) + variant = 2; + else + throw new Error(`Unknown type of certificate's public key: ${certificate.subjectPublicKeyInfo.algorithm.algorithmId}`); + } + switch (variant) { + case 1: + { + let algorithmId; + let algorithmParams; + if (encryptionParameters.useOAEP === true) { + algorithmId = crypto.getOIDByAlgorithm({ + name: "RSA-OAEP" + }, true, "keyEncryptionAlgorithm"); + const hashOID = crypto.getOIDByAlgorithm({ + name: encryptionParameters.oaepHashAlgorithm + }, true, "RSAES-OAEP-params"); + const hashAlgorithm = new AlgorithmIdentifier({ + algorithmId: hashOID, + algorithmParams: new Null() + }); + const rsaOAEPParams = new RSAESOAEPParams({ + hashAlgorithm, + maskGenAlgorithm: new AlgorithmIdentifier({ + algorithmId: "1.2.840.113549.1.1.8", + algorithmParams: hashAlgorithm.toSchema() + }) + }); + algorithmParams = rsaOAEPParams.toSchema(); + } + else { + algorithmId = crypto.getOIDByAlgorithm({ + name: "RSAES-PKCS1-v1_5" + }); + if (algorithmId === EMPTY_STRING) + throw new Error("Can not find OID for RSAES-PKCS1-v1_5"); + algorithmParams = new Null(); + } + const keyInfo = new KeyTransRecipientInfo({ + version: 0, + rid: new IssuerAndSerialNumber({ + issuer: certificate.issuer, + serialNumber: certificate.serialNumber + }), + keyEncryptionAlgorithm: new AlgorithmIdentifier({ + algorithmId, + algorithmParams + }), + recipientCertificate: certificate, + }); + this.recipientInfos.push(new RecipientInfo({ + variant: 1, + value: keyInfo + })); + } + break; + case 2: + { + const recipientIdentifier = new KeyAgreeRecipientIdentifier({ + variant: 1, + value: new IssuerAndSerialNumber({ + issuer: certificate.issuer, + serialNumber: certificate.serialNumber + }) + }); + this._addKeyAgreeRecipientInfo(recipientIdentifier, encryptionParameters, { recipientCertificate: certificate }, crypto); + } + break; + default: + throw new Error(`Unknown "variant" value: ${variant}`); + } + return true; + } + addRecipientByPreDefinedData(preDefinedData, parameters = {}, variant, crypto = getCrypto(true)) { + ArgumentError.assert(preDefinedData, "preDefinedData", "ArrayBuffer"); + if (!preDefinedData.byteLength) { + throw new Error("Pre-defined data could have zero length"); + } + if (!parameters.keyIdentifier) { + const keyIdentifierBuffer = new ArrayBuffer(16); + const keyIdentifierView = new Uint8Array(keyIdentifierBuffer); + crypto.getRandomValues(keyIdentifierView); + parameters.keyIdentifier = keyIdentifierBuffer; + } + if (!parameters.hmacHashAlgorithm) + parameters.hmacHashAlgorithm = "SHA-512"; + if (parameters.iterationCount === undefined) { + parameters.iterationCount = 2048; + } + if (!parameters.keyEncryptionAlgorithm) { + parameters.keyEncryptionAlgorithm = { + name: "AES-KW", + length: 256 + }; + } + if (!parameters.keyEncryptionAlgorithmParams) + parameters.keyEncryptionAlgorithmParams = new Null(); + switch (variant) { + case 1: + { + const kekOID = crypto.getOIDByAlgorithm(parameters.keyEncryptionAlgorithm, true, "keyEncryptionAlgorithm"); + const keyInfo = new KEKRecipientInfo({ + version: 4, + kekid: new KEKIdentifier({ + keyIdentifier: new OctetString({ valueHex: parameters.keyIdentifier }) + }), + keyEncryptionAlgorithm: new AlgorithmIdentifier({ + algorithmId: kekOID, + algorithmParams: parameters.keyEncryptionAlgorithmParams + }), + preDefinedKEK: preDefinedData + }); + this.recipientInfos.push(new RecipientInfo({ + variant: 3, + value: keyInfo + })); + } + break; + case 2: + { + const pbkdf2OID = crypto.getOIDByAlgorithm({ name: "PBKDF2" }, true, "keyDerivationAlgorithm"); + const saltBuffer = new ArrayBuffer(64); + const saltView = new Uint8Array(saltBuffer); + crypto.getRandomValues(saltView); + const hmacOID = crypto.getOIDByAlgorithm({ + name: "HMAC", + hash: { + name: parameters.hmacHashAlgorithm + } + }, true, "hmacHashAlgorithm"); + const pbkdf2Params = new PBKDF2Params({ + salt: new OctetString({ valueHex: saltBuffer }), + iterationCount: parameters.iterationCount, + prf: new AlgorithmIdentifier({ + algorithmId: hmacOID, + algorithmParams: new Null() + }) + }); + const kekOID = crypto.getOIDByAlgorithm(parameters.keyEncryptionAlgorithm, true, "keyEncryptionAlgorithm"); + const keyInfo = new PasswordRecipientinfo({ + version: 0, + keyDerivationAlgorithm: new AlgorithmIdentifier({ + algorithmId: pbkdf2OID, + algorithmParams: pbkdf2Params.toSchema() + }), + keyEncryptionAlgorithm: new AlgorithmIdentifier({ + algorithmId: kekOID, + algorithmParams: parameters.keyEncryptionAlgorithmParams + }), + password: preDefinedData + }); + this.recipientInfos.push(new RecipientInfo({ + variant: 4, + value: keyInfo + })); + } + break; + default: + throw new Error(`Unknown value for "variant": ${variant}`); + } + } + addRecipientByKeyIdentifier(key, keyId, parameters, crypto = getCrypto(true)) { + const encryptionParameters = Object.assign({}, defaultEncryptionParams, parameters || {}); + const recipientIdentifier = new KeyAgreeRecipientIdentifier({ + variant: 2, + value: new RecipientKeyIdentifier({ + subjectKeyIdentifier: new OctetString({ valueHex: keyId }), + }) + }); + this._addKeyAgreeRecipientInfo(recipientIdentifier, encryptionParameters, { recipientPublicKey: key }, crypto); + } + _addKeyAgreeRecipientInfo(recipientIdentifier, encryptionParameters, extraRecipientInfoParams, crypto = getCrypto(true)) { + const encryptedKey = new RecipientEncryptedKey({ + rid: recipientIdentifier + }); + const aesKWoid = crypto.getOIDByAlgorithm({ + name: "AES-KW", + length: encryptionParameters.kekEncryptionLength + }, true, "keyEncryptionAlgorithm"); + const aesKW = new AlgorithmIdentifier({ + algorithmId: aesKWoid, + }); + const ecdhOID = crypto.getOIDByAlgorithm({ + name: "ECDH", + kdf: encryptionParameters.kdfAlgorithm + }, true, "KeyAgreeRecipientInfo"); + const ukmBuffer = new ArrayBuffer(64); + const ukmView = new Uint8Array(ukmBuffer); + crypto.getRandomValues(ukmView); + const recipientInfoParams = { + version: 3, + ukm: new OctetString({ valueHex: ukmBuffer }), + keyEncryptionAlgorithm: new AlgorithmIdentifier({ + algorithmId: ecdhOID, + algorithmParams: aesKW.toSchema() + }), + recipientEncryptedKeys: new RecipientEncryptedKeys({ + encryptedKeys: [encryptedKey] + }) + }; + const keyInfo = new KeyAgreeRecipientInfo(Object.assign(recipientInfoParams, extraRecipientInfoParams)); + this.recipientInfos.push(new RecipientInfo({ + variant: 2, + value: keyInfo + })); + } + encrypt(contentEncryptionAlgorithm, contentToEncrypt, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + const ivBuffer = new ArrayBuffer(16); + const ivView = new Uint8Array(ivBuffer); + crypto.getRandomValues(ivView); + const contentView = new Uint8Array(contentToEncrypt); + const contentEncryptionOID = crypto.getOIDByAlgorithm(contentEncryptionAlgorithm, true, "contentEncryptionAlgorithm"); + const sessionKey = yield crypto.generateKey(contentEncryptionAlgorithm, true, ["encrypt"]); + const encryptedContent = yield crypto.encrypt({ + name: contentEncryptionAlgorithm.name, + iv: ivView + }, sessionKey, contentView); + const exportedSessionKey = yield crypto.exportKey("raw", sessionKey); + this.version = 2; + this.encryptedContentInfo = new EncryptedContentInfo({ + contentType: "1.2.840.113549.1.7.1", + contentEncryptionAlgorithm: new AlgorithmIdentifier({ + algorithmId: contentEncryptionOID, + algorithmParams: new OctetString({ valueHex: ivBuffer }) + }), + encryptedContent: new OctetString({ valueHex: encryptedContent }) + }); + const SubKeyAgreeRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () { + const recipientInfo = this.recipientInfos[index].value; + let recipientCurve; + let recipientPublicKey; + if (recipientInfo.recipientPublicKey) { + recipientCurve = recipientInfo.recipientPublicKey.algorithm.namedCurve; + recipientPublicKey = recipientInfo.recipientPublicKey; + } + else if (recipientInfo.recipientCertificate) { + const curveObject = recipientInfo.recipientCertificate.subjectPublicKeyInfo.algorithm.algorithmParams; + if (curveObject.constructor.blockName() !== ObjectIdentifier.blockName()) + throw new Error(`Incorrect "recipientCertificate" for index ${index}`); + const curveOID = curveObject.valueBlock.toString(); + switch (curveOID) { + case "1.2.840.10045.3.1.7": + recipientCurve = "P-256"; + break; + case "1.3.132.0.34": + recipientCurve = "P-384"; + break; + case "1.3.132.0.35": + recipientCurve = "P-521"; + break; + default: + throw new Error(`Incorrect curve OID for index ${index}`); + } + recipientPublicKey = yield recipientInfo.recipientCertificate.getPublicKey({ + algorithm: { + algorithm: { + name: "ECDH", + namedCurve: recipientCurve + }, + usages: [] + } + }, crypto); + } + else { + throw new Error("Unsupported RecipientInfo"); + } + const recipientCurveLength = curveLengthByName[recipientCurve]; + const ecdhKeys = yield crypto.generateKey({ name: "ECDH", namedCurve: recipientCurve }, true, ["deriveBits"]); + const exportedECDHPublicKey = yield crypto.exportKey("spki", ecdhKeys.publicKey); + const derivedBits = yield crypto.deriveBits({ + name: "ECDH", + public: recipientPublicKey + }, ecdhKeys.privateKey, recipientCurveLength); + const aesKWAlgorithm = new AlgorithmIdentifier({ schema: recipientInfo.keyEncryptionAlgorithm.algorithmParams }); + const kwAlgorithm = crypto.getAlgorithmByOID(aesKWAlgorithm.algorithmId, true, "aesKWAlgorithm"); + let kwLength = kwAlgorithm.length; + const kwLengthBuffer = new ArrayBuffer(4); + const kwLengthView = new Uint8Array(kwLengthBuffer); + for (let j = 3; j >= 0; j--) { + kwLengthView[j] = kwLength; + kwLength >>= 8; + } + const eccInfo = new ECCCMSSharedInfo({ + keyInfo: new AlgorithmIdentifier({ + algorithmId: aesKWAlgorithm.algorithmId + }), + entityUInfo: recipientInfo.ukm, + suppPubInfo: new OctetString({ valueHex: kwLengthBuffer }) + }); + const encodedInfo = eccInfo.toSchema().toBER(false); + const ecdhAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "ecdhAlgorithm"); + const derivedKeyRaw = yield kdf(ecdhAlgorithm.kdf, derivedBits, kwAlgorithm.length, encodedInfo, crypto); + const awsKW = yield crypto.importKey("raw", derivedKeyRaw, { name: "AES-KW" }, true, ["wrapKey"]); + const wrappedKey = yield crypto.wrapKey("raw", sessionKey, awsKW, { name: "AES-KW" }); + const originator = new OriginatorIdentifierOrKey(); + originator.variant = 3; + originator.value = OriginatorPublicKey.fromBER(exportedECDHPublicKey); + recipientInfo.originator = originator; + recipientInfo.recipientEncryptedKeys.encryptedKeys[0].encryptedKey = new OctetString({ valueHex: wrappedKey }); + return { ecdhPrivateKey: ecdhKeys.privateKey }; + }); + const SubKeyTransRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () { + const recipientInfo = this.recipientInfos[index].value; + const algorithmParameters = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "keyEncryptionAlgorithm"); + if (algorithmParameters.name === "RSA-OAEP") { + const schema = recipientInfo.keyEncryptionAlgorithm.algorithmParams; + const rsaOAEPParams = new RSAESOAEPParams({ schema }); + algorithmParameters.hash = crypto.getAlgorithmByOID(rsaOAEPParams.hashAlgorithm.algorithmId); + if (("name" in algorithmParameters.hash) === false) + throw new Error(`Incorrect OID for hash algorithm: ${rsaOAEPParams.hashAlgorithm.algorithmId}`); + } + try { + const publicKey = yield recipientInfo.recipientCertificate.getPublicKey({ + algorithm: { + algorithm: algorithmParameters, + usages: ["encrypt", "wrapKey"] + } + }, crypto); + const encryptedKey = yield crypto.encrypt(publicKey.algorithm, publicKey, exportedSessionKey); + recipientInfo.encryptedKey = new OctetString({ valueHex: encryptedKey }); + } + catch (_a) { + } + }); + const SubKEKRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () { + const recipientInfo = this.recipientInfos[index].value; + const kekAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "kekAlgorithm"); + const kekKey = yield crypto.importKey("raw", new Uint8Array(recipientInfo.preDefinedKEK), kekAlgorithm, true, ["wrapKey"]); + const wrappedKey = yield crypto.wrapKey("raw", sessionKey, kekKey, kekAlgorithm); + recipientInfo.encryptedKey = new OctetString({ valueHex: wrappedKey }); + }); + const SubPasswordRecipientinfo = (index) => __awaiter(this, void 0, void 0, function* () { + const recipientInfo = this.recipientInfos[index].value; + let pbkdf2Params; + if (!recipientInfo.keyDerivationAlgorithm) + throw new Error("Please append encoded \"keyDerivationAlgorithm\""); + if (!recipientInfo.keyDerivationAlgorithm.algorithmParams) + throw new Error("Incorrectly encoded \"keyDerivationAlgorithm\""); + try { + pbkdf2Params = new PBKDF2Params({ schema: recipientInfo.keyDerivationAlgorithm.algorithmParams }); + } + catch (ex) { + throw new Error("Incorrectly encoded \"keyDerivationAlgorithm\""); + } + const passwordView = new Uint8Array(recipientInfo.password); + const derivationKey = yield crypto.importKey("raw", passwordView, "PBKDF2", false, ["deriveKey"]); + const kekAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "kekAlgorithm"); + let hmacHashAlgorithm = "SHA-1"; + if (pbkdf2Params.prf) { + const prfAlgorithm = crypto.getAlgorithmByOID(pbkdf2Params.prf.algorithmId, true, "prfAlgorithm"); + hmacHashAlgorithm = prfAlgorithm.hash.name; + } + const saltView = new Uint8Array(pbkdf2Params.salt.valueBlock.valueHex); + const iterations = pbkdf2Params.iterationCount; + const derivedKey = yield crypto.deriveKey({ + name: "PBKDF2", + hash: { + name: hmacHashAlgorithm + }, + salt: saltView, + iterations + }, derivationKey, kekAlgorithm, true, ["wrapKey"]); + const wrappedKey = yield crypto.wrapKey("raw", sessionKey, derivedKey, kekAlgorithm); + recipientInfo.encryptedKey = new OctetString({ valueHex: wrappedKey }); + }); + const res = []; + for (let i = 0; i < this.recipientInfos.length; i++) { + switch (this.recipientInfos[i].variant) { + case 1: + res.push(yield SubKeyTransRecipientInfo(i)); + break; + case 2: + res.push(yield SubKeyAgreeRecipientInfo(i)); + break; + case 3: + res.push(yield SubKEKRecipientInfo(i)); + break; + case 4: + res.push(yield SubPasswordRecipientinfo(i)); + break; + default: + throw new Error(`Unknown recipient type in array with index ${i}`); + } + } + return res; + }); + } + decrypt(recipientIndex, parameters, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + const decryptionParameters = parameters || {}; + if ((recipientIndex + 1) > this.recipientInfos.length) { + throw new Error(`Maximum value for "index" is: ${this.recipientInfos.length - 1}`); + } + const SubKeyAgreeRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () { + const recipientInfo = this.recipientInfos[index].value; + let curveOID; + let recipientCurve; + let recipientCurveLength; + const originator = recipientInfo.originator; + if (decryptionParameters.recipientCertificate) { + const curveObject = decryptionParameters.recipientCertificate.subjectPublicKeyInfo.algorithm.algorithmParams; + if (curveObject.constructor.blockName() !== ObjectIdentifier.blockName()) { + throw new Error(`Incorrect "recipientCertificate" for index ${index}`); + } + curveOID = curveObject.valueBlock.toString(); + } + else if (originator.value.algorithm.algorithmParams) { + const curveObject = originator.value.algorithm.algorithmParams; + if (curveObject.constructor.blockName() !== ObjectIdentifier.blockName()) { + throw new Error(`Incorrect originator for index ${index}`); + } + curveOID = curveObject.valueBlock.toString(); + } + else { + throw new Error("Parameter \"recipientCertificate\" is mandatory for \"KeyAgreeRecipientInfo\" if algorithm params are missing from originator"); + } + if (!decryptionParameters.recipientPrivateKey) + throw new Error("Parameter \"recipientPrivateKey\" is mandatory for \"KeyAgreeRecipientInfo\""); + switch (curveOID) { + case "1.2.840.10045.3.1.7": + recipientCurve = "P-256"; + recipientCurveLength = 256; + break; + case "1.3.132.0.34": + recipientCurve = "P-384"; + recipientCurveLength = 384; + break; + case "1.3.132.0.35": + recipientCurve = "P-521"; + recipientCurveLength = 528; + break; + default: + throw new Error(`Incorrect curve OID for index ${index}`); + } + const ecdhPrivateKey = yield crypto.importKey("pkcs8", decryptionParameters.recipientPrivateKey, { + name: "ECDH", + namedCurve: recipientCurve + }, true, ["deriveBits"]); + if (("algorithmParams" in originator.value.algorithm) === false) + originator.value.algorithm.algorithmParams = new ObjectIdentifier({ value: curveOID }); + const buffer = originator.value.toSchema().toBER(false); + const ecdhPublicKey = yield crypto.importKey("spki", buffer, { + name: "ECDH", + namedCurve: recipientCurve + }, true, []); + const sharedSecret = yield crypto.deriveBits({ + name: "ECDH", + public: ecdhPublicKey + }, ecdhPrivateKey, recipientCurveLength); + function applyKDF(includeAlgorithmParams) { + return __awaiter(this, void 0, void 0, function* () { + includeAlgorithmParams = includeAlgorithmParams || false; + const aesKWAlgorithm = new AlgorithmIdentifier({ schema: recipientInfo.keyEncryptionAlgorithm.algorithmParams }); + const kwAlgorithm = crypto.getAlgorithmByOID(aesKWAlgorithm.algorithmId, true, "kwAlgorithm"); + let kwLength = kwAlgorithm.length; + const kwLengthBuffer = new ArrayBuffer(4); + const kwLengthView = new Uint8Array(kwLengthBuffer); + for (let j = 3; j >= 0; j--) { + kwLengthView[j] = kwLength; + kwLength >>= 8; + } + const keyInfoAlgorithm = { + algorithmId: aesKWAlgorithm.algorithmId + }; + if (includeAlgorithmParams) { + keyInfoAlgorithm.algorithmParams = new Null(); + } + const eccInfo = new ECCCMSSharedInfo({ + keyInfo: new AlgorithmIdentifier(keyInfoAlgorithm), + entityUInfo: recipientInfo.ukm, + suppPubInfo: new OctetString({ valueHex: kwLengthBuffer }) + }); + const encodedInfo = eccInfo.toSchema().toBER(false); + const ecdhAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "ecdhAlgorithm"); + if (!ecdhAlgorithm.name) { + throw new Error(`Incorrect OID for key encryption algorithm: ${recipientInfo.keyEncryptionAlgorithm.algorithmId}`); + } + return kdf(ecdhAlgorithm.kdf, sharedSecret, kwAlgorithm.length, encodedInfo, crypto); + }); + } + const kdfResult = yield applyKDF(); + const importAesKwKey = (kdfResult) => __awaiter(this, void 0, void 0, function* () { + return crypto.importKey("raw", kdfResult, { name: "AES-KW" }, true, ["unwrapKey"]); + }); + const aesKwKey = yield importAesKwKey(kdfResult); + const unwrapSessionKey = (aesKwKey) => __awaiter(this, void 0, void 0, function* () { + const algorithmId = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId; + const contentEncryptionAlgorithm = crypto.getAlgorithmByOID(algorithmId, true, "contentEncryptionAlgorithm"); + return crypto.unwrapKey("raw", recipientInfo.recipientEncryptedKeys.encryptedKeys[0].encryptedKey.valueBlock.valueHexView, aesKwKey, { name: "AES-KW" }, contentEncryptionAlgorithm, true, ["decrypt"]); + }); + try { + return yield unwrapSessionKey(aesKwKey); + } + catch (_a) { + const kdfResult = yield applyKDF(true); + const aesKwKey = yield importAesKwKey(kdfResult); + return unwrapSessionKey(aesKwKey); + } + }); + const SubKeyTransRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () { + const recipientInfo = this.recipientInfos[index].value; + if (!decryptionParameters.recipientPrivateKey) { + throw new Error("Parameter \"recipientPrivateKey\" is mandatory for \"KeyTransRecipientInfo\""); + } + const algorithmParameters = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "keyEncryptionAlgorithm"); + if (algorithmParameters.name === "RSA-OAEP") { + const schema = recipientInfo.keyEncryptionAlgorithm.algorithmParams; + const rsaOAEPParams = new RSAESOAEPParams({ schema }); + algorithmParameters.hash = crypto.getAlgorithmByOID(rsaOAEPParams.hashAlgorithm.algorithmId); + if (("name" in algorithmParameters.hash) === false) + throw new Error(`Incorrect OID for hash algorithm: ${rsaOAEPParams.hashAlgorithm.algorithmId}`); + } + const privateKey = yield crypto.importKey("pkcs8", decryptionParameters.recipientPrivateKey, algorithmParameters, true, ["decrypt"]); + const sessionKey = yield crypto.decrypt(privateKey.algorithm, privateKey, recipientInfo.encryptedKey.valueBlock.valueHexView); + const algorithmId = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId; + const contentEncryptionAlgorithm = crypto.getAlgorithmByOID(algorithmId, true, "contentEncryptionAlgorithm"); + if (("name" in contentEncryptionAlgorithm) === false) + throw new Error(`Incorrect "contentEncryptionAlgorithm": ${algorithmId}`); + return crypto.importKey("raw", sessionKey, contentEncryptionAlgorithm, true, ["decrypt"]); + }); + const SubKEKRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () { + const recipientInfo = this.recipientInfos[index].value; + if (!decryptionParameters.preDefinedData) + throw new Error("Parameter \"preDefinedData\" is mandatory for \"KEKRecipientInfo\""); + const kekAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "kekAlgorithm"); + const importedKey = yield crypto.importKey("raw", decryptionParameters.preDefinedData, kekAlgorithm, true, ["unwrapKey"]); + const algorithmId = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId; + const contentEncryptionAlgorithm = crypto.getAlgorithmByOID(algorithmId, true, "contentEncryptionAlgorithm"); + if (!contentEncryptionAlgorithm.name) { + throw new Error(`Incorrect "contentEncryptionAlgorithm": ${algorithmId}`); + } + return crypto.unwrapKey("raw", recipientInfo.encryptedKey.valueBlock.valueHexView, importedKey, kekAlgorithm, contentEncryptionAlgorithm, true, ["decrypt"]); + }); + const SubPasswordRecipientinfo = (index) => __awaiter(this, void 0, void 0, function* () { + const recipientInfo = this.recipientInfos[index].value; + let pbkdf2Params; + if (!decryptionParameters.preDefinedData) { + throw new Error("Parameter \"preDefinedData\" is mandatory for \"KEKRecipientInfo\""); + } + if (!recipientInfo.keyDerivationAlgorithm) { + throw new Error("Please append encoded \"keyDerivationAlgorithm\""); + } + if (!recipientInfo.keyDerivationAlgorithm.algorithmParams) { + throw new Error("Incorrectly encoded \"keyDerivationAlgorithm\""); + } + try { + pbkdf2Params = new PBKDF2Params({ schema: recipientInfo.keyDerivationAlgorithm.algorithmParams }); + } + catch (ex) { + throw new Error("Incorrectly encoded \"keyDerivationAlgorithm\""); + } + const pbkdf2Key = yield crypto.importKey("raw", decryptionParameters.preDefinedData, "PBKDF2", false, ["deriveKey"]); + const kekAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "keyEncryptionAlgorithm"); + const hmacHashAlgorithm = pbkdf2Params.prf + ? crypto.getAlgorithmByOID(pbkdf2Params.prf.algorithmId, true, "prfAlgorithm").hash.name + : "SHA-1"; + const saltView = new Uint8Array(pbkdf2Params.salt.valueBlock.valueHex); + const iterations = pbkdf2Params.iterationCount; + const kekKey = yield crypto.deriveKey({ + name: "PBKDF2", + hash: { + name: hmacHashAlgorithm + }, + salt: saltView, + iterations + }, pbkdf2Key, kekAlgorithm, true, ["unwrapKey"]); + const algorithmId = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId; + const contentEncryptionAlgorithm = crypto.getAlgorithmByOID(algorithmId, true, "contentEncryptionAlgorithm"); + return crypto.unwrapKey("raw", recipientInfo.encryptedKey.valueBlock.valueHexView, kekKey, kekAlgorithm, contentEncryptionAlgorithm, true, ["decrypt"]); + }); + let unwrappedKey; + switch (this.recipientInfos[recipientIndex].variant) { + case 1: + unwrappedKey = yield SubKeyTransRecipientInfo(recipientIndex); + break; + case 2: + unwrappedKey = yield SubKeyAgreeRecipientInfo(recipientIndex); + break; + case 3: + unwrappedKey = yield SubKEKRecipientInfo(recipientIndex); + break; + case 4: + unwrappedKey = yield SubPasswordRecipientinfo(recipientIndex); + break; + default: + throw new Error(`Unknown recipient type in array with index ${recipientIndex}`); + } + const algorithmId = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId; + const contentEncryptionAlgorithm = crypto.getAlgorithmByOID(algorithmId, true, "contentEncryptionAlgorithm"); + const ivBuffer = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmParams.valueBlock.valueHex; + const ivView = new Uint8Array(ivBuffer); + if (!this.encryptedContentInfo.encryptedContent) { + throw new Error("Required property `encryptedContent` is empty"); + } + const dataBuffer = this.encryptedContentInfo.getEncryptedContent(); + return crypto.decrypt({ + name: contentEncryptionAlgorithm.name, + iv: ivView + }, unwrappedKey, dataBuffer); + }); + } +} +EnvelopedData.CLASS_NAME = "EnvelopedData"; + +const SAFE_CONTENTS = "safeContents"; +const PARSED_VALUE$1 = "parsedValue"; +const CONTENT_INFOS = "contentInfos"; +class AuthenticatedSafe extends PkiObject { + constructor(parameters = {}) { + super(); + this.safeContents = getParametersValue(parameters, SAFE_CONTENTS, AuthenticatedSafe.defaultValues(SAFE_CONTENTS)); + if (PARSED_VALUE$1 in parameters) { + this.parsedValue = getParametersValue(parameters, PARSED_VALUE$1, AuthenticatedSafe.defaultValues(PARSED_VALUE$1)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case SAFE_CONTENTS: + return []; + case PARSED_VALUE$1: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case SAFE_CONTENTS: + return (memberValue.length === 0); + case PARSED_VALUE$1: + return ((memberValue instanceof Object) && (Object.keys(memberValue).length === 0)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Repeated({ + name: (names.contentInfos || EMPTY_STRING), + value: ContentInfo.schema() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, [ + CONTENT_INFOS + ]); + const asn1 = compareSchema(schema, schema, AuthenticatedSafe.schema({ + names: { + contentInfos: CONTENT_INFOS + } + })); + AsnError.assertSchema(asn1, this.className); + this.safeContents = Array.from(asn1.result.contentInfos, element => new ContentInfo({ schema: element })); + } + toSchema() { + return (new Sequence({ + value: Array.from(this.safeContents, o => o.toSchema()) + })); + } + toJSON() { + return { + safeContents: Array.from(this.safeContents, o => o.toJSON()) + }; + } + parseInternalValues(parameters, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + ParameterError.assert(parameters, SAFE_CONTENTS); + ArgumentError.assert(parameters.safeContents, SAFE_CONTENTS, "Array"); + if (parameters.safeContents.length !== this.safeContents.length) { + throw new ArgumentError("Length of \"parameters.safeContents\" must be equal to \"this.safeContents.length\""); + } + this.parsedValue = { + safeContents: [], + }; + for (const [index, content] of this.safeContents.entries()) { + const safeContent = parameters.safeContents[index]; + const errorTarget = `parameters.safeContents[${index}]`; + switch (content.contentType) { + case id_ContentType_Data: + { + ArgumentError.assert(content.content, "this.safeContents[j].content", OctetString); + const authSafeContent = content.content.getValue(); + this.parsedValue.safeContents.push({ + privacyMode: 0, + value: SafeContents.fromBER(authSafeContent) + }); + } + break; + case id_ContentType_EnvelopedData: + { + const cmsEnveloped = new EnvelopedData({ schema: content.content }); + ParameterError.assert(errorTarget, safeContent, "recipientCertificate", "recipientKey"); + const envelopedData = safeContent; + const recipientCertificate = envelopedData.recipientCertificate; + const recipientKey = envelopedData.recipientKey; + const decrypted = yield cmsEnveloped.decrypt(0, { + recipientCertificate, + recipientPrivateKey: recipientKey + }, crypto); + this.parsedValue.safeContents.push({ + privacyMode: 2, + value: SafeContents.fromBER(decrypted), + }); + } + break; + case id_ContentType_EncryptedData: + { + const cmsEncrypted = new EncryptedData({ schema: content.content }); + ParameterError.assert(errorTarget, safeContent, "password"); + const password = safeContent.password; + const decrypted = yield cmsEncrypted.decrypt({ + password + }, crypto); + this.parsedValue.safeContents.push({ + privacyMode: 1, + value: SafeContents.fromBER(decrypted), + }); + } + break; + default: + throw new Error(`Unknown "contentType" for AuthenticatedSafe: " ${content.contentType}`); + } + } + }); + } + makeInternalValues(parameters, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + if (!(this.parsedValue)) { + throw new Error("Please run \"parseValues\" first or add \"parsedValue\" manually"); + } + ArgumentError.assert(this.parsedValue, "this.parsedValue", "object"); + ArgumentError.assert(this.parsedValue.safeContents, "this.parsedValue.safeContents", "Array"); + ArgumentError.assert(parameters, "parameters", "object"); + ParameterError.assert(parameters, "safeContents"); + ArgumentError.assert(parameters.safeContents, "parameters.safeContents", "Array"); + if (parameters.safeContents.length !== this.parsedValue.safeContents.length) { + throw new ArgumentError("Length of \"parameters.safeContents\" must be equal to \"this.parsedValue.safeContents\""); + } + this.safeContents = []; + for (const [index, content] of this.parsedValue.safeContents.entries()) { + ParameterError.assert("content", content, "privacyMode", "value"); + ArgumentError.assert(content.value, "content.value", SafeContents); + switch (content.privacyMode) { + case 0: + { + const contentBuffer = content.value.toSchema().toBER(false); + this.safeContents.push(new ContentInfo({ + contentType: "1.2.840.113549.1.7.1", + content: new OctetString({ valueHex: contentBuffer }) + })); + } + break; + case 1: + { + const cmsEncrypted = new EncryptedData(); + const currentParameters = parameters.safeContents[index]; + currentParameters.contentToEncrypt = content.value.toSchema().toBER(false); + yield cmsEncrypted.encrypt(currentParameters); + this.safeContents.push(new ContentInfo({ + contentType: "1.2.840.113549.1.7.6", + content: cmsEncrypted.toSchema() + })); + } + break; + case 2: + { + const cmsEnveloped = new EnvelopedData(); + const contentToEncrypt = content.value.toSchema().toBER(false); + const safeContent = parameters.safeContents[index]; + ParameterError.assert(`parameters.safeContents[${index}]`, safeContent, "encryptingCertificate", "encryptionAlgorithm"); + switch (true) { + case (safeContent.encryptionAlgorithm.name.toLowerCase() === "aes-cbc"): + case (safeContent.encryptionAlgorithm.name.toLowerCase() === "aes-gcm"): + break; + default: + throw new Error(`Incorrect parameter "encryptionAlgorithm" in "parameters.safeContents[i]": ${safeContent.encryptionAlgorithm}`); + } + switch (true) { + case (safeContent.encryptionAlgorithm.length === 128): + case (safeContent.encryptionAlgorithm.length === 192): + case (safeContent.encryptionAlgorithm.length === 256): + break; + default: + throw new Error(`Incorrect parameter "encryptionAlgorithm.length" in "parameters.safeContents[i]": ${safeContent.encryptionAlgorithm.length}`); + } + const encryptionAlgorithm = safeContent.encryptionAlgorithm; + cmsEnveloped.addRecipientByCertificate(safeContent.encryptingCertificate, {}, undefined, crypto); + yield cmsEnveloped.encrypt(encryptionAlgorithm, contentToEncrypt, crypto); + this.safeContents.push(new ContentInfo({ + contentType: "1.2.840.113549.1.7.3", + content: cmsEnveloped.toSchema() + })); + } + break; + default: + throw new Error(`Incorrect value for "content.privacyMode": ${content.privacyMode}`); + } + } + return this; + }); + } +} +AuthenticatedSafe.CLASS_NAME = "AuthenticatedSafe"; + +const HASH_ALGORITHM$1 = "hashAlgorithm"; +const ISSUER_NAME_HASH = "issuerNameHash"; +const ISSUER_KEY_HASH = "issuerKeyHash"; +const SERIAL_NUMBER$1 = "serialNumber"; +const CLEAR_PROPS$j = [ + HASH_ALGORITHM$1, + ISSUER_NAME_HASH, + ISSUER_KEY_HASH, + SERIAL_NUMBER$1, +]; +class CertID extends PkiObject { + constructor(parameters = {}) { + super(); + this.hashAlgorithm = getParametersValue(parameters, HASH_ALGORITHM$1, CertID.defaultValues(HASH_ALGORITHM$1)); + this.issuerNameHash = getParametersValue(parameters, ISSUER_NAME_HASH, CertID.defaultValues(ISSUER_NAME_HASH)); + this.issuerKeyHash = getParametersValue(parameters, ISSUER_KEY_HASH, CertID.defaultValues(ISSUER_KEY_HASH)); + this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$1, CertID.defaultValues(SERIAL_NUMBER$1)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static create(certificate, parameters, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + const certID = new CertID(); + yield certID.createForCertificate(certificate, parameters, crypto); + return certID; + }); + } + static defaultValues(memberName) { + switch (memberName) { + case HASH_ALGORITHM$1: + return new AlgorithmIdentifier(); + case ISSUER_NAME_HASH: + case ISSUER_KEY_HASH: + return new OctetString(); + case SERIAL_NUMBER$1: + return new Integer(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case HASH_ALGORITHM$1: + return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false)); + case ISSUER_NAME_HASH: + case ISSUER_KEY_HASH: + case SERIAL_NUMBER$1: + return (memberValue.isEqual(CertID.defaultValues(SERIAL_NUMBER$1))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + AlgorithmIdentifier.schema(names.hashAlgorithmObject || { + names: { + blockName: (names.hashAlgorithm || EMPTY_STRING) + } + }), + new OctetString({ name: (names.issuerNameHash || EMPTY_STRING) }), + new OctetString({ name: (names.issuerKeyHash || EMPTY_STRING) }), + new Integer({ name: (names.serialNumber || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$j); + const asn1 = compareSchema(schema, schema, CertID.schema({ + names: { + hashAlgorithm: HASH_ALGORITHM$1, + issuerNameHash: ISSUER_NAME_HASH, + issuerKeyHash: ISSUER_KEY_HASH, + serialNumber: SERIAL_NUMBER$1 + } + })); + AsnError.assertSchema(asn1, this.className); + this.hashAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.hashAlgorithm }); + this.issuerNameHash = asn1.result.issuerNameHash; + this.issuerKeyHash = asn1.result.issuerKeyHash; + this.serialNumber = asn1.result.serialNumber; + } + toSchema() { + return (new Sequence({ + value: [ + this.hashAlgorithm.toSchema(), + this.issuerNameHash, + this.issuerKeyHash, + this.serialNumber + ] + })); + } + toJSON() { + return { + hashAlgorithm: this.hashAlgorithm.toJSON(), + issuerNameHash: this.issuerNameHash.toJSON(), + issuerKeyHash: this.issuerKeyHash.toJSON(), + serialNumber: this.serialNumber.toJSON(), + }; + } + isEqual(certificateID) { + if (this.hashAlgorithm.algorithmId !== certificateID.hashAlgorithm.algorithmId) { + return false; + } + if (!BufferSourceConverter.isEqual(this.issuerNameHash.valueBlock.valueHexView, certificateID.issuerNameHash.valueBlock.valueHexView)) { + return false; + } + if (!BufferSourceConverter.isEqual(this.issuerKeyHash.valueBlock.valueHexView, certificateID.issuerKeyHash.valueBlock.valueHexView)) { + return false; + } + if (!this.serialNumber.isEqual(certificateID.serialNumber)) { + return false; + } + return true; + } + createForCertificate(certificate, parameters, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + ParameterError.assert(parameters, HASH_ALGORITHM$1, "issuerCertificate"); + const hashOID = crypto.getOIDByAlgorithm({ name: parameters.hashAlgorithm }, true, "hashAlgorithm"); + this.hashAlgorithm = new AlgorithmIdentifier({ + algorithmId: hashOID, + algorithmParams: new Null() + }); + const issuerCertificate = parameters.issuerCertificate; + this.serialNumber = certificate.serialNumber; + const hashIssuerName = yield crypto.digest({ name: parameters.hashAlgorithm }, issuerCertificate.subject.toSchema().toBER(false)); + this.issuerNameHash = new OctetString({ valueHex: hashIssuerName }); + const issuerKeyBuffer = issuerCertificate.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHexView; + const hashIssuerKey = yield crypto.digest({ name: parameters.hashAlgorithm }, issuerKeyBuffer); + this.issuerKeyHash = new OctetString({ valueHex: hashIssuerKey }); + }); + } +} +CertID.CLASS_NAME = "CertID"; + +const CERT_ID = "certID"; +const CERT_STATUS = "certStatus"; +const THIS_UPDATE = "thisUpdate"; +const NEXT_UPDATE = "nextUpdate"; +const SINGLE_EXTENSIONS = "singleExtensions"; +const CLEAR_PROPS$i = [ + CERT_ID, + CERT_STATUS, + THIS_UPDATE, + NEXT_UPDATE, + SINGLE_EXTENSIONS, +]; +class SingleResponse extends PkiObject { + constructor(parameters = {}) { + super(); + this.certID = getParametersValue(parameters, CERT_ID, SingleResponse.defaultValues(CERT_ID)); + this.certStatus = getParametersValue(parameters, CERT_STATUS, SingleResponse.defaultValues(CERT_STATUS)); + this.thisUpdate = getParametersValue(parameters, THIS_UPDATE, SingleResponse.defaultValues(THIS_UPDATE)); + if (NEXT_UPDATE in parameters) { + this.nextUpdate = getParametersValue(parameters, NEXT_UPDATE, SingleResponse.defaultValues(NEXT_UPDATE)); + } + if (SINGLE_EXTENSIONS in parameters) { + this.singleExtensions = getParametersValue(parameters, SINGLE_EXTENSIONS, SingleResponse.defaultValues(SINGLE_EXTENSIONS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case CERT_ID: + return new CertID(); + case CERT_STATUS: + return {}; + case THIS_UPDATE: + case NEXT_UPDATE: + return new Date(0, 0, 0); + case SINGLE_EXTENSIONS: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case CERT_ID: + return ((CertID.compareWithDefault("hashAlgorithm", memberValue.hashAlgorithm)) && + (CertID.compareWithDefault("issuerNameHash", memberValue.issuerNameHash)) && + (CertID.compareWithDefault("issuerKeyHash", memberValue.issuerKeyHash)) && + (CertID.compareWithDefault("serialNumber", memberValue.serialNumber))); + case CERT_STATUS: + return (Object.keys(memberValue).length === 0); + case THIS_UPDATE: + case NEXT_UPDATE: + return (memberValue === SingleResponse.defaultValues(memberName)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + CertID.schema(names.certID || {}), + new Choice({ + value: [ + new Primitive({ + name: (names.certStatus || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + }), + new Constructed({ + name: (names.certStatus || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [ + new GeneralizedTime(), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Enumerated()] + }) + ] + }), + new Primitive({ + name: (names.certStatus || EMPTY_STRING), + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + lenBlock: { length: 1 } + }) + ] + }), + new GeneralizedTime({ name: (names.thisUpdate || EMPTY_STRING) }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new GeneralizedTime({ name: (names.nextUpdate || EMPTY_STRING) })] + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [Extensions.schema(names.singleExtensions || {})] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$i); + const asn1 = compareSchema(schema, schema, SingleResponse.schema({ + names: { + certID: { + names: { + blockName: CERT_ID + } + }, + certStatus: CERT_STATUS, + thisUpdate: THIS_UPDATE, + nextUpdate: NEXT_UPDATE, + singleExtensions: { + names: { + blockName: SINGLE_EXTENSIONS + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.certID = new CertID({ schema: asn1.result.certID }); + this.certStatus = asn1.result.certStatus; + this.thisUpdate = asn1.result.thisUpdate.toDate(); + if (NEXT_UPDATE in asn1.result) + this.nextUpdate = asn1.result.nextUpdate.toDate(); + if (SINGLE_EXTENSIONS in asn1.result) + this.singleExtensions = Array.from(asn1.result.singleExtensions.valueBlock.value, element => new Extension({ schema: element })); + } + toSchema() { + const outputArray = []; + outputArray.push(this.certID.toSchema()); + outputArray.push(this.certStatus); + outputArray.push(new GeneralizedTime({ valueDate: this.thisUpdate })); + if (this.nextUpdate) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new GeneralizedTime({ valueDate: this.nextUpdate })] + })); + } + if (this.singleExtensions) { + outputArray.push(new Sequence({ + value: Array.from(this.singleExtensions, o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + certID: this.certID.toJSON(), + certStatus: this.certStatus.toJSON(), + thisUpdate: this.thisUpdate + }; + if (this.nextUpdate) { + res.nextUpdate = this.nextUpdate; + } + if (this.singleExtensions) { + res.singleExtensions = Array.from(this.singleExtensions, o => o.toJSON()); + } + return res; + } +} +SingleResponse.CLASS_NAME = "SingleResponse"; + +const TBS$2 = "tbs"; +const VERSION$7 = "version"; +const RESPONDER_ID = "responderID"; +const PRODUCED_AT = "producedAt"; +const RESPONSES = "responses"; +const RESPONSE_EXTENSIONS = "responseExtensions"; +const RESPONSE_DATA = "ResponseData"; +const RESPONSE_DATA_VERSION = `${RESPONSE_DATA}.${VERSION$7}`; +const RESPONSE_DATA_RESPONDER_ID = `${RESPONSE_DATA}.${RESPONDER_ID}`; +const RESPONSE_DATA_PRODUCED_AT = `${RESPONSE_DATA}.${PRODUCED_AT}`; +const RESPONSE_DATA_RESPONSES = `${RESPONSE_DATA}.${RESPONSES}`; +const RESPONSE_DATA_RESPONSE_EXTENSIONS = `${RESPONSE_DATA}.${RESPONSE_EXTENSIONS}`; +const CLEAR_PROPS$h = [ + RESPONSE_DATA, + RESPONSE_DATA_VERSION, + RESPONSE_DATA_RESPONDER_ID, + RESPONSE_DATA_PRODUCED_AT, + RESPONSE_DATA_RESPONSES, + RESPONSE_DATA_RESPONSE_EXTENSIONS +]; +class ResponseData extends PkiObject { + constructor(parameters = {}) { + super(); + this.tbsView = new Uint8Array(getParametersValue(parameters, TBS$2, ResponseData.defaultValues(TBS$2))); + if (VERSION$7 in parameters) { + this.version = getParametersValue(parameters, VERSION$7, ResponseData.defaultValues(VERSION$7)); + } + this.responderID = getParametersValue(parameters, RESPONDER_ID, ResponseData.defaultValues(RESPONDER_ID)); + this.producedAt = getParametersValue(parameters, PRODUCED_AT, ResponseData.defaultValues(PRODUCED_AT)); + this.responses = getParametersValue(parameters, RESPONSES, ResponseData.defaultValues(RESPONSES)); + if (RESPONSE_EXTENSIONS in parameters) { + this.responseExtensions = getParametersValue(parameters, RESPONSE_EXTENSIONS, ResponseData.defaultValues(RESPONSE_EXTENSIONS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + get tbs() { + return BufferSourceConverter.toArrayBuffer(this.tbsView); + } + set tbs(value) { + this.tbsView = new Uint8Array(value); + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$7: + return 0; + case TBS$2: + return EMPTY_BUFFER; + case RESPONDER_ID: + return {}; + case PRODUCED_AT: + return new Date(0, 0, 0); + case RESPONSES: + case RESPONSE_EXTENSIONS: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case TBS$2: + return (memberValue.byteLength === 0); + case RESPONDER_ID: + return (Object.keys(memberValue).length === 0); + case PRODUCED_AT: + return (memberValue === ResponseData.defaultValues(memberName)); + case RESPONSES: + case RESPONSE_EXTENSIONS: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || RESPONSE_DATA), + value: [ + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Integer({ name: (names.version || RESPONSE_DATA_VERSION) })] + }), + new Choice({ + value: [ + new Constructed({ + name: (names.responderID || RESPONSE_DATA_RESPONDER_ID), + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [RelativeDistinguishedNames.schema(names.ResponseDataByName || { + names: { + blockName: "ResponseData.byName" + } + })] + }), + new Constructed({ + name: (names.responderID || RESPONSE_DATA_RESPONDER_ID), + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: [new OctetString({ name: (names.ResponseDataByKey || "ResponseData.byKey") })] + }) + ] + }), + new GeneralizedTime({ name: (names.producedAt || RESPONSE_DATA_PRODUCED_AT) }), + new Sequence({ + value: [ + new Repeated({ + name: RESPONSE_DATA_RESPONSES, + value: SingleResponse.schema(names.response || {}) + }) + ] + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [Extensions.schema(names.extensions || { + names: { + blockName: RESPONSE_DATA_RESPONSE_EXTENSIONS + } + })] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$h); + const asn1 = compareSchema(schema, schema, ResponseData.schema()); + AsnError.assertSchema(asn1, this.className); + this.tbsView = asn1.result.ResponseData.valueBeforeDecodeView; + if (RESPONSE_DATA_VERSION in asn1.result) + this.version = asn1.result[RESPONSE_DATA_VERSION].valueBlock.valueDec; + if (asn1.result[RESPONSE_DATA_RESPONDER_ID].idBlock.tagNumber === 1) + this.responderID = new RelativeDistinguishedNames({ schema: asn1.result[RESPONSE_DATA_RESPONDER_ID].valueBlock.value[0] }); + else + this.responderID = asn1.result[RESPONSE_DATA_RESPONDER_ID].valueBlock.value[0]; + this.producedAt = asn1.result[RESPONSE_DATA_PRODUCED_AT].toDate(); + this.responses = Array.from(asn1.result[RESPONSE_DATA_RESPONSES], element => new SingleResponse({ schema: element })); + if (RESPONSE_DATA_RESPONSE_EXTENSIONS in asn1.result) + this.responseExtensions = Array.from(asn1.result[RESPONSE_DATA_RESPONSE_EXTENSIONS].valueBlock.value, element => new Extension({ schema: element })); + } + toSchema(encodeFlag = false) { + let tbsSchema; + if (encodeFlag === false) { + if (!this.tbsView.byteLength) { + return ResponseData.schema(); + } + const asn1 = fromBER(this.tbsView); + AsnError.assert(asn1, "TBS Response Data"); + tbsSchema = asn1.result; + } + else { + const outputArray = []; + if (VERSION$7 in this) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Integer({ value: this.version })] + })); + } + if (this.responderID instanceof RelativeDistinguishedNames) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [this.responderID.toSchema()] + })); + } + else { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: [this.responderID] + })); + } + outputArray.push(new GeneralizedTime({ valueDate: this.producedAt })); + outputArray.push(new Sequence({ + value: Array.from(this.responses, o => o.toSchema()) + })); + if (this.responseExtensions) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [new Sequence({ + value: Array.from(this.responseExtensions, o => o.toSchema()) + })] + })); + } + tbsSchema = new Sequence({ + value: outputArray + }); + } + return tbsSchema; + } + toJSON() { + const res = {}; + if (VERSION$7 in this) { + res.version = this.version; + } + if (this.responderID) { + res.responderID = this.responderID; + } + if (this.producedAt) { + res.producedAt = this.producedAt; + } + if (this.responses) { + res.responses = Array.from(this.responses, o => o.toJSON()); + } + if (this.responseExtensions) { + res.responseExtensions = Array.from(this.responseExtensions, o => o.toJSON()); + } + return res; + } +} +ResponseData.CLASS_NAME = "ResponseData"; + +const TRUSTED_CERTS = "trustedCerts"; +const CERTS$2 = "certs"; +const CRLS$1 = "crls"; +const OCSPS$1 = "ocsps"; +const CHECK_DATE = "checkDate"; +const FIND_ORIGIN = "findOrigin"; +const FIND_ISSUER = "findIssuer"; +var ChainValidationCode; +(function (ChainValidationCode) { + ChainValidationCode[ChainValidationCode["unknown"] = -1] = "unknown"; + ChainValidationCode[ChainValidationCode["success"] = 0] = "success"; + ChainValidationCode[ChainValidationCode["noRevocation"] = 11] = "noRevocation"; + ChainValidationCode[ChainValidationCode["noPath"] = 60] = "noPath"; + ChainValidationCode[ChainValidationCode["noValidPath"] = 97] = "noValidPath"; +})(ChainValidationCode || (ChainValidationCode = {})); +class ChainValidationError extends Error { + constructor(code, message) { + super(message); + this.name = ChainValidationError.NAME; + this.code = code; + this.message = message; + } +} +ChainValidationError.NAME = "ChainValidationError"; +function isTrusted(cert, trustedList) { + for (let i = 0; i < trustedList.length; i++) { + if (BufferSourceConverter.isEqual(cert.tbsView, trustedList[i].tbsView)) { + return true; + } + } + return false; +} +class CertificateChainValidationEngine { + constructor(parameters = {}) { + this.trustedCerts = getParametersValue(parameters, TRUSTED_CERTS, this.defaultValues(TRUSTED_CERTS)); + this.certs = getParametersValue(parameters, CERTS$2, this.defaultValues(CERTS$2)); + this.crls = getParametersValue(parameters, CRLS$1, this.defaultValues(CRLS$1)); + this.ocsps = getParametersValue(parameters, OCSPS$1, this.defaultValues(OCSPS$1)); + this.checkDate = getParametersValue(parameters, CHECK_DATE, this.defaultValues(CHECK_DATE)); + this.findOrigin = getParametersValue(parameters, FIND_ORIGIN, this.defaultValues(FIND_ORIGIN)); + this.findIssuer = getParametersValue(parameters, FIND_ISSUER, this.defaultValues(FIND_ISSUER)); + } + static defaultFindOrigin(certificate, validationEngine) { + if (certificate.tbsView.byteLength === 0) { + certificate.tbsView = new Uint8Array(certificate.encodeTBS().toBER()); + } + for (const localCert of validationEngine.certs) { + if (localCert.tbsView.byteLength === 0) { + localCert.tbsView = new Uint8Array(localCert.encodeTBS().toBER()); + } + if (BufferSourceConverter.isEqual(certificate.tbsView, localCert.tbsView)) + return "Intermediate Certificates"; + } + for (const trustedCert of validationEngine.trustedCerts) { + if (trustedCert.tbsView.byteLength === 0) + trustedCert.tbsView = new Uint8Array(trustedCert.encodeTBS().toBER()); + if (BufferSourceConverter.isEqual(certificate.tbsView, trustedCert.tbsView)) + return "Trusted Certificates"; + } + return "Unknown"; + } + defaultFindIssuer(certificate, validationEngine, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + const result = []; + let keyIdentifier = null; + let authorityCertIssuer = null; + let authorityCertSerialNumber = null; + if (certificate.subject.isEqual(certificate.issuer)) { + try { + const verificationResult = yield certificate.verify(undefined, crypto); + if (verificationResult) { + return [certificate]; + } + } + catch (ex) { + } + } + if (certificate.extensions) { + for (const extension of certificate.extensions) { + if (extension.extnID === id_AuthorityKeyIdentifier && extension.parsedValue instanceof AuthorityKeyIdentifier) { + if (extension.parsedValue.keyIdentifier) { + keyIdentifier = extension.parsedValue.keyIdentifier; + } + else { + if (extension.parsedValue.authorityCertIssuer) { + authorityCertIssuer = extension.parsedValue.authorityCertIssuer; + } + if (extension.parsedValue.authorityCertSerialNumber) { + authorityCertSerialNumber = extension.parsedValue.authorityCertSerialNumber; + } + } + break; + } + } + } + function checkCertificate(possibleIssuer) { + if (keyIdentifier !== null) { + if (possibleIssuer.extensions) { + let extensionFound = false; + for (const extension of possibleIssuer.extensions) { + if (extension.extnID === id_SubjectKeyIdentifier && extension.parsedValue) { + extensionFound = true; + if (BufferSourceConverter.isEqual(extension.parsedValue.valueBlock.valueHex, keyIdentifier.valueBlock.valueHexView)) { + result.push(possibleIssuer); + } + break; + } + } + if (extensionFound) { + return; + } + } + } + let authorityCertSerialNumberEqual = false; + if (authorityCertSerialNumber !== null) + authorityCertSerialNumberEqual = possibleIssuer.serialNumber.isEqual(authorityCertSerialNumber); + if (authorityCertIssuer !== null) { + if (possibleIssuer.subject.isEqual(authorityCertIssuer)) { + if (authorityCertSerialNumberEqual) + result.push(possibleIssuer); + } + } + else { + if (certificate.issuer.isEqual(possibleIssuer.subject)) + result.push(possibleIssuer); + } + } + for (const trustedCert of validationEngine.trustedCerts) { + checkCertificate(trustedCert); + } + for (const intermediateCert of validationEngine.certs) { + checkCertificate(intermediateCert); + } + for (let i = 0; i < result.length; i++) { + try { + const verificationResult = yield certificate.verify(result[i], crypto); + if (verificationResult === false) + result.splice(i, 1); + } + catch (ex) { + result.splice(i, 1); + } + } + return result; + }); + } + defaultValues(memberName) { + switch (memberName) { + case TRUSTED_CERTS: + return []; + case CERTS$2: + return []; + case CRLS$1: + return []; + case OCSPS$1: + return []; + case CHECK_DATE: + return new Date(); + case FIND_ORIGIN: + return CertificateChainValidationEngine.defaultFindOrigin; + case FIND_ISSUER: + return this.defaultFindIssuer; + default: + throw new Error(`Invalid member name for CertificateChainValidationEngine class: ${memberName}`); + } + } + sort(passedWhenNotRevValues = false, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + const localCerts = []; + const buildPath = (certificate, crypto) => __awaiter(this, void 0, void 0, function* () { + const result = []; + function checkUnique(array) { + let unique = true; + for (let i = 0; i < array.length; i++) { + for (let j = 0; j < array.length; j++) { + if (j === i) + continue; + if (array[i] === array[j]) { + unique = false; + break; + } + } + if (!unique) + break; + } + return unique; + } + if (isTrusted(certificate, this.trustedCerts)) { + return [[certificate]]; + } + const findIssuerResult = yield this.findIssuer(certificate, this, crypto); + if (findIssuerResult.length === 0) { + throw new Error("No valid certificate paths found"); + } + for (let i = 0; i < findIssuerResult.length; i++) { + if (BufferSourceConverter.isEqual(findIssuerResult[i].tbsView, certificate.tbsView)) { + result.push([findIssuerResult[i]]); + continue; + } + const buildPathResult = yield buildPath(findIssuerResult[i], crypto); + for (let j = 0; j < buildPathResult.length; j++) { + const copy = buildPathResult[j].slice(); + copy.splice(0, 0, findIssuerResult[i]); + if (checkUnique(copy)) + result.push(copy); + else + result.push(buildPathResult[j]); + } + } + return result; + }); + const findCRL = (certificate) => __awaiter(this, void 0, void 0, function* () { + const issuerCertificates = []; + const crls = []; + const crlsAndCertificates = []; + issuerCertificates.push(...localCerts.filter(element => certificate.issuer.isEqual(element.subject))); + if (issuerCertificates.length === 0) { + return { + status: 1, + statusMessage: "No certificate's issuers" + }; + } + crls.push(...this.crls.filter(o => o.issuer.isEqual(certificate.issuer))); + if (crls.length === 0) { + return { + status: 2, + statusMessage: "No CRLs for specific certificate issuer" + }; + } + for (let i = 0; i < crls.length; i++) { + const crl = crls[i]; + if (crl.nextUpdate && crl.nextUpdate.value < this.checkDate) { + continue; + } + for (let j = 0; j < issuerCertificates.length; j++) { + try { + const result = yield crls[i].verify({ issuerCertificate: issuerCertificates[j] }, crypto); + if (result) { + crlsAndCertificates.push({ + crl: crls[i], + certificate: issuerCertificates[j] + }); + break; + } + } + catch (ex) { + } + } + } + if (crlsAndCertificates.length) { + return { + status: 0, + statusMessage: EMPTY_STRING, + result: crlsAndCertificates + }; + } + return { + status: 3, + statusMessage: "No valid CRLs found" + }; + }); + const findOCSP = (certificate, issuerCertificate) => __awaiter(this, void 0, void 0, function* () { + const hashAlgorithm = crypto.getAlgorithmByOID(certificate.signatureAlgorithm.algorithmId); + if (!hashAlgorithm.name) { + return 1; + } + if (!hashAlgorithm.hash) { + return 1; + } + for (let i = 0; i < this.ocsps.length; i++) { + const ocsp = this.ocsps[i]; + const result = yield ocsp.getCertificateStatus(certificate, issuerCertificate, crypto); + if (result.isForCertificate) { + if (result.status === 0) + return 0; + return 1; + } + } + return 2; + }); + function checkForCA(certificate, needToCheckCRL = false) { + return __awaiter(this, void 0, void 0, function* () { + let isCA = false; + let mustBeCA = false; + let keyUsagePresent = false; + let cRLSign = false; + if (certificate.extensions) { + for (let j = 0; j < certificate.extensions.length; j++) { + const extension = certificate.extensions[j]; + if (extension.critical && !extension.parsedValue) { + return { + result: false, + resultCode: 6, + resultMessage: `Unable to parse critical certificate extension: ${extension.extnID}` + }; + } + if (extension.extnID === id_KeyUsage) { + keyUsagePresent = true; + const view = new Uint8Array(extension.parsedValue.valueBlock.valueHex); + if ((view[0] & 0x04) === 0x04) + mustBeCA = true; + if ((view[0] & 0x02) === 0x02) + cRLSign = true; + } + if (extension.extnID === id_BasicConstraints) { + if ("cA" in extension.parsedValue) { + if (extension.parsedValue.cA === true) + isCA = true; + } + } + } + if ((mustBeCA === true) && (isCA === false)) { + return { + result: false, + resultCode: 3, + resultMessage: "Unable to build certificate chain - using \"keyCertSign\" flag set without BasicConstraints" + }; + } + if ((keyUsagePresent === true) && (isCA === true) && (mustBeCA === false)) { + return { + result: false, + resultCode: 4, + resultMessage: "Unable to build certificate chain - \"keyCertSign\" flag was not set" + }; + } + if ((isCA === true) && (keyUsagePresent === true) && ((needToCheckCRL) && (cRLSign === false))) { + return { + result: false, + resultCode: 5, + resultMessage: "Unable to build certificate chain - intermediate certificate must have \"cRLSign\" key usage flag" + }; + } + } + if (isCA === false) { + return { + result: false, + resultCode: 7, + resultMessage: "Unable to build certificate chain - more than one possible end-user certificate" + }; + } + return { + result: true, + resultCode: 0, + resultMessage: EMPTY_STRING + }; + }); + } + const basicCheck = (path, checkDate) => __awaiter(this, void 0, void 0, function* () { + for (let i = 0; i < path.length; i++) { + if ((path[i].notBefore.value > checkDate) || + (path[i].notAfter.value < checkDate)) { + return { + result: false, + resultCode: 8, + resultMessage: "The certificate is either not yet valid or expired" + }; + } + } + if (path.length < 2) { + return { + result: false, + resultCode: 9, + resultMessage: "Too short certificate path" + }; + } + for (let i = (path.length - 2); i >= 0; i--) { + if (path[i].issuer.isEqual(path[i].subject) === false) { + if (path[i].issuer.isEqual(path[i + 1].subject) === false) { + return { + result: false, + resultCode: 10, + resultMessage: "Incorrect name chaining" + }; + } + } + } + if ((this.crls.length !== 0) || (this.ocsps.length !== 0)) { + for (let i = 0; i < (path.length - 1); i++) { + let ocspResult = 2; + let crlResult = { + status: 0, + statusMessage: EMPTY_STRING + }; + if (this.ocsps.length !== 0) { + ocspResult = yield findOCSP(path[i], path[i + 1]); + switch (ocspResult) { + case 0: + continue; + case 1: + return { + result: false, + resultCode: 12, + resultMessage: "One of certificates was revoked via OCSP response" + }; + } + } + if (this.crls.length !== 0) { + crlResult = yield findCRL(path[i]); + if (crlResult.status === 0 && crlResult.result) { + for (let j = 0; j < crlResult.result.length; j++) { + const isCertificateRevoked = crlResult.result[j].crl.isCertificateRevoked(path[i]); + if (isCertificateRevoked) { + return { + result: false, + resultCode: 12, + resultMessage: "One of certificates had been revoked" + }; + } + const isCertificateCA = yield checkForCA(crlResult.result[j].certificate, true); + if (isCertificateCA.result === false) { + return { + result: false, + resultCode: 13, + resultMessage: "CRL issuer certificate is not a CA certificate or does not have crlSign flag" + }; + } + } + } + else { + if (passedWhenNotRevValues === false) { + throw new ChainValidationError(ChainValidationCode.noRevocation, `No revocation values found for one of certificates: ${crlResult.statusMessage}`); + } + } + } + else { + if (ocspResult === 2) { + return { + result: false, + resultCode: 11, + resultMessage: "No revocation values found for one of certificates" + }; + } + } + if ((ocspResult === 2) && (crlResult.status === 2) && passedWhenNotRevValues) { + const issuerCertificate = path[i + 1]; + let extensionFound = false; + if (issuerCertificate.extensions) { + for (const extension of issuerCertificate.extensions) { + switch (extension.extnID) { + case id_CRLDistributionPoints: + case id_FreshestCRL: + case id_AuthorityInfoAccess: + extensionFound = true; + break; + } + } + } + if (extensionFound) { + throw new ChainValidationError(ChainValidationCode.noRevocation, `No revocation values found for one of certificates: ${crlResult.statusMessage}`); + } + } + } + } + for (const [i, cert] of path.entries()) { + if (!i) { + continue; + } + const result = yield checkForCA(cert); + if (!result.result) { + return { + result: false, + resultCode: 14, + resultMessage: "One of intermediate certificates is not a CA certificate" + }; + } + } + return { + result: true + }; + }); + localCerts.push(...this.trustedCerts); + localCerts.push(...this.certs); + for (let i = 0; i < localCerts.length; i++) { + for (let j = 0; j < localCerts.length; j++) { + if (i === j) + continue; + if (BufferSourceConverter.isEqual(localCerts[i].tbsView, localCerts[j].tbsView)) { + localCerts.splice(j, 1); + i = 0; + break; + } + } + } + const leafCert = localCerts[localCerts.length - 1]; + let result; + const certificatePath = [leafCert]; + result = yield buildPath(leafCert, crypto); + if (result.length === 0) { + throw new ChainValidationError(ChainValidationCode.noPath, "Unable to find certificate path"); + } + for (let i = 0; i < result.length; i++) { + let found = false; + for (let j = 0; j < (result[i]).length; j++) { + const certificate = (result[i])[j]; + for (let k = 0; k < this.trustedCerts.length; k++) { + if (BufferSourceConverter.isEqual(certificate.tbsView, this.trustedCerts[k].tbsView)) { + found = true; + break; + } + } + if (found) + break; + } + if (!found) { + result.splice(i, 1); + i = 0; + } + } + if (result.length === 0) { + throw new ChainValidationError(ChainValidationCode.noValidPath, "No valid certificate paths found"); + } + let shortestLength = result[0].length; + let shortestIndex = 0; + for (let i = 0; i < result.length; i++) { + if (result[i].length < shortestLength) { + shortestLength = result[i].length; + shortestIndex = i; + } + } + for (let i = 0; i < result[shortestIndex].length; i++) + certificatePath.push((result[shortestIndex])[i]); + result = yield basicCheck(certificatePath, this.checkDate); + if (result.result === false) + throw result; + return certificatePath; + }); + } + verify(parameters = {}, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + function compareDNSName(name, constraint) { + const namePrepared = stringPrep(name); + const constraintPrepared = stringPrep(constraint); + const nameSplitted = namePrepared.split("."); + const constraintSplitted = constraintPrepared.split("."); + const nameLen = nameSplitted.length; + const constrLen = constraintSplitted.length; + if ((nameLen === 0) || (constrLen === 0) || (nameLen < constrLen)) { + return false; + } + for (let i = 0; i < nameLen; i++) { + if (nameSplitted[i].length === 0) { + return false; + } + } + for (let i = 0; i < constrLen; i++) { + if (constraintSplitted[i].length === 0) { + if (i === 0) { + if (constrLen === 1) { + return false; + } + continue; + } + return false; + } + } + for (let i = 0; i < constrLen; i++) { + if (constraintSplitted[constrLen - 1 - i].length === 0) { + continue; + } + if (nameSplitted[nameLen - 1 - i].localeCompare(constraintSplitted[constrLen - 1 - i]) !== 0) { + return false; + } + } + return true; + } + function compareRFC822Name(name, constraint) { + const namePrepared = stringPrep(name); + const constraintPrepared = stringPrep(constraint); + const nameSplitted = namePrepared.split("@"); + const constraintSplitted = constraintPrepared.split("@"); + if ((nameSplitted.length === 0) || (constraintSplitted.length === 0) || (nameSplitted.length < constraintSplitted.length)) + return false; + if (constraintSplitted.length === 1) { + const result = compareDNSName(nameSplitted[1], constraintSplitted[0]); + if (result) { + const ns = nameSplitted[1].split("."); + const cs = constraintSplitted[0].split("."); + if (cs[0].length === 0) + return true; + return ns.length === cs.length; + } + return false; + } + return (namePrepared.localeCompare(constraintPrepared) === 0); + } + function compareUniformResourceIdentifier(name, constraint) { + let namePrepared = stringPrep(name); + const constraintPrepared = stringPrep(constraint); + const ns = namePrepared.split("/"); + const cs = constraintPrepared.split("/"); + if (cs.length > 1) + return false; + if (ns.length > 1) { + for (let i = 0; i < ns.length; i++) { + if ((ns[i].length > 0) && (ns[i].charAt(ns[i].length - 1) !== ":")) { + const nsPort = ns[i].split(":"); + namePrepared = nsPort[0]; + break; + } + } + } + const result = compareDNSName(namePrepared, constraintPrepared); + if (result) { + const nameSplitted = namePrepared.split("."); + const constraintSplitted = constraintPrepared.split("."); + if (constraintSplitted[0].length === 0) + return true; + return nameSplitted.length === constraintSplitted.length; + } + return false; + } + function compareIPAddress(name, constraint) { + const nameView = name.valueBlock.valueHexView; + const constraintView = constraint.valueBlock.valueHexView; + if ((nameView.length === 4) && (constraintView.length === 8)) { + for (let i = 0; i < 4; i++) { + if ((nameView[i] ^ constraintView[i]) & constraintView[i + 4]) + return false; + } + return true; + } + if ((nameView.length === 16) && (constraintView.length === 32)) { + for (let i = 0; i < 16; i++) { + if ((nameView[i] ^ constraintView[i]) & constraintView[i + 16]) + return false; + } + return true; + } + return false; + } + function compareDirectoryName(name, constraint) { + if ((name.typesAndValues.length === 0) || (constraint.typesAndValues.length === 0)) + return true; + if (name.typesAndValues.length < constraint.typesAndValues.length) + return false; + let result = true; + let nameStart = 0; + for (let i = 0; i < constraint.typesAndValues.length; i++) { + let localResult = false; + for (let j = nameStart; j < name.typesAndValues.length; j++) { + localResult = name.typesAndValues[j].isEqual(constraint.typesAndValues[i]); + if (name.typesAndValues[j].type === constraint.typesAndValues[i].type) + result = result && localResult; + if (localResult === true) { + if ((nameStart === 0) || (nameStart === j)) { + nameStart = j + 1; + break; + } + else + return false; + } + } + if (localResult === false) + return false; + } + return (nameStart === 0) ? false : result; + } + try { + if (this.certs.length === 0) + throw new Error("Empty certificate array"); + const passedWhenNotRevValues = parameters.passedWhenNotRevValues || false; + const initialPolicySet = parameters.initialPolicySet || [id_AnyPolicy]; + const initialExplicitPolicy = parameters.initialExplicitPolicy || false; + const initialPolicyMappingInhibit = parameters.initialPolicyMappingInhibit || false; + const initialInhibitPolicy = parameters.initialInhibitPolicy || false; + const initialPermittedSubtreesSet = parameters.initialPermittedSubtreesSet || []; + const initialExcludedSubtreesSet = parameters.initialExcludedSubtreesSet || []; + const initialRequiredNameForms = parameters.initialRequiredNameForms || []; + let explicitPolicyIndicator = initialExplicitPolicy; + let policyMappingInhibitIndicator = initialPolicyMappingInhibit; + let inhibitAnyPolicyIndicator = initialInhibitPolicy; + const pendingConstraints = [ + false, + false, + false, + ]; + let explicitPolicyPending = 0; + let policyMappingInhibitPending = 0; + let inhibitAnyPolicyPending = 0; + let permittedSubtrees = initialPermittedSubtreesSet; + let excludedSubtrees = initialExcludedSubtreesSet; + const requiredNameForms = initialRequiredNameForms; + let pathDepth = 1; + this.certs = yield this.sort(passedWhenNotRevValues, crypto); + const allPolicies = []; + allPolicies.push(id_AnyPolicy); + const policiesAndCerts = []; + const anyPolicyArray = new Array(this.certs.length - 1); + for (let ii = 0; ii < (this.certs.length - 1); ii++) + anyPolicyArray[ii] = true; + policiesAndCerts.push(anyPolicyArray); + const policyMappings = new Array(this.certs.length - 1); + const certPolicies = new Array(this.certs.length - 1); + let explicitPolicyStart = (explicitPolicyIndicator) ? (this.certs.length - 1) : (-1); + for (let i = (this.certs.length - 2); i >= 0; i--, pathDepth++) { + const cert = this.certs[i]; + if (cert.extensions) { + for (let j = 0; j < cert.extensions.length; j++) { + const extension = cert.extensions[j]; + if (extension.extnID === id_CertificatePolicies) { + certPolicies[i] = extension.parsedValue; + for (let s = 0; s < allPolicies.length; s++) { + if (allPolicies[s] === id_AnyPolicy) { + delete (policiesAndCerts[s])[i]; + break; + } + } + for (let k = 0; k < extension.parsedValue.certificatePolicies.length; k++) { + let policyIndex = (-1); + const policyId = extension.parsedValue.certificatePolicies[k].policyIdentifier; + for (let s = 0; s < allPolicies.length; s++) { + if (policyId === allPolicies[s]) { + policyIndex = s; + break; + } + } + if (policyIndex === (-1)) { + allPolicies.push(policyId); + const certArray = new Array(this.certs.length - 1); + certArray[i] = true; + policiesAndCerts.push(certArray); + } + else + (policiesAndCerts[policyIndex])[i] = true; + } + } + if (extension.extnID === id_PolicyMappings) { + if (policyMappingInhibitIndicator) { + return { + result: false, + resultCode: 98, + resultMessage: "Policy mapping prohibited" + }; + } + policyMappings[i] = extension.parsedValue; + } + if (extension.extnID === id_PolicyConstraints) { + if (explicitPolicyIndicator === false) { + if (extension.parsedValue.requireExplicitPolicy === 0) { + explicitPolicyIndicator = true; + explicitPolicyStart = i; + } + else { + if (pendingConstraints[0] === false) { + pendingConstraints[0] = true; + explicitPolicyPending = extension.parsedValue.requireExplicitPolicy; + } + else + explicitPolicyPending = (explicitPolicyPending > extension.parsedValue.requireExplicitPolicy) ? extension.parsedValue.requireExplicitPolicy : explicitPolicyPending; + } + if (extension.parsedValue.inhibitPolicyMapping === 0) + policyMappingInhibitIndicator = true; + else { + if (pendingConstraints[1] === false) { + pendingConstraints[1] = true; + policyMappingInhibitPending = extension.parsedValue.inhibitPolicyMapping + 1; + } + else + policyMappingInhibitPending = (policyMappingInhibitPending > (extension.parsedValue.inhibitPolicyMapping + 1)) ? (extension.parsedValue.inhibitPolicyMapping + 1) : policyMappingInhibitPending; + } + } + } + if (extension.extnID === id_InhibitAnyPolicy) { + if (inhibitAnyPolicyIndicator === false) { + if (extension.parsedValue.valueBlock.valueDec === 0) + inhibitAnyPolicyIndicator = true; + else { + if (pendingConstraints[2] === false) { + pendingConstraints[2] = true; + inhibitAnyPolicyPending = extension.parsedValue.valueBlock.valueDec; + } + else + inhibitAnyPolicyPending = (inhibitAnyPolicyPending > extension.parsedValue.valueBlock.valueDec) ? extension.parsedValue.valueBlock.valueDec : inhibitAnyPolicyPending; + } + } + } + } + if (inhibitAnyPolicyIndicator === true) { + let policyIndex = (-1); + for (let searchAnyPolicy = 0; searchAnyPolicy < allPolicies.length; searchAnyPolicy++) { + if (allPolicies[searchAnyPolicy] === id_AnyPolicy) { + policyIndex = searchAnyPolicy; + break; + } + } + if (policyIndex !== (-1)) + delete (policiesAndCerts[0])[i]; + } + if (explicitPolicyIndicator === false) { + if (pendingConstraints[0] === true) { + explicitPolicyPending--; + if (explicitPolicyPending === 0) { + explicitPolicyIndicator = true; + explicitPolicyStart = i; + pendingConstraints[0] = false; + } + } + } + if (policyMappingInhibitIndicator === false) { + if (pendingConstraints[1] === true) { + policyMappingInhibitPending--; + if (policyMappingInhibitPending === 0) { + policyMappingInhibitIndicator = true; + pendingConstraints[1] = false; + } + } + } + if (inhibitAnyPolicyIndicator === false) { + if (pendingConstraints[2] === true) { + inhibitAnyPolicyPending--; + if (inhibitAnyPolicyPending === 0) { + inhibitAnyPolicyIndicator = true; + pendingConstraints[2] = false; + } + } + } + } + } + for (let i = 0; i < (this.certs.length - 1); i++) { + if ((i < (this.certs.length - 2)) && (typeof policyMappings[i + 1] !== "undefined")) { + for (let k = 0; k < policyMappings[i + 1].mappings.length; k++) { + if ((policyMappings[i + 1].mappings[k].issuerDomainPolicy === id_AnyPolicy) || (policyMappings[i + 1].mappings[k].subjectDomainPolicy === id_AnyPolicy)) { + return { + result: false, + resultCode: 99, + resultMessage: "The \"anyPolicy\" should not be a part of policy mapping scheme" + }; + } + let issuerDomainPolicyIndex = (-1); + let subjectDomainPolicyIndex = (-1); + for (let n = 0; n < allPolicies.length; n++) { + if (allPolicies[n] === policyMappings[i + 1].mappings[k].issuerDomainPolicy) + issuerDomainPolicyIndex = n; + if (allPolicies[n] === policyMappings[i + 1].mappings[k].subjectDomainPolicy) + subjectDomainPolicyIndex = n; + } + if (typeof (policiesAndCerts[issuerDomainPolicyIndex])[i] !== "undefined") + delete (policiesAndCerts[issuerDomainPolicyIndex])[i]; + for (let j = 0; j < certPolicies[i].certificatePolicies.length; j++) { + if (policyMappings[i + 1].mappings[k].subjectDomainPolicy === certPolicies[i].certificatePolicies[j].policyIdentifier) { + if ((issuerDomainPolicyIndex !== (-1)) && (subjectDomainPolicyIndex !== (-1))) { + for (let m = 0; m <= i; m++) { + if (typeof (policiesAndCerts[subjectDomainPolicyIndex])[m] !== "undefined") { + (policiesAndCerts[issuerDomainPolicyIndex])[m] = true; + delete (policiesAndCerts[subjectDomainPolicyIndex])[m]; + } + } + } + } + } + } + } + } + for (let i = 0; i < allPolicies.length; i++) { + if (allPolicies[i] === id_AnyPolicy) { + for (let j = 0; j < explicitPolicyStart; j++) + delete (policiesAndCerts[i])[j]; + } + } + const authConstrPolicies = []; + for (let i = 0; i < policiesAndCerts.length; i++) { + let found = true; + for (let j = 0; j < (this.certs.length - 1); j++) { + let anyPolicyFound = false; + if ((j < explicitPolicyStart) && (allPolicies[i] === id_AnyPolicy) && (allPolicies.length > 1)) { + found = false; + break; + } + if (typeof (policiesAndCerts[i])[j] === "undefined") { + if (j >= explicitPolicyStart) { + for (let k = 0; k < allPolicies.length; k++) { + if (allPolicies[k] === id_AnyPolicy) { + if ((policiesAndCerts[k])[j] === true) + anyPolicyFound = true; + break; + } + } + } + if (!anyPolicyFound) { + found = false; + break; + } + } + } + if (found === true) + authConstrPolicies.push(allPolicies[i]); + } + let userConstrPolicies = []; + if ((initialPolicySet.length === 1) && (initialPolicySet[0] === id_AnyPolicy) && (explicitPolicyIndicator === false)) + userConstrPolicies = initialPolicySet; + else { + if ((authConstrPolicies.length === 1) && (authConstrPolicies[0] === id_AnyPolicy)) + userConstrPolicies = initialPolicySet; + else { + for (let i = 0; i < authConstrPolicies.length; i++) { + for (let j = 0; j < initialPolicySet.length; j++) { + if ((initialPolicySet[j] === authConstrPolicies[i]) || (initialPolicySet[j] === id_AnyPolicy)) { + userConstrPolicies.push(authConstrPolicies[i]); + break; + } + } + } + } + } + const policyResult = { + result: (userConstrPolicies.length > 0), + resultCode: 0, + resultMessage: (userConstrPolicies.length > 0) ? EMPTY_STRING : "Zero \"userConstrPolicies\" array, no intersections with \"authConstrPolicies\"", + authConstrPolicies, + userConstrPolicies, + explicitPolicyIndicator, + policyMappings, + certificatePath: this.certs + }; + if (userConstrPolicies.length === 0) + return policyResult; + if (policyResult.result === false) + return policyResult; + pathDepth = 1; + for (let i = (this.certs.length - 2); i >= 0; i--, pathDepth++) { + const cert = this.certs[i]; + let subjectAltNames = []; + let certPermittedSubtrees = []; + let certExcludedSubtrees = []; + if (cert.extensions) { + for (let j = 0; j < cert.extensions.length; j++) { + const extension = cert.extensions[j]; + if (extension.extnID === id_NameConstraints) { + if ("permittedSubtrees" in extension.parsedValue) + certPermittedSubtrees = certPermittedSubtrees.concat(extension.parsedValue.permittedSubtrees); + if ("excludedSubtrees" in extension.parsedValue) + certExcludedSubtrees = certExcludedSubtrees.concat(extension.parsedValue.excludedSubtrees); + } + if (extension.extnID === id_SubjectAltName) + subjectAltNames = subjectAltNames.concat(extension.parsedValue.altNames); + } + } + let formFound = (requiredNameForms.length <= 0); + for (let j = 0; j < requiredNameForms.length; j++) { + switch (requiredNameForms[j].base.type) { + case 4: + { + if (requiredNameForms[j].base.value.typesAndValues.length !== cert.subject.typesAndValues.length) + continue; + formFound = true; + for (let k = 0; k < cert.subject.typesAndValues.length; k++) { + if (cert.subject.typesAndValues[k].type !== requiredNameForms[j].base.value.typesAndValues[k].type) { + formFound = false; + break; + } + } + if (formFound === true) + break; + } + break; + default: + } + } + if (formFound === false) { + policyResult.result = false; + policyResult.resultCode = 21; + policyResult.resultMessage = "No necessary name form found"; + throw policyResult; + } + const constrGroups = [ + [], + [], + [], + [], + [], + ]; + for (let j = 0; j < permittedSubtrees.length; j++) { + switch (permittedSubtrees[j].base.type) { + case 1: + constrGroups[0].push(permittedSubtrees[j]); + break; + case 2: + constrGroups[1].push(permittedSubtrees[j]); + break; + case 4: + constrGroups[2].push(permittedSubtrees[j]); + break; + case 6: + constrGroups[3].push(permittedSubtrees[j]); + break; + case 7: + constrGroups[4].push(permittedSubtrees[j]); + break; + default: + } + } + for (let p = 0; p < 5; p++) { + let groupPermitted = false; + let valueExists = false; + const group = constrGroups[p]; + for (let j = 0; j < group.length; j++) { + switch (p) { + case 0: + if (subjectAltNames.length > 0) { + for (let k = 0; k < subjectAltNames.length; k++) { + if (subjectAltNames[k].type === 1) { + valueExists = true; + groupPermitted = groupPermitted || compareRFC822Name(subjectAltNames[k].value, group[j].base.value); + } + } + } + else { + for (let k = 0; k < cert.subject.typesAndValues.length; k++) { + if ((cert.subject.typesAndValues[k].type === "1.2.840.113549.1.9.1") || + (cert.subject.typesAndValues[k].type === "0.9.2342.19200300.100.1.3")) { + valueExists = true; + groupPermitted = groupPermitted || compareRFC822Name(cert.subject.typesAndValues[k].value.valueBlock.value, group[j].base.value); + } + } + } + break; + case 1: + if (subjectAltNames.length > 0) { + for (let k = 0; k < subjectAltNames.length; k++) { + if (subjectAltNames[k].type === 2) { + valueExists = true; + groupPermitted = groupPermitted || compareDNSName(subjectAltNames[k].value, group[j].base.value); + } + } + } + break; + case 2: + valueExists = true; + groupPermitted = compareDirectoryName(cert.subject, group[j].base.value); + break; + case 3: + if (subjectAltNames.length > 0) { + for (let k = 0; k < subjectAltNames.length; k++) { + if (subjectAltNames[k].type === 6) { + valueExists = true; + groupPermitted = groupPermitted || compareUniformResourceIdentifier(subjectAltNames[k].value, group[j].base.value); + } + } + } + break; + case 4: + if (subjectAltNames.length > 0) { + for (let k = 0; k < subjectAltNames.length; k++) { + if (subjectAltNames[k].type === 7) { + valueExists = true; + groupPermitted = groupPermitted || compareIPAddress(subjectAltNames[k].value, group[j].base.value); + } + } + } + break; + default: + } + if (groupPermitted) + break; + } + if ((groupPermitted === false) && (group.length > 0) && valueExists) { + policyResult.result = false; + policyResult.resultCode = 41; + policyResult.resultMessage = "Failed to meet \"permitted sub-trees\" name constraint"; + throw policyResult; + } + } + let excluded = false; + for (let j = 0; j < excludedSubtrees.length; j++) { + switch (excludedSubtrees[j].base.type) { + case 1: + if (subjectAltNames.length >= 0) { + for (let k = 0; k < subjectAltNames.length; k++) { + if (subjectAltNames[k].type === 1) + excluded = excluded || compareRFC822Name(subjectAltNames[k].value, excludedSubtrees[j].base.value); + } + } + else { + for (let k = 0; k < cert.subject.typesAndValues.length; k++) { + if ((cert.subject.typesAndValues[k].type === "1.2.840.113549.1.9.1") || + (cert.subject.typesAndValues[k].type === "0.9.2342.19200300.100.1.3")) + excluded = excluded || compareRFC822Name(cert.subject.typesAndValues[k].value.valueBlock.value, excludedSubtrees[j].base.value); + } + } + break; + case 2: + if (subjectAltNames.length > 0) { + for (let k = 0; k < subjectAltNames.length; k++) { + if (subjectAltNames[k].type === 2) + excluded = excluded || compareDNSName(subjectAltNames[k].value, excludedSubtrees[j].base.value); + } + } + break; + case 4: + excluded = excluded || compareDirectoryName(cert.subject, excludedSubtrees[j].base.value); + break; + case 6: + if (subjectAltNames.length > 0) { + for (let k = 0; k < subjectAltNames.length; k++) { + if (subjectAltNames[k].type === 6) + excluded = excluded || compareUniformResourceIdentifier(subjectAltNames[k].value, excludedSubtrees[j].base.value); + } + } + break; + case 7: + if (subjectAltNames.length > 0) { + for (let k = 0; k < subjectAltNames.length; k++) { + if (subjectAltNames[k].type === 7) + excluded = excluded || compareIPAddress(subjectAltNames[k].value, excludedSubtrees[j].base.value); + } + } + break; + default: + } + if (excluded) + break; + } + if (excluded === true) { + policyResult.result = false; + policyResult.resultCode = 42; + policyResult.resultMessage = "Failed to meet \"excluded sub-trees\" name constraint"; + throw policyResult; + } + permittedSubtrees = permittedSubtrees.concat(certPermittedSubtrees); + excludedSubtrees = excludedSubtrees.concat(certExcludedSubtrees); + } + return policyResult; + } + catch (error) { + if (error instanceof Error) { + if (error instanceof ChainValidationError) { + return { + result: false, + resultCode: error.code, + resultMessage: error.message, + error: error, + }; + } + return { + result: false, + resultCode: ChainValidationCode.unknown, + resultMessage: error.message, + error: error, + }; + } + if (error && typeof error === "object" && "resultMessage" in error) { + return error; + } + return { + result: false, + resultCode: -1, + resultMessage: `${error}`, + }; + } + }); + } +} + +const TBS_RESPONSE_DATA = "tbsResponseData"; +const SIGNATURE_ALGORITHM$3 = "signatureAlgorithm"; +const SIGNATURE$2 = "signature"; +const CERTS$1 = "certs"; +const BASIC_OCSP_RESPONSE = "BasicOCSPResponse"; +const BASIC_OCSP_RESPONSE_TBS_RESPONSE_DATA = `${BASIC_OCSP_RESPONSE}.${TBS_RESPONSE_DATA}`; +const BASIC_OCSP_RESPONSE_SIGNATURE_ALGORITHM = `${BASIC_OCSP_RESPONSE}.${SIGNATURE_ALGORITHM$3}`; +const BASIC_OCSP_RESPONSE_SIGNATURE = `${BASIC_OCSP_RESPONSE}.${SIGNATURE$2}`; +const BASIC_OCSP_RESPONSE_CERTS = `${BASIC_OCSP_RESPONSE}.${CERTS$1}`; +const CLEAR_PROPS$g = [ + BASIC_OCSP_RESPONSE_TBS_RESPONSE_DATA, + BASIC_OCSP_RESPONSE_SIGNATURE_ALGORITHM, + BASIC_OCSP_RESPONSE_SIGNATURE, + BASIC_OCSP_RESPONSE_CERTS +]; +class BasicOCSPResponse extends PkiObject { + constructor(parameters = {}) { + super(); + this.tbsResponseData = getParametersValue(parameters, TBS_RESPONSE_DATA, BasicOCSPResponse.defaultValues(TBS_RESPONSE_DATA)); + this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$3, BasicOCSPResponse.defaultValues(SIGNATURE_ALGORITHM$3)); + this.signature = getParametersValue(parameters, SIGNATURE$2, BasicOCSPResponse.defaultValues(SIGNATURE$2)); + if (CERTS$1 in parameters) { + this.certs = getParametersValue(parameters, CERTS$1, BasicOCSPResponse.defaultValues(CERTS$1)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case TBS_RESPONSE_DATA: + return new ResponseData(); + case SIGNATURE_ALGORITHM$3: + return new AlgorithmIdentifier(); + case SIGNATURE$2: + return new BitString(); + case CERTS$1: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case "type": + { + let comparisonResult = ((ResponseData.compareWithDefault("tbs", memberValue.tbs)) && + (ResponseData.compareWithDefault("responderID", memberValue.responderID)) && + (ResponseData.compareWithDefault("producedAt", memberValue.producedAt)) && + (ResponseData.compareWithDefault("responses", memberValue.responses))); + if ("responseExtensions" in memberValue) + comparisonResult = comparisonResult && (ResponseData.compareWithDefault("responseExtensions", memberValue.responseExtensions)); + return comparisonResult; + } + case SIGNATURE_ALGORITHM$3: + return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false)); + case SIGNATURE$2: + return (memberValue.isEqual(BasicOCSPResponse.defaultValues(memberName))); + case CERTS$1: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || BASIC_OCSP_RESPONSE), + value: [ + ResponseData.schema(names.tbsResponseData || { + names: { + blockName: BASIC_OCSP_RESPONSE_TBS_RESPONSE_DATA + } + }), + AlgorithmIdentifier.schema(names.signatureAlgorithm || { + names: { + blockName: BASIC_OCSP_RESPONSE_SIGNATURE_ALGORITHM + } + }), + new BitString({ name: (names.signature || BASIC_OCSP_RESPONSE_SIGNATURE) }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Sequence({ + value: [new Repeated({ + name: BASIC_OCSP_RESPONSE_CERTS, + value: Certificate.schema(names.certs || {}) + })] + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$g); + const asn1 = compareSchema(schema, schema, BasicOCSPResponse.schema()); + AsnError.assertSchema(asn1, this.className); + this.tbsResponseData = new ResponseData({ schema: asn1.result[BASIC_OCSP_RESPONSE_TBS_RESPONSE_DATA] }); + this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result[BASIC_OCSP_RESPONSE_SIGNATURE_ALGORITHM] }); + this.signature = asn1.result[BASIC_OCSP_RESPONSE_SIGNATURE]; + if (BASIC_OCSP_RESPONSE_CERTS in asn1.result) { + this.certs = Array.from(asn1.result[BASIC_OCSP_RESPONSE_CERTS], element => new Certificate({ schema: element })); + } + } + toSchema() { + const outputArray = []; + outputArray.push(this.tbsResponseData.toSchema()); + outputArray.push(this.signatureAlgorithm.toSchema()); + outputArray.push(this.signature); + if (this.certs) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Sequence({ + value: Array.from(this.certs, o => o.toSchema()) + }) + ] + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + tbsResponseData: this.tbsResponseData.toJSON(), + signatureAlgorithm: this.signatureAlgorithm.toJSON(), + signature: this.signature.toJSON(), + }; + if (this.certs) { + res.certs = Array.from(this.certs, o => o.toJSON()); + } + return res; + } + getCertificateStatus(certificate, issuerCertificate, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + const result = { + isForCertificate: false, + status: 2 + }; + const hashesObject = {}; + const certIDs = []; + for (const response of this.tbsResponseData.responses) { + const hashAlgorithm = crypto.getAlgorithmByOID(response.certID.hashAlgorithm.algorithmId, true, "CertID.hashAlgorithm"); + if (!hashesObject[hashAlgorithm.name]) { + hashesObject[hashAlgorithm.name] = 1; + const certID = new CertID(); + certIDs.push(certID); + yield certID.createForCertificate(certificate, { + hashAlgorithm: hashAlgorithm.name, + issuerCertificate + }, crypto); + } + } + for (const response of this.tbsResponseData.responses) { + for (const id of certIDs) { + if (response.certID.isEqual(id)) { + result.isForCertificate = true; + try { + switch (response.certStatus.idBlock.isConstructed) { + case true: + if (response.certStatus.idBlock.tagNumber === 1) + result.status = 1; + break; + case false: + switch (response.certStatus.idBlock.tagNumber) { + case 0: + result.status = 0; + break; + case 2: + result.status = 2; + break; + default: + } + break; + default: + } + } + catch (ex) { + } + return result; + } + } + } + return result; + }); + } + sign(privateKey, hashAlgorithm = "SHA-1", crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + if (!privateKey) { + throw new Error("Need to provide a private key for signing"); + } + const signatureParams = yield crypto.getSignatureParameters(privateKey, hashAlgorithm); + const algorithm = signatureParams.parameters.algorithm; + if (!("name" in algorithm)) { + throw new Error("Empty algorithm"); + } + this.signatureAlgorithm = signatureParams.signatureAlgorithm; + this.tbsResponseData.tbsView = new Uint8Array(this.tbsResponseData.toSchema(true).toBER()); + const signature = yield crypto.signWithPrivateKey(this.tbsResponseData.tbsView, privateKey, { algorithm }); + this.signature = new BitString({ valueHex: signature }); + }); + } + verify(params = {}, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + let signerCert = null; + let certIndex = -1; + const trustedCerts = params.trustedCerts || []; + if (!this.certs) { + throw new Error("No certificates attached to the BasicOCSPResponse"); + } + switch (true) { + case (this.tbsResponseData.responderID instanceof RelativeDistinguishedNames): + for (const [index, certificate] of this.certs.entries()) { + if (certificate.subject.isEqual(this.tbsResponseData.responderID)) { + certIndex = index; + break; + } + } + break; + case (this.tbsResponseData.responderID instanceof OctetString): + for (const [index, cert] of this.certs.entries()) { + const hash = yield crypto.digest({ name: "sha-1" }, cert.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHexView); + if (isEqualBuffer(hash, this.tbsResponseData.responderID.valueBlock.valueHex)) { + certIndex = index; + break; + } + } + break; + default: + throw new Error("Wrong value for responderID"); + } + if (certIndex === (-1)) + throw new Error("Correct certificate was not found in OCSP response"); + signerCert = this.certs[certIndex]; + const additionalCerts = [signerCert]; + for (const cert of this.certs) { + const caCert = yield checkCA(cert, signerCert); + if (caCert) { + additionalCerts.push(caCert); + } + } + const certChain = new CertificateChainValidationEngine({ + certs: additionalCerts, + trustedCerts, + }); + const verificationResult = yield certChain.verify({}, crypto); + if (!verificationResult.result) { + throw new Error("Validation of signer's certificate failed"); + } + return crypto.verifyWithPublicKey(this.tbsResponseData.tbsView, this.signature, this.certs[certIndex].subjectPublicKeyInfo, this.signatureAlgorithm); + }); + } +} +BasicOCSPResponse.CLASS_NAME = "BasicOCSPResponse"; + +const TBS$1 = "tbs"; +const VERSION$6 = "version"; +const SUBJECT = "subject"; +const SPKI = "subjectPublicKeyInfo"; +const ATTRIBUTES$1 = "attributes"; +const SIGNATURE_ALGORITHM$2 = "signatureAlgorithm"; +const SIGNATURE_VALUE = "signatureValue"; +const CSR_INFO = "CertificationRequestInfo"; +const CSR_INFO_VERSION = `${CSR_INFO}.version`; +const CSR_INFO_SUBJECT = `${CSR_INFO}.subject`; +const CSR_INFO_SPKI = `${CSR_INFO}.subjectPublicKeyInfo`; +const CSR_INFO_ATTRS = `${CSR_INFO}.attributes`; +const CLEAR_PROPS$f = [ + CSR_INFO, + CSR_INFO_VERSION, + CSR_INFO_SUBJECT, + CSR_INFO_SPKI, + CSR_INFO_ATTRS, + SIGNATURE_ALGORITHM$2, + SIGNATURE_VALUE +]; +function CertificationRequestInfo(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.CertificationRequestInfo || CSR_INFO), + value: [ + new Integer({ name: (names.CertificationRequestInfoVersion || CSR_INFO_VERSION) }), + RelativeDistinguishedNames.schema(names.subject || { + names: { + blockName: CSR_INFO_SUBJECT + } + }), + PublicKeyInfo.schema({ + names: { + blockName: CSR_INFO_SPKI + } + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Repeated({ + optional: true, + name: (names.CertificationRequestInfoAttributes || CSR_INFO_ATTRS), + value: Attribute.schema(names.attributes || {}) + }) + ] + }) + ] + })); +} +class CertificationRequest extends PkiObject { + constructor(parameters = {}) { + super(); + this.tbsView = new Uint8Array(getParametersValue(parameters, TBS$1, CertificationRequest.defaultValues(TBS$1))); + this.version = getParametersValue(parameters, VERSION$6, CertificationRequest.defaultValues(VERSION$6)); + this.subject = getParametersValue(parameters, SUBJECT, CertificationRequest.defaultValues(SUBJECT)); + this.subjectPublicKeyInfo = getParametersValue(parameters, SPKI, CertificationRequest.defaultValues(SPKI)); + if (ATTRIBUTES$1 in parameters) { + this.attributes = getParametersValue(parameters, ATTRIBUTES$1, CertificationRequest.defaultValues(ATTRIBUTES$1)); + } + this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$2, CertificationRequest.defaultValues(SIGNATURE_ALGORITHM$2)); + this.signatureValue = getParametersValue(parameters, SIGNATURE_VALUE, CertificationRequest.defaultValues(SIGNATURE_VALUE)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + get tbs() { + return BufferSourceConverter.toArrayBuffer(this.tbsView); + } + set tbs(value) { + this.tbsView = new Uint8Array(value); + } + static defaultValues(memberName) { + switch (memberName) { + case TBS$1: + return EMPTY_BUFFER; + case VERSION$6: + return 0; + case SUBJECT: + return new RelativeDistinguishedNames(); + case SPKI: + return new PublicKeyInfo(); + case ATTRIBUTES$1: + return []; + case SIGNATURE_ALGORITHM$2: + return new AlgorithmIdentifier(); + case SIGNATURE_VALUE: + return new BitString(); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + value: [ + CertificationRequestInfo(names.certificationRequestInfo || {}), + new Sequence({ + name: (names.signatureAlgorithm || SIGNATURE_ALGORITHM$2), + value: [ + new ObjectIdentifier(), + new Any({ optional: true }) + ] + }), + new BitString({ name: (names.signatureValue || SIGNATURE_VALUE) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$f); + const asn1 = compareSchema(schema, schema, CertificationRequest.schema()); + AsnError.assertSchema(asn1, this.className); + this.tbsView = asn1.result.CertificationRequestInfo.valueBeforeDecodeView; + this.version = asn1.result[CSR_INFO_VERSION].valueBlock.valueDec; + this.subject = new RelativeDistinguishedNames({ schema: asn1.result[CSR_INFO_SUBJECT] }); + this.subjectPublicKeyInfo = new PublicKeyInfo({ schema: asn1.result[CSR_INFO_SPKI] }); + if (CSR_INFO_ATTRS in asn1.result) { + this.attributes = Array.from(asn1.result[CSR_INFO_ATTRS], element => new Attribute({ schema: element })); + } + this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm }); + this.signatureValue = asn1.result.signatureValue; + } + encodeTBS() { + const outputArray = [ + new Integer({ value: this.version }), + this.subject.toSchema(), + this.subjectPublicKeyInfo.toSchema() + ]; + if (ATTRIBUTES$1 in this) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: Array.from(this.attributes || [], o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toSchema(encodeFlag = false) { + let tbsSchema; + if (encodeFlag === false) { + if (this.tbsView.byteLength === 0) { + return CertificationRequest.schema(); + } + const asn1 = fromBER(this.tbsView); + AsnError.assert(asn1, "PKCS#10 Certificate Request"); + tbsSchema = asn1.result; + } + else { + tbsSchema = this.encodeTBS(); + } + return (new Sequence({ + value: [ + tbsSchema, + this.signatureAlgorithm.toSchema(), + this.signatureValue + ] + })); + } + toJSON() { + const object = { + tbs: Convert.ToHex(this.tbsView), + version: this.version, + subject: this.subject.toJSON(), + subjectPublicKeyInfo: this.subjectPublicKeyInfo.toJSON(), + signatureAlgorithm: this.signatureAlgorithm.toJSON(), + signatureValue: this.signatureValue.toJSON(), + }; + if (ATTRIBUTES$1 in this) { + object.attributes = Array.from(this.attributes || [], o => o.toJSON()); + } + return object; + } + sign(privateKey, hashAlgorithm = "SHA-1", crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + if (!privateKey) { + throw new Error("Need to provide a private key for signing"); + } + const signatureParams = yield crypto.getSignatureParameters(privateKey, hashAlgorithm); + const parameters = signatureParams.parameters; + this.signatureAlgorithm = signatureParams.signatureAlgorithm; + this.tbsView = new Uint8Array(this.encodeTBS().toBER()); + const signature = yield crypto.signWithPrivateKey(this.tbsView, privateKey, parameters); + this.signatureValue = new BitString({ valueHex: signature }); + }); + } + verify(crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + return crypto.verifyWithPublicKey(this.tbsView, this.signatureValue, this.subjectPublicKeyInfo, this.signatureAlgorithm); + }); + } + getPublicKey(parameters, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + return crypto.getPublicKey(this.subjectPublicKeyInfo, this.signatureAlgorithm, parameters); + }); + } +} +CertificationRequest.CLASS_NAME = "CertificationRequest"; + +const DIGEST_ALGORITHM$1 = "digestAlgorithm"; +const DIGEST = "digest"; +const CLEAR_PROPS$e = [ + DIGEST_ALGORITHM$1, + DIGEST +]; +class DigestInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.digestAlgorithm = getParametersValue(parameters, DIGEST_ALGORITHM$1, DigestInfo.defaultValues(DIGEST_ALGORITHM$1)); + this.digest = getParametersValue(parameters, DIGEST, DigestInfo.defaultValues(DIGEST)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case DIGEST_ALGORITHM$1: + return new AlgorithmIdentifier(); + case DIGEST: + return new OctetString(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case DIGEST_ALGORITHM$1: + return ((AlgorithmIdentifier.compareWithDefault("algorithmId", memberValue.algorithmId)) && + (("algorithmParams" in memberValue) === false)); + case DIGEST: + return (memberValue.isEqual(DigestInfo.defaultValues(memberName))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + AlgorithmIdentifier.schema(names.digestAlgorithm || { + names: { + blockName: DIGEST_ALGORITHM$1 + } + }), + new OctetString({ name: (names.digest || DIGEST) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$e); + const asn1 = compareSchema(schema, schema, DigestInfo.schema({ + names: { + digestAlgorithm: { + names: { + blockName: DIGEST_ALGORITHM$1 + } + }, + digest: DIGEST + } + })); + AsnError.assertSchema(asn1, this.className); + this.digestAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.digestAlgorithm }); + this.digest = asn1.result.digest; + } + toSchema() { + return (new Sequence({ + value: [ + this.digestAlgorithm.toSchema(), + this.digest + ] + })); + } + toJSON() { + return { + digestAlgorithm: this.digestAlgorithm.toJSON(), + digest: this.digest.toJSON(), + }; + } +} +DigestInfo.CLASS_NAME = "DigestInfo"; + +const E_CONTENT_TYPE = "eContentType"; +const E_CONTENT = "eContent"; +const CLEAR_PROPS$d = [ + E_CONTENT_TYPE, + E_CONTENT, +]; +class EncapsulatedContentInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.eContentType = getParametersValue(parameters, E_CONTENT_TYPE, EncapsulatedContentInfo.defaultValues(E_CONTENT_TYPE)); + if (E_CONTENT in parameters) { + this.eContent = getParametersValue(parameters, E_CONTENT, EncapsulatedContentInfo.defaultValues(E_CONTENT)); + if ((this.eContent.idBlock.tagClass === 1) && + (this.eContent.idBlock.tagNumber === 4)) { + if (this.eContent.idBlock.isConstructed === false) { + const constrString = new OctetString({ + idBlock: { isConstructed: true }, + isConstructed: true + }); + let offset = 0; + const viewHex = this.eContent.valueBlock.valueHexView.slice().buffer; + let length = viewHex.byteLength; + while (length > 0) { + const pieceView = new Uint8Array(viewHex, offset, ((offset + 65536) > viewHex.byteLength) ? (viewHex.byteLength - offset) : 65536); + const _array = new ArrayBuffer(pieceView.length); + const _view = new Uint8Array(_array); + for (let i = 0; i < _view.length; i++) { + _view[i] = pieceView[i]; + } + constrString.valueBlock.value.push(new OctetString({ valueHex: _array })); + length -= pieceView.length; + offset += pieceView.length; + } + this.eContent = constrString; + } + } + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case E_CONTENT_TYPE: + return EMPTY_STRING; + case E_CONTENT: + return new OctetString(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case E_CONTENT_TYPE: + return (memberValue === EMPTY_STRING); + case E_CONTENT: + { + if ((memberValue.idBlock.tagClass === 1) && (memberValue.idBlock.tagNumber === 4)) + return (memberValue.isEqual(EncapsulatedContentInfo.defaultValues(E_CONTENT))); + return false; + } + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.eContentType || EMPTY_STRING) }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Any({ name: (names.eContent || EMPTY_STRING) }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$d); + const asn1 = compareSchema(schema, schema, EncapsulatedContentInfo.schema({ + names: { + eContentType: E_CONTENT_TYPE, + eContent: E_CONTENT + } + })); + AsnError.assertSchema(asn1, this.className); + this.eContentType = asn1.result.eContentType.valueBlock.toString(); + if (E_CONTENT in asn1.result) + this.eContent = asn1.result.eContent; + } + toSchema() { + const outputArray = []; + outputArray.push(new ObjectIdentifier({ value: this.eContentType })); + if (this.eContent) { + if (EncapsulatedContentInfo.compareWithDefault(E_CONTENT, this.eContent) === false) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [this.eContent] + })); + } + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + eContentType: this.eContentType + }; + if (this.eContent && EncapsulatedContentInfo.compareWithDefault(E_CONTENT, this.eContent) === false) { + res.eContent = this.eContent.toJSON(); + } + return res; + } +} +EncapsulatedContentInfo.CLASS_NAME = "EncapsulatedContentInfo"; + +class KeyBag extends PrivateKeyInfo { + constructor(parameters = {}) { + super(parameters); + } +} + +const MAC = "mac"; +const MAC_SALT = "macSalt"; +const ITERATIONS = "iterations"; +const CLEAR_PROPS$c = [ + MAC, + MAC_SALT, + ITERATIONS +]; +class MacData extends PkiObject { + constructor(parameters = {}) { + super(); + this.mac = getParametersValue(parameters, MAC, MacData.defaultValues(MAC)); + this.macSalt = getParametersValue(parameters, MAC_SALT, MacData.defaultValues(MAC_SALT)); + if (ITERATIONS in parameters) { + this.iterations = getParametersValue(parameters, ITERATIONS, MacData.defaultValues(ITERATIONS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case MAC: + return new DigestInfo(); + case MAC_SALT: + return new OctetString(); + case ITERATIONS: + return 1; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case MAC: + return ((DigestInfo.compareWithDefault("digestAlgorithm", memberValue.digestAlgorithm)) && + (DigestInfo.compareWithDefault("digest", memberValue.digest))); + case MAC_SALT: + return (memberValue.isEqual(MacData.defaultValues(memberName))); + case ITERATIONS: + return (memberValue === MacData.defaultValues(memberName)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + optional: (names.optional || true), + value: [ + DigestInfo.schema(names.mac || { + names: { + blockName: MAC + } + }), + new OctetString({ name: (names.macSalt || MAC_SALT) }), + new Integer({ + optional: true, + name: (names.iterations || ITERATIONS) + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$c); + const asn1 = compareSchema(schema, schema, MacData.schema({ + names: { + mac: { + names: { + blockName: MAC + } + }, + macSalt: MAC_SALT, + iterations: ITERATIONS + } + })); + AsnError.assertSchema(asn1, this.className); + this.mac = new DigestInfo({ schema: asn1.result.mac }); + this.macSalt = asn1.result.macSalt; + if (ITERATIONS in asn1.result) + this.iterations = asn1.result.iterations.valueBlock.valueDec; + } + toSchema() { + const outputArray = [ + this.mac.toSchema(), + this.macSalt + ]; + if (this.iterations !== undefined) { + outputArray.push(new Integer({ value: this.iterations })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + mac: this.mac.toJSON(), + macSalt: this.macSalt.toJSON(), + }; + if (this.iterations !== undefined) { + res.iterations = this.iterations; + } + return res; + } +} +MacData.CLASS_NAME = "MacData"; + +const HASH_ALGORITHM = "hashAlgorithm"; +const HASHED_MESSAGE = "hashedMessage"; +const CLEAR_PROPS$b = [ + HASH_ALGORITHM, + HASHED_MESSAGE, +]; +class MessageImprint extends PkiObject { + constructor(parameters = {}) { + super(); + this.hashAlgorithm = getParametersValue(parameters, HASH_ALGORITHM, MessageImprint.defaultValues(HASH_ALGORITHM)); + this.hashedMessage = getParametersValue(parameters, HASHED_MESSAGE, MessageImprint.defaultValues(HASHED_MESSAGE)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static create(hashAlgorithm, message, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + const hashAlgorithmOID = crypto.getOIDByAlgorithm({ name: hashAlgorithm }, true, "hashAlgorithm"); + const hashedMessage = yield crypto.digest(hashAlgorithm, message); + const res = new MessageImprint({ + hashAlgorithm: new AlgorithmIdentifier({ + algorithmId: hashAlgorithmOID, + algorithmParams: new Null(), + }), + hashedMessage: new OctetString({ valueHex: hashedMessage }) + }); + return res; + }); + } + static defaultValues(memberName) { + switch (memberName) { + case HASH_ALGORITHM: + return new AlgorithmIdentifier(); + case HASHED_MESSAGE: + return new OctetString(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case HASH_ALGORITHM: + return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false)); + case HASHED_MESSAGE: + return (memberValue.isEqual(MessageImprint.defaultValues(memberName)) === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + AlgorithmIdentifier.schema(names.hashAlgorithm || {}), + new OctetString({ name: (names.hashedMessage || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$b); + const asn1 = compareSchema(schema, schema, MessageImprint.schema({ + names: { + hashAlgorithm: { + names: { + blockName: HASH_ALGORITHM + } + }, + hashedMessage: HASHED_MESSAGE + } + })); + AsnError.assertSchema(asn1, this.className); + this.hashAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.hashAlgorithm }); + this.hashedMessage = asn1.result.hashedMessage; + } + toSchema() { + return (new Sequence({ + value: [ + this.hashAlgorithm.toSchema(), + this.hashedMessage + ] + })); + } + toJSON() { + return { + hashAlgorithm: this.hashAlgorithm.toJSON(), + hashedMessage: this.hashedMessage.toJSON(), + }; + } +} +MessageImprint.CLASS_NAME = "MessageImprint"; + +const REQ_CERT = "reqCert"; +const SINGLE_REQUEST_EXTENSIONS = "singleRequestExtensions"; +const CLEAR_PROPS$a = [ + REQ_CERT, + SINGLE_REQUEST_EXTENSIONS, +]; +class Request extends PkiObject { + constructor(parameters = {}) { + super(); + this.reqCert = getParametersValue(parameters, REQ_CERT, Request.defaultValues(REQ_CERT)); + if (SINGLE_REQUEST_EXTENSIONS in parameters) { + this.singleRequestExtensions = getParametersValue(parameters, SINGLE_REQUEST_EXTENSIONS, Request.defaultValues(SINGLE_REQUEST_EXTENSIONS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case REQ_CERT: + return new CertID(); + case SINGLE_REQUEST_EXTENSIONS: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case REQ_CERT: + return (memberValue.isEqual(Request.defaultValues(memberName))); + case SINGLE_REQUEST_EXTENSIONS: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + CertID.schema(names.reqCert || {}), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [Extension.schema(names.extensions || { + names: { + blockName: (names.singleRequestExtensions || EMPTY_STRING) + } + })] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$a); + const asn1 = compareSchema(schema, schema, Request.schema({ + names: { + reqCert: { + names: { + blockName: REQ_CERT + } + }, + extensions: { + names: { + blockName: SINGLE_REQUEST_EXTENSIONS + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.reqCert = new CertID({ schema: asn1.result.reqCert }); + if (SINGLE_REQUEST_EXTENSIONS in asn1.result) { + this.singleRequestExtensions = Array.from(asn1.result.singleRequestExtensions.valueBlock.value, element => new Extension({ schema: element })); + } + } + toSchema() { + const outputArray = []; + outputArray.push(this.reqCert.toSchema()); + if (this.singleRequestExtensions) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Sequence({ + value: Array.from(this.singleRequestExtensions, o => o.toSchema()) + }) + ] + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + reqCert: this.reqCert.toJSON() + }; + if (this.singleRequestExtensions) { + res.singleRequestExtensions = Array.from(this.singleRequestExtensions, o => o.toJSON()); + } + return res; + } +} +Request.CLASS_NAME = "Request"; + +const TBS = "tbs"; +const VERSION$5 = "version"; +const REQUESTOR_NAME = "requestorName"; +const REQUEST_LIST = "requestList"; +const REQUEST_EXTENSIONS = "requestExtensions"; +const TBS_REQUEST$1 = "TBSRequest"; +const TBS_REQUEST_VERSION = `${TBS_REQUEST$1}.${VERSION$5}`; +const TBS_REQUEST_REQUESTOR_NAME = `${TBS_REQUEST$1}.${REQUESTOR_NAME}`; +const TBS_REQUEST_REQUESTS = `${TBS_REQUEST$1}.requests`; +const TBS_REQUEST_REQUEST_EXTENSIONS = `${TBS_REQUEST$1}.${REQUEST_EXTENSIONS}`; +const CLEAR_PROPS$9 = [ + TBS_REQUEST$1, + TBS_REQUEST_VERSION, + TBS_REQUEST_REQUESTOR_NAME, + TBS_REQUEST_REQUESTS, + TBS_REQUEST_REQUEST_EXTENSIONS +]; +class TBSRequest extends PkiObject { + constructor(parameters = {}) { + super(); + this.tbsView = new Uint8Array(getParametersValue(parameters, TBS, TBSRequest.defaultValues(TBS))); + if (VERSION$5 in parameters) { + this.version = getParametersValue(parameters, VERSION$5, TBSRequest.defaultValues(VERSION$5)); + } + if (REQUESTOR_NAME in parameters) { + this.requestorName = getParametersValue(parameters, REQUESTOR_NAME, TBSRequest.defaultValues(REQUESTOR_NAME)); + } + this.requestList = getParametersValue(parameters, REQUEST_LIST, TBSRequest.defaultValues(REQUEST_LIST)); + if (REQUEST_EXTENSIONS in parameters) { + this.requestExtensions = getParametersValue(parameters, REQUEST_EXTENSIONS, TBSRequest.defaultValues(REQUEST_EXTENSIONS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + get tbs() { + return BufferSourceConverter.toArrayBuffer(this.tbsView); + } + set tbs(value) { + this.tbsView = new Uint8Array(value); + } + static defaultValues(memberName) { + switch (memberName) { + case TBS: + return EMPTY_BUFFER; + case VERSION$5: + return 0; + case REQUESTOR_NAME: + return new GeneralName(); + case REQUEST_LIST: + case REQUEST_EXTENSIONS: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case TBS: + return (memberValue.byteLength === 0); + case VERSION$5: + return (memberValue === TBSRequest.defaultValues(memberName)); + case REQUESTOR_NAME: + return ((memberValue.type === GeneralName.defaultValues("type")) && (Object.keys(memberValue.value).length === 0)); + case REQUEST_LIST: + case REQUEST_EXTENSIONS: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || TBS_REQUEST$1), + value: [ + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Integer({ name: (names.TBSRequestVersion || TBS_REQUEST_VERSION) })] + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [GeneralName.schema(names.requestorName || { + names: { + blockName: TBS_REQUEST_REQUESTOR_NAME + } + })] + }), + new Sequence({ + name: (names.requestList || "TBSRequest.requestList"), + value: [ + new Repeated({ + name: (names.requests || TBS_REQUEST_REQUESTS), + value: Request.schema(names.requestNames || {}) + }) + ] + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: [Extensions.schema(names.extensions || { + names: { + blockName: (names.requestExtensions || TBS_REQUEST_REQUEST_EXTENSIONS) + } + })] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$9); + const asn1 = compareSchema(schema, schema, TBSRequest.schema()); + AsnError.assertSchema(asn1, this.className); + this.tbsView = asn1.result.TBSRequest.valueBeforeDecodeView; + if (TBS_REQUEST_VERSION in asn1.result) + this.version = asn1.result[TBS_REQUEST_VERSION].valueBlock.valueDec; + if (TBS_REQUEST_REQUESTOR_NAME in asn1.result) + this.requestorName = new GeneralName({ schema: asn1.result[TBS_REQUEST_REQUESTOR_NAME] }); + this.requestList = Array.from(asn1.result[TBS_REQUEST_REQUESTS], element => new Request({ schema: element })); + if (TBS_REQUEST_REQUEST_EXTENSIONS in asn1.result) + this.requestExtensions = Array.from(asn1.result[TBS_REQUEST_REQUEST_EXTENSIONS].valueBlock.value, element => new Extension({ schema: element })); + } + toSchema(encodeFlag = false) { + let tbsSchema; + if (encodeFlag === false) { + if (this.tbsView.byteLength === 0) + return TBSRequest.schema(); + const asn1 = fromBER(this.tbsView); + AsnError.assert(asn1, "TBS Request"); + if (!(asn1.result instanceof Sequence)) { + throw new Error("ASN.1 result should be SEQUENCE"); + } + tbsSchema = asn1.result; + } + else { + const outputArray = []; + if (this.version !== undefined) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Integer({ value: this.version })] + })); + } + if (this.requestorName) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [this.requestorName.toSchema()] + })); + } + outputArray.push(new Sequence({ + value: Array.from(this.requestList, o => o.toSchema()) + })); + if (this.requestExtensions) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 2 + }, + value: [ + new Sequence({ + value: Array.from(this.requestExtensions, o => o.toSchema()) + }) + ] + })); + } + tbsSchema = new Sequence({ + value: outputArray + }); + } + return tbsSchema; + } + toJSON() { + const res = {}; + if (this.version != undefined) + res.version = this.version; + if (this.requestorName) { + res.requestorName = this.requestorName.toJSON(); + } + res.requestList = Array.from(this.requestList, o => o.toJSON()); + if (this.requestExtensions) { + res.requestExtensions = Array.from(this.requestExtensions, o => o.toJSON()); + } + return res; + } +} +TBSRequest.CLASS_NAME = "TBSRequest"; + +const SIGNATURE_ALGORITHM$1 = "signatureAlgorithm"; +const SIGNATURE$1 = "signature"; +const CERTS = "certs"; +class Signature extends PkiObject { + constructor(parameters = {}) { + super(); + this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$1, Signature.defaultValues(SIGNATURE_ALGORITHM$1)); + this.signature = getParametersValue(parameters, SIGNATURE$1, Signature.defaultValues(SIGNATURE$1)); + if (CERTS in parameters) { + this.certs = getParametersValue(parameters, CERTS, Signature.defaultValues(CERTS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case SIGNATURE_ALGORITHM$1: + return new AlgorithmIdentifier(); + case SIGNATURE$1: + return new BitString(); + case CERTS: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case SIGNATURE_ALGORITHM$1: + return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false)); + case SIGNATURE$1: + return (memberValue.isEqual(Signature.defaultValues(memberName))); + case CERTS: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + AlgorithmIdentifier.schema(names.signatureAlgorithm || {}), + new BitString({ name: (names.signature || EMPTY_STRING) }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Sequence({ + value: [new Repeated({ + name: (names.certs || EMPTY_STRING), + value: Certificate.schema({}) + })] + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, [ + SIGNATURE_ALGORITHM$1, + SIGNATURE$1, + CERTS + ]); + const asn1 = compareSchema(schema, schema, Signature.schema({ + names: { + signatureAlgorithm: { + names: { + blockName: SIGNATURE_ALGORITHM$1 + } + }, + signature: SIGNATURE$1, + certs: CERTS + } + })); + AsnError.assertSchema(asn1, this.className); + this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm }); + this.signature = asn1.result.signature; + if (CERTS in asn1.result) + this.certs = Array.from(asn1.result.certs, element => new Certificate({ schema: element })); + } + toSchema() { + const outputArray = []; + outputArray.push(this.signatureAlgorithm.toSchema()); + outputArray.push(this.signature); + if (this.certs) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + new Sequence({ + value: Array.from(this.certs, o => o.toSchema()) + }) + ] + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + signatureAlgorithm: this.signatureAlgorithm.toJSON(), + signature: this.signature.toJSON(), + }; + if (this.certs) { + res.certs = Array.from(this.certs, o => o.toJSON()); + } + return res; + } +} +Signature.CLASS_NAME = "Signature"; + +const TBS_REQUEST = "tbsRequest"; +const OPTIONAL_SIGNATURE = "optionalSignature"; +const CLEAR_PROPS$8 = [ + TBS_REQUEST, + OPTIONAL_SIGNATURE +]; +class OCSPRequest extends PkiObject { + constructor(parameters = {}) { + super(); + this.tbsRequest = getParametersValue(parameters, TBS_REQUEST, OCSPRequest.defaultValues(TBS_REQUEST)); + if (OPTIONAL_SIGNATURE in parameters) { + this.optionalSignature = getParametersValue(parameters, OPTIONAL_SIGNATURE, OCSPRequest.defaultValues(OPTIONAL_SIGNATURE)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case TBS_REQUEST: + return new TBSRequest(); + case OPTIONAL_SIGNATURE: + return new Signature(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case TBS_REQUEST: + return ((TBSRequest.compareWithDefault("tbs", memberValue.tbs)) && + (TBSRequest.compareWithDefault("version", memberValue.version)) && + (TBSRequest.compareWithDefault("requestorName", memberValue.requestorName)) && + (TBSRequest.compareWithDefault("requestList", memberValue.requestList)) && + (TBSRequest.compareWithDefault("requestExtensions", memberValue.requestExtensions))); + case OPTIONAL_SIGNATURE: + return ((Signature.compareWithDefault("signatureAlgorithm", memberValue.signatureAlgorithm)) && + (Signature.compareWithDefault("signature", memberValue.signature)) && + (Signature.compareWithDefault("certs", memberValue.certs))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: names.blockName || "OCSPRequest", + value: [ + TBSRequest.schema(names.tbsRequest || { + names: { + blockName: TBS_REQUEST + } + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + Signature.schema(names.optionalSignature || { + names: { + blockName: OPTIONAL_SIGNATURE + } + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$8); + const asn1 = compareSchema(schema, schema, OCSPRequest.schema()); + AsnError.assertSchema(asn1, this.className); + this.tbsRequest = new TBSRequest({ schema: asn1.result.tbsRequest }); + if (OPTIONAL_SIGNATURE in asn1.result) + this.optionalSignature = new Signature({ schema: asn1.result.optionalSignature }); + } + toSchema(encodeFlag = false) { + const outputArray = []; + outputArray.push(this.tbsRequest.toSchema(encodeFlag)); + if (this.optionalSignature) + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + this.optionalSignature.toSchema() + ] + })); + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + tbsRequest: this.tbsRequest.toJSON() + }; + if (this.optionalSignature) { + res.optionalSignature = this.optionalSignature.toJSON(); + } + return res; + } + createForCertificate(certificate, parameters, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + const certID = new CertID(); + yield certID.createForCertificate(certificate, parameters, crypto); + this.tbsRequest.requestList.push(new Request({ + reqCert: certID, + })); + }); + } + sign(privateKey, hashAlgorithm = "SHA-1", crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + ParameterError.assertEmpty(privateKey, "privateKey", "OCSPRequest.sign method"); + if (!this.optionalSignature) { + throw new Error("Need to create \"optionalSignature\" field before signing"); + } + const signatureParams = yield crypto.getSignatureParameters(privateKey, hashAlgorithm); + const parameters = signatureParams.parameters; + this.optionalSignature.signatureAlgorithm = signatureParams.signatureAlgorithm; + const tbs = this.tbsRequest.toSchema(true).toBER(false); + const signature = yield crypto.signWithPrivateKey(tbs, privateKey, parameters); + this.optionalSignature.signature = new BitString({ valueHex: signature }); + }); + } + verify() { + } +} +OCSPRequest.CLASS_NAME = "OCSPRequest"; + +const RESPONSE_TYPE = "responseType"; +const RESPONSE = "response"; +const CLEAR_PROPS$7 = [ + RESPONSE_TYPE, + RESPONSE +]; +class ResponseBytes extends PkiObject { + constructor(parameters = {}) { + super(); + this.responseType = getParametersValue(parameters, RESPONSE_TYPE, ResponseBytes.defaultValues(RESPONSE_TYPE)); + this.response = getParametersValue(parameters, RESPONSE, ResponseBytes.defaultValues(RESPONSE)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case RESPONSE_TYPE: + return EMPTY_STRING; + case RESPONSE: + return new OctetString(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case RESPONSE_TYPE: + return (memberValue === EMPTY_STRING); + case RESPONSE: + return (memberValue.isEqual(ResponseBytes.defaultValues(memberName))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new ObjectIdentifier({ name: (names.responseType || EMPTY_STRING) }), + new OctetString({ name: (names.response || EMPTY_STRING) }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$7); + const asn1 = compareSchema(schema, schema, ResponseBytes.schema({ + names: { + responseType: RESPONSE_TYPE, + response: RESPONSE + } + })); + AsnError.assertSchema(asn1, this.className); + this.responseType = asn1.result.responseType.valueBlock.toString(); + this.response = asn1.result.response; + } + toSchema() { + return (new Sequence({ + value: [ + new ObjectIdentifier({ value: this.responseType }), + this.response + ] + })); + } + toJSON() { + return { + responseType: this.responseType, + response: this.response.toJSON(), + }; + } +} +ResponseBytes.CLASS_NAME = "ResponseBytes"; + +const RESPONSE_STATUS = "responseStatus"; +const RESPONSE_BYTES = "responseBytes"; +class OCSPResponse extends PkiObject { + constructor(parameters = {}) { + super(); + this.responseStatus = getParametersValue(parameters, RESPONSE_STATUS, OCSPResponse.defaultValues(RESPONSE_STATUS)); + if (RESPONSE_BYTES in parameters) { + this.responseBytes = getParametersValue(parameters, RESPONSE_BYTES, OCSPResponse.defaultValues(RESPONSE_BYTES)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case RESPONSE_STATUS: + return new Enumerated(); + case RESPONSE_BYTES: + return new ResponseBytes(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case RESPONSE_STATUS: + return (memberValue.isEqual(OCSPResponse.defaultValues(memberName))); + case RESPONSE_BYTES: + return ((ResponseBytes.compareWithDefault("responseType", memberValue.responseType)) && + (ResponseBytes.compareWithDefault("response", memberValue.response))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || "OCSPResponse"), + value: [ + new Enumerated({ name: (names.responseStatus || RESPONSE_STATUS) }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [ + ResponseBytes.schema(names.responseBytes || { + names: { + blockName: RESPONSE_BYTES + } + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, [ + RESPONSE_STATUS, + RESPONSE_BYTES + ]); + const asn1 = compareSchema(schema, schema, OCSPResponse.schema()); + AsnError.assertSchema(asn1, this.className); + this.responseStatus = asn1.result.responseStatus; + if (RESPONSE_BYTES in asn1.result) + this.responseBytes = new ResponseBytes({ schema: asn1.result.responseBytes }); + } + toSchema() { + const outputArray = []; + outputArray.push(this.responseStatus); + if (this.responseBytes) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [this.responseBytes.toSchema()] + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + responseStatus: this.responseStatus.toJSON() + }; + if (this.responseBytes) { + res.responseBytes = this.responseBytes.toJSON(); + } + return res; + } + getCertificateStatus(certificate, issuerCertificate, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + let basicResponse; + const result = { + isForCertificate: false, + status: 2 + }; + if (!this.responseBytes) + return result; + if (this.responseBytes.responseType !== id_PKIX_OCSP_Basic) + return result; + try { + const asn1Basic = fromBER(this.responseBytes.response.valueBlock.valueHexView); + AsnError.assert(asn1Basic, "Basic OCSP response"); + basicResponse = new BasicOCSPResponse({ schema: asn1Basic.result }); + } + catch (ex) { + return result; + } + return basicResponse.getCertificateStatus(certificate, issuerCertificate, crypto); + }); + } + sign(privateKey, hashAlgorithm, crypto = getCrypto(true)) { + var _a; + return __awaiter(this, void 0, void 0, function* () { + if (this.responseBytes && this.responseBytes.responseType === id_PKIX_OCSP_Basic) { + const basicResponse = BasicOCSPResponse.fromBER(this.responseBytes.response.valueBlock.valueHexView); + return basicResponse.sign(privateKey, hashAlgorithm, crypto); + } + throw new Error(`Unknown ResponseBytes type: ${((_a = this.responseBytes) === null || _a === void 0 ? void 0 : _a.responseType) || "Unknown"}`); + }); + } + verify(issuerCertificate = null, crypto = getCrypto(true)) { + var _a; + return __awaiter(this, void 0, void 0, function* () { + if ((RESPONSE_BYTES in this) === false) + throw new Error("Empty ResponseBytes field"); + if (this.responseBytes && this.responseBytes.responseType === id_PKIX_OCSP_Basic) { + const basicResponse = BasicOCSPResponse.fromBER(this.responseBytes.response.valueBlock.valueHexView); + if (issuerCertificate !== null) { + if (!basicResponse.certs) { + basicResponse.certs = []; + } + basicResponse.certs.push(issuerCertificate); + } + return basicResponse.verify({}, crypto); + } + throw new Error(`Unknown ResponseBytes type: ${((_a = this.responseBytes) === null || _a === void 0 ? void 0 : _a.responseType) || "Unknown"}`); + }); + } +} +OCSPResponse.CLASS_NAME = "OCSPResponse"; + +const TYPE = "type"; +const ATTRIBUTES = "attributes"; +const ENCODED_VALUE = "encodedValue"; +const CLEAR_PROPS$6 = [ + ATTRIBUTES +]; +class SignedAndUnsignedAttributes extends PkiObject { + constructor(parameters = {}) { + super(); + this.type = getParametersValue(parameters, TYPE, SignedAndUnsignedAttributes.defaultValues(TYPE)); + this.attributes = getParametersValue(parameters, ATTRIBUTES, SignedAndUnsignedAttributes.defaultValues(ATTRIBUTES)); + this.encodedValue = getParametersValue(parameters, ENCODED_VALUE, SignedAndUnsignedAttributes.defaultValues(ENCODED_VALUE)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case TYPE: + return (-1); + case ATTRIBUTES: + return []; + case ENCODED_VALUE: + return EMPTY_BUFFER; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case TYPE: + return (memberValue === SignedAndUnsignedAttributes.defaultValues(TYPE)); + case ATTRIBUTES: + return (memberValue.length === 0); + case ENCODED_VALUE: + return (memberValue.byteLength === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Constructed({ + name: (names.blockName || EMPTY_STRING), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: names.tagNumber || 0 + }, + value: [ + new Repeated({ + name: (names.attributes || EMPTY_STRING), + value: Attribute.schema() + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$6); + const asn1 = compareSchema(schema, schema, SignedAndUnsignedAttributes.schema({ + names: { + tagNumber: this.type, + attributes: ATTRIBUTES + } + })); + AsnError.assertSchema(asn1, this.className); + this.type = asn1.result.idBlock.tagNumber; + this.encodedValue = BufferSourceConverter.toArrayBuffer(asn1.result.valueBeforeDecodeView); + const encodedView = new Uint8Array(this.encodedValue); + encodedView[0] = 0x31; + if ((ATTRIBUTES in asn1.result) === false) { + if (this.type === 0) + throw new Error("Wrong structure of SignedUnsignedAttributes"); + else + return; + } + this.attributes = Array.from(asn1.result.attributes, element => new Attribute({ schema: element })); + } + toSchema() { + if (SignedAndUnsignedAttributes.compareWithDefault(TYPE, this.type) || SignedAndUnsignedAttributes.compareWithDefault(ATTRIBUTES, this.attributes)) + throw new Error("Incorrectly initialized \"SignedAndUnsignedAttributes\" class"); + return (new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: this.type + }, + value: Array.from(this.attributes, o => o.toSchema()) + })); + } + toJSON() { + if (SignedAndUnsignedAttributes.compareWithDefault(TYPE, this.type) || SignedAndUnsignedAttributes.compareWithDefault(ATTRIBUTES, this.attributes)) + throw new Error("Incorrectly initialized \"SignedAndUnsignedAttributes\" class"); + return { + type: this.type, + attributes: Array.from(this.attributes, o => o.toJSON()) + }; + } +} +SignedAndUnsignedAttributes.CLASS_NAME = "SignedAndUnsignedAttributes"; + +const VERSION$4 = "version"; +const SID = "sid"; +const DIGEST_ALGORITHM = "digestAlgorithm"; +const SIGNED_ATTRS = "signedAttrs"; +const SIGNATURE_ALGORITHM = "signatureAlgorithm"; +const SIGNATURE = "signature"; +const UNSIGNED_ATTRS = "unsignedAttrs"; +const SIGNER_INFO = "SignerInfo"; +const SIGNER_INFO_VERSION = `${SIGNER_INFO}.${VERSION$4}`; +const SIGNER_INFO_SID = `${SIGNER_INFO}.${SID}`; +const SIGNER_INFO_DIGEST_ALGORITHM = `${SIGNER_INFO}.${DIGEST_ALGORITHM}`; +const SIGNER_INFO_SIGNED_ATTRS = `${SIGNER_INFO}.${SIGNED_ATTRS}`; +const SIGNER_INFO_SIGNATURE_ALGORITHM = `${SIGNER_INFO}.${SIGNATURE_ALGORITHM}`; +const SIGNER_INFO_SIGNATURE = `${SIGNER_INFO}.${SIGNATURE}`; +const SIGNER_INFO_UNSIGNED_ATTRS = `${SIGNER_INFO}.${UNSIGNED_ATTRS}`; +const CLEAR_PROPS$5 = [ + SIGNER_INFO_VERSION, + SIGNER_INFO_SID, + SIGNER_INFO_DIGEST_ALGORITHM, + SIGNER_INFO_SIGNED_ATTRS, + SIGNER_INFO_SIGNATURE_ALGORITHM, + SIGNER_INFO_SIGNATURE, + SIGNER_INFO_UNSIGNED_ATTRS +]; +class SignerInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$4, SignerInfo.defaultValues(VERSION$4)); + this.sid = getParametersValue(parameters, SID, SignerInfo.defaultValues(SID)); + this.digestAlgorithm = getParametersValue(parameters, DIGEST_ALGORITHM, SignerInfo.defaultValues(DIGEST_ALGORITHM)); + if (SIGNED_ATTRS in parameters) { + this.signedAttrs = getParametersValue(parameters, SIGNED_ATTRS, SignerInfo.defaultValues(SIGNED_ATTRS)); + } + this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM, SignerInfo.defaultValues(SIGNATURE_ALGORITHM)); + this.signature = getParametersValue(parameters, SIGNATURE, SignerInfo.defaultValues(SIGNATURE)); + if (UNSIGNED_ATTRS in parameters) { + this.unsignedAttrs = getParametersValue(parameters, UNSIGNED_ATTRS, SignerInfo.defaultValues(UNSIGNED_ATTRS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$4: + return 0; + case SID: + return new Any(); + case DIGEST_ALGORITHM: + return new AlgorithmIdentifier(); + case SIGNED_ATTRS: + return new SignedAndUnsignedAttributes({ type: 0 }); + case SIGNATURE_ALGORITHM: + return new AlgorithmIdentifier(); + case SIGNATURE: + return new OctetString(); + case UNSIGNED_ATTRS: + return new SignedAndUnsignedAttributes({ type: 1 }); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VERSION$4: + return (SignerInfo.defaultValues(VERSION$4) === memberValue); + case SID: + return (memberValue instanceof Any); + case DIGEST_ALGORITHM: + if ((memberValue instanceof AlgorithmIdentifier) === false) + return false; + return memberValue.isEqual(SignerInfo.defaultValues(DIGEST_ALGORITHM)); + case SIGNED_ATTRS: + return ((SignedAndUnsignedAttributes.compareWithDefault("type", memberValue.type)) + && (SignedAndUnsignedAttributes.compareWithDefault("attributes", memberValue.attributes)) + && (SignedAndUnsignedAttributes.compareWithDefault("encodedValue", memberValue.encodedValue))); + case SIGNATURE_ALGORITHM: + if ((memberValue instanceof AlgorithmIdentifier) === false) + return false; + return memberValue.isEqual(SignerInfo.defaultValues(SIGNATURE_ALGORITHM)); + case SIGNATURE: + case UNSIGNED_ATTRS: + return ((SignedAndUnsignedAttributes.compareWithDefault("type", memberValue.type)) + && (SignedAndUnsignedAttributes.compareWithDefault("attributes", memberValue.attributes)) + && (SignedAndUnsignedAttributes.compareWithDefault("encodedValue", memberValue.encodedValue))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: SIGNER_INFO, + value: [ + new Integer({ name: (names.version || SIGNER_INFO_VERSION) }), + new Choice({ + value: [ + IssuerAndSerialNumber.schema(names.sidSchema || { + names: { + blockName: SIGNER_INFO_SID + } + }), + new Choice({ + value: [ + new Constructed({ + optional: true, + name: (names.sid || SIGNER_INFO_SID), + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new OctetString()] + }), + new Primitive({ + optional: true, + name: (names.sid || SIGNER_INFO_SID), + idBlock: { + tagClass: 3, + tagNumber: 0 + } + }), + ] + }), + ] + }), + AlgorithmIdentifier.schema(names.digestAlgorithm || { + names: { + blockName: SIGNER_INFO_DIGEST_ALGORITHM + } + }), + SignedAndUnsignedAttributes.schema(names.signedAttrs || { + names: { + blockName: SIGNER_INFO_SIGNED_ATTRS, + tagNumber: 0 + } + }), + AlgorithmIdentifier.schema(names.signatureAlgorithm || { + names: { + blockName: SIGNER_INFO_SIGNATURE_ALGORITHM + } + }), + new OctetString({ name: (names.signature || SIGNER_INFO_SIGNATURE) }), + SignedAndUnsignedAttributes.schema(names.unsignedAttrs || { + names: { + blockName: SIGNER_INFO_UNSIGNED_ATTRS, + tagNumber: 1 + } + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$5); + const asn1 = compareSchema(schema, schema, SignerInfo.schema()); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result[SIGNER_INFO_VERSION].valueBlock.valueDec; + const currentSid = asn1.result[SIGNER_INFO_SID]; + if (currentSid.idBlock.tagClass === 1) + this.sid = new IssuerAndSerialNumber({ schema: currentSid }); + else + this.sid = currentSid; + this.digestAlgorithm = new AlgorithmIdentifier({ schema: asn1.result[SIGNER_INFO_DIGEST_ALGORITHM] }); + if (SIGNER_INFO_SIGNED_ATTRS in asn1.result) + this.signedAttrs = new SignedAndUnsignedAttributes({ type: 0, schema: asn1.result[SIGNER_INFO_SIGNED_ATTRS] }); + this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result[SIGNER_INFO_SIGNATURE_ALGORITHM] }); + this.signature = asn1.result[SIGNER_INFO_SIGNATURE]; + if (SIGNER_INFO_UNSIGNED_ATTRS in asn1.result) + this.unsignedAttrs = new SignedAndUnsignedAttributes({ type: 1, schema: asn1.result[SIGNER_INFO_UNSIGNED_ATTRS] }); + } + toSchema() { + if (SignerInfo.compareWithDefault(SID, this.sid)) + throw new Error("Incorrectly initialized \"SignerInfo\" class"); + const outputArray = []; + outputArray.push(new Integer({ value: this.version })); + if (this.sid instanceof IssuerAndSerialNumber) + outputArray.push(this.sid.toSchema()); + else + outputArray.push(this.sid); + outputArray.push(this.digestAlgorithm.toSchema()); + if (this.signedAttrs) { + if (SignerInfo.compareWithDefault(SIGNED_ATTRS, this.signedAttrs) === false) + outputArray.push(this.signedAttrs.toSchema()); + } + outputArray.push(this.signatureAlgorithm.toSchema()); + outputArray.push(this.signature); + if (this.unsignedAttrs) { + if (SignerInfo.compareWithDefault(UNSIGNED_ATTRS, this.unsignedAttrs) === false) + outputArray.push(this.unsignedAttrs.toSchema()); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + if (SignerInfo.compareWithDefault(SID, this.sid)) { + throw new Error("Incorrectly initialized \"SignerInfo\" class"); + } + const res = { + version: this.version, + digestAlgorithm: this.digestAlgorithm.toJSON(), + signatureAlgorithm: this.signatureAlgorithm.toJSON(), + signature: this.signature.toJSON(), + }; + if (!(this.sid instanceof Any)) + res.sid = this.sid.toJSON(); + if (this.signedAttrs && SignerInfo.compareWithDefault(SIGNED_ATTRS, this.signedAttrs) === false) { + res.signedAttrs = this.signedAttrs.toJSON(); + } + if (this.unsignedAttrs && SignerInfo.compareWithDefault(UNSIGNED_ATTRS, this.unsignedAttrs) === false) { + res.unsignedAttrs = this.unsignedAttrs.toJSON(); + } + return res; + } +} +SignerInfo.CLASS_NAME = "SignerInfo"; + +const VERSION$3 = "version"; +const POLICY = "policy"; +const MESSAGE_IMPRINT$1 = "messageImprint"; +const SERIAL_NUMBER = "serialNumber"; +const GEN_TIME = "genTime"; +const ORDERING = "ordering"; +const NONCE$1 = "nonce"; +const ACCURACY = "accuracy"; +const TSA = "tsa"; +const EXTENSIONS$1 = "extensions"; +const TST_INFO = "TSTInfo"; +const TST_INFO_VERSION = `${TST_INFO}.${VERSION$3}`; +const TST_INFO_POLICY = `${TST_INFO}.${POLICY}`; +const TST_INFO_MESSAGE_IMPRINT = `${TST_INFO}.${MESSAGE_IMPRINT$1}`; +const TST_INFO_SERIAL_NUMBER = `${TST_INFO}.${SERIAL_NUMBER}`; +const TST_INFO_GEN_TIME = `${TST_INFO}.${GEN_TIME}`; +const TST_INFO_ACCURACY = `${TST_INFO}.${ACCURACY}`; +const TST_INFO_ORDERING = `${TST_INFO}.${ORDERING}`; +const TST_INFO_NONCE = `${TST_INFO}.${NONCE$1}`; +const TST_INFO_TSA = `${TST_INFO}.${TSA}`; +const TST_INFO_EXTENSIONS = `${TST_INFO}.${EXTENSIONS$1}`; +const CLEAR_PROPS$4 = [ + TST_INFO_VERSION, + TST_INFO_POLICY, + TST_INFO_MESSAGE_IMPRINT, + TST_INFO_SERIAL_NUMBER, + TST_INFO_GEN_TIME, + TST_INFO_ACCURACY, + TST_INFO_ORDERING, + TST_INFO_NONCE, + TST_INFO_TSA, + TST_INFO_EXTENSIONS +]; +class TSTInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$3, TSTInfo.defaultValues(VERSION$3)); + this.policy = getParametersValue(parameters, POLICY, TSTInfo.defaultValues(POLICY)); + this.messageImprint = getParametersValue(parameters, MESSAGE_IMPRINT$1, TSTInfo.defaultValues(MESSAGE_IMPRINT$1)); + this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER, TSTInfo.defaultValues(SERIAL_NUMBER)); + this.genTime = getParametersValue(parameters, GEN_TIME, TSTInfo.defaultValues(GEN_TIME)); + if (ACCURACY in parameters) { + this.accuracy = getParametersValue(parameters, ACCURACY, TSTInfo.defaultValues(ACCURACY)); + } + if (ORDERING in parameters) { + this.ordering = getParametersValue(parameters, ORDERING, TSTInfo.defaultValues(ORDERING)); + } + if (NONCE$1 in parameters) { + this.nonce = getParametersValue(parameters, NONCE$1, TSTInfo.defaultValues(NONCE$1)); + } + if (TSA in parameters) { + this.tsa = getParametersValue(parameters, TSA, TSTInfo.defaultValues(TSA)); + } + if (EXTENSIONS$1 in parameters) { + this.extensions = getParametersValue(parameters, EXTENSIONS$1, TSTInfo.defaultValues(EXTENSIONS$1)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$3: + return 0; + case POLICY: + return EMPTY_STRING; + case MESSAGE_IMPRINT$1: + return new MessageImprint(); + case SERIAL_NUMBER: + return new Integer(); + case GEN_TIME: + return new Date(0, 0, 0); + case ACCURACY: + return new Accuracy(); + case ORDERING: + return false; + case NONCE$1: + return new Integer(); + case TSA: + return new GeneralName(); + case EXTENSIONS$1: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VERSION$3: + case POLICY: + case GEN_TIME: + case ORDERING: + return (memberValue === TSTInfo.defaultValues(ORDERING)); + case MESSAGE_IMPRINT$1: + return ((MessageImprint.compareWithDefault(HASH_ALGORITHM, memberValue.hashAlgorithm)) && + (MessageImprint.compareWithDefault(HASHED_MESSAGE, memberValue.hashedMessage))); + case SERIAL_NUMBER: + case NONCE$1: + return (memberValue.isEqual(TSTInfo.defaultValues(NONCE$1))); + case ACCURACY: + return ((Accuracy.compareWithDefault(SECONDS, memberValue.seconds)) && + (Accuracy.compareWithDefault(MILLIS, memberValue.millis)) && + (Accuracy.compareWithDefault(MICROS, memberValue.micros))); + case TSA: + return ((GeneralName.compareWithDefault(TYPE$4, memberValue.type)) && + (GeneralName.compareWithDefault(VALUE$5, memberValue.value))); + case EXTENSIONS$1: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || TST_INFO), + value: [ + new Integer({ name: (names.version || TST_INFO_VERSION) }), + new ObjectIdentifier({ name: (names.policy || TST_INFO_POLICY) }), + MessageImprint.schema(names.messageImprint || { + names: { + blockName: TST_INFO_MESSAGE_IMPRINT + } + }), + new Integer({ name: (names.serialNumber || TST_INFO_SERIAL_NUMBER) }), + new GeneralizedTime({ name: (names.genTime || TST_INFO_GEN_TIME) }), + Accuracy.schema(names.accuracy || { + names: { + blockName: TST_INFO_ACCURACY + } + }), + new Boolean({ + name: (names.ordering || TST_INFO_ORDERING), + optional: true + }), + new Integer({ + name: (names.nonce || TST_INFO_NONCE), + optional: true + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [GeneralName.schema(names.tsa || { + names: { + blockName: TST_INFO_TSA + } + })] + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: [ + new Repeated({ + name: (names.extensions || TST_INFO_EXTENSIONS), + value: Extension.schema(names.extension || {}) + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$4); + const asn1 = compareSchema(schema, schema, TSTInfo.schema()); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result[TST_INFO_VERSION].valueBlock.valueDec; + this.policy = asn1.result[TST_INFO_POLICY].valueBlock.toString(); + this.messageImprint = new MessageImprint({ schema: asn1.result[TST_INFO_MESSAGE_IMPRINT] }); + this.serialNumber = asn1.result[TST_INFO_SERIAL_NUMBER]; + this.genTime = asn1.result[TST_INFO_GEN_TIME].toDate(); + if (TST_INFO_ACCURACY in asn1.result) + this.accuracy = new Accuracy({ schema: asn1.result[TST_INFO_ACCURACY] }); + if (TST_INFO_ORDERING in asn1.result) + this.ordering = asn1.result[TST_INFO_ORDERING].valueBlock.value; + if (TST_INFO_NONCE in asn1.result) + this.nonce = asn1.result[TST_INFO_NONCE]; + if (TST_INFO_TSA in asn1.result) + this.tsa = new GeneralName({ schema: asn1.result[TST_INFO_TSA] }); + if (TST_INFO_EXTENSIONS in asn1.result) + this.extensions = Array.from(asn1.result[TST_INFO_EXTENSIONS], element => new Extension({ schema: element })); + } + toSchema() { + const outputArray = []; + outputArray.push(new Integer({ value: this.version })); + outputArray.push(new ObjectIdentifier({ value: this.policy })); + outputArray.push(this.messageImprint.toSchema()); + outputArray.push(this.serialNumber); + outputArray.push(new GeneralizedTime({ valueDate: this.genTime })); + if (this.accuracy) + outputArray.push(this.accuracy.toSchema()); + if (this.ordering !== undefined) + outputArray.push(new Boolean({ value: this.ordering })); + if (this.nonce) + outputArray.push(this.nonce); + if (this.tsa) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [this.tsa.toSchema()] + })); + } + if (this.extensions) { + outputArray.push(new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: Array.from(this.extensions, o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + version: this.version, + policy: this.policy, + messageImprint: this.messageImprint.toJSON(), + serialNumber: this.serialNumber.toJSON(), + genTime: this.genTime + }; + if (this.accuracy) + res.accuracy = this.accuracy.toJSON(); + if (this.ordering !== undefined) + res.ordering = this.ordering; + if (this.nonce) + res.nonce = this.nonce.toJSON(); + if (this.tsa) + res.tsa = this.tsa.toJSON(); + if (this.extensions) + res.extensions = Array.from(this.extensions, o => o.toJSON()); + return res; + } + verify(params, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + if (!params.data) { + throw new Error("\"data\" is a mandatory attribute for TST_INFO verification"); + } + const data = params.data; + if (params.notBefore) { + if (this.genTime < params.notBefore) + throw new Error("Generation time for TSTInfo object is less than notBefore value"); + } + if (params.notAfter) { + if (this.genTime > params.notAfter) + throw new Error("Generation time for TSTInfo object is more than notAfter value"); + } + const shaAlgorithm = crypto.getAlgorithmByOID(this.messageImprint.hashAlgorithm.algorithmId, true, "MessageImprint.hashAlgorithm"); + const hash = yield crypto.digest(shaAlgorithm.name, new Uint8Array(data)); + return BufferSourceConverter.isEqual(hash, this.messageImprint.hashedMessage.valueBlock.valueHexView); + }); + } +} +TSTInfo.CLASS_NAME = "TSTInfo"; + +const VERSION$2 = "version"; +const DIGEST_ALGORITHMS = "digestAlgorithms"; +const ENCAP_CONTENT_INFO = "encapContentInfo"; +const CERTIFICATES = "certificates"; +const CRLS = "crls"; +const SIGNER_INFOS = "signerInfos"; +const OCSPS = "ocsps"; +const SIGNED_DATA = "SignedData"; +const SIGNED_DATA_VERSION = `${SIGNED_DATA}.${VERSION$2}`; +const SIGNED_DATA_DIGEST_ALGORITHMS = `${SIGNED_DATA}.${DIGEST_ALGORITHMS}`; +const SIGNED_DATA_ENCAP_CONTENT_INFO = `${SIGNED_DATA}.${ENCAP_CONTENT_INFO}`; +const SIGNED_DATA_CERTIFICATES = `${SIGNED_DATA}.${CERTIFICATES}`; +const SIGNED_DATA_CRLS = `${SIGNED_DATA}.${CRLS}`; +const SIGNED_DATA_SIGNER_INFOS = `${SIGNED_DATA}.${SIGNER_INFOS}`; +const CLEAR_PROPS$3 = [ + SIGNED_DATA_VERSION, + SIGNED_DATA_DIGEST_ALGORITHMS, + SIGNED_DATA_ENCAP_CONTENT_INFO, + SIGNED_DATA_CERTIFICATES, + SIGNED_DATA_CRLS, + SIGNED_DATA_SIGNER_INFOS +]; +class SignedDataVerifyError extends Error { + constructor({ message, code = 0, date = new Date(), signatureVerified = null, signerCertificate = null, signerCertificateVerified = null, timestampSerial = null, certificatePath = [], }) { + super(message); + this.name = "SignedDataVerifyError"; + this.date = date; + this.code = code; + this.timestampSerial = timestampSerial; + this.signatureVerified = signatureVerified; + this.signerCertificate = signerCertificate; + this.signerCertificateVerified = signerCertificateVerified; + this.certificatePath = certificatePath; + } +} +class SignedData extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$2, SignedData.defaultValues(VERSION$2)); + this.digestAlgorithms = getParametersValue(parameters, DIGEST_ALGORITHMS, SignedData.defaultValues(DIGEST_ALGORITHMS)); + this.encapContentInfo = getParametersValue(parameters, ENCAP_CONTENT_INFO, SignedData.defaultValues(ENCAP_CONTENT_INFO)); + if (CERTIFICATES in parameters) { + this.certificates = getParametersValue(parameters, CERTIFICATES, SignedData.defaultValues(CERTIFICATES)); + } + if (CRLS in parameters) { + this.crls = getParametersValue(parameters, CRLS, SignedData.defaultValues(CRLS)); + } + if (OCSPS in parameters) { + this.ocsps = getParametersValue(parameters, OCSPS, SignedData.defaultValues(OCSPS)); + } + this.signerInfos = getParametersValue(parameters, SIGNER_INFOS, SignedData.defaultValues(SIGNER_INFOS)); + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$2: + return 0; + case DIGEST_ALGORITHMS: + return []; + case ENCAP_CONTENT_INFO: + return new EncapsulatedContentInfo(); + case CERTIFICATES: + return []; + case CRLS: + return []; + case OCSPS: + return []; + case SIGNER_INFOS: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VERSION$2: + return (memberValue === SignedData.defaultValues(VERSION$2)); + case ENCAP_CONTENT_INFO: + return EncapsulatedContentInfo.compareWithDefault("eContentType", memberValue.eContentType) && + EncapsulatedContentInfo.compareWithDefault("eContent", memberValue.eContent); + case DIGEST_ALGORITHMS: + case CERTIFICATES: + case CRLS: + case OCSPS: + case SIGNER_INFOS: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + if (names.optional === undefined) { + names.optional = false; + } + return (new Sequence({ + name: (names.blockName || SIGNED_DATA), + optional: names.optional, + value: [ + new Integer({ name: (names.version || SIGNED_DATA_VERSION) }), + new Set({ + value: [ + new Repeated({ + name: (names.digestAlgorithms || SIGNED_DATA_DIGEST_ALGORITHMS), + value: AlgorithmIdentifier.schema() + }) + ] + }), + EncapsulatedContentInfo.schema(names.encapContentInfo || { + names: { + blockName: SIGNED_DATA_ENCAP_CONTENT_INFO + } + }), + new Constructed({ + name: (names.certificates || SIGNED_DATA_CERTIFICATES), + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: CertificateSet.schema().valueBlock.value + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: RevocationInfoChoices.schema(names.crls || { + names: { + crls: SIGNED_DATA_CRLS + } + }).valueBlock.value + }), + new Set({ + value: [ + new Repeated({ + name: (names.signerInfos || SIGNED_DATA_SIGNER_INFOS), + value: SignerInfo.schema() + }) + ] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$3); + const asn1 = compareSchema(schema, schema, SignedData.schema()); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result[SIGNED_DATA_VERSION].valueBlock.valueDec; + if (SIGNED_DATA_DIGEST_ALGORITHMS in asn1.result) + this.digestAlgorithms = Array.from(asn1.result[SIGNED_DATA_DIGEST_ALGORITHMS], algorithm => new AlgorithmIdentifier({ schema: algorithm })); + this.encapContentInfo = new EncapsulatedContentInfo({ schema: asn1.result[SIGNED_DATA_ENCAP_CONTENT_INFO] }); + if (SIGNED_DATA_CERTIFICATES in asn1.result) { + const certificateSet = new CertificateSet({ + schema: new Set({ + value: asn1.result[SIGNED_DATA_CERTIFICATES].valueBlock.value + }) + }); + this.certificates = certificateSet.certificates.slice(0); + } + if (SIGNED_DATA_CRLS in asn1.result) { + this.crls = Array.from(asn1.result[SIGNED_DATA_CRLS], (crl) => { + if (crl.idBlock.tagClass === 1) + return new CertificateRevocationList({ schema: crl }); + crl.idBlock.tagClass = 1; + crl.idBlock.tagNumber = 16; + return new OtherRevocationInfoFormat({ schema: crl }); + }); + } + if (SIGNED_DATA_SIGNER_INFOS in asn1.result) + this.signerInfos = Array.from(asn1.result[SIGNED_DATA_SIGNER_INFOS], signerInfoSchema => new SignerInfo({ schema: signerInfoSchema })); + } + toSchema(encodeFlag = false) { + const outputArray = []; + if ((this.certificates && this.certificates.length && this.certificates.some(o => o instanceof OtherCertificateFormat)) + || (this.crls && this.crls.length && this.crls.some(o => o instanceof OtherRevocationInfoFormat))) { + this.version = 5; + } + else if (this.certificates && this.certificates.length && this.certificates.some(o => o instanceof AttributeCertificateV2)) { + this.version = 4; + } + else if ((this.certificates && this.certificates.length && this.certificates.some(o => o instanceof AttributeCertificateV1)) + || this.signerInfos.some(o => o.version === 3) + || this.encapContentInfo.eContentType !== SignedData.ID_DATA) { + this.version = 3; + } + else { + this.version = 1; + } + outputArray.push(new Integer({ value: this.version })); + outputArray.push(new Set({ + value: Array.from(this.digestAlgorithms, algorithm => algorithm.toSchema()) + })); + outputArray.push(this.encapContentInfo.toSchema()); + if (this.certificates) { + const certificateSet = new CertificateSet({ certificates: this.certificates }); + const certificateSetSchema = certificateSet.toSchema(); + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: certificateSetSchema.valueBlock.value + })); + } + if (this.crls) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 1 + }, + value: Array.from(this.crls, crl => { + if (crl instanceof OtherRevocationInfoFormat) { + const crlSchema = crl.toSchema(); + crlSchema.idBlock.tagClass = 3; + crlSchema.idBlock.tagNumber = 1; + return crlSchema; + } + return crl.toSchema(encodeFlag); + }) + })); + } + outputArray.push(new Set({ + value: Array.from(this.signerInfos, signerInfo => signerInfo.toSchema()) + })); + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + version: this.version, + digestAlgorithms: Array.from(this.digestAlgorithms, algorithm => algorithm.toJSON()), + encapContentInfo: this.encapContentInfo.toJSON(), + signerInfos: Array.from(this.signerInfos, signerInfo => signerInfo.toJSON()), + }; + if (this.certificates) { + res.certificates = Array.from(this.certificates, certificate => certificate.toJSON()); + } + if (this.crls) { + res.crls = Array.from(this.crls, crl => crl.toJSON()); + } + return res; + } + verify({ signer = (-1), data = (EMPTY_BUFFER), trustedCerts = [], checkDate = (new Date()), checkChain = false, passedWhenNotRevValues = false, extendedMode = false, findOrigin = null, findIssuer = null } = {}, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + let signerCert = null; + let timestampSerial = null; + try { + let messageDigestValue = EMPTY_BUFFER; + let shaAlgorithm = EMPTY_STRING; + let certificatePath = []; + const signerInfo = this.signerInfos[signer]; + if (!signerInfo) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 1, + message: "Unable to get signer by supplied index", + }); + } + if (!this.certificates) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 2, + message: "No certificates attached to this signed data", + }); + } + if (signerInfo.sid instanceof IssuerAndSerialNumber) { + for (const certificate of this.certificates) { + if (!(certificate instanceof Certificate)) + continue; + if ((certificate.issuer.isEqual(signerInfo.sid.issuer)) && + (certificate.serialNumber.isEqual(signerInfo.sid.serialNumber))) { + signerCert = certificate; + break; + } + } + } + else { + const sid = signerInfo.sid; + const keyId = sid.idBlock.isConstructed + ? sid.valueBlock.value[0].valueBlock.valueHex + : sid.valueBlock.valueHex; + for (const certificate of this.certificates) { + if (!(certificate instanceof Certificate)) { + continue; + } + const digest = yield crypto.digest({ name: "sha-1" }, certificate.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHexView); + if (isEqualBuffer(digest, keyId)) { + signerCert = certificate; + break; + } + } + } + if (!signerCert) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 3, + message: "Unable to find signer certificate", + }); + } + if (this.encapContentInfo.eContentType === id_eContentType_TSTInfo) { + if (!this.encapContentInfo.eContent) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 15, + message: "Error during verification: TSTInfo eContent is empty", + signatureVerified: null, + signerCertificate: signerCert, + timestampSerial, + signerCertificateVerified: true + }); + } + let tstInfo; + try { + tstInfo = TSTInfo.fromBER(this.encapContentInfo.eContent.valueBlock.valueHexView); + } + catch (ex) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 15, + message: "Error during verification: TSTInfo wrong ASN.1 schema ", + signatureVerified: null, + signerCertificate: signerCert, + timestampSerial, + signerCertificateVerified: true + }); + } + checkDate = tstInfo.genTime; + timestampSerial = tstInfo.serialNumber.valueBlock.valueHexView.slice(); + if (data.byteLength === 0) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 4, + message: "Missed detached data input array", + }); + } + if (!(yield tstInfo.verify({ data }, crypto))) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 15, + message: "Error during verification: TSTInfo verification is failed", + signatureVerified: false, + signerCertificate: signerCert, + timestampSerial, + signerCertificateVerified: true + }); + } + } + if (checkChain) { + const certs = this.certificates.filter(certificate => (certificate instanceof Certificate && !!checkCA(certificate, signerCert))); + const chainParams = { + checkDate, + certs, + trustedCerts, + }; + if (findIssuer) { + chainParams.findIssuer = findIssuer; + } + if (findOrigin) { + chainParams.findOrigin = findOrigin; + } + const chainEngine = new CertificateChainValidationEngine(chainParams); + chainEngine.certs.push(signerCert); + if (this.crls) { + for (const crl of this.crls) { + if ("thisUpdate" in crl) + chainEngine.crls.push(crl); + else { + if (crl.otherRevInfoFormat === id_PKIX_OCSP_Basic) + chainEngine.ocsps.push(new BasicOCSPResponse({ schema: crl.otherRevInfo })); + } + } + } + if (this.ocsps) { + chainEngine.ocsps.push(...(this.ocsps)); + } + const verificationResult = yield chainEngine.verify({ passedWhenNotRevValues }, crypto) + .catch(e => { + throw new SignedDataVerifyError({ + date: checkDate, + code: 5, + message: `Validation of signer's certificate failed with error: ${((e instanceof Object) ? e.resultMessage : e)}`, + signerCertificate: signerCert, + signerCertificateVerified: false + }); + }); + if (verificationResult.certificatePath) { + certificatePath = verificationResult.certificatePath; + } + if (!verificationResult.result) + throw new SignedDataVerifyError({ + date: checkDate, + code: 5, + message: `Validation of signer's certificate failed: ${verificationResult.resultMessage}`, + signerCertificate: signerCert, + signerCertificateVerified: false + }); + } + const signerInfoHashAlgorithm = crypto.getAlgorithmByOID(signerInfo.digestAlgorithm.algorithmId); + if (!("name" in signerInfoHashAlgorithm)) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 7, + message: `Unsupported signature algorithm: ${signerInfo.digestAlgorithm.algorithmId}`, + signerCertificate: signerCert, + signerCertificateVerified: true + }); + } + shaAlgorithm = signerInfoHashAlgorithm.name; + const eContent = this.encapContentInfo.eContent; + if (eContent) { + if ((eContent.idBlock.tagClass === 1) && + (eContent.idBlock.tagNumber === 4)) { + data = eContent.getValue(); + } + else + data = eContent.valueBlock.valueBeforeDecodeView; + } + else { + if (data.byteLength === 0) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 8, + message: "Missed detached data input array", + signerCertificate: signerCert, + signerCertificateVerified: true + }); + } + } + if (signerInfo.signedAttrs) { + let foundContentType = false; + let foundMessageDigest = false; + for (const attribute of signerInfo.signedAttrs.attributes) { + if (attribute.type === "1.2.840.113549.1.9.3") + foundContentType = true; + if (attribute.type === "1.2.840.113549.1.9.4") { + foundMessageDigest = true; + messageDigestValue = attribute.values[0].valueBlock.valueHex; + } + if (foundContentType && foundMessageDigest) + break; + } + if (foundContentType === false) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 9, + message: "Attribute \"content-type\" is a mandatory attribute for \"signed attributes\"", + signerCertificate: signerCert, + signerCertificateVerified: true + }); + } + if (foundMessageDigest === false) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 10, + message: "Attribute \"message-digest\" is a mandatory attribute for \"signed attributes\"", + signatureVerified: null, + signerCertificate: signerCert, + signerCertificateVerified: true + }); + } + } + if (signerInfo.signedAttrs) { + const messageDigest = yield crypto.digest(shaAlgorithm, new Uint8Array(data)); + if (!isEqualBuffer(messageDigest, messageDigestValue)) { + throw new SignedDataVerifyError({ + date: checkDate, + code: 15, + message: "Error during verification: Message digest doesn't match", + signatureVerified: null, + signerCertificate: signerCert, + timestampSerial, + signerCertificateVerified: true + }); + } + data = signerInfo.signedAttrs.encodedValue; + } + const verifyResult = yield crypto.verifyWithPublicKey(data, signerInfo.signature, signerCert.subjectPublicKeyInfo, signerCert.signatureAlgorithm, shaAlgorithm); + if (extendedMode) { + return { + date: checkDate, + code: 14, + message: EMPTY_STRING, + signatureVerified: verifyResult, + signerCertificate: signerCert, + timestampSerial, + signerCertificateVerified: true, + certificatePath + }; + } + else { + return verifyResult; + } + } + catch (e) { + if (e instanceof SignedDataVerifyError) { + throw e; + } + throw new SignedDataVerifyError({ + date: checkDate, + code: 15, + message: `Error during verification: ${e instanceof Error ? e.message : e}`, + signatureVerified: null, + signerCertificate: signerCert, + timestampSerial, + signerCertificateVerified: true + }); + } + }); + } + sign(privateKey, signerIndex, hashAlgorithm = "SHA-1", data = (EMPTY_BUFFER), crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + if (!privateKey) + throw new Error("Need to provide a private key for signing"); + const hashAlgorithmOID = crypto.getOIDByAlgorithm({ name: hashAlgorithm }, true, "hashAlgorithm"); + if ((this.digestAlgorithms.filter(algorithm => algorithm.algorithmId === hashAlgorithmOID)).length === 0) { + this.digestAlgorithms.push(new AlgorithmIdentifier({ + algorithmId: hashAlgorithmOID, + algorithmParams: new Null() + })); + } + const signerInfo = this.signerInfos[signerIndex]; + if (!signerInfo) { + throw new RangeError("SignerInfo index is out of range"); + } + signerInfo.digestAlgorithm = new AlgorithmIdentifier({ + algorithmId: hashAlgorithmOID, + algorithmParams: new Null() + }); + const signatureParams = yield crypto.getSignatureParameters(privateKey, hashAlgorithm); + const parameters = signatureParams.parameters; + signerInfo.signatureAlgorithm = signatureParams.signatureAlgorithm; + if (signerInfo.signedAttrs) { + if (signerInfo.signedAttrs.encodedValue.byteLength !== 0) + data = signerInfo.signedAttrs.encodedValue; + else { + data = signerInfo.signedAttrs.toSchema().toBER(); + const view = BufferSourceConverter.toUint8Array(data); + view[0] = 0x31; + } + } + else { + const eContent = this.encapContentInfo.eContent; + if (eContent) { + if ((eContent.idBlock.tagClass === 1) && + (eContent.idBlock.tagNumber === 4)) { + data = eContent.getValue(); + } + else + data = eContent.valueBlock.valueBeforeDecodeView; + } + else { + if (data.byteLength === 0) + throw new Error("Missed detached data input array"); + } + } + const signature = yield crypto.signWithPrivateKey(data, privateKey, parameters); + signerInfo.signature = new OctetString({ valueHex: signature }); + }); + } +} +SignedData.CLASS_NAME = "SignedData"; +SignedData.ID_DATA = id_ContentType_Data; + +const VERSION$1 = "version"; +const AUTH_SAFE = "authSafe"; +const MAC_DATA = "macData"; +const PARSED_VALUE = "parsedValue"; +const CLERA_PROPS = [ + VERSION$1, + AUTH_SAFE, + MAC_DATA +]; +class PFX extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION$1, PFX.defaultValues(VERSION$1)); + this.authSafe = getParametersValue(parameters, AUTH_SAFE, PFX.defaultValues(AUTH_SAFE)); + if (MAC_DATA in parameters) { + this.macData = getParametersValue(parameters, MAC_DATA, PFX.defaultValues(MAC_DATA)); + } + if (PARSED_VALUE in parameters) { + this.parsedValue = getParametersValue(parameters, PARSED_VALUE, PFX.defaultValues(PARSED_VALUE)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION$1: + return 3; + case AUTH_SAFE: + return (new ContentInfo()); + case MAC_DATA: + return (new MacData()); + case PARSED_VALUE: + return {}; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VERSION$1: + return (memberValue === PFX.defaultValues(memberName)); + case AUTH_SAFE: + return ((ContentInfo.compareWithDefault("contentType", memberValue.contentType)) && + (ContentInfo.compareWithDefault("content", memberValue.content))); + case MAC_DATA: + return ((MacData.compareWithDefault("mac", memberValue.mac)) && + (MacData.compareWithDefault("macSalt", memberValue.macSalt)) && + (MacData.compareWithDefault("iterations", memberValue.iterations))); + case PARSED_VALUE: + return ((memberValue instanceof Object) && (Object.keys(memberValue).length === 0)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.version || VERSION$1) }), + ContentInfo.schema(names.authSafe || { + names: { + blockName: AUTH_SAFE + } + }), + MacData.schema(names.macData || { + names: { + blockName: MAC_DATA, + optional: true + } + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLERA_PROPS); + const asn1 = compareSchema(schema, schema, PFX.schema({ + names: { + version: VERSION$1, + authSafe: { + names: { + blockName: AUTH_SAFE + } + }, + macData: { + names: { + blockName: MAC_DATA + } + } + } + })); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result.version.valueBlock.valueDec; + this.authSafe = new ContentInfo({ schema: asn1.result.authSafe }); + if (MAC_DATA in asn1.result) + this.macData = new MacData({ schema: asn1.result.macData }); + } + toSchema() { + const outputArray = [ + new Integer({ value: this.version }), + this.authSafe.toSchema() + ]; + if (this.macData) { + outputArray.push(this.macData.toSchema()); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const output = { + version: this.version, + authSafe: this.authSafe.toJSON() + }; + if (this.macData) { + output.macData = this.macData.toJSON(); + } + return output; + } + makeInternalValues(parameters = {}, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + ArgumentError.assert(parameters, "parameters", "object"); + if (!this.parsedValue) { + throw new Error("Please call \"parseValues\" function first in order to make \"parsedValue\" data"); + } + ParameterError.assertEmpty(this.parsedValue.integrityMode, "integrityMode", "parsedValue"); + ParameterError.assertEmpty(this.parsedValue.authenticatedSafe, "authenticatedSafe", "parsedValue"); + switch (this.parsedValue.integrityMode) { + case 0: + { + if (!("iterations" in parameters)) + throw new ParameterError("iterations"); + ParameterError.assertEmpty(parameters.pbkdf2HashAlgorithm, "pbkdf2HashAlgorithm"); + ParameterError.assertEmpty(parameters.hmacHashAlgorithm, "hmacHashAlgorithm"); + ParameterError.assertEmpty(parameters.password, "password"); + const saltBuffer = new ArrayBuffer(64); + const saltView = new Uint8Array(saltBuffer); + crypto.getRandomValues(saltView); + const data = this.parsedValue.authenticatedSafe.toSchema().toBER(false); + this.authSafe = new ContentInfo({ + contentType: ContentInfo.DATA, + content: new OctetString({ valueHex: data }) + }); + const result = yield crypto.stampDataWithPassword({ + password: parameters.password, + hashAlgorithm: parameters.hmacHashAlgorithm, + salt: saltBuffer, + iterationCount: parameters.iterations, + contentToStamp: data + }); + this.macData = new MacData({ + mac: new DigestInfo({ + digestAlgorithm: new AlgorithmIdentifier({ + algorithmId: crypto.getOIDByAlgorithm({ name: parameters.hmacHashAlgorithm }, true, "hmacHashAlgorithm"), + }), + digest: new OctetString({ valueHex: result }) + }), + macSalt: new OctetString({ valueHex: saltBuffer }), + iterations: parameters.iterations + }); + } + break; + case 1: + { + if (!("signingCertificate" in parameters)) { + throw new ParameterError("signingCertificate"); + } + ParameterError.assertEmpty(parameters.privateKey, "privateKey"); + ParameterError.assertEmpty(parameters.hashAlgorithm, "hashAlgorithm"); + const toBeSigned = this.parsedValue.authenticatedSafe.toSchema().toBER(false); + const cmsSigned = new SignedData({ + version: 1, + encapContentInfo: new EncapsulatedContentInfo({ + eContentType: "1.2.840.113549.1.7.1", + eContent: new OctetString({ valueHex: toBeSigned }) + }), + certificates: [parameters.signingCertificate] + }); + const result = yield crypto.digest({ name: parameters.hashAlgorithm }, new Uint8Array(toBeSigned)); + const signedAttr = []; + signedAttr.push(new Attribute({ + type: "1.2.840.113549.1.9.3", + values: [ + new ObjectIdentifier({ value: "1.2.840.113549.1.7.1" }) + ] + })); + signedAttr.push(new Attribute({ + type: "1.2.840.113549.1.9.5", + values: [ + new UTCTime({ valueDate: new Date() }) + ] + })); + signedAttr.push(new Attribute({ + type: "1.2.840.113549.1.9.4", + values: [ + new OctetString({ valueHex: result }) + ] + })); + cmsSigned.signerInfos.push(new SignerInfo({ + version: 1, + sid: new IssuerAndSerialNumber({ + issuer: parameters.signingCertificate.issuer, + serialNumber: parameters.signingCertificate.serialNumber + }), + signedAttrs: new SignedAndUnsignedAttributes({ + type: 0, + attributes: signedAttr + }) + })); + yield cmsSigned.sign(parameters.privateKey, 0, parameters.hashAlgorithm, undefined, crypto); + this.authSafe = new ContentInfo({ + contentType: "1.2.840.113549.1.7.2", + content: cmsSigned.toSchema(true) + }); + } + break; + default: + throw new Error(`Parameter "integrityMode" has unknown value: ${this.parsedValue.integrityMode}`); + } + }); + } + parseInternalValues(parameters, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + ArgumentError.assert(parameters, "parameters", "object"); + if (parameters.checkIntegrity === undefined) { + parameters.checkIntegrity = true; + } + this.parsedValue = {}; + switch (this.authSafe.contentType) { + case ContentInfo.DATA: + { + ParameterError.assertEmpty(parameters.password, "password"); + this.parsedValue.integrityMode = 0; + ArgumentError.assert(this.authSafe.content, "authSafe.content", OctetString); + const authSafeContent = this.authSafe.content.getValue(); + this.parsedValue.authenticatedSafe = AuthenticatedSafe.fromBER(authSafeContent); + if (parameters.checkIntegrity) { + if (!this.macData) { + throw new Error("Absent \"macData\" value, can not check PKCS#12 data integrity"); + } + const hashAlgorithm = crypto.getAlgorithmByOID(this.macData.mac.digestAlgorithm.algorithmId, true, "digestAlgorithm"); + const result = yield crypto.verifyDataStampedWithPassword({ + password: parameters.password, + hashAlgorithm: hashAlgorithm.name, + salt: BufferSourceConverter.toArrayBuffer(this.macData.macSalt.valueBlock.valueHexView), + iterationCount: this.macData.iterations || 1, + contentToVerify: authSafeContent, + signatureToVerify: BufferSourceConverter.toArrayBuffer(this.macData.mac.digest.valueBlock.valueHexView), + }); + if (!result) { + throw new Error("Integrity for the PKCS#12 data is broken!"); + } + } + } + break; + case ContentInfo.SIGNED_DATA: + { + this.parsedValue.integrityMode = 1; + const cmsSigned = new SignedData({ schema: this.authSafe.content }); + const eContent = cmsSigned.encapContentInfo.eContent; + ParameterError.assert(eContent, "eContent", "cmsSigned.encapContentInfo"); + ArgumentError.assert(eContent, "eContent", OctetString); + const data = eContent.getValue(); + this.parsedValue.authenticatedSafe = AuthenticatedSafe.fromBER(data); + const ok = yield cmsSigned.verify({ signer: 0, checkChain: false }, crypto); + if (!ok) { + throw new Error("Integrity for the PKCS#12 data is broken!"); + } + } + break; + default: + throw new Error(`Incorrect value for "this.authSafe.contentType": ${this.authSafe.contentType}`); + } + }); + } +} +PFX.CLASS_NAME = "PFX"; + +const STATUS$1 = "status"; +const STATUS_STRINGS = "statusStrings"; +const FAIL_INFO = "failInfo"; +const CLEAR_PROPS$2 = [ + STATUS$1, + STATUS_STRINGS, + FAIL_INFO +]; +var PKIStatus; +(function (PKIStatus) { + PKIStatus[PKIStatus["granted"] = 0] = "granted"; + PKIStatus[PKIStatus["grantedWithMods"] = 1] = "grantedWithMods"; + PKIStatus[PKIStatus["rejection"] = 2] = "rejection"; + PKIStatus[PKIStatus["waiting"] = 3] = "waiting"; + PKIStatus[PKIStatus["revocationWarning"] = 4] = "revocationWarning"; + PKIStatus[PKIStatus["revocationNotification"] = 5] = "revocationNotification"; +})(PKIStatus || (PKIStatus = {})); +class PKIStatusInfo extends PkiObject { + constructor(parameters = {}) { + super(); + this.status = getParametersValue(parameters, STATUS$1, PKIStatusInfo.defaultValues(STATUS$1)); + if (STATUS_STRINGS in parameters) { + this.statusStrings = getParametersValue(parameters, STATUS_STRINGS, PKIStatusInfo.defaultValues(STATUS_STRINGS)); + } + if (FAIL_INFO in parameters) { + this.failInfo = getParametersValue(parameters, FAIL_INFO, PKIStatusInfo.defaultValues(FAIL_INFO)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case STATUS$1: + return 2; + case STATUS_STRINGS: + return []; + case FAIL_INFO: + return new BitString(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case STATUS$1: + return (memberValue === PKIStatusInfo.defaultValues(memberName)); + case STATUS_STRINGS: + return (memberValue.length === 0); + case FAIL_INFO: + return (memberValue.isEqual(PKIStatusInfo.defaultValues(memberName))); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || EMPTY_STRING), + value: [ + new Integer({ name: (names.status || EMPTY_STRING) }), + new Sequence({ + optional: true, + value: [ + new Repeated({ + name: (names.statusStrings || EMPTY_STRING), + value: new Utf8String() + }) + ] + }), + new BitString({ + name: (names.failInfo || EMPTY_STRING), + optional: true + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$2); + const asn1 = compareSchema(schema, schema, PKIStatusInfo.schema({ + names: { + status: STATUS$1, + statusStrings: STATUS_STRINGS, + failInfo: FAIL_INFO + } + })); + AsnError.assertSchema(asn1, this.className); + const _status = asn1.result.status; + if ((_status.valueBlock.isHexOnly === true) || + (_status.valueBlock.valueDec < 0) || + (_status.valueBlock.valueDec > 5)) + throw new Error("PKIStatusInfo \"status\" has invalid value"); + this.status = _status.valueBlock.valueDec; + if (STATUS_STRINGS in asn1.result) + this.statusStrings = asn1.result.statusStrings; + if (FAIL_INFO in asn1.result) + this.failInfo = asn1.result.failInfo; + } + toSchema() { + const outputArray = []; + outputArray.push(new Integer({ value: this.status })); + if (this.statusStrings) { + outputArray.push(new Sequence({ + optional: true, + value: this.statusStrings + })); + } + if (this.failInfo) { + outputArray.push(this.failInfo); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + status: this.status + }; + if (this.statusStrings) { + res.statusStrings = Array.from(this.statusStrings, o => o.toJSON()); + } + if (this.failInfo) { + res.failInfo = this.failInfo.toJSON(); + } + return res; + } +} +PKIStatusInfo.CLASS_NAME = "PKIStatusInfo"; + +const VERSION = "version"; +const MESSAGE_IMPRINT = "messageImprint"; +const REQ_POLICY = "reqPolicy"; +const NONCE = "nonce"; +const CERT_REQ = "certReq"; +const EXTENSIONS = "extensions"; +const TIME_STAMP_REQ = "TimeStampReq"; +const TIME_STAMP_REQ_VERSION = `${TIME_STAMP_REQ}.${VERSION}`; +const TIME_STAMP_REQ_MESSAGE_IMPRINT = `${TIME_STAMP_REQ}.${MESSAGE_IMPRINT}`; +const TIME_STAMP_REQ_POLICY = `${TIME_STAMP_REQ}.${REQ_POLICY}`; +const TIME_STAMP_REQ_NONCE = `${TIME_STAMP_REQ}.${NONCE}`; +const TIME_STAMP_REQ_CERT_REQ = `${TIME_STAMP_REQ}.${CERT_REQ}`; +const TIME_STAMP_REQ_EXTENSIONS = `${TIME_STAMP_REQ}.${EXTENSIONS}`; +const CLEAR_PROPS$1 = [ + TIME_STAMP_REQ_VERSION, + TIME_STAMP_REQ_MESSAGE_IMPRINT, + TIME_STAMP_REQ_POLICY, + TIME_STAMP_REQ_NONCE, + TIME_STAMP_REQ_CERT_REQ, + TIME_STAMP_REQ_EXTENSIONS, +]; +class TimeStampReq extends PkiObject { + constructor(parameters = {}) { + super(); + this.version = getParametersValue(parameters, VERSION, TimeStampReq.defaultValues(VERSION)); + this.messageImprint = getParametersValue(parameters, MESSAGE_IMPRINT, TimeStampReq.defaultValues(MESSAGE_IMPRINT)); + if (REQ_POLICY in parameters) { + this.reqPolicy = getParametersValue(parameters, REQ_POLICY, TimeStampReq.defaultValues(REQ_POLICY)); + } + if (NONCE in parameters) { + this.nonce = getParametersValue(parameters, NONCE, TimeStampReq.defaultValues(NONCE)); + } + if (CERT_REQ in parameters) { + this.certReq = getParametersValue(parameters, CERT_REQ, TimeStampReq.defaultValues(CERT_REQ)); + } + if (EXTENSIONS in parameters) { + this.extensions = getParametersValue(parameters, EXTENSIONS, TimeStampReq.defaultValues(EXTENSIONS)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case VERSION: + return 0; + case MESSAGE_IMPRINT: + return new MessageImprint(); + case REQ_POLICY: + return EMPTY_STRING; + case NONCE: + return new Integer(); + case CERT_REQ: + return false; + case EXTENSIONS: + return []; + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case VERSION: + case REQ_POLICY: + case CERT_REQ: + return (memberValue === TimeStampReq.defaultValues(memberName)); + case MESSAGE_IMPRINT: + return ((MessageImprint.compareWithDefault("hashAlgorithm", memberValue.hashAlgorithm)) && + (MessageImprint.compareWithDefault("hashedMessage", memberValue.hashedMessage))); + case NONCE: + return (memberValue.isEqual(TimeStampReq.defaultValues(memberName))); + case EXTENSIONS: + return (memberValue.length === 0); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || TIME_STAMP_REQ), + value: [ + new Integer({ name: (names.version || TIME_STAMP_REQ_VERSION) }), + MessageImprint.schema(names.messageImprint || { + names: { + blockName: TIME_STAMP_REQ_MESSAGE_IMPRINT + } + }), + new ObjectIdentifier({ + name: (names.reqPolicy || TIME_STAMP_REQ_POLICY), + optional: true + }), + new Integer({ + name: (names.nonce || TIME_STAMP_REQ_NONCE), + optional: true + }), + new Boolean({ + name: (names.certReq || TIME_STAMP_REQ_CERT_REQ), + optional: true + }), + new Constructed({ + optional: true, + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: [new Repeated({ + name: (names.extensions || TIME_STAMP_REQ_EXTENSIONS), + value: Extension.schema() + })] + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS$1); + const asn1 = compareSchema(schema, schema, TimeStampReq.schema()); + AsnError.assertSchema(asn1, this.className); + this.version = asn1.result[TIME_STAMP_REQ_VERSION].valueBlock.valueDec; + this.messageImprint = new MessageImprint({ schema: asn1.result[TIME_STAMP_REQ_MESSAGE_IMPRINT] }); + if (TIME_STAMP_REQ_POLICY in asn1.result) + this.reqPolicy = asn1.result[TIME_STAMP_REQ_POLICY].valueBlock.toString(); + if (TIME_STAMP_REQ_NONCE in asn1.result) + this.nonce = asn1.result[TIME_STAMP_REQ_NONCE]; + if (TIME_STAMP_REQ_CERT_REQ in asn1.result) + this.certReq = asn1.result[TIME_STAMP_REQ_CERT_REQ].valueBlock.value; + if (TIME_STAMP_REQ_EXTENSIONS in asn1.result) + this.extensions = Array.from(asn1.result[TIME_STAMP_REQ_EXTENSIONS], element => new Extension({ schema: element })); + } + toSchema() { + const outputArray = []; + outputArray.push(new Integer({ value: this.version })); + outputArray.push(this.messageImprint.toSchema()); + if (this.reqPolicy) + outputArray.push(new ObjectIdentifier({ value: this.reqPolicy })); + if (this.nonce) + outputArray.push(this.nonce); + if ((CERT_REQ in this) && (TimeStampReq.compareWithDefault(CERT_REQ, this.certReq) === false)) + outputArray.push(new Boolean({ value: this.certReq })); + if (this.extensions) { + outputArray.push(new Constructed({ + idBlock: { + tagClass: 3, + tagNumber: 0 + }, + value: Array.from(this.extensions, o => o.toSchema()) + })); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + version: this.version, + messageImprint: this.messageImprint.toJSON() + }; + if (this.reqPolicy !== undefined) + res.reqPolicy = this.reqPolicy; + if (this.nonce !== undefined) + res.nonce = this.nonce.toJSON(); + if ((this.certReq !== undefined) && (TimeStampReq.compareWithDefault(CERT_REQ, this.certReq) === false)) + res.certReq = this.certReq; + if (this.extensions) { + res.extensions = Array.from(this.extensions, o => o.toJSON()); + } + return res; + } +} +TimeStampReq.CLASS_NAME = "TimeStampReq"; + +const STATUS = "status"; +const TIME_STAMP_TOKEN = "timeStampToken"; +const TIME_STAMP_RESP = "TimeStampResp"; +const TIME_STAMP_RESP_STATUS = `${TIME_STAMP_RESP}.${STATUS}`; +const TIME_STAMP_RESP_TOKEN = `${TIME_STAMP_RESP}.${TIME_STAMP_TOKEN}`; +const CLEAR_PROPS = [ + TIME_STAMP_RESP_STATUS, + TIME_STAMP_RESP_TOKEN +]; +class TimeStampResp extends PkiObject { + constructor(parameters = {}) { + super(); + this.status = getParametersValue(parameters, STATUS, TimeStampResp.defaultValues(STATUS)); + if (TIME_STAMP_TOKEN in parameters) { + this.timeStampToken = getParametersValue(parameters, TIME_STAMP_TOKEN, TimeStampResp.defaultValues(TIME_STAMP_TOKEN)); + } + if (parameters.schema) { + this.fromSchema(parameters.schema); + } + } + static defaultValues(memberName) { + switch (memberName) { + case STATUS: + return new PKIStatusInfo(); + case TIME_STAMP_TOKEN: + return new ContentInfo(); + default: + return super.defaultValues(memberName); + } + } + static compareWithDefault(memberName, memberValue) { + switch (memberName) { + case STATUS: + return ((PKIStatusInfo.compareWithDefault(STATUS, memberValue.status)) && + (("statusStrings" in memberValue) === false) && + (("failInfo" in memberValue) === false)); + case TIME_STAMP_TOKEN: + return ((memberValue.contentType === EMPTY_STRING) && + (memberValue.content instanceof Any)); + default: + return super.defaultValues(memberName); + } + } + static schema(parameters = {}) { + const names = getParametersValue(parameters, "names", {}); + return (new Sequence({ + name: (names.blockName || TIME_STAMP_RESP), + value: [ + PKIStatusInfo.schema(names.status || { + names: { + blockName: TIME_STAMP_RESP_STATUS + } + }), + ContentInfo.schema(names.timeStampToken || { + names: { + blockName: TIME_STAMP_RESP_TOKEN, + optional: true + } + }) + ] + })); + } + fromSchema(schema) { + clearProps(schema, CLEAR_PROPS); + const asn1 = compareSchema(schema, schema, TimeStampResp.schema()); + AsnError.assertSchema(asn1, this.className); + this.status = new PKIStatusInfo({ schema: asn1.result[TIME_STAMP_RESP_STATUS] }); + if (TIME_STAMP_RESP_TOKEN in asn1.result) + this.timeStampToken = new ContentInfo({ schema: asn1.result[TIME_STAMP_RESP_TOKEN] }); + } + toSchema() { + const outputArray = []; + outputArray.push(this.status.toSchema()); + if (this.timeStampToken) { + outputArray.push(this.timeStampToken.toSchema()); + } + return (new Sequence({ + value: outputArray + })); + } + toJSON() { + const res = { + status: this.status.toJSON() + }; + if (this.timeStampToken) { + res.timeStampToken = this.timeStampToken.toJSON(); + } + return res; + } + sign(privateKey, hashAlgorithm, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + this.assertContentType(); + const signed = new SignedData({ schema: this.timeStampToken.content }); + return signed.sign(privateKey, 0, hashAlgorithm, undefined, crypto); + }); + } + verify(verificationParameters = { signer: 0, trustedCerts: [], data: EMPTY_BUFFER }, crypto = getCrypto(true)) { + return __awaiter(this, void 0, void 0, function* () { + this.assertContentType(); + const signed = new SignedData({ schema: this.timeStampToken.content }); + return signed.verify(verificationParameters, crypto); + }); + } + assertContentType() { + if (!this.timeStampToken) { + throw new Error("timeStampToken is absent in TSP response"); + } + if (this.timeStampToken.contentType !== id_ContentType_SignedData) { + throw new Error(`Wrong format of timeStampToken: ${this.timeStampToken.contentType}`); + } + } +} +TimeStampResp.CLASS_NAME = "TimeStampResp"; + +function initCryptoEngine() { + if (typeof self !== "undefined") { + if ("crypto" in self) { + let engineName = "webcrypto"; + if ("webkitSubtle" in self.crypto) { + engineName = "safari"; + } + setEngine(engineName, new CryptoEngine({ name: engineName, crypto: crypto })); + } + } + else if (typeof crypto !== "undefined" && "webcrypto" in crypto) { + const name = "NodeJS ^15"; + const nodeCrypto = crypto.webcrypto; + setEngine(name, new CryptoEngine({ name, crypto: nodeCrypto })); + } +} + +initCryptoEngine(); + +export { AbstractCryptoEngine, AccessDescription, Accuracy, AlgorithmIdentifier, AltName, ArgumentError, AsnError, AttCertValidityPeriod, Attribute, AttributeCertificateInfoV1, AttributeCertificateInfoV2, AttributeCertificateV1, AttributeCertificateV2, AttributeTypeAndValue, AuthenticatedSafe, AuthorityKeyIdentifier, BasicConstraints, BasicOCSPResponse, CAVersion, CRLBag, CRLDistributionPoints, CertBag, CertID, Certificate, CertificateChainValidationEngine, CertificatePolicies, CertificateRevocationList, CertificateSet, CertificateTemplate, CertificationRequest, ChainValidationCode, ChainValidationError, ContentInfo, CryptoEngine, DigestInfo, DistributionPoint, ECCCMSSharedInfo, ECNamedCurves, ECPrivateKey, ECPublicKey, EncapsulatedContentInfo, EncryptedContentInfo, EncryptedData, EnvelopedData, ExtKeyUsage, Extension, ExtensionValueFactory, Extensions, GeneralName, GeneralNames, GeneralSubtree, HASHED_MESSAGE, HASH_ALGORITHM, Holder, InfoAccess, IssuerAndSerialNumber, IssuerSerial, IssuingDistributionPoint, KEKIdentifier, KEKRecipientInfo, KeyAgreeRecipientIdentifier, KeyAgreeRecipientInfo, KeyBag, KeyTransRecipientInfo, MICROS, MILLIS, MacData, MessageImprint, NameConstraints, OCSPRequest, OCSPResponse, ObjectDigestInfo, OriginatorIdentifierOrKey, OriginatorInfo, OriginatorPublicKey, OtherCertificateFormat, OtherKeyAttribute, OtherPrimeInfo, OtherRecipientInfo, OtherRevocationInfoFormat, PBES2Params, PBKDF2Params, PFX, PKCS8ShroudedKeyBag, PKIStatus, PKIStatusInfo, POLICY_IDENTIFIER, POLICY_QUALIFIERS, ParameterError, PasswordRecipientinfo, PkiObject, PolicyConstraints, PolicyInformation, PolicyMapping, PolicyMappings, PolicyQualifierInfo, PrivateKeyInfo, PrivateKeyUsagePeriod, PublicKeyInfo, QCStatement, QCStatements, RDN, RSAESOAEPParams, RSAPrivateKey, RSAPublicKey, RSASSAPSSParams, RecipientEncryptedKey, RecipientEncryptedKeys, RecipientIdentifier, RecipientInfo, RecipientKeyIdentifier, RelativeDistinguishedNames, Request, ResponseBytes, ResponseData, RevocationInfoChoices, RevokedCertificate, SECONDS, SafeBag, SafeBagValueFactory, SafeContents, SecretBag, Signature, SignedAndUnsignedAttributes, SignedCertificateTimestamp, SignedCertificateTimestampList, SignedData, SignedDataVerifyError, SignerInfo, SingleResponse, SubjectDirectoryAttributes, TBSRequest, TSTInfo, TYPE$4 as TYPE, TYPE_AND_VALUES, Time, TimeStampReq, TimeStampResp, TimeType, V2Form, VALUE$5 as VALUE, VALUE_BEFORE_DECODE, checkCA, createCMSECDSASignature, createECDSASignatureFromCMS, engine, getAlgorithmByOID, getAlgorithmParameters, getCrypto, getEngine, getHashAlgorithm, getOIDByAlgorithm, getRandomValues, id_AnyPolicy, id_AuthorityInfoAccess, id_AuthorityKeyIdentifier, id_BaseCRLNumber, id_BasicConstraints, id_CRLBag_X509CRL, id_CRLDistributionPoints, id_CRLNumber, id_CRLReason, id_CertBag_AttributeCertificate, id_CertBag_SDSICertificate, id_CertBag_X509Certificate, id_CertificateIssuer, id_CertificatePolicies, id_ContentType_Data, id_ContentType_EncryptedData, id_ContentType_EnvelopedData, id_ContentType_SignedData, id_ExtKeyUsage, id_FreshestCRL, id_InhibitAnyPolicy, id_InvalidityDate, id_IssuerAltName, id_IssuingDistributionPoint, id_KeyUsage, id_MicrosoftAppPolicies, id_MicrosoftCaVersion, id_MicrosoftCertTemplateV1, id_MicrosoftCertTemplateV2, id_MicrosoftPrevCaCertHash, id_NameConstraints, id_PKIX_OCSP_Basic, id_PolicyConstraints, id_PolicyMappings, id_PrivateKeyUsagePeriod, id_QCStatements, id_SignedCertificateTimestampList, id_SubjectAltName, id_SubjectDirectoryAttributes, id_SubjectInfoAccess, id_SubjectKeyIdentifier, id_ad, id_ad_caIssuers, id_ad_ocsp, id_eContentType_TSTInfo, id_pkix, id_sha1, id_sha256, id_sha384, id_sha512, kdf, setEngine, stringPrep, verifySCTsForCertificate }; diff --git a/toolkit/components/certviewer/jar.mn b/toolkit/components/certviewer/jar.mn new file mode 100644 index 0000000000..84dc252606 --- /dev/null +++ b/toolkit/components/certviewer/jar.mn @@ -0,0 +1,12 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +toolkit.jar: + content/global/certviewer/certviewer.html (content/certviewer.html) + content/global/certviewer/certviewer.css (content/certviewer.css) + content/global/certviewer/certviewer.mjs (content/certviewer.mjs) + content/global/certviewer/components/ (content/components/*.mjs) + content/global/certviewer/components/ (content/components/*.css) + content/global/certviewer/certDecoder.mjs (content/certDecoder.mjs) + content/global/certviewer/vendor/pkijs.js (content/vendor/pkijs.js) diff --git a/toolkit/components/certviewer/moz.build b/toolkit/components/certviewer/moz.build new file mode 100644 index 0000000000..c0ab85d0f1 --- /dev/null +++ b/toolkit/components/certviewer/moz.build @@ -0,0 +1,19 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +JAR_MANIFESTS += ["jar.mn"] + +BROWSER_CHROME_MANIFESTS += ["tests/browser/browser.ini"] + +MOCHITEST_CHROME_MANIFESTS += ["tests/chrome/chrome.ini"] + +EXTRA_JS_MODULES += [ + "AboutCertViewerChild.sys.mjs", + "AboutCertViewerParent.sys.mjs", +] + +with Files("**"): + BUG_COMPONENT = ("Firefox", "Security") diff --git a/toolkit/components/certviewer/tests/browser/adjustedCerts.js b/toolkit/components/certviewer/tests/browser/adjustedCerts.js new file mode 100644 index 0000000000..0b0c089a61 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/adjustedCerts.js @@ -0,0 +1,261 @@ +"use strict"; + +/* +To change this file you will have to add a function to download a file in toolkit/components/certviewer/content/certviewer.mjs (e.g: https://ourcodeworld.com/articles/read/189/how-to-create-a-file-and-generate-a-download-with-javascript-in-the-browser-without-a-server), +download adjustedCerts (e.g: download("out.txt", JSON.stringify(adjustedCerts)), do it after this line https://searchfox.org/mozilla-central/rev/e3fc8f8970491aef14d3212b2d052942f4d29818/toolkit/components/certviewer/content/certviewer.mjs#428), +then open Nightly and go to about:certificate?cert=MIIHQjCCBiqgAwIBAgIQCgYwQn9bvO1pVzllk7ZFHzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDUwODAwMDAwMFoXDTIwMDYwMzEyMDAwMFowgccxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQFEwc1MTU3NTUwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjyq8jyXDDrBTyitcnB90865tWBzpHSbindG%2FXqYQkzFMBlXmqkzC%2BFdTRBYyneZw5Pz%2BXWQvL%2B74JW6LsWNc2EF0xCEqLOJuC9zjPAqbr7uroNLghGxYf13YdqbG5oj%2F4x%2BogEG3dF%2FU5YIwVr658DKyESMV6eoYV9mDVfTuJastkqcwero%2B5ZAKfYVMLUEsMwFtoTDJFmVf6JlkOWwsxp1WcQ%2FMRQK1cyqOoUFUgYylgdh3yeCDPeF22Ax8AlQxbcaI%2BGwfQL1FB7Jy%2Bh%2BKjME9lE%2FUpgV6Qt2R1xNSmvFCBWu%2BNFX6epwFP%2FJRbkMfLz0beYFUvmMgLtwVpEPSwIDAQABo4IDeTCCA3UwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFMnCU2FmnV%2BrJfQmzQ84mqhJ6kipMCUGA1UdEQQeMByCCmdpdGh1Yi5jb22CDnd3dy5naXRodWIuY29tMA4GA1UdDwEB%2FwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG%2FWwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWNBYm0KAAAEAwBHMEUCIQDRZp38cTWsWH2GdBpe%2FuPTWnsu%2Fm4BEC2%2BdIcvSykZYgIgCP5gGv6yzaazxBK2NwGdmmyuEFNSg2pARbMJlUFgU5UAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWNBYm0tAAAEAwBHMEUCIQCi7omUvYLm0b2LobtEeRAYnlIo7n6JxbYdrtYdmPUWJQIgVgw1AZ51vK9ENinBg22FPxb82TvNDO05T17hxXRC2IYAdgC72d%2B8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWNBYm3fAAAEAwBHMEUCIQChzdTKUU2N%2BXcqcK0OJYrN8EYynloVxho4yPk6Dq3EPgIgdNH5u8rC3UcslQV4B9o0a0w204omDREGKTVuEpxGeOQwDQYJKoZIhvcNAQELBQADggEBAHAPWpanWOW%2Fip2oJ5grAH8mqQfaunuCVE%2Bvac%2B88lkDK%2FLVdFgl2B6kIHZiYClzKtfczG93hWvKbST4NRNHP9LiaQqdNC17e5vNHnXVUGw%2ByxyjMLGqkgepOnZ2Rb14kcTOGp4i5AuJuuaMwXmCo7jUwPwfLe1NUlVBKqg6LK0Hcq4K0sZnxE8HFxiZ92WpV2AVWjRMEc%2F2z2shNoDvxvFUYyY1Oe67xINkmyQKc%2BygSBZzyLnXSFVWmHr3u5dcaaQGGAR42v6Ydr4iL38Hd4dOiBma%2BFXsXBIqWUjbST4VXmdaol7uzFMojA4zkxQDZAvF5XgJlAFadfySna%2Fteik%3D +open the file, and finally copy and paste it here like + +const adjustedCerts = ; +*/ + +const adjustedCerts = [ + { + certItems: [ + { + sectionId: "subject-name", + sectionItems: [ + { labelId: "business-category", info: "Private Organization" }, + { labelId: "inc-country", info: "US" }, + { labelId: "inc-state-province", info: "Delaware" }, + { labelId: "serial-number", info: "5157550" }, + { labelId: "country", info: "US" }, + { labelId: "state-province", info: "California" }, + { labelId: "locality", info: "San Francisco" }, + { labelId: "organization", info: "GitHub, Inc." }, + { labelId: "common-name", info: "github.com" }, + ], + Critical: false, + }, + { + sectionId: "issuer-name", + sectionItems: [ + { labelId: "country", info: "US" }, + { labelId: "organization", info: "DigiCert Inc" }, + { labelId: "organizational-unit", info: "www.digicert.com" }, + { + labelId: "common-name", + info: "DigiCert SHA2 Extended Validation Server CA", + }, + ], + Critical: false, + }, + { + sectionId: "validity", + sectionItems: [ + { + labelId: "not-before", + info: { + local: "5/7/2018, 9:00:00 PM (Brasilia Standard Time)", + utc: "Tue, 08 May 2018 00:00:00 GMT", + }, + }, + { + labelId: "not-after", + info: { + local: "6/3/2020, 9:00:00 AM (Brasilia Standard Time)", + utc: "Wed, 03 Jun 2020 12:00:00 GMT", + }, + }, + ], + Critical: false, + }, + { + sectionId: "subject-alt-names", + sectionItems: [ + { labelId: "dns-name", info: "github.com" }, + { labelId: "dns-name", info: "www.github.com" }, + ], + Critical: false, + }, + { + sectionId: "public-key-info", + sectionItems: [ + { labelId: "algorithm", info: "RSA" }, + { labelId: "key-size", info: 2048 }, + { labelId: "exponent", info: 65537 }, + { + labelId: "modulus", + info: "C6:3C:AA:F2:3C:97:0C:3A:C1:4F:28:AD:72:70:7D:D3:CE:B9:B5:60:73:A4:74:9B:8A:77:46:FD:7A:98:42:4C:C5:30:19:57:9A:A9:33:0B:E1:5D:4D:10:58:CA:77:99:C3:93:F3:F9:75:90:BC:BF:BB:E0:95:BA:2E:C5:8D:73:61:05:D3:10:84:A8:B3:89:B8:2F:73:8C:F0:2A:6E:BE:EE:AE:83:4B:82:11:B1:61:FD:77:61:DA:9B:1B:9A:23:FF:8C:7E:A2:01:06:DD:D1:7F:53:96:08:C1:5A:FA:E7:C0:CA:C8:44:8C:57:A7:A8:61:5F:66:0D:57:D3:B8:96:AC:B6:4A:9C:C1:EA:E8:FB:96:40:29:F6:15:30:B5:04:B0:CC:05:B6:84:C3:24:59:95:7F:A2:65:90:E5:B0:B3:1A:75:59:C4:3F:31:14:0A:D5:CC:AA:3A:85:05:52:06:32:96:07:61:DF:27:82:0C:F7:85:DB:60:31:F0:09:50:C5:B7:1A:23:E1:B0:7D:02:F5:14:1E:C9:CB:E8:7E:2A:33:04:F6:51:3F:52:98:15:E9:0B:76:47:5C:4D:4A:6B:C5:08:15:AE:F8:D1:57:E9:EA:70:14:FF:C9:45:B9:0C:7C:BC:F4:6D:E6:05:52:F9:8C:80:BB:70:56:91:0F:4B", + }, + ], + Critical: false, + }, + { + sectionId: "miscellaneous", + sectionItems: [ + { + labelId: "serial-number", + info: "0A:06:30:42:7F:5B:BC:ED:69:57:39:65:93:B6:45:1F", + }, + { + labelId: "signature-algorithm", + info: "SHA-256 with RSA Encryption", + }, + { labelId: "version", info: "3" }, + { + labelId: "download", + info: "PEM (cert)PEM (chain)", + }, + ], + Critical: false, + }, + { + sectionId: "fingerprints", + sectionItems: [ + { + labelId: "sha-256", + info: "31:11:50:0C:4A:66:01:2C:DA:E3:33:EC:3F:CA:1C:9D:DE:45:C9:54:44:0E:7E:E4:13:71:6B:FF:36:63:C0:74", + }, + { + labelId: "sha-1", + info: "CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84", + }, + ], + Critical: false, + }, + { + sectionId: "basic-constraints", + sectionItems: [{ labelId: "certificate-authority", info: false }], + Critical: true, + }, + { + sectionId: "key-usages", + sectionItems: [ + { + labelId: "purposes", + info: ["Digital Signature", "Key Encipherment"], + }, + ], + Critical: true, + }, + { + sectionId: "extended-key-usages", + sectionItems: [ + { + labelId: "purposes", + info: ["Server Authentication", "Client Authentication"], + }, + ], + Critical: false, + }, + { + sectionId: "subject-key-id", + sectionItems: [ + { + labelId: "key-id", + info: "C9:C2:53:61:66:9D:5F:AB:25:F4:26:CD:0F:38:9A:A8:49:EA:48:A9", + }, + ], + Critical: false, + }, + { + sectionId: "authority-key-id", + sectionItems: [ + { + labelId: "key-id", + info: "3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F", + }, + ], + Critical: false, + }, + { + sectionId: "crl-endpoints", + sectionItems: [ + { + labelId: "distribution-point", + info: "http://crl3.digicert.com/sha2-ev-server-g2.crl", + }, + { + labelId: "distribution-point", + info: "http://crl4.digicert.com/sha2-ev-server-g2.crl", + }, + ], + Critical: false, + }, + { + sectionId: "authority-info-aia", + sectionItems: [ + { labelId: "location", info: "http://ocsp.digicert.com" }, + { + labelId: "method", + info: "Online Certificate Status Protocol (OCSP)", + }, + { + labelId: "location", + info: "http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt", + }, + { labelId: "method", info: "CA Issuers" }, + ], + Critical: false, + }, + { + sectionId: "certificate-policies", + sectionItems: [ + { + labelId: "policy", + info: "ANSI Organizational Identifier ( 2.16.840 )", + }, + { labelId: "value", info: "2.16.840.1.114412.2.1" }, + { + labelId: "qualifier", + info: "Practices Statement ( 1.3.6.1.5.5.7.2.1 )", + }, + { labelId: "value", info: "https://www.digicert.com/CPS" }, + { labelId: "policy", info: "Certificate Type ( 2.23.140.1.1 )" }, + { labelId: "value", info: "Extended Validation" }, + ], + Critical: false, + }, + { + sectionId: "embedded-scts", + sectionItems: [ + { + labelId: "logid", + info: "A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10", + }, + { labelId: "name", info: "Google “Pilot”" }, + { labelId: "signaturealgorithm", info: "SHA-256 ECDSA" }, + { labelId: "version", info: 1 }, + { + labelId: "timestamp", + info: { + local: "5/8/2018, 5:12:39 PM (Brasilia Standard Time)", + utc: "Tue, 08 May 2018 20:12:39 GMT", + }, + }, + { + labelId: "logid", + info: "56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD", + }, + { labelId: "name", info: "DigiCert Server" }, + { labelId: "signaturealgorithm", info: "SHA-256 ECDSA" }, + { labelId: "version", info: 1 }, + { + labelId: "timestamp", + info: { + local: "5/8/2018, 5:12:39 PM (Brasilia Standard Time)", + utc: "Tue, 08 May 2018 20:12:39 GMT", + }, + }, + { + labelId: "logid", + info: "BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85", + }, + { labelId: "name", info: "Google “Skydiver”" }, + { labelId: "signaturealgorithm", info: "SHA-256 ECDSA" }, + { labelId: "version", info: 1 }, + { + labelId: "timestamp", + info: { + local: "5/8/2018, 5:12:39 PM (Brasilia Standard Time)", + utc: "Tue, 08 May 2018 20:12:39 GMT", + }, + }, + ], + Critical: false, + }, + ], + tabName: "github.com", + }, +]; diff --git a/toolkit/components/certviewer/tests/browser/browser.ini b/toolkit/components/certviewer/tests/browser/browser.ini new file mode 100644 index 0000000000..baf9b81e56 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser.ini @@ -0,0 +1,23 @@ +[DEFAULT] +support-files = + head.js + adjustedCerts.js +[browser_aboutcertificateviewer.js] +[browser_checkLongHex.js] +[browser_checkMissingCommonName.js] +[browser_checkNonEmptyFields.js] +[browser_checkNonRepeatedCertTabs.js] +[browser_checkNonUndefinedStrings.js] +[browser_checkOCSP.js] +disabled = bug 1596313 +[browser_checkStandAlonePage.js] +[browser_checkAuthorityKeyID.js] +[browser_checkValiditySection.js] +[browser_handleMultipleCertsURL.js] +disabled = bug 1626853 +[browser_openTabAndSendCertInfo.js] +support-files = + dummy_page.html +[browser_renderCertToUI.js] +[browser_certificateTabLink.js] +[browser_downloadLink.js] diff --git a/toolkit/components/certviewer/tests/browser/browser_aboutcertificateviewer.js b/toolkit/components/certviewer/tests/browser/browser_aboutcertificateviewer.js new file mode 100644 index 0000000000..efd78fc6f5 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_aboutcertificateviewer.js @@ -0,0 +1,81 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const validCert = + "about:certificate?cert=MIIGMDCCBRigAwIBAgIQCa2oS7Nau6nwv1WyRNIJnzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA2MDYwMDAwMDBaFw0xOTA5MDQxMjAwMDBaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTWVubG8gUGFyazEXMBUGA1UEChMORmFjZWJvb2ssIEluYy4xFzAVBgNVBAMMDiouZmFjZWJvb2suY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEALPlfjd8gHkIMDeBOFhRt0e%2B%2F3fdm%2BZdzdM4s1WIHVbYztgmdEy20PUwDCviYKJX4GG%2BT9ivT8kJ%2FvWl1P%2FYqOCA54wggOaMB8GA1UdIwQYMBaAFFFo%2F5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBTsQZVRTuib7KY9w3FfOYsZHvOC9zCBxwYDVR0RBIG%2FMIG8gg4qLmZhY2Vib29rLmNvbYINbWVzc2VuZ2VyLmNvbYILKi5mYmNkbi5uZXSCCCouZmIuY29tghAqLm0uZmFjZWJvb2suY29tggZmYi5jb22CDiouZmFjZWJvb2submV0gg4qLnh4LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDyoubWVzc2VuZ2VyLmNvbYILKi5mYnNieC5jb22CDioueHkuZmJjZG4ubmV0ggxmYWNlYm9vay5jb20wDgYDVR0PAQH%2FBAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH%2FBAIwADCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AKS5CZC0GFgUh7sTosxncAo8NZgE%2BRvfuON3zQ7IDdwQAAABay5CAaUAAAQDAEYwRAIgMwBM6q%2BdBwu2mNtMMjTEwJZZxyoUlHUEYO%2BbfkId%2F9MCIAQ2bxhnxrapYv74fzyoTkt9m%2BELq6%2B43OVpivRVKDKTAHcAdH7agzGtMxCRIZzOJU9CcMK%2F%2FV5CIAjGNzV55hB7zFYAAAFrLkIA%2FAAABAMASDBGAiEA0x1xPWue6RMSE9nbjYBt637CRC86ixrODP%2FEIlI5mCgCIQCHNdqgOlswd0LqaW4QRii2JHN4bnoEj%2FD9j7%2BkqEB7LjANBgkqhkiG9w0BAQsFAAOCAQEAnRdIVNZ850s7IvLgg%2BU9kKxA18kLKVpIF%2FrJHkXTkymvBHKAGOFNfzqF2YxHFhkDMIuoMO2F%2BA1E0Eo8zb1atL6%2FL59broEHTOH6xFmJAlZW0h6mZg8iRJ9Ae0pTN%2FfowaoN9aFVRnVr9ccKhOdqsXYyEZ3Ze39sEwx7Uau9KhzyuJW12Jh3S%2BZJYUdBADeeJNL5ZXSUFIyjgkwSQZPaaWAzSGHZFt3sWhMjdNoBkjRJFlASLDM3m1ZWsKA47vuXvJc%2FDXT35lC1DJmyhYb9qNPR71a1hJ8TS7vUwdDd%2BdEHiJj2wQLV3m7Tn7YvWyJOEyi4n6%2FrPqT44LZmgK7HWw%3D%3D&cert=MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C%2FCJAbIbQRf1%2B8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU%2BUDlqUH1VWtMICKq%2FQmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK%2FIHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j%2F018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I%2B4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV%2FUyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC%2FzA%2FWiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH%2FAgEAMA4GA1UdDwEB%2FwQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj%2FkK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS%2BNa0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk%2FgNHE%2Br1hspZcX30BJZr01lYPf7TMSVcGDiEo%2Bafgv2MW5gxTs14nhr9hctJqvIni5ly%2FD6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX%2F78whQYwvwt%2FTv9XBZ0k7YXDK%2FumdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY%2B3sAzm2fTYS5yh%2BRp%2FBIAV0AecPUeybQ%3D&cert=MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm%2B9S75S0tMqbf5YE%2Fyc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG%2B%2BMXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx%2BmM0aBhakaHPQNAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH%2FBAQDAgGGMA8GA1UdEwEB%2FwQFMAMBAf8wHQYDVR0OBBYEFLE%2Bw2kD%2BL9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE%2Bw2kD%2BL9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe%2FEW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9%2BMpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2Yzi9RKR%2F5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2%2FS6cCZdkGCevEsXCS%2B0yx5DaMkHJ8HSXPfqIbloEpw8nL%2Be%2FIBcm2PN7EeqJSdnoDfzAIJ9VNep%2BOkuE6N36B9K"; + +const invalidCert = "about:certificate?cert=MIIH"; + +const pem_to_der_error = "about:certificate?cert=MIIHQ"; + +const error_parsing_cert = + "about:certificate?cert=MIIHQjCCBiqgAwIBAgIQCgYwQn9bvO11MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDUwODAwMDAwMFoXDTIwMDYwMzEyMDAwMFowgccxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQFEwc1MTU3NTUwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjyq8jyXDDrBTyitcnB90865tWBzpHSbindG%2FXqYQkzFMBlXmqkzC%2BFdTRBYyneZw5Pz%2BXWQvL%2B74JW6LsWNc2EF0xCEqLOJuC9zjPAqbr7uroNLghGxYf13YdqbG5oj%2F4x%2BogEG3dF%2FU5YIwVr658DKyESMV6eoYV9mDVfTuJastkqcwero%2B5ZAKfYVMLUEsMwFtoTDJFmVf6JlkOWwsxp1WcQ%2FMRQK1cyqOoUFUgYylgdh3yeCDPeF22Ax8AlQxbcaI%2BGwfQL1FB7Jy%2Bh%2BKjME9lE%2FUpgV6Qt2R1xNSmvFCBWu%2BNFX6epwFP%2FJRbkMfLz0beYFUvmMgLtwVpEPSwIDAQABo4IDeTCCA3UwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFMnCU2FmnV%2BrJfQmzQ84mqhJ6kipMCUGA1UdEQQeMByCCmdpdGh1Yi5jb22CDnd3dy5naXRodWIuY29tMA4GA1UdDwEB%2FwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG%2FWwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWNBYm0KAAAEAwBHMEUCIQDRZp38cTWsWH2GdBpe%2FuPTWnsu%2Fm4BEC2%2BdIcvSykZYgIgCP5gGv6yzaazxBK2NwGdmmyuEFNSg2pARbMJlUFgU5UAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWNBYm0tAAAEAwBHMEUCIQCi7omUvYLm0b2LobtEeRAYnlIo7n6JxbYdrtYdmPUWJQIgVgw1AZ51vK9ENinBg22FPxb82TvNDO05T17hxXRC2IYAdgC72d%2B8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWNBYm3fAAAEAwBHMEUCIQChzdTKUU2N%2BXcqcK0OJYrN8EYynloVxho4yPk6Dq3EPgIgdNH5u8rC3UcslQV4B9o0a0w204omDREGKTVuEpxGeOQwDQYJKoZIhvcNAQELBQADggEBAHAPWpanWOW%2Fip2oJ5grAH8mqQfaunuCVE%2Bvac%2B88lkDK%2FLVdFgl2B6kIHZiYClzKtfczG93hWvKbST4NRNHP9LiaQqdNC17e5vNHnXVUGw%2ByxyjMLGqkgepOnZ2Rb14kcTOGp4i5AuJuuaMwXmCo7jUwPwfLe1NUlVBKqg6LK0Hcq4K0sZnxE8HFxiZ92WpV2AVWjRMEc%2F2z2shNoDvxvFUYyY1Oe67xINkmyQKc%2BygSBZzyLnXSFVWmHr3u5dcaaQGGAR42v6Ydr4iL38Hd4dOiBma%2BFXsXBIqWUjbST4VXmdaol7uzFMojA4zkxQDZAvF5XgJlAFadfySna%2Fteik%3D"; + +async function checkForErrorSection(infoMessage, url, errorMessage, testType) { + info(infoMessage); + + await BrowserTestUtils.withNewTab(url, async function (browser) { + await SpecialPowers.spawn( + browser, + [{ errorMessage, testType }], + async function ({ errorMessage, testType }) { + let errorSection; + + if (testType === "invalid") { + await ContentTaskUtils.waitForCondition(() => { + return (errorSection = content.document + .querySelector("certificate-section") + .shadowRoot.querySelector("error-section")); + }, errorMessage); + ok(errorSection, errorMessage); + } else if (testType === "valid") { + ok(!errorSection, errorMessage); + } + } + ); + }); +} + +add_task(async function test_checkForErrorSection() { + let itemsToTest = [ + { + testType: "valid", + url: validCert, + infoMessage: "Testing for error when a valid certificate is provided.", + errorMessage: + "Error section should not be visible when URL contains a valid certificate.", + }, + { + testType: "invalid", + url: invalidCert, + infoMessage: "Testing for error when invalid certificate is provided.", + errorMessage: + "Error section should be visible when certificate is invalid.", + }, + { + testType: "invalid", + url: pem_to_der_error, + infoMessage: "Testing for error when PEM to DIR error occurs.", + errorMessage: + "Error section should be visible when PEM to DIR error occurs.", + }, + { + testType: "invalid", + url: error_parsing_cert, + infoMessage: "Testing for error when parsing error occurs.", + errorMessage: + "Error section should be visible when parsing error occurs.", + }, + ]; + + for (let i = 0; i < itemsToTest.length; i++) { + let item = itemsToTest[i]; + await checkForErrorSection( + item.infoMessage, + item.url, + item.errorMessage, + item.testType + ); + } +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_certificateTabLink.js b/toolkit/components/certviewer/tests/browser/browser_certificateTabLink.js new file mode 100644 index 0000000000..9c88d2bb03 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_certificateTabLink.js @@ -0,0 +1,61 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const validCert = + "about:certificate?cert=MIIGMDCCBRigAwIBAgIQCa2oS7Nau6nwv1WyRNIJnzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA2MDYwMDAwMDBaFw0xOTA5MDQxMjAwMDBaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTWVubG8gUGFyazEXMBUGA1UEChMORmFjZWJvb2ssIEluYy4xFzAVBgNVBAMMDiouZmFjZWJvb2suY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEALPlfjd8gHkIMDeBOFhRt0e%2B%2F3fdm%2BZdzdM4s1WIHVbYztgmdEy20PUwDCviYKJX4GG%2BT9ivT8kJ%2FvWl1P%2FYqOCA54wggOaMB8GA1UdIwQYMBaAFFFo%2F5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBTsQZVRTuib7KY9w3FfOYsZHvOC9zCBxwYDVR0RBIG%2FMIG8gg4qLmZhY2Vib29rLmNvbYINbWVzc2VuZ2VyLmNvbYILKi5mYmNkbi5uZXSCCCouZmIuY29tghAqLm0uZmFjZWJvb2suY29tggZmYi5jb22CDiouZmFjZWJvb2submV0gg4qLnh4LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDyoubWVzc2VuZ2VyLmNvbYILKi5mYnNieC5jb22CDioueHkuZmJjZG4ubmV0ggxmYWNlYm9vay5jb20wDgYDVR0PAQH%2FBAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH%2FBAIwADCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AKS5CZC0GFgUh7sTosxncAo8NZgE%2BRvfuON3zQ7IDdwQAAABay5CAaUAAAQDAEYwRAIgMwBM6q%2BdBwu2mNtMMjTEwJZZxyoUlHUEYO%2BbfkId%2F9MCIAQ2bxhnxrapYv74fzyoTkt9m%2BELq6%2B43OVpivRVKDKTAHcAdH7agzGtMxCRIZzOJU9CcMK%2F%2FV5CIAjGNzV55hB7zFYAAAFrLkIA%2FAAABAMASDBGAiEA0x1xPWue6RMSE9nbjYBt637CRC86ixrODP%2FEIlI5mCgCIQCHNdqgOlswd0LqaW4QRii2JHN4bnoEj%2FD9j7%2BkqEB7LjANBgkqhkiG9w0BAQsFAAOCAQEAnRdIVNZ850s7IvLgg%2BU9kKxA18kLKVpIF%2FrJHkXTkymvBHKAGOFNfzqF2YxHFhkDMIuoMO2F%2BA1E0Eo8zb1atL6%2FL59broEHTOH6xFmJAlZW0h6mZg8iRJ9Ae0pTN%2FfowaoN9aFVRnVr9ccKhOdqsXYyEZ3Ze39sEwx7Uau9KhzyuJW12Jh3S%2BZJYUdBADeeJNL5ZXSUFIyjgkwSQZPaaWAzSGHZFt3sWhMjdNoBkjRJFlASLDM3m1ZWsKA47vuXvJc%2FDXT35lC1DJmyhYb9qNPR71a1hJ8TS7vUwdDd%2BdEHiJj2wQLV3m7Tn7YvWyJOEyi4n6%2FrPqT44LZmgK7HWw%3D%3D&cert=MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C%2FCJAbIbQRf1%2B8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU%2BUDlqUH1VWtMICKq%2FQmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK%2FIHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j%2F018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I%2B4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV%2FUyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC%2FzA%2FWiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH%2FAgEAMA4GA1UdDwEB%2FwQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj%2FkK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS%2BNa0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk%2FgNHE%2Br1hspZcX30BJZr01lYPf7TMSVcGDiEo%2Bafgv2MW5gxTs14nhr9hctJqvIni5ly%2FD6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX%2F78whQYwvwt%2FTv9XBZ0k7YXDK%2FumdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY%2B3sAzm2fTYS5yh%2BRp%2FBIAV0AecPUeybQ%3D&cert=MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm%2B9S75S0tMqbf5YE%2Fyc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG%2B%2BMXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx%2BmM0aBhakaHPQNAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH%2FBAQDAgGGMA8GA1UdEwEB%2FwQFMAMBAf8wHQYDVR0OBBYEFLE%2Bw2kD%2BL9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE%2Bw2kD%2BL9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe%2FEW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9%2BMpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2Yzi9RKR%2F5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2%2FS6cCZdkGCevEsXCS%2B0yx5DaMkHJ8HSXPfqIbloEpw8nL%2Be%2FIBcm2PN7EeqJSdnoDfzAIJ9VNep%2BOkuE6N36B9K"; + +add_task(async function test_certificateTabLink() { + await BrowserTestUtils.openNewForegroundTab(gBrowser, () => { + gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, validCert); + }); + + await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function () { + let certificateTabs; + await ContentTaskUtils.waitForCondition(() => { + certificateTabs = content.document + .querySelector("certificate-section") + .shadowRoot.querySelectorAll(".certificate-tab"); + return certificateTabs.length; + }, "Found certificate tabs."); + + ok(certificateTabs.length, "Certificate tabs should exist."); + + let issuerNameGroups = content.document + .querySelector("certificate-section") + .shadowRoot.querySelectorAll(".issuer-name"); + let issuerNames = []; + for (let i = 0; i < issuerNameGroups.length; i++) { + issuerNames.push( + issuerNameGroups[i].shadowRoot.querySelector(".common-name") + ); + } + + for (let i = 0; i < issuerNames.length; i++) { + if (i < issuerNames.length - 1) { + issuerNames[i].shadowRoot.querySelector("a").click(); + await ContentTaskUtils.waitForCondition(() => { + return certificateTabs[i + 1].classList.contains("selected"); + }, "Clicking link should select new tab."); + ok( + certificateTabs[i + 1].classList.contains("selected"), + "Clicking link should select new tab." + ); + } else { + await ContentTaskUtils.waitForCondition(() => { + return certificateTabs[i].classList.contains("selected"); + }, "Clicking link should select new tab."); + ok( + certificateTabs[i].classList.contains("selected"), + "Clicking link should select new tab." + ); + ok( + !issuerNames[i].shadowRoot.querySelector("a"), + "Final tab's issuer name should not be link." + ); + } + } + }); + gBrowser.removeCurrentTab(); // closes about:certificate +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_checkAuthorityKeyID.js b/toolkit/components/certviewer/tests/browser/browser_checkAuthorityKeyID.js new file mode 100644 index 0000000000..a923f7acb3 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_checkAuthorityKeyID.js @@ -0,0 +1,50 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +async function checkAuthorityKeyID(url, expectedKeyId) { + await BrowserTestUtils.withNewTab(url, async function (browser) { + await SpecialPowers.spawn( + browser, + [expectedKeyId], + async function (expectedKeyId) { + let certificateSection = await ContentTaskUtils.waitForCondition(() => { + return content.document.querySelector("certificate-section"); + }, "Certificate section found"); + let authorityKeySection = + certificateSection.shadowRoot.querySelector(".authority-key-id"); + let subjectNameSection = + certificateSection.shadowRoot.querySelector(".subject-name"); + if (!expectedKeyId) { + Assert.equal(authorityKeySection, null, "authorityKeySection found"); + Assert.ok(subjectNameSection, "subjectNameSection found"); + return; + } + Assert.ok(authorityKeySection, "authorityKeySection found"); + let item = authorityKeySection.shadowRoot.querySelector("info-item"); + Assert.ok(item, "item found"); + let info = item.shadowRoot.querySelector(".info").textContent; + Assert.equal(info, expectedKeyId, "Key IDs must be equal"); + } + ); + }); +} + +add_task(async function test() { + let tests = [ + { + url: "about:certificate?cert=MIIHQjCCBiqgAwIBAgIQCgYwQn9bvO1pVzllk7ZFHzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDUwODAwMDAwMFoXDTIwMDYwMzEyMDAwMFowgccxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQFEwc1MTU3NTUwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjyq8jyXDDrBTyitcnB90865tWBzpHSbindG%2FXqYQkzFMBlXmqkzC%2BFdTRBYyneZw5Pz%2BXWQvL%2B74JW6LsWNc2EF0xCEqLOJuC9zjPAqbr7uroNLghGxYf13YdqbG5oj%2F4x%2BogEG3dF%2FU5YIwVr658DKyESMV6eoYV9mDVfTuJastkqcwero%2B5ZAKfYVMLUEsMwFtoTDJFmVf6JlkOWwsxp1WcQ%2FMRQK1cyqOoUFUgYylgdh3yeCDPeF22Ax8AlQxbcaI%2BGwfQL1FB7Jy%2Bh%2BKjME9lE%2FUpgV6Qt2R1xNSmvFCBWu%2BNFX6epwFP%2FJRbkMfLz0beYFUvmMgLtwVpEPSwIDAQABo4IDeTCCA3UwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFMnCU2FmnV%2BrJfQmzQ84mqhJ6kipMCUGA1UdEQQeMByCCmdpdGh1Yi5jb22CDnd3dy5naXRodWIuY29tMA4GA1UdDwEB%2FwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG%2FWwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWNBYm0KAAAEAwBHMEUCIQDRZp38cTWsWH2GdBpe%2FuPTWnsu%2Fm4BEC2%2BdIcvSykZYgIgCP5gGv6yzaazxBK2NwGdmmyuEFNSg2pARbMJlUFgU5UAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWNBYm0tAAAEAwBHMEUCIQCi7omUvYLm0b2LobtEeRAYnlIo7n6JxbYdrtYdmPUWJQIgVgw1AZ51vK9ENinBg22FPxb82TvNDO05T17hxXRC2IYAdgC72d%2B8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWNBYm3fAAAEAwBHMEUCIQChzdTKUU2N%2BXcqcK0OJYrN8EYynloVxho4yPk6Dq3EPgIgdNH5u8rC3UcslQV4B9o0a0w204omDREGKTVuEpxGeOQwDQYJKoZIhvcNAQELBQADggEBAHAPWpanWOW%2Fip2oJ5grAH8mqQfaunuCVE%2Bvac%2B88lkDK%2FLVdFgl2B6kIHZiYClzKtfczG93hWvKbST4NRNHP9LiaQqdNC17e5vNHnXVUGw%2ByxyjMLGqkgepOnZ2Rb14kcTOGp4i5AuJuuaMwXmCo7jUwPwfLe1NUlVBKqg6LK0Hcq4K0sZnxE8HFxiZ92WpV2AVWjRMEc%2F2z2shNoDvxvFUYyY1Oe67xINkmyQKc%2BygSBZzyLnXSFVWmHr3u5dcaaQGGAR42v6Ydr4iL38Hd4dOiBma%2BFXsXBIqWUjbST4VXmdaol7uzFMojA4zkxQDZAvF5XgJlAFadfySna%2Fteik%3D", + expectedKeyId: + "3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F", + }, + { + url: "about:certificate?cert=MIIGdjCCBF6gAwIBAgIBJjANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJKRTEPMA0GA1UECAwGSmVyc2V5MRUwEwYDVQQKDAx0Z2hvc3QuY28udWsxFTATBgNVBAMMDHRnaG9zdC5jby51azEmMCQGCSqGSIb3DQEJARYXcG9zdG1hc3RlckB0Z2hvc3QuY28udWswHhcNMTkxMTE4MjE1NjAwWhcNMjAxMTE3MjE1NjAwWjBRMQswCQYDVQQGEwJKRTEPMA0GA1UECAwGSmVyc2V5MRUwEwYDVQQKDAx0Z2hvc3QuY28udWsxGjAYBgNVBAMMEW1haWwudGdob3N0LmNvLnVrMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0CS0dR6hyjv4o6s4%2FI2VT43DCfylcaq%2F6%2B5tUn6xMDtf0tYMXPjG%2FGjtlXQk2Jq7wa%2FlRR%2Fzs8c6037BZ7wzu8Wx2i6tvRLZZSlzM2mRHxaRRDYTeHyovanhCFzKqnvi30bxKugQ3lETBK5eP7ppVpcHz58lx%2B%2BFovPOBx6SRaz4EiceUybZwFpKxUJmlhivT2MJTKM5NHF4n27vszM0dyu2qXLzhpy5dgklMEEhdnHFCT%2F9YPN7uLCvzJnCo9N%2FeWf84odJ%2FjTiEKm5NG6SGDuOZ%2FbY9KwQ8nAk26zeTkw%2BMfMXD2Rl76ZFg%2B07bpckSTiaCtLGGhbgLrqEdgNGTpz1Pu3uFjhR4QsfUsDAaSvgns0PT6eSA152cgOtin2SYo%2B4UVjVdM5d%2ByB0JgEIGHmiCRQkDdCD9%2FNZBhrnG2Xwooe64QzD5OjNS8yQSCPvjfivbSk1ulcIGjgxC0z1Ot4hc%2ByuU8aRE0ekIOf5EUEjZfJ%2FnO4EXT3J5en0CYurswJM7miOsVEiO1OIut022T00MoAF%2F%2FWP73qVW3Jbv6X0pzOBYDY3osyje4n6JRqujhPEOR0MNiaZxfz4JFNPAzi0Tq6qORbXbLgGBqPFvKh2KKIMGysfRqLlETI1lpqsHyhMxgllQW9IK33kwK9y0HgluEZvc58dvle8hOS4NK8CAwEAAaOCATQwggEwMAkGA1UdEwQCMAAwHQYDVR0OBBYEFORJOggtlruQ1S6vzucFiAS86CadMIGQBgNVHSMEgYgwgYWheKR2MHQxCzAJBgNVBAYTAkpFMQ8wDQYDVQQIDAZKZXJzZXkxFTATBgNVBAoMDHRnaG9zdC5jby51azEVMBMGA1UEAwwMdGdob3N0LmNvLnVrMSYwJAYJKoZIhvcNAQkBFhdwb3N0bWFzdGVyQHRnaG9zdC5jby51a4IJAMeNizC6cTabMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly93d3cudGdob3N0LmNvLnVrL2NhL2NybC5wZW0wCwYDVR0PBAQDAgP4MBEGCWCGSAGG%2BEIBAQQEAwIE8DAcBgNVHREEFTATghFtYWlsLnRnaG9zdC5jby51azANBgkqhkiG9w0BAQsFAAOCAgEAKZC9pqgU9MPssbNeJhKeGcCoH49BhfhrJNPkWqlJ%2FVbUB32m8p%2F7exaqFEe%2Fk2YwV8ILMA%2FCvQLgeV36Y9rHcWKqaA8lrklhRkK6%2BfYkAkpw37vVbm8qWsTt4OMa0Ajh%2F7QBy%2FUqak8Gaarl3LkJKLKB3Pj%2Bd2BFNxNm5W3TeFia2s%2B5y0O0eKqSQwRPqlQo3qhNQU1fDimTq8yI3fH9AOByWXHePjSc5h45GHxWoXPqQKtuqCINou6pKeZa1KoTCefB2oYJqamkneL2%2B21JhwkSVkGUfseGc2hiROVLejc%2Fgzq7mpUqudOsyN672BwB6W81w6%2FHCt2cZmCTWAAT5E3b6bHqqTTn9O2uljx2zTxao5Xov4L9EZ3hdccsLJGXHYgGDqY33e6Rrf86Jc%2BV%2F4%2FL8vhGf%2B70ASKLkibUuGwFJ0%2BamQHoHnVXLZ5rnbV3ArXOQcsfegTifmEPn7pGyHm7r5%2BkJ2JIh8wCyl5B%2FUxvNwIfAFEiieU3aqRAgbjnezYXwoLoLJBKSRMXdIfZJldduIkoPaeO0zWWaJSMon3qTAeDuboM4EfYG9Ma3UWdznXVkmgiXFo%2Fz6k%2Bg4jNzaQknI8jNHbp9G5K7M9KPcvUja8hjeGG4RIULKDdkauZUe1hX6m3NrzrJLD3MJPD8YTFeAf%2Fe3HCGwl4stKWHg4%3D&cert=MIIFZDCCA0wCCQDHjYswunE2mzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJKRTEPMA0GA1UECAwGSmVyc2V5MRUwEwYDVQQKDAx0Z2hvc3QuY28udWsxFTATBgNVBAMMDHRnaG9zdC5jby51azEmMCQGCSqGSIb3DQEJARYXcG9zdG1hc3RlckB0Z2hvc3QuY28udWswHhcNMTgwNDA4MTIyMjU0WhcNMjMwNDA4MTIyMjU0WjB0MQswCQYDVQQGEwJKRTEPMA0GA1UECAwGSmVyc2V5MRUwEwYDVQQKDAx0Z2hvc3QuY28udWsxFTATBgNVBAMMDHRnaG9zdC5jby51azEmMCQGCSqGSIb3DQEJARYXcG9zdG1hc3RlckB0Z2hvc3QuY28udWswggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCoFbHy44GNOQSymk%2BwAmZmllcAATSM6DrsW7NZgX8vHeP5OAlRaGaOgVmozKcbKSB2KSIvDvY1%2BKEKtfr5meIaeA6r%2BILeUYuNxQomnW3Oy%2B%2B7RFE53pS7R7QIt%2FLVf3k60mdZDLXF1wyFv950noGNrFZfvBvND1%2F88JeC4Gt7dVnJMy9CXOr7V0O%2F7sa5z%2Bvfm2Acufd1RYA3W%2FECbt%2F6z8KV%2FQthAgcYoabQgkmh8AxQ5cG7tBmoEAs%2BNwU%2BR8eMq1f%2B6TBCJiMa07jA1%2BQ663d7YONlk4fTSmvo3lEhXtrR%2BmrkxZAMiAD6NJs3VakcuAED9e1dS3G3%2FmPcNrKsa73aXEC5uvL9y4mKCZLypuSYjlW8cP5JpCG6vtmwL%2FATbcCtwpDwrKLcRWCrZdX0FOJirjWfKL%2BhyIWayQ5u7awdhH430h8rj03fXSMBhtTn73rohSGIANBnqVftvDDPnEQb5p17giaVbJybfA2tdMvJTZg6pEAx9%2B3zHXRECFpWOtaJDjWbmIExPMgiCSFkBPP3MEDVb7VdHKZs0CvBQg6GmpXg9M4OHZylzS6PXXO8qBCtBdKOwdFSZWbeD9E652rkvb5FuQ8laGHcxgMc2YFlVZaqVowXEkVkkld12d4sBipeRpDWNjA2kLfeUmwsXWtugG8c8Jm9IoZY8oeUkwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCVj6R9C5pE9hkBx7CCr9l4TLoolaEZlKngJHBRRSy5U50MndQ24Jeis2OTxEeYX7DJ%2BOy6QZdaph6FLwALxUWPfQavBcgauKR%2FCdqLQxZc267TMFkRIZvOtHUJ4obJ5qvQAWzNnmRq18b5plznfBfn9b3F2AmHgfsNX6WryQ4geR786VObcUhKTaofcaX%2FE4J9AVzL864fJ%2FDB%2FPSqhYrtskiG6PT9Ngu20ejvgAVk5aJ%2F%2F5Swsjyg6EBl%2BdwJepq2xzI313ZkwCg2pp6oqLDlxf%2Fh585Bsqke39Ax%2B42NWNM14cethcJ7jgyZoEaL3T%2BQ3O%2Bj9XEe5FbvkKtSgMIA6f0FneA4vbF8%2FECPMEi7k3k04gU1gZSR%2FGA63GPEK%2FCLqeh%2BYVgBGKDPinnMEV%2FuBrTUDQFBlDEHlELk7F9o93lxQNs6WOGQSfybfHhySla3nqoYV2phyeZZsJ%2BxMovWWIydJhVN%2F37v0fYTZhnlquGenXHvC5MHrMq2vjUY0Uy637AzXWVNWveNyQmmn9tL4jygELHQu%2Bint4GRybH7rThcslv63D5s4zZza7cITIFjmqZ%2BPrTSVKL%2BlnQLjEMpSdfB86Y2JnMimaOyv%2BbZp1QMB5fYh0PTsjYATi9We%2BDFD42c5H7Su0vFAwCTP11AiKzfbj2oBKVVwwJj3FmkYQ%3D%3D", + expectedKeyId: false, + }, + ]; + + for (let test of tests) { + await checkAuthorityKeyID(test.url, test.expectedKeyId); + } +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_checkLongHex.js b/toolkit/components/certviewer/tests/browser/browser_checkLongHex.js new file mode 100644 index 0000000000..01b54c083b --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_checkLongHex.js @@ -0,0 +1,38 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +async function checkLongHex(url, itemClass) { + await BrowserTestUtils.withNewTab(url, async function (browser) { + await SpecialPowers.spawn(browser, [itemClass], async function (itemClass) { + let certificateSection = await ContentTaskUtils.waitForCondition(() => { + return content.document.querySelector("certificate-section"); + }, "Certificate section found"); + let publicKeyInfoSection = + certificateSection.shadowRoot.querySelector(".public-key-info"); + Assert.ok(publicKeyInfoSection, "publicKeyInfoSection found"); + + let item = publicKeyInfoSection.shadowRoot.querySelector(`.${itemClass}`); + Assert.ok(item, `item ${itemClass} found`); + + let longHex = item.shadowRoot.querySelector(".long-hex"); + Assert.ok(longHex, "longHex class name found"); + }); + }); +} + +add_task(async function test() { + let tests = [ + { + url: "about:certificate?cert=MIIHQjCCBiqgAwIBAgIQCgYwQn9bvO1pVzllk7ZFHzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDUwODAwMDAwMFoXDTIwMDYwMzEyMDAwMFowgccxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQFEwc1MTU3NTUwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjyq8jyXDDrBTyitcnB90865tWBzpHSbindG%2FXqYQkzFMBlXmqkzC%2BFdTRBYyneZw5Pz%2BXWQvL%2B74JW6LsWNc2EF0xCEqLOJuC9zjPAqbr7uroNLghGxYf13YdqbG5oj%2F4x%2BogEG3dF%2FU5YIwVr658DKyESMV6eoYV9mDVfTuJastkqcwero%2B5ZAKfYVMLUEsMwFtoTDJFmVf6JlkOWwsxp1WcQ%2FMRQK1cyqOoUFUgYylgdh3yeCDPeF22Ax8AlQxbcaI%2BGwfQL1FB7Jy%2Bh%2BKjME9lE%2FUpgV6Qt2R1xNSmvFCBWu%2BNFX6epwFP%2FJRbkMfLz0beYFUvmMgLtwVpEPSwIDAQABo4IDeTCCA3UwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFMnCU2FmnV%2BrJfQmzQ84mqhJ6kipMCUGA1UdEQQeMByCCmdpdGh1Yi5jb22CDnd3dy5naXRodWIuY29tMA4GA1UdDwEB%2FwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG%2FWwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWNBYm0KAAAEAwBHMEUCIQDRZp38cTWsWH2GdBpe%2FuPTWnsu%2Fm4BEC2%2BdIcvSykZYgIgCP5gGv6yzaazxBK2NwGdmmyuEFNSg2pARbMJlUFgU5UAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWNBYm0tAAAEAwBHMEUCIQCi7omUvYLm0b2LobtEeRAYnlIo7n6JxbYdrtYdmPUWJQIgVgw1AZ51vK9ENinBg22FPxb82TvNDO05T17hxXRC2IYAdgC72d%2B8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWNBYm3fAAAEAwBHMEUCIQChzdTKUU2N%2BXcqcK0OJYrN8EYynloVxho4yPk6Dq3EPgIgdNH5u8rC3UcslQV4B9o0a0w204omDREGKTVuEpxGeOQwDQYJKoZIhvcNAQELBQADggEBAHAPWpanWOW%2Fip2oJ5grAH8mqQfaunuCVE%2Bvac%2B88lkDK%2FLVdFgl2B6kIHZiYClzKtfczG93hWvKbST4NRNHP9LiaQqdNC17e5vNHnXVUGw%2ByxyjMLGqkgepOnZ2Rb14kcTOGp4i5AuJuuaMwXmCo7jUwPwfLe1NUlVBKqg6LK0Hcq4K0sZnxE8HFxiZ92WpV2AVWjRMEc%2F2z2shNoDvxvFUYyY1Oe67xINkmyQKc%2BygSBZzyLnXSFVWmHr3u5dcaaQGGAR42v6Ydr4iL38Hd4dOiBma%2BFXsXBIqWUjbST4VXmdaol7uzFMojA4zkxQDZAvF5XgJlAFadfySna%2Fteik%3D", + itemClass: "modulus", + }, + { + url: "about:certificate?cert=MIIIMTCCBxmgAwIBAgIMFkDF1F0uxNlMfXxqMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgxMTA4MjEyMTA0WhcNMTkxMTIyMDc1OTU5WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNVBAMMDyoud2lraXBlZGlhLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGd1rS7GauMxJ15BmViShjVMjwQJNjjw%2BOUhnIaqE5QF%2Fq6c%2FLIvVh4N3473a7J52JcfmlfCrXvDthHzaZNEneKjggWVMIIFkTAOBgNVHQ8BAf8EBAMCA4gwgaAGCCsGAQUFBwEBBIGTMIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA%2FBggrBgEFBQcwAYYzaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMIICxQYDVR0RBIICvDCCAriCDyoud2lraXBlZGlhLm9yZ4INd2lraW1lZGlhLm9yZ4INbWVkaWF3aWtpLm9yZ4INd2lraWJvb2tzLm9yZ4IMd2lraWRhdGEub3Jnggx3aWtpbmV3cy5vcmeCDXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeCDndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4IXd2lraW1lZGlhZm91bmRhdGlvbi5vcmeCBncud2lraYISd21mdXNlcmNvbnRlbnQub3JnghEqLm0ud2lraXBlZGlhLm9yZ4IPKi53aWtpbWVkaWEub3JnghEqLm0ud2lraW1lZGlhLm9yZ4IWKi5wbGFuZXQud2lraW1lZGlhLm9yZ4IPKi5tZWRpYXdpa2kub3JnghEqLm0ubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IOKi53aWtpZGF0YS5vcmeCECoubS53aWtpZGF0YS5vcmeCDioud2lraW5ld3Mub3JnghAqLm0ud2lraW5ld3Mub3Jngg8qLndpa2lxdW90ZS5vcmeCESoubS53aWtpcXVvdGUub3JnghAqLndpa2lzb3VyY2Uub3JnghIqLm0ud2lraXNvdXJjZS5vcmeCESoud2lraXZlcnNpdHkub3JnghMqLm0ud2lraXZlcnNpdHkub3JnghAqLndpa2l2b3lhZ2Uub3JnghIqLm0ud2lraXZveWFnZS5vcmeCECoud2lrdGlvbmFyeS5vcmeCEioubS53aWt0aW9uYXJ5Lm9yZ4IZKi53aWtpbWVkaWFmb3VuZGF0aW9uLm9yZ4IUKi53bWZ1c2VyY29udGVudC5vcmeCDXdpa2lwZWRpYS5vcmcwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSt4NNfC33t2i98DfZjjYpZGMJsijAfBgNVHSMEGDAWgBSW3mHxvRwWKVMcwMx9O4MAQOYafDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AKS5CZC0GFgUh7sTosxncAo8NZgE%2BRvfuON3zQ7IDdwQAAABZvUzN%2FYAAAQDAEcwRQIgBATdvSzbd5NwGdtkmJ5SEvEPn6A8hgAsk6GSP6hzWcgCIQDKfHQNtObs%2FhHPfLgXsVkcnHIbjlNwmWeiukGtGHZFMgB2AG9Tdqwx8DEZ2JkApFEV%2F3cVHBHZAsEAKQaNsgiaN9kTAAABZvUzN8cAAAQDAEcwRQIgYalEnXtd%2FfPhjq9SXPoSPRhaMmeDs0IMN5o5Y6QTKfUCIQClR1uj%2BB56K4tGh%2Fmws4qugG1qSD9zfvmx8roKik3HHDANBgkqhkiG9w0BAQsFAAOCAQEAUEJyg%2FAZo%2BowG5J%2FLIk8EIDnyOcanmfgvdjMg8KnpBvh8l3Wb4HmOudluJhIeIbCUMwzEzSGqYQQ78n4wtjLaLwaDgL4WzHOVec2k%2BrbfmPT6MUCtdlz1PK5%2FWY9JQyQq6vy%2Btm3a6Wijy6M8U%2FTdrJubK5X03SFfRb0pDuFdr2fnkctLRnyCb1w0XHwGXjEcGm1LY42YKwdvbj3WIqumeSEuG4MZtquW6NURKELSil03G%2FhRHRAHHGx3zXes%2FjJcpH2GPX9eY9B%2BR1oHmCE2QF5Y%2FBh%2BuNA2%2B2Iuj%2F6UJAOw%2FZ%2F8%2BqZcnLWWnK2Dwzc34C%2FAUD%2BWb71oUcr60%2BpPg%3D%3D&cert=MIIEYjCCA0qgAwIBAgILBAAAAAABMYnGRMkwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwODAyMTAwMDAwWhcNMjIwODAyMTAwMDAwWjBmMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw5sPyOTf8xwpZ0gww5TP37ATsKYScpH1SPvAzSFdMijAi5GXAt9yYidT4vw%2BJxsjFU127%2Fys%2Br741bnSkbZEyLKNtWbwajjlkOT8gy85vnm6JnIY0h4f1c2aRoZHVrR1H3CnNR%2F4YASrnrqiOpX2MoKCjoSSaJiGXoNJPc367RzknsFI5sStc7rKd%2BkFAK5AaXUppxDZIje%2BH7%2B4%2FUe5f7co6jkZjHZTCXpGLmJWQmu6Z0cbTcPSh41ICjir9QhiwHERa1uK2OrkmthCk0g7XO6fM7%2BFrXbn4Dw1ots2Qh5Sk94ZdqSvL41%2BbPE%2BSeATv%2BWUuYCIOEHc%2BldK72y8QIDAQABo4IBKTCCASUwDgYDVR0PAQH%2FBAQDAgEGMBIGA1UdEwEB%2FwQIMAYBAf8CAQAwHQYDVR0OBBYEFJbeYfG9HBYpUxzAzH07gwBA5hp8MEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjMuY3JsMD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzAfBgNVHSMEGDAWgBSP8Et%2FqC5FJK5NUPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAugYpwLQZjCERwJQRnrs91NVDQPafuyULI2i1Gvf6VGTMKxP5IfBEreHoFVjb7v3bok3MGI8Nmm3DawGhMfCNvABAzDlfh2FRbfSV6uoVNT5AhcBi1aE0%2FniqqLJaOfM3Qfuc6D5xSlvr%2BGlYoeDGk3fpumeS62VYkHBzQn2v9CMmeReq%2BqS7meVEb2WB58rrVcj0ticRIXSUvGu3dGIpxM2uR%2FLmQlt4hgVhy5CqeYnfBH6xJnBLjUAfhHvA%2BwfmyLdOkfQ1A%2B3o60EQF0m0YsinLPLhTI8DLPMWN11n8aQ5eUmjwF3MVfkhgA%2F7zuIpalhQ6abX6xwyNrVip8H65g%3D%3D&cert=MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie%2FQV2EcWtiHL8RgJDx7KKnQRfJMsuS%2BFggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ0mpiLx9e%2BpZo34knlTifBtc%2BycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO%2FbLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c%2B9C7v%2FU9AOEGM%2BiCK65TpjoWc4zdQQ4gOsC0p6Hpsk%2BQLjJg6VfLuQSSaGjlOCZgdbKfd%2F%2BRFO%2BuIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH%2FBAQDAgEGMA8GA1UdEwEB%2FwQFMAMBAf8wHQYDVR0OBBYEFI%2FwS3%2BoLkUkrk1Q%2BmOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr%2ByAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q%2Fc2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj%2B9xTaGdWPoO4zzUhw8lo%2Fs7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj%2B1EbddTKJd%2B82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws%2FzyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9%2BE7gUJTb0o2HLO02JQZR7rkpeDMdmztcpHWD9f", + itemClass: "public-value", + }, + ]; + + for (let test of tests) { + await checkLongHex(test.url, test.itemClass); + } +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_checkMissingCommonName.js b/toolkit/components/certviewer/tests/browser/browser_checkMissingCommonName.js new file mode 100644 index 0000000000..e26612c1b8 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_checkMissingCommonName.js @@ -0,0 +1,50 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +add_task(async function test_check_missing_common_name() { + const kURL = + "about:certificate?cert=MIIHVDCCBTygAwIBAgIQOBNAgEopyUI1DYLsLmSWejANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ6KGM5pS%2F6ZmiMTUwMwYDVQQDDCzmlL%2FlupzkvLrmnI3lmajmlbjkvY3mhpHorYnnrqHnkIbkuK3lv4MgLSBHMTAeFw0yMDAxMjAwNjExMzBaFw0yMjAxMjAwNjExMzBaMFUxCzAJBgNVBAYTAlRXMQ8wDQYDVQQHDAboh7rngaMxEjAQBgNVBAoMCee4vee1seW6nDEhMB8GA1UEAwwYZW5nbGlzaC5wcmVzaWRlbnQuZ292LnR3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxCtEdUsGqr%2FVCNOMpj1TkDzBn6Gs1RBHHERU%2BsJ1q3ri6rJfydTx0rQKUbcGEMyWB2pga4dNSjzxQZ6%2BebP3kctC0H%2F%2BptEnsIOQcyD2yLN5yg8ejx6Y568z3fbU%2FRAVo4q6qGZzlBfzl2AhZMrp3AiNpQZXjLWgNHYZfirDVur7ImSjECq6atLlZ1yn%2B0RC%2FsGsPKalz5iacuxMYIkWeCvm7piA%2FdXPfw%2FVJxbIEkXMSXXxDNGrBZY0wAcmPeDHZxyLDGDOFLV%2Fpics3ZJ4UjFPphwaXuW94K9NKLcfOu7JaYP6JszpBIEiL8GRl8pMdykkKN%2FRkEZ%2F8pE7Tz%2BswIDAQABo4IDGzCCAxcwHwYDVR0jBBgwFoAU1ustnWH%2BK7twiC64B7FZsPSDImowHQYDVR0OBBYEFDxkjGSuIgKbFKTUvadNfX%2B%2BogdCMHUGCCsGAQUFBwEBBGkwZzA1BggrBgEFBQcwAoYpaHR0cDovL2d0bHNjYS5uYXQuZ292LnR3L0NlcnRzL0dUTFNDQS5jcnQwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmd0bHNjYS5uYXQuZ292LnR3L09DU1AwIgYDVR0gBBswGTANBgsrBgEEAYG3I2QAAzAIBgZngQwBAgIwIAYDVR0lAQH%2FBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCMGA1UdEQQcMBqCGGVuZ2xpc2gucHJlc2lkZW50Lmdvdi50dzAgBgNVHQkEGTAXMBUGB2CGdgFkAgExCgYIYIZ2AWQDAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2d0bHNjYS5uYXQuZ292LnR3L2NybC9HVExTQ0EtY29tcGxldGUuY3JsMA4GA1UdDwEB%2FwQEAwIFoDCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFmAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9%2B443fNDsgN3BAAAAFvwZRvQAAABAMARjBEAiAWcMYq5U%2BiRndzk4q7XRQ10ykv%2FBlaHelk0SMi8LeXmAIgY%2BJUd3bzT5nSTCYQMOAMLGE52UWhnIRgxdWRtcg60uAAdQDuS723dc5guuFCaR%2Br4Z5mow9%2BX7By2IMAxHuJeqj9ywAAAW%2FBlHdGAAAEAwBGMEQCIAM72FPgBC6JzvE%2BEkvdp9g9Lt19fnJ6KfWQYNN%2BMylsAiBezZw%2FDzsg22O4Tr0QGYoY7HsnPzsHzxEJVUJGl8HXZQB2AG9Tdqwx8DEZ2JkApFEV%2F3cVHBHZAsEAKQaNsgiaN9kTAAABb8GUfQAAAAQDAEcwRQIgXVJY0MInclLEtJ1AoMPtjja0tvBD0zPHSAyxIgZ%2B3EECIQDTj7KrkhXuZqKr6sF0hqwr%2BiMiByMi7gNjK4DOqxJ7YjANBgkqhkiG9w0BAQsFAAOCAgEAeOXA%2FpFjaSlenGSQSMDbbSXM%2BL2nM0M1yQ8WxM2mxRfAxzyuH%2FDo1UGDmbvu1e6f%2FdA6Gr%2BAdx2EFia3FqIBrnB9BAymlMgYKq3pW67b83k8r6iF5UcwxISE4LXplY8iV12a59EUCHr0YnVUzK3gLN9ocPyGHnsRdzuowU7WRtZ2tMFAlVT2dEGPqG2ZKsIiCBRummp1vNF3b%2BB5g4Y5Hc7Vw1%2F1LgPMsaSPj5%2Fl4YdLCIO2tWYqnpA0LE8xuRXFSRA0fmlZQKr01N0%2B1ar2QRH6PcRJE3EJbgdnsIGDMithZ4a2COinwCWNkuj6lwB83RvfGOdwJfVv9ricvRpdMOs3HSQnRk0q1IreY42VVmtOGt6MfuCPaIMZtI0unkd3GHmCDcoe64HIu7sjdTCqWAR60JZpQ4oM%2BOpzfBulhf44BDh33zM7lNAlEtVN%2BtszLA2S3CCoDTHpUGWkes%2BzkI4qjG5Nd1eGZT%2FtqqWyRc799ROCEAI5SkgZgowqRgzMhkazdyDANLTbg2Edt4OT7O6zrdLg70JTZMxdJ5%2BAnDMmDr8NCH63URFJe72ZBOH4uAeZuV%2Bhbh9v1%2BF2kFaqVBh2VaRdY%2FHGpnoD%2By1bJ7FI1erKUJFt%2FP4ZEYjACkmT7Gtw8NifvECY3cw3aiAY7AMg2Bnk72ySxvBcXedVMU8%3D&cert=MIIGtjCCBJ6gAwIBAgIRAJltX%2Bmt4Wzcjs2%2F7bFKMpUwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVFcxIzAhBgNVBAoMGkNodW5naHdhIFRlbGVjb20gQ28uLCBMdGQuMS8wLQYDVQQDDCZlUEtJIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0xOTA3MTkwNjQ2NDVaFw0zMTA4MTkwNjQ2NDVaMFgxCzAJBgNVBAYTAlRXMRIwEAYDVQQKDAnooYzmlL%2FpmaIxNTAzBgNVBAMMLOaUv%2BW6nOS8uuacjeWZqOaVuOS9jeaGkeitieeuoeeQhuS4reW%2FgyAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwg5R4LGoDj%2BmZIXmcHmRYv501jsSLIm7EoX%2FKAt74uN2yDR436V2EWkFeWhD%2BTS4sx2%2F3JCRW%2BKE%2BIX8NYBKjsWuK9OMY4Gu4FEWJpBu1XCWYjTPKyhHdEhDpxRxv91g3Zk68XgK7j2U5sEzCPx13QjkH7qc%2FMo5BFiro8YsYAfxgCoa%2FrZFEsXyZKXRJeIDw7t%2BiPxVy2cbQ0uNloO9670LGoOVzYVkYABv3IwZo%2BJRtj%2Bj7rLjB7xQKYmfJOA2Jc96yPm6li7zHrIQYfohGPdANmwR9opNNqYOo%2BLtsIYot3%2FcLp9YgAaiGdrAiKrbbEVkYH%2BzKzAHolf5mPBn%2Bh3OElYfygESitWRBp2bwfOGJwAYseTuorQHpyQps1GGcn9vcfnLhvLxa3DMrCAvSJb3SvHCyqahQz0KR0IPcu%2BVLW3icaqlbJausGIGYqp8VSN6FJ0pgmYdbunBLYc1v23VvjmVMl%2BxNJoaSFEUscmSqA4CuYANhkWSANk8HI9rNbvmzuyWhSv7tUXY6UB67mHp4ypGcKYbXrjiKqahv6QLUEb7S8FD71Ds75F2vMeO4O77i6joBs%2FL2E6WZJvSronzJCXL0IwmpYaOAsoFOf0eGVsPBVKn%2Bz4Bq0WA0%2Br7plfWofDbUGmx9Zun%2B%2BrWhoDXrma%2BodubN1Xj1RjlL3sCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFHJbuqpyOO4lkCS1lCL6CYjKiwr7MB0GA1UdDgQWBBTW6y2dYf4ru3CILrgHsVmw9IMiajAOBgNVHQ8BAf8EBAMCAYYwPAYDVR0fBDUwMzAxoC%2BgLYYraHR0cDovL2VjYS5oaW5ldC5uZXQvcmVwb3NpdG9yeS9DUkwyL0NBLmNybDCBggYIKwYBBQUHAQEEdjB0MDsGCCsGAQUFBzAChi9odHRwOi8vZWNhLmhpbmV0Lm5ldC9yZXBvc2l0b3J5L0NlcnRzL2VDQUcyLmNydDA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuZWNhLmhpbmV0Lm5ldC9PQ1NQL29jc3BHMnNoYTIwEgYDVR0TAQH%2FBAgwBgEB%2FwIBADAiBgNVHSAEGzAZMA0GCysGAQQBgbcjZAADMAgGBmeBDAECAjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggIBAEyrsJ9vUi6nEfwO0vgAoFefXpCRF%2BuDsmG%2F8F6OV9VRnbtzBwazHbxVmaBvDRVofLfoXWr%2BNd8dd3BXVUNxemNrkZa8Hdgdv4s8yFbRs0W6fRTWkhCcc39RpQtSeV7kyxCP1rMTYRSqCA9F%2BFcDMLXJIzZrzl7Tn6guIyqcfZv6sRN7CbbTrYKSc0JX4t26WGFun2zLjzH8kx1TZ457TE4yyjl1oSZdgiWL6Hz7l%2BnbTe6WqPVVm4am2AAmaQaLGncsGLasl7PIHx9Nc4sy7KdOMTc5r0BPCGhAiJ6ueQ6aVd49pra7BDIqFMA7Myy4pXRYfqFnjq9RuROWYiIluzLNUSxlaFtTMUVQnWjJxnlXlBDLX9L4OAxTOvdbtcNNS1GK%2BW1cWiYdTOWF4HTu5pvdUn%2F%2B8yVE4E7MPb0vGuxv3S11QG6JtVPuHkX6BGqRXHo253gY77HZU0g3g9qVs9UaZjWS5UTcqdgLmmOQnH7USaJ9%2F4rXRu%2FP8IWMPG2s6tv1dRVQV5xfq21PQ4y53ytVd0%2B%2Flp0L743%2B1AjnOw0I8t9QxP6c2ti%2Boo43rxM8YE3etVLQBeWsmJc00GOWa%2FXmFACsy8Lkctx0QScAAYwCfB2accfxj9hEX1c6MAeVUVp04YJx4dtjoIFTPI1%2FMFX%2BFkxMq4Fs6k%2BmxSm7tNvv&cert=MIIHZDCCBUygAwIBAgIRAK%2FNjWQsYtZFBn3IV%2F2o8V0wDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCVFcxIzAhBgNVBAoMGkNodW5naHdhIFRlbGVjb20gQ28uLCBMdGQuMSowKAYDVQQLDCFlUEtJIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTUxMTE3MDg1MTM1WhcNMzQxMjIwMDIzMTI3WjBjMQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xLzAtBgNVBAMMJmVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApFkfoC%2FfvuD76dy1if5alwPJOnenjlyv8uMYOfWq3Q9G0mgPV5ynY2DTWM41wqf2iMJPfxso6dCnAMQXTW3iD8UOJiMgq%2Fc6KKJMCgvMjs7mAJpaQA3UUBqb0Q2clPnb7lzQ8YoHzZorQCxJpF1iX6dr3%2B5WCFDzQhhsMbBe5ZxzkrwO0gx9xThXvLtY2yYZAu3jQ4SKTlZr262hMdnMImeWeP93ncxkxTIgau9OMNUkJf2Iea9xGv7VSxsViLwYcKq9rTgKZjBG5YmF1XYkqamz5llgD7SpU8I6nUUa1q7jd17EYjYzLzDEv5XxLTildejRapMuRYdLSqLfv1gnmspiGape1LGASZbdK%2Bxfj5vgnZeI9YQDo6%2BzpXMtQbrlB7dva3H398lar2mZsy%2FIT0LrbGtxZ3jfCqxP10qFAEYa1c24n%2BqVnQ980cYFheYI3ogXgfbVtW7qoRzXYarjWUKJnFl%2BsXxkNN1hIyo5tRCr%2FIapUxrF62rigE5ZkcA4if6zXdb7kenXsH3ZeAjM9SvMK%2BGh1pRzwf5R9Ix9CrWairn12uDJs9iPqoKDjWlTLf0ABBhKoNpU4XmMiet%2F9YLnoLl3Ta75ugI7iHbrfF2zWhPbfCkWa5nRHeRIIaINXgGI6L7xmE0%2BxxZXHF%2FhCG8cTFhDVveAZYxxDqIEZ08CAwEAAaOCAhYwggISMB8GA1UdIwQYMBaAFB4M97Zn8uGSJglFwFU5Lnc%2FQkqiMB0GA1UdDgQWBBRyW7qqcjjuJZAktZQi%2BgmIyosK%2BzAOBgNVHQ8BAf8EBAMCAQYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2VjYS5oaW5ldC5uZXQvcmVwb3NpdG9yeS9DUkxfU0hBMi9DQS5jcmwwgYIGCCsGAQUFBwEBBHYwdDA7BggrBgEFBQcwAoYvaHR0cDovL2VjYS5oaW5ldC5uZXQvcmVwb3NpdG9yeS9DZXJ0cy9lQ0FHMS5jcnQwNQYIKwYBBQUHMAGGKWh0dHA6Ly9vY3NwLmVjYS5oaW5ldC5uZXQvT0NTUC9vY3NwRzFzaGEyMA8GA1UdEwEB%2FwQFMAMBAf8wgecGA1UdIASB3zCB3DANBgsrBgEEAYG3I2QAATANBgsrBgEEAYG3I2QAAjANBgsrBgEEAYG3I2QAAzANBgsrBgEEAYG3I2QABDANBgsrBgEEAYG3I2QACTANBgsrBgEEAYG3I2QAADANBgsrBgEEAYG3I2QEATANBgsrBgEEAYG3I2QEAjANBgsrBgEEAYG3I2QEAzAJBgdghnYBZAABMAkGB2CGdgFkAAIwCQYHYIZ2AWQAAzAJBgdghnYBZAAEMAkGB2CGdgFkAAAwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggIBALwy4mxatKA6X%2BUM2IDpnWajNmek00EM4qh5E7eiQY0yZV5Eit9D%2F8q9h0hD77NjVaYPwsOWqWAiVtDAro%2BnWDHfkAG14ptRNBoGjJjzZi%2F%2BOeI2WTc8ZER6C8rAjQ7b%2FRxMzwxfDjRtgCbT2qq01rPiJ%2BqDgyUniDstbyQj08bSo3GJWp6ZsSNDAP26ygODpSgL0Ja806Byk2b4npQevdkmQ0k43S9IU0MeSlWT8hxzluyFlPRl4yuev5le91outdEdpV98KvYcgLAWwW5UcFOM6SRsYTBS2dfSRgKreDnMNdbUHmbAVsb3wLD6WqLoe6LyRNOeXctKPA6%2Be5i%2FJN6NZnqejcMopuS%2BpyWyrNiHlRShGUfTiXrcbT8fbyOswAT8JsX4fWyZYub0kKfFG8hEKQsIxNiyKH4cw6HBih31EYaYS9IEj19NxfHl0KbPm22cpBJoGwkZWgg%2F%2FPflFFHNTdKSalDxPHMKdyZbTBugLtqFVkV%2Bvu1y6WRoGfHwzpa9aQsMWAwLYRnBZnSYzfN9QFZsoHCSDJJVt30Oi6fURJy34%2Bdtvs%2BsQihiN886uYTJ0Cex1R%2BOb9HXCKFrGTumgwD%2Bnitt7hwlB74K9lqrKQrtfgfBFFMG9Tu%2FE%2FOI6JoST2j8KmSN1rpcxoMH3tamxqm3%2BxpLM9HekbBoJ0V2&cert=MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNsIZ5qyNUD9WBpj8zwIuQf5%2FdqIjG3LBXy4P4AakP%2Fh2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKilTza6We%2FCKBk49ZCt0Xvl%2FT29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q%2BRBNGMD%2BXPNjX12ruOzjjK9SXDrkb5wdJfzcq%2BXd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN%2F%2BZ0V0OWQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde%2BS%2FuUWH1%2BETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnaolQ2zepr7BxB4EW%2Fhj8e6DyUadCrlHJhBmd8hh%2BiVBmoKs2pHdmX2Os%2BPYhcZewoozRrSgx4hxyy%2Fvv9haLdnG7t4TY3OZ%2BXkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc%2FQkqiMAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLHClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B01GqZNF5sAFPZn%2FKmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI%2BymBV3QGypzqKOg4ZyYr8dW1P2WT%2BDZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC%2Fgpf36j36%2BuwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2j6%2F7Nu4tCEoduL%2BbXPjqpRugc6bY%2BG7gMwRfaKonh%2B3ZwZCc7b3jajWvY9%2BrGNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS%2FjQ6fbjpKdx2qcgw%2BBRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR%2B2zGp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8%2Fgntsm%2BHbRsZJB%2F9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW%2F2xzQ%2BDhNQ%2BIIX3Sj0rnP0qCglN6oH4EZw%3D"; + + await BrowserTestUtils.withNewTab(kURL, async function (browser) { + await SpecialPowers.spawn(browser, [], async function () { + let certificateSection = await ContentTaskUtils.waitForCondition(() => { + return content.document.querySelector("certificate-section"); + }, "Certificate section found"); + + let tabs = + certificateSection.shadowRoot.querySelector( + ".certificate-tabs" + ).children; + + Assert.ok(tabs, "Tabs were found"); + Assert.equal(tabs.length, 4, "There should be 4 tabs"); + for (let tab of tabs) { + Assert.ok(tab.textContent, "Tab should have non-empty label"); + Assert.notEqual( + tab.dataset.l10nId, + "certificate-viewer-unknown-group-label" + ); + // If there is another tab after this one, this tab should link to the + // next via its issuer's common name or OU, if available. + if (tab.nextElementSibling) { + tab.click(); + let infoGroup = certificateSection.shadowRoot.querySelector( + ".selected info-group.issuer-name" + ); + Assert.ok(infoGroup, "infoGroup found"); + let container = + infoGroup.shadowRoot.querySelector(".common-name") || + infoGroup.shadowRoot.querySelector(".organizational-unit"); + Assert.ok(container, "Should find container for link"); + Assert.ok( + container.shadowRoot.querySelector("a"), + "There should be a link in the container for " + + container.textContent + ); + } + } + }); + }); +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_checkNonEmptyFields.js b/toolkit/components/certviewer/tests/browser/browser_checkNonEmptyFields.js new file mode 100644 index 0000000000..e6c48dc3d1 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_checkNonEmptyFields.js @@ -0,0 +1,82 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +async function checkNonEmptyFields(url) { + await BrowserTestUtils.withNewTab(url, async function (browser) { + await SpecialPowers.spawn(browser, [], async function () { + let certificateSection = await ContentTaskUtils.waitForCondition(() => { + return content.document.querySelector("certificate-section"); + }, "Certificate section found"); + + let tabs = + certificateSection.shadowRoot.querySelector( + ".certificate-tabs" + ).children; + + Assert.ok(tabs, "Tabs were found"); + Assert.greater(tabs.length, 0, "There must at least one tab"); + + function clickTabAndCheckSelection(tabID) { + let selectedTabBefore = 0; + + for (let i = 0; i < tabs.length; i++) { + if (tabs[i].className.includes("selected")) { + selectedTabBefore = i; + break; + } + } + + let tabButton = certificateSection.shadowRoot.querySelector( + `.certificate-tabs .tab[idnumber="${tabID}"]` + ); + tabButton.click(); + + if (tabID !== 0) { + Assert.notEqual( + selectedTabBefore, + tabID, + "A new tab should be selected now" + ); + } + } + + for (let i = 0; i < tabs.length; i++) { + clickTabAndCheckSelection(i); + + let infoGroups = + certificateSection.shadowRoot.querySelectorAll("info-group"); + Assert.ok(infoGroups, "infoGroups found"); + + for (let infoGroup of infoGroups) { + let infoItems = infoGroup.shadowRoot.querySelectorAll("info-item"); + Assert.ok(infoItems, "infoItems found"); + + for (let infoItem of infoItems) { + let item = infoItem.shadowRoot.querySelector(".info"); + if (item.textContent.length === 0) { + await ContentTaskUtils.waitForCondition( + () => parseInt(item.textContent.length) > 0, + "info-item has not been localized." + ); + } + } + } + } + }); + }); +} + +add_task(async function test() { + const url1 = + "about:certificate?cert=MIIIIDCCBwigAwIBAgIQdFFdOvtZKGMnFerJav62lzANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMSUwIwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEczMB4XDTE5MDcyOTE4NDQyN1oXDTE5MTAyMTE4MjMwMFowZjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBMTEMxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOOufVj7d5UF%2FN49KyXmA0Z0rlQPEicHK5CbO122uECXYbWwepNlWlqM7V1GF0vRutC8YyAlxrCsUmOTrpem7NWjggWlMIIFoTATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCB4AwggRqBgNVHREEggRhMIIEXYIMKi5nb29nbGUuY29tgg0qLmFuZHJvaWQuY29tghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIGKi5nLmNvgg4qLmdjcC5ndnQyLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22CCiouZ2dwaHQuY26CFiouZ29vZ2xlLWFuYWx5dGljcy5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5nb29nbGUuY28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIPKi5nb29nbGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50coIPKi5nb29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIPKi5nb29nbGVhcGlzLmNughEqLmdvb2dsZWNuYXBwcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESouZ29vZ2xldmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CEiouZ3N0YXRpY2NuYXBwcy5jboIKKi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0YXRpYy5jb22CDCoudXJjaGluLmNvbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0dWJlLW5vY29va2llLmNvbYINKi55b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIRKi55b3V0dWJla2lkcy5jb22CByoueXQuYmWCCyoueXRpbWcuY29tghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVsb3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdvb2dsZS5jboIEZy5jb4IIZ2dwaHQuY26CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdvb2dsZS5jb22CD2dvb2dsZWNuYXBwcy5jboISZ29vZ2xlY29tbWVyY2UuY29tghhzb3VyY2UuYW5kcm9pZC5nb29nbGUuY26CCnVyY2hpbi5jb22CCnd3dy5nb28uZ2yCCHlvdXR1LmJlggt5b3V0dWJlLmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVraWRzLmNvbYIFeXQuYmUwaAYIKwYBBQUHAQEEXDBaMC0GCCsGAQUFBzAChiFodHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFNHSUFHMy5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnBraS5nb29nL0dUU0dJQUczMB0GA1UdDgQWBBRPZJy%2FftYprTgIqQTFvmZIl%2BXaGTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFHfCuFCaZ3Z2sS3ChtCDoH6mfrpLMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFAzAIBgZngQwBAgIwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5wa2kuZ29vZy9HVFNHSUFHMy5jcmwwDQYJKoZIhvcNAQELBQADggEBADc7%2BG7Np83iC8KU6GYSKizr%2F2VbPPpBjR5EzXIdUpUgxWFQ7Faxd1LVhm22QVlmMKjjYe7JUxnaIa5Zay6pBlMr5Fq%2BHbSTuA63GOt4IW1CvB1zAOaJWfxGXaNX1Xg%2F740qWEDoe95h9Xm%2FfIcFLD86FCUITAenFKBOKdaKoBMGoDBOq7jUdn492oGBYi%2BQtXfNjvcZm0yABGTjQOtH8JzyWKx1NvNLw5gSXYH5Vmj%2FQzRBEED3%2BpIJh6vgKIGEhG%2BhCg4tx4k0nnwoHGnL4a2mcemlRIWRCcjbb%2FBoF%2B05EvQvB6PcurckBaPN8r7wWCxefYViIMnHiMmzPdwZYIA%3D&cert=MIIEXDCCA0SgAwIBAgINAeOpMBz8cgY4P5pTHTANBgkqhkiG9w0BAQsFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEyMTUwMDAwNDJaMFQxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKUkvqHv%2FOJGuo2nIYaNVWXQ5IWi01CXZaz6TIHLGp%2FlOJ%2B600%2F4hbn7vn6AAB3DVzdQOts7G5pH0rJnnOFUAK71G4nzKMfHCGUksW%2Fmona%2BY2emJQ2N%2BaicwJKetPKRSIgAuPOB6Aahh8Hb2XO3h9RUk2T0HNouB2VzxoMXlkyW7XUR5mw6JkLHnA52XDVoRTWkNty5oCINLvGmnRsJ1zouAqYGVQMc%2F7sy%2B%2FEYhALrVJEA8KbtyX%2Br8snwU5C1hUrwaW6MWOARa8qBpNQcWTkaIeoYvy%2FsGIJEmjR0vFEwHdp1cSaWIr6%2F4g72n7OqXwfinu7ZYW97EfoOSQJeAzAgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB%2FwQIMAYBAf8CAQAwHQYDVR0OBBYEFHfCuFCaZ3Z2sS3ChtCDoH6mfrpLMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd%2FcGYYuMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAHLeJluRT7bvs26gyAZ8so81trUISd7O45skDUmAge1cnxhG1P2cNmSxbWsoiCt2eux9LSD%2BPAj2LIYRFHW31%2F6xoic1k4tbWXkDCjir37xTTNqRAMPUyFRWSdvt%2BnlPqwnb8Oa2I%2FmaSJukcxDjNSfpDh%2FBd1lZNgdd%2F8cLdsE3%2BwypufJ9uXO1iQpnh9zbuFIwsIONGl1p3A8CgxkqI%2FUAih3JaGOqcpcdaCIzkBaR9uYQ1X4k2Vg5APRLouzVy7a8IVk6wuy6pm%2BT7HT4LY8ibS5FEZlfAFLSW8NwsVz9SBK2Vqn1N0PIMn5xA6NZVc7o835DLAFshEWfC7TIe3g%3D%3D&cert=MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6%2BLm8omUVCxKs%2BIVSbC9N%2FhHD6ErPLv4dfxn%2BG07IwXNb9rfF73OX4YJYJkhD10FPe%2B3t%2Bc4isUoh7SqbKSaZeqKeMWhG8eoLrvozps6yWJQeXSpkqBy%2B0Hne%2Fig%2B1AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ%2FgkwpRl4pazq%2Br1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH%2FBAUwAwEB%2FzAdBgNVHQ4EFgQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0%2FWwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP%2BDTKqttVCL1OmLNIG%2B6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavSot%2B3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h%2Bu%2FN5GJG79G%2BdwfCMNYxdAfvDbbnvRG15RjF%2BCv6pgsH%2F76tuIMRQyV%2BdTZsXjAzlAcmgQWpzU%2FqlULRuJQ%2F7TBj0%2FVLZjmmx6BEP3ojY%2Bx1J96relc8geMJgEtslQIxq%2FH5COEBkEveegeGTLg%3D%3D"; + const url2 = + "about:certificate?cert=MIIDeTCCAmGgAwIBAgIJAPziuikCTox4MA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQKDAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTAeFw0xOTEwMDkyMzQxNTJaFw0yMTEwMDgyMzQxNTJaMGIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQKDAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yoaEmwIrX5lZ6xKyx2PmzAS2BMTOqytMAPgLaw%2BXLJhgL5XEFdEyt%2FccRLvOmULlA3pmccYYz2QULFRtMWhyefdOsKnRFSJiFzbIRMeVXk0WvoBj1IFVKtsyjbqv9u%2F2CVSndrOfEk0TG23U3AxPxTuW1CrbV8%2Fq71FdIzSOciccfCFHpsKOo3St%2FqbLVytH5aohbcabFXRNsKEqveww9HdFxBIuGa%2BRuT5q0iBikusbpJHAwnnqP7i%2FdAcgCskgjZjFeEU4EFy%2Bb%2Ba1SYQCeFxxC7c3DvaRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEAAaMyMDAwCQYDVR0TBAIwADAjBgNVHREEHDAaggwqLmJhZHNzbC5jb22CCmJhZHNzbC5jb20wDQYJKoZIhvcNAQELBQADggEBAGlwCdbPxflZfYOaukZGCaxYK6gpincX4Lla4Ui2WdeQxE95w7fChXvP3YkE3UYUE7mupZ0eg4ZILr%2FA0e7JQDsgIu%2FSRTUE0domCKgPZ8v99k3Avka4LpLK51jHJJK7EFgo3ca2nldd97GM0MU41xHFk8qaK1tWJkfrrfcGwDJ4GQPIiLlm6i0yHq1Qg1RypAXJy5dTlRXlCLd8ufWhhiwW0W75Va5AEnJuqpQrKwl3KQVewGj67WWRgLfSr%2B4QG1mNvCZb2CkjZWmxkGPuoP40%2Fy7Yu5OFqxP5tAjj4YixCYTWEVA0pmzIzgBg%2BJIe3PdRy27T0asgQW%2FF4TY61Yk%3D"; + const url3 = + "about:certificate?cert=MIIG7jCCBNagAwIBAgIBDzANBgkqhkiG9w0BAQsFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ8BLPRoZzYLdufujAWGSuzbCtRRcMY%2FpnCujW0r8%2B55jE8Ez64AO7NV1sId6eINm6zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42yfk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz%2BqOqfrU0j36NK2B5jcG8Y0f3%2FJHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN%2FNb5gznZY0dj4kepKwDpUeb%2BagRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE%2F9KTfWgu3YtLq1i6L43qlaegw1SJpfvbi1EinbLDvhG%2BLJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV%2FRRyH9XzQQUxPKZgh%2FTMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivUfslfrejrckzzAeVLIL%2BaplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826YreQQejdIOQpvGQpQsgi3Hia%2F0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAX8wggF7MB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TAPBgNVHRMBAf8EBTADAQH%2FMDQGCWCGSAGG%2BEIBCAQnFiVodHRwOi8vd3d3LmNhY2VydC5vcmcvaW5kZXgucGhwP2lkPTEwMFYGCWCGSAGG%2BEIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tlLmNybDAzBglghkgBhvhCAQQEJhYkVVJJOmh0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9yZXZva2UuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9yZzAfBgNVHSMEGDAWgBQWtTIb1Mfz4OaO873SsDrusjkY0TANBgkqhkiG9w0BAQsFAAOCAgEAR5zXs6IX01JTt7Rq3b%2BbNRUhbO9vGBMggczo7R0qIh1kdhS6WzcrDoO6PkpuRg0L3qM7YQB6pw2V%2BubzF7xl4C0HWltfzPTbzAHdJtjaJQw7QaBlmAYpN2CLB6Jeg8q%2F1Xpgdw%2F%2BIP1GRwdg7xUpReUA482l4MH1kf0W0ad94SuIfNWQHcdLApmno%2FSUh1bpZyeWrMnlhkGNDKMxCCQXQ360TwFHc8dfEAaq5ry6cZzm1oetrkSviE2qofxvv1VFiQ%2B9TX3%2FzkECCsUB%2FEjPM0lxFBmu9T5Ih%2BEqns9ivmrEIQDv9tNyJHuLsDNqbUBal7OoiPZnXk9LH%2Bqb%2BpLf1ofv5noy5vX2a5OKebHe%2B0Ex%2FA7e%2BG%2FHuOjVNqhZ9j5Nispfq9zNyOHGWD8ofj8DHwB50L1Xh5H%2BEbIoga%2FhJCQnRtxWkHP699T1JpLFYwapgplivF4TFv4fqp0nHTKC1x9gGrIgvuYJl1txIKmxXdfJzgscMzqpabhtHOMXOiwQBpWzyJkofF%2Fw55e0LttZDBkEsilV%2FvW0CJsPs3eNaQF%2BiMWscGOkgLFlWsAS3HwyiYLNJo26aqyWPaIdc8E4ck7Sk08WrFrHIK3EHr4n1FZwmLpFAvucKqgl0hr%2B2jypyh5puA3KksHF3CsUzjMUvzxMhykh9zrMxQAHLBVrGwc%3D"; + + let urls = [url1, url2, url3]; + + await Promise.all(urls.map(checkNonEmptyFields)); +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_checkNonRepeatedCertTabs.js b/toolkit/components/certviewer/tests/browser/browser_checkNonRepeatedCertTabs.js new file mode 100644 index 0000000000..a66f808f22 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_checkNonRepeatedCertTabs.js @@ -0,0 +1,131 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +function checkCertTabs() { + let certificatePages = 0; + for (let tab of gBrowser.tabs) { + let spec = tab.linkedBrowser.documentURI.spec; + if (spec.includes("about:certificate")) { + certificatePages++; + } + } + Assert.equal(certificatePages, 1, "Do not open repeated certificate pages!"); +} + +add_task(async function testBadCert() { + info("Testing bad cert"); + + let tab = await openErrorPage(); + + let loaded = BrowserTestUtils.waitForNewTab(gBrowser, null, true); + for (let i = 0; i < 2; i++) { + // try opening two certificates that are the same + await SpecialPowers.spawn(tab.linkedBrowser, [], async function () { + let advancedButton = content.document.getElementById("advancedButton"); + Assert.ok(advancedButton, "advancedButton found"); + Assert.equal( + advancedButton.hasAttribute("disabled"), + false, + "advancedButton should be clickable" + ); + advancedButton.click(); + let viewCertificate = content.document.getElementById("viewCertificate"); + Assert.ok(viewCertificate, "viewCertificate found"); + Assert.equal( + viewCertificate.hasAttribute("disabled"), + false, + "viewCertificate should be clickable" + ); + + viewCertificate.click(); + }); + await loaded; + } + checkCertTabs(); + + gBrowser.removeCurrentTab(); // closes about:certificate + gBrowser.removeCurrentTab(); // closes https://expired.example.com/ +}); + +add_task(async function testGoodCert() { + info("Testing page info"); + let url = "https://example.com/"; + + info(`Loading ${url}`); + await BrowserTestUtils.withNewTab({ gBrowser, url }, async function () { + info("Opening pageinfo"); + let pageInfo = BrowserPageInfo(url, "securityTab", {}); + await BrowserTestUtils.waitForEvent(pageInfo, "load"); + + let securityTab = pageInfo.document.getElementById("securityTab"); + await TestUtils.waitForCondition( + () => BrowserTestUtils.is_visible(securityTab), + "Security tab should be visible." + ); + Assert.ok(securityTab, "Security tab is available"); + let viewCertButton = pageInfo.document.getElementById("security-view-cert"); + await TestUtils.waitForCondition( + () => BrowserTestUtils.is_visible(viewCertButton), + "view cert button should be visible." + ); + + let loaded = BrowserTestUtils.waitForNewTab(gBrowser, null, true); + for (let i = 0; i < 2; i++) { + checkAndClickButton(pageInfo.document, "security-view-cert"); + await loaded; + } + + pageInfo.close(); + checkCertTabs(); + }); + + gBrowser.removeCurrentTab(); +}); + +add_task(async function testPreferencesCert() { + info("Testing preferences cert"); + let url = "about:preferences#privacy"; + + info(`Loading ${url}`); + await BrowserTestUtils.withNewTab( + { gBrowser, url }, + async function (browser) { + checkAndClickButton(browser.contentDocument, "viewCertificatesButton"); + + let certDialogLoaded = promiseLoadSubDialog( + "chrome://pippki/content/certManager.xhtml" + ); + let dialogWin = await certDialogLoaded; + let doc = dialogWin.document; + Assert.ok(doc, "doc loaded"); + + doc.getElementById("certmanagertabs").selectedTab = + doc.getElementById("ca_tab"); + let treeView = doc.getElementById("ca-tree").view; + let selectedCert; + + for (let i = 0; i < treeView.rowCount; i++) { + treeView.selection.select(i); + dialogWin.getSelectedCerts(); + let certs = dialogWin.selected_certs; + if (certs && certs.length == 1 && certs[0]) { + selectedCert = certs[0]; + break; + } + } + Assert.ok(selectedCert, "A cert should be selected"); + let viewButton = doc.getElementById("ca_viewButton"); + Assert.equal(viewButton.disabled, false, "Should enable view button"); + + let loaded = BrowserTestUtils.waitForNewTab(gBrowser, null, true); + for (let i = 0; i < 2; i++) { + viewButton.click(); + await loaded; + } + checkCertTabs(); + } + ); + gBrowser.removeCurrentTab(); // closes about:certificate +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_checkNonUndefinedStrings.js b/toolkit/components/certviewer/tests/browser/browser_checkNonUndefinedStrings.js new file mode 100644 index 0000000000..5e76990592 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_checkNonUndefinedStrings.js @@ -0,0 +1,49 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const url = + "about:certificate?cert=MIIGRjCCBS6gAwIBAgIQDJduPkI49CDWPd%2BG7%2Bu6kDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA1MDAwMDAwWhcNMTkxMTEzMTIwMDAwWjCBgzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xDzANBgNVBAsTBldlYk9wczEYMBYGA1UEAxMPd3d3Lm1vemlsbGEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKruymkkmkqCJh7QjmXlUOBcLFRyw5LG%2FvUUWVrsxC2gsbR8WJq%2BcYoYBpoNVStKrO4U2rBh1GEbccvT6qKOQI%2BpjjDxx9cmRdubGTGp8L0MF1ohVvhIvYLumOEoRDDPU4PvGJjGhek%2FojvedPWe8dhciHkxOC2qPFZvVFMwg1%2Fo%2Fb80147BwZQmzB18mnHsmcyKlpsCN8pxw86uao9Iun8gZQrsllW64rTZlRR56pHdAcuGAoZjYZxwS9Z%2BlvrSjEgrddemWyGGalqyFp1rXlVM1Tf4%2FIYWAQXTgTUN303u3xMjss7QK7eUDsACRxiWPLW9XQDd1c%2ByvaYJKzgJ2wIDAQABo4IC6TCCAuUwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFNpSvSGcN2VT%2FB9TdQ8eXwebo60%2FMCcGA1UdEQQgMB6CD3d3dy5tb3ppbGxhLm9yZ4ILbW96aWxsYS5vcmcwDgYDVR0PAQH%2FBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC%2BgLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH%2FBAIwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0GFgUh7sTosxncAo8NZgE%2BRvfuON3zQ7IDdwQAAABZuYWiHwAAAQDAEYwRAIgZnMSH1JdG6NASHWTwD0mlP%2Fzbr0hzP263c02Ym0DU64CIEe4QHJDP47j0b6oTFu6RrZz1NQ9cq8Az1KnMKRuaFAlAHUAh3W%2F51l8%2BIxDmV%2B9827%2FVo1HVjb%2FSrVgwbTq%2F16ggw8AAAFm5haJAgAABAMARjBEAiAxGLXkUaOAkZhXNeNR3pWyahZeKmSaMXadgu18SfK1ZAIgKtwu5eGxK76rgaszLCZ9edBIjuU0DKorzPUuxUXFY0QwDQYJKoZIhvcNAQELBQADggEBAKLJAFO3wuaP5MM%2Fed1lhk5Uc2aDokhcM7XyvdhEKSHbgPhcgMoT9YIVoPa70gNC6KHcwoXu0g8wt7X6Vm1ql%2F68G5q844kFuC6JPl4LVT9mciD%2BVW6bHUSXD9xifL9DqdJ0Ic0SllTlM%2Boq5aAeOxUQGXhXIqj6fSQv9fQN6mXxQIoc%2Fgjxteskq%2FVl8YmY1FIZP9Bh7g27kxZ9GAAGQtjTL03RzKAuSg6yeImYVdQWasc7UPnBXlRAzZ8%2BOJThUbzK16a2CI3Rg4agKSJk%2BuA47h1%2FImmngpFLRb%2FMvRX6H1oWcUuyH6O7PZdl0YpwTpw1THIuqCGl%2FwpPgyQgcTM%3D&cert=MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8%2B8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v%2FcUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6%2BM%2FhpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K%2BwgdlTvza%2FP96rtxcflUxDOg5B6TXvi%2FTC2rSsd9f%2Fld0Uzs1gN2ujkSYs58O09rg1%2FRrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME%2FOV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6%2Bguqw9ypzAO%2Bsf0%2FRR3w6RbKFfCs%2FmC%2FbdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB%2FwQIMAYBAf8CAQAwDgYDVR0PAQH%2FBAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA%2BAYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ%2BQlwaRMxp0Wi0XUvgBCFsS%2BJtzLHgl4%2BmUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq%2FsELfeNqzqPlt%2FyGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c%2BcftIl7gzbckTB%2B6WohsYFfZcTEDts8Ls%2F3HB40f%2F1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc%2BLJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz&cert=MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOnTjC3U%2FdDxGkAV53ijSLdhwZAAIEJzs4bg7%2FfzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5BmV%2FSl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C%2FdxC%2F%2FAH2hdmoRBBYMql1GNXRor5H4idq9Joz%2BEkIYIvUX7Q6hL%2BhqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv%2BzbMUZBfHWymeMr%2Fy7vrTC0LUq7dBMtoM1O%2F4gdW7jVg%2FtRvoSSiicNoxBN33shbyTApOB6jtSj1etX%2BjkMOvJwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH%2FBAUwAwEB%2FzAdBgNVHQ4EFgQUA95QNVbRTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK%2Bt1EnE9SsPTfrgT1eXkIoyQY%2FEsrhMAtudXH%2FvTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp%2F2PV5Adg06O%2FnVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp%2BdWOIrWcBAI%2B0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU%2BKrk2U886UAb3LujEV0lsYSEY1QSteDwsOoBrp%2BuvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQkCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4%3D"; + +add_task(async function test() { + await BrowserTestUtils.withNewTab(url, async function (browser) { + await SpecialPowers.spawn(browser, [], async function () { + let certificateSection = await ContentTaskUtils.waitForCondition(() => { + return content.document.querySelector("certificate-section"); + }, "Certificate section found"); + + let tabs = + certificateSection.shadowRoot.querySelector( + ".certificate-tabs" + ).children; + + Assert.ok(tabs, "Tabs were found"); + + for (let i = 0; i < tabs.length; i++) { + let tabButton = certificateSection.shadowRoot.querySelector( + `.certificate-tabs .tab[idnumber="${i}"]` + ); + tabButton.click(); + + let infoGroups = + certificateSection.shadowRoot.querySelectorAll("info-group"); + Assert.ok(infoGroups, "infoGroups found"); + + for (let infoGroup of infoGroups) { + let infoItems = infoGroup.shadowRoot.querySelectorAll("info-item"); + Assert.ok(infoItems, "infoItems found"); + + for (let infoItem of infoItems) { + let info = infoItem.shadowRoot.children[2].textContent; + Assert.equal( + info.includes("undefined"), + false, + "Empty strings shouldn't be rendered" + ); + } + } + } + }); + }); +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_checkOCSP.js b/toolkit/components/certviewer/tests/browser/browser_checkOCSP.js new file mode 100644 index 0000000000..b7d51842eb --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_checkOCSP.js @@ -0,0 +1,46 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +async function checkOCSP(url, shouldBeRendered) { + await BrowserTestUtils.withNewTab(url, async function (browser) { + await SpecialPowers.spawn( + browser, + [shouldBeRendered], + async function (shouldBeRendered) { + let certificateSection = await ContentTaskUtils.waitForCondition(() => { + return content.document.querySelector("certificate-section"); + }, "Certificate section found"); + let OCSPSection = + certificateSection.shadowRoot.querySelector(".ocsp-stapling"); + if (!shouldBeRendered) { + Assert.equal(OCSPSection, null, "OCSPSection found"); + return; + } + Assert.ok(OCSPSection, "OCSPSection found"); + let item = OCSPSection.shadowRoot.querySelector("info-item"); + Assert.ok(item, "item found"); + let info = item.shadowRoot.querySelector(".info").textContent; + Assert.equal(info, "Yes", "OCSP is required"); + } + ); + }); +} + +add_task(async function test() { + let tests = [ + { + url: "about:certificate?cert=MIIE1jCCA76gAwIBAgISA8ud4ZkTgHyRgFEI060JNN%2FFMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEwMjAwODUzMTFaFw0yMDAxMTgwODUzMTFaMB0xGzAZBgNVBAMTEmRtNHByb2R1Y3Rpb25zLmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABAaBrphEFb0WufNLet5XJDrjo3UYUnEhNJZ5LKbbdaMeRHU%2BamVcM%2B%2Fyddoeq56%2FbeZF0p8oKptxg0TQpeVz4b5ZONe17S6Bp17DN0HLqeX6FXLKyVqRTfoesv7XR1KtW6OCAo8wggKLMA4GA1UdDwEB%2FwQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH%2FBAIwADAdBgNVHQ4EFgQUNXKbW53h63%2Bz%2FBCOyd4pilpoFc8wHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7%2FOo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAzBgNVHREELDAqghQqLmRtNHByb2R1Y3Rpb25zLmNvbYISZG00cHJvZHVjdGlvbnMuY29tMBEGCCsGAQUFBwEYBAUwAwIBBTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABbeiVw3YAAAQDAEYwRAIgHUJgZEK9S5grlRSnDiZMZUWllQ1Ki10T2ldH1XgRfuUCICfKCcvcMas9Wb09athc6kPrD9WxVCi%2FTPfOWVmFv4EdAHYAb1N2rDHwMRnYmQCkURX%2FdxUcEdkCwQApBo2yCJo32RMAAAFt6JXE7wAABAMARzBFAiEAm4lY7Jsj1c%2F%2FzAES61A7hi9jJ5bqQpE1x9KCALQqd4sCIAablaGWv6L3uksVpDH1KDxj1Df9iDPGO2CJSzKjSKdNMA0GCSqGSIb3DQEBCwUAA4IBAQBjP5pR%2Fnj%2FCOZy3Z2LfqN7z%2Fcb87rz0CY7iR5p6PvdvwOs0JPq%2F1pVf4V3JTPmEduP7Z4cYIAoOp2%2BFBE0kZar0zzhp6uXcoBagrlxanG9KvgeWr1hfyJjYbnsteake8Z3vqfjdnlhB5ZFmQudHQh7QAoxtswNbdxjy%2FNwBIR5pKIDxleebVwe%2FneH%2BtokDYSPmH2vsmto0z72VM1KlFjgXC79XDIKMl83R2U%2F1B9wq23EHeFFY38cBUFKEjO67eC9q1Xxsv%2FpYAKrXVkdwwsvHfoY7evFRu%2Fj%2BsS3fWcf8uPrApaoqqJgjxpJ2jHjcXniad47iTffJUmwHqmyeigZ&cert=MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA%2FMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan%2FPQeGdxyGkOlZHP%2FuaZ6WA8SMx%2Byk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h%2FpZq4UmEUEz9l6YKHy9v6Dlb2honzhT%2BXhq%2Bw3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB%2FonkxEz0tNvjj%2FPIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH%2FBAgwBgEB%2FwIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf%2FEFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW%2Bdla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg%2BVyOeph4EYpr%2F1wXKtx8%2FwApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so%2FjoWUoHOUgwuX4Po1QYz%2B3dszkDqMp4fklxBwXRsW10KXzPMTZ%2BsOPAveyxindmjkW8lGy%2BQsRlGPfZ%2BG6Z6h7mjem0Y%2BiWlkYcV4PIWL1iwBi8saCbGS5jN2p8M%2BX%2BQ7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6%2FDNFu0Qg%3D%3D&cert=MIIDSjCCAjKgAwIBAgIQRK%2BwgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA%2FMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN%2Bv6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi%2BDoM3ZJKuM%2FIUmTrE4Orz5Iy2Xu%2FNMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd%2B3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn%2F5WgTe1QLyNau7Fqckh49ZLOMxt%2B%2FyUFw7BZy1SbsOFU5Q9D8%2FRhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4%2BU9m5%2FwAl0CAwEAAaNCMEAwDwYDVR0TAQH%2FBAUwAwEB%2FzAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62%2BFLkHX%2FxBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or%2BDxz9LwwmglSBd49lZRNI%2BDT69ikugdB%2FOEIKcdBodfpga3csTS7MgROSR6cz8faXbauX%2B5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK%2BrlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir%2Fmd2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL%2BT0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ", + shouldBeRendered: true, + }, + { + url: "about:certificate?cert=MIIE0DCCBHegAwIBAgIQCP0zdXA01ESx6eTjfitzfzAKBggqhkjOPQQDAjBvMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkRmxhcmUgSW5jIEVDQyBDQS0yMB4XDTE5MDUwMzAwMDAwMFoXDTIwMDUwMzEyMDAwMFowaDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMRkwFwYDVQQDExBzY290dGhlbG1lLmNvLnVrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYQYIOYOkA0SNAxlrsvTnr7BIOoNmUaBFG2oXXyKfphkc%2F5wXXMU1Ez1%2BpqjFHSwaAtCkgTzTNEEOxkuDicJLqKOCAvowggL2MB8GA1UdIwQYMBaAFD50LR%2FPRXUEfj%2FAooc%2BTEODURPGMB0GA1UdDgQWBBSlm2TM83mhbWzqLL2SZRmdHbh%2FWDAvBgNVHREEKDAmghBzY290dGhlbG1lLmNvLnVrghIqLnNjb3R0aGVsbWUuY28udWswDgYDVR0PAQH%2FBAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB5BgNVHR8EcjBwMDagNKAyhjBodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vQ2xvdWRGbGFyZUluY0VDQ0NBMi5jcmwwNqA0oDKGMGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZEZsYXJlSW5jRUNDQ0EyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG%2FWwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Nsb3VkRmxhcmVJbmNFQ0NDQS0yLmNydDAMBgNVHRMBAf8EAjAAMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUA7ku9t3XOYLrhQmkfq%2BGeZqMPfl%2BwctiDAMR7iXqo%2FcsAAAFqfaV7eQAABAMARjBEAiAcD2ch9qAysZxlIFqrYjElyv%2B6fPbwBZ%2BCFSgJW7d4cgIgUnpOdauBy9OXIeQerY0ElxqlPDFo0qTx34NBoPmfyOYAdgBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAWp9pXsQAAAEAwBHMEUCIQDlDcpBkwV225tooGiDmWX4bwvpko6nmXnQ8RBeSltUGAIgXUCskAznLKPcqf7e55eEj9xwago28rJZny6stP9NqakwCgYIKoZIzj0EAwIDRwAwRAIfVXERnB1UkKpq73xsv0H3o0SC%2FVGdyuIizTc1HHeP6gIhAKSIp4zfgOLP3l46y2yHzir9PdeCc%2BRGUVg4P4IgAANv&cert=MIIDozCCAougAwIBAgIQD%2FPmFjmqPRoSZfQfizTltjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE1MTAxNDEyMDAwMFoXDTIwMTAwOTEyMDAwMFowbzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMSAwHgYDVQQDExdDbG91ZEZsYXJlIEluYyBFQ0MgQ0EtMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNFW9Jy25DGg9aRSz%2BOaeob%2F8oayXsy1WcwRx07dZP1VnGDjoEvZeFT%2FSFC6ouGhWHWPx2A3RBZNVZns7tQzeiOjggEZMIIBFTASBgNVHRMBAf8ECDAGAQH%2FAgEAMA4GA1UdDwEB%2FwQEAwIBhjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA6BgNVHR8EMzAxMC%2BgLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vT21uaXJvb3QyMDI1LmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUPnQtH89FdQR%2BP8Cihz5MQ4NRE8YwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys%2BghUNoZ7OrUETfAwDQYJKoZIhvcNAQELBQADggEBADhfp%2F%2F8hfJzMuTVo4mZlmCvMsEDs2Xfvh4DyqXthbKPr0uMc48qjKkADgEkF%2FfsUoV2yOUcecrDF4dQtgQzNp4qnhgXljISr0PMVxje28fYiCWD5coGJTH9vV1IO1EB3SwUx8FgUemVAdiyM1YOR2aNbM2v%2BYXZ6xxHR4g06PD6wqtPaU4JWdRXxszByOPmGcFYOFLi4oOF3iI03D%2Bm968kvOBvwKtoLVLHawVXLEIbLUiHAwyQq0hIqSi%2BNIr7uu30YJkdFXgRqtltU39pKLy3ayB2f6BVA3F59WensKAKF1eyAKmtz%2F9njD4m5ackvMJvEOiJxnCl0h%2BA7Q0%2FJxM%3D&cert=MIIDdzCCAl%2BgAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN%2BhXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsBUnuId9Mcj8e6uYi1agnnc%2BgRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9%2FlSEy%2FCG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD%2BtqYF%2FLTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f%2FxXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v%2Fyejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB%2FwQIMAYBAf8CAQMwDgYDVR0PAQH%2FBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF%2BvaKSm2eT929hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE%2FszKN%2BOMY3EU%2Ft3WgxjkzSswF07r51XgdIGn9w%2FxZchMB5hbgF%2FX%2B%2BZRGjD8ACtPhSNzkE1akxehi%2FoCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h%2B3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5%2BNauQrz4wlHrQMz2nZQ%2F1%2FI6eYs9HRCwBXbsdtTLSR9I4LtD%2Bgdwyah617jzV%2FOeBHRnDJELqYzmp", + shouldBeRendered: false, + }, + ]; + + for (let test of tests) { + await checkOCSP(test.url, test.shouldBeRendered); + } +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_checkStandAlonePage.js b/toolkit/components/certviewer/tests/browser/browser_checkStandAlonePage.js new file mode 100644 index 0000000000..02d8fdc250 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_checkStandAlonePage.js @@ -0,0 +1,86 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const TYPE_CA = 1; +const TYPE_USER = 2; +const TYPE_EMAIL = 4; +const TYPE_SERVER = 8; + +add_task(async function test_dbItemDisplayed() { + await BrowserTestUtils.openNewForegroundTab(gBrowser, () => { + gBrowser.selectedTab = BrowserTestUtils.addTab( + gBrowser, + "about:certificate" + ); + }); + + let categories = [ + { + type: TYPE_CA, + tabName: "Authorities", + id: "ca", + }, + { + type: TYPE_USER, + tabName: "Your Certificates", + id: "mine", + }, + { + type: TYPE_EMAIL, + tabName: "People", + id: "people", + }, + { + type: TYPE_SERVER, + tabName: "Servers", + id: "servers", + }, + ]; + + let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService( + Ci.nsIX509CertDB + ); + Assert.ok(certdb, "certdb not null"); + let certcache = certdb.getCerts(); + Assert.ok(certcache, "certcache not null"); + + for (let cert of certcache) { + let category = categories.find(({ type }) => type & cert.certType); + + await SpecialPowers.spawn( + gBrowser.selectedBrowser, + [cert.displayName, category], + async function (displayName, category) { + let aboutCertificateSection = await ContentTaskUtils.waitForCondition( + () => { + return content.document.querySelector("about-certificate-section"); + }, + "Found aboutCertificateSection." + ); + + let tab = aboutCertificateSection.shadowRoot.querySelector( + `.certificate-tabs #certificate-viewer-tab-${category.id}` + ); + Assert.ok(tab, `${category.tabName} tab should exist.`); + tab.click(); + + let certificateItems = aboutCertificateSection.shadowRoot.querySelector( + `.info-groups #certificate-viewer-tab-${category.id}` + ); + + let listItems = + certificateItems.shadowRoot.querySelectorAll("list-item"); + + let item = Array.from(listItems).find( + i => + i.shadowRoot.querySelector(".item-name").textContent == displayName + ); + Assert.ok(item, `${displayName} should be listed`); + } + ); + } + + gBrowser.removeCurrentTab(); // closes about:certificate +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_checkValiditySection.js b/toolkit/components/certviewer/tests/browser/browser_checkValiditySection.js new file mode 100644 index 0000000000..10e82be94a --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_checkValiditySection.js @@ -0,0 +1,57 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const github_url = + "about:certificate?cert=MIIHQjCCBiqgAwIBAgIQCgYwQn9bvO1pVzllk7ZFHzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDUwODAwMDAwMFoXDTIwMDYwMzEyMDAwMFowgccxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQFEwc1MTU3NTUwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjyq8jyXDDrBTyitcnB90865tWBzpHSbindG%2FXqYQkzFMBlXmqkzC%2BFdTRBYyneZw5Pz%2BXWQvL%2B74JW6LsWNc2EF0xCEqLOJuC9zjPAqbr7uroNLghGxYf13YdqbG5oj%2F4x%2BogEG3dF%2FU5YIwVr658DKyESMV6eoYV9mDVfTuJastkqcwero%2B5ZAKfYVMLUEsMwFtoTDJFmVf6JlkOWwsxp1WcQ%2FMRQK1cyqOoUFUgYylgdh3yeCDPeF22Ax8AlQxbcaI%2BGwfQL1FB7Jy%2Bh%2BKjME9lE%2FUpgV6Qt2R1xNSmvFCBWu%2BNFX6epwFP%2FJRbkMfLz0beYFUvmMgLtwVpEPSwIDAQABo4IDeTCCA3UwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFMnCU2FmnV%2BrJfQmzQ84mqhJ6kipMCUGA1UdEQQeMByCCmdpdGh1Yi5jb22CDnd3dy5naXRodWIuY29tMA4GA1UdDwEB%2FwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG%2FWwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWNBYm0KAAAEAwBHMEUCIQDRZp38cTWsWH2GdBpe%2FuPTWnsu%2Fm4BEC2%2BdIcvSykZYgIgCP5gGv6yzaazxBK2NwGdmmyuEFNSg2pARbMJlUFgU5UAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWNBYm0tAAAEAwBHMEUCIQCi7omUvYLm0b2LobtEeRAYnlIo7n6JxbYdrtYdmPUWJQIgVgw1AZ51vK9ENinBg22FPxb82TvNDO05T17hxXRC2IYAdgC72d%2B8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWNBYm3fAAAEAwBHMEUCIQChzdTKUU2N%2BXcqcK0OJYrN8EYynloVxho4yPk6Dq3EPgIgdNH5u8rC3UcslQV4B9o0a0w204omDREGKTVuEpxGeOQwDQYJKoZIhvcNAQELBQADggEBAHAPWpanWOW%2Fip2oJ5grAH8mqQfaunuCVE%2Bvac%2B88lkDK%2FLVdFgl2B6kIHZiYClzKtfczG93hWvKbST4NRNHP9LiaQqdNC17e5vNHnXVUGw%2ByxyjMLGqkgepOnZ2Rb14kcTOGp4i5AuJuuaMwXmCo7jUwPwfLe1NUlVBKqg6LK0Hcq4K0sZnxE8HFxiZ92WpV2AVWjRMEc%2F2z2shNoDvxvFUYyY1Oe67xINkmyQKc%2BygSBZzyLnXSFVWmHr3u5dcaaQGGAR42v6Ydr4iL38Hd4dOiBma%2BFXsXBIqWUjbST4VXmdaol7uzFMojA4zkxQDZAvF5XgJlAFadfySna%2Fteik%3D"; +const mozilla_url = + "about:certificate?cert=MIIGRjCCBS6gAwIBAgIQDJduPkI49CDWPd%2BG7%2Bu6kDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA1MDAwMDAwWhcNMTkxMTEzMTIwMDAwWjCBgzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xDzANBgNVBAsTBldlYk9wczEYMBYGA1UEAxMPd3d3Lm1vemlsbGEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKruymkkmkqCJh7QjmXlUOBcLFRyw5LG%2FvUUWVrsxC2gsbR8WJq%2BcYoYBpoNVStKrO4U2rBh1GEbccvT6qKOQI%2BpjjDxx9cmRdubGTGp8L0MF1ohVvhIvYLumOEoRDDPU4PvGJjGhek%2FojvedPWe8dhciHkxOC2qPFZvVFMwg1%2Fo%2Fb80147BwZQmzB18mnHsmcyKlpsCN8pxw86uao9Iun8gZQrsllW64rTZlRR56pHdAcuGAoZjYZxwS9Z%2BlvrSjEgrddemWyGGalqyFp1rXlVM1Tf4%2FIYWAQXTgTUN303u3xMjss7QK7eUDsACRxiWPLW9XQDd1c%2ByvaYJKzgJ2wIDAQABo4IC6TCCAuUwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFNpSvSGcN2VT%2FB9TdQ8eXwebo60%2FMCcGA1UdEQQgMB6CD3d3dy5tb3ppbGxhLm9yZ4ILbW96aWxsYS5vcmcwDgYDVR0PAQH%2FBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC%2BgLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH%2FBAIwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0GFgUh7sTosxncAo8NZgE%2BRvfuON3zQ7IDdwQAAABZuYWiHwAAAQDAEYwRAIgZnMSH1JdG6NASHWTwD0mlP%2Fzbr0hzP263c02Ym0DU64CIEe4QHJDP47j0b6oTFu6RrZz1NQ9cq8Az1KnMKRuaFAlAHUAh3W%2F51l8%2BIxDmV%2B9827%2FVo1HVjb%2FSrVgwbTq%2F16ggw8AAAFm5haJAgAABAMARjBEAiAxGLXkUaOAkZhXNeNR3pWyahZeKmSaMXadgu18SfK1ZAIgKtwu5eGxK76rgaszLCZ9edBIjuU0DKorzPUuxUXFY0QwDQYJKoZIhvcNAQELBQADggEBAKLJAFO3wuaP5MM%2Fed1lhk5Uc2aDokhcM7XyvdhEKSHbgPhcgMoT9YIVoPa70gNC6KHcwoXu0g8wt7X6Vm1ql%2F68G5q844kFuC6JPl4LVT9mciD%2BVW6bHUSXD9xifL9DqdJ0Ic0SllTlM%2Boq5aAeOxUQGXhXIqj6fSQv9fQN6mXxQIoc%2Fgjxteskq%2FVl8YmY1FIZP9Bh7g27kxZ9GAAGQtjTL03RzKAuSg6yeImYVdQWasc7UPnBXlRAzZ8%2BOJThUbzK16a2CI3Rg4agKSJk%2BuA47h1%2FImmngpFLRb%2FMvRX6H1oWcUuyH6O7PZdl0YpwTpw1THIuqCGl%2FwpPgyQgcTM%3D"; +const youtube_url = + "about:certificate?cert=MIIIIDCCBwigAwIBAgIQGk0sGNQUuaOL9Rii2XQ4yjANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMSUwIwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEczMB4XDTE5MDYxODA4MjE1OFoXDTE5MDkxMDA4MTUwMFowZjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBMTEMxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMRScn8kk6qy3LHVktWZWxm%2FMq4kowlEdxQH40wijThZ%2B%2F5Jrqh6UlWnWuiulNorHH2DEW4OkSKreFoYze7w8O6jggWlMIIFoTATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCB4AwggRqBgNVHREEggRhMIIEXYIMKi5nb29nbGUuY29tgg0qLmFuZHJvaWQuY29tghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIGKi5nLmNvgg4qLmdjcC5ndnQyLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22CCiouZ2dwaHQuY26CFiouZ29vZ2xlLWFuYWx5dGljcy5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5nb29nbGUuY28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIPKi5nb29nbGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50coIPKi5nb29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIPKi5nb29nbGVhcGlzLmNughEqLmdvb2dsZWNuYXBwcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESouZ29vZ2xldmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CEiouZ3N0YXRpY2NuYXBwcy5jboIKKi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0YXRpYy5jb22CDCoudXJjaGluLmNvbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0dWJlLW5vY29va2llLmNvbYINKi55b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIRKi55b3V0dWJla2lkcy5jb22CByoueXQuYmWCCyoueXRpbWcuY29tghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVsb3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdvb2dsZS5jboIEZy5jb4IIZ2dwaHQuY26CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdvb2dsZS5jb22CD2dvb2dsZWNuYXBwcy5jboISZ29vZ2xlY29tbWVyY2UuY29tghhzb3VyY2UuYW5kcm9pZC5nb29nbGUuY26CCnVyY2hpbi5jb22CCnd3dy5nb28uZ2yCCHlvdXR1LmJlggt5b3V0dWJlLmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVraWRzLmNvbYIFeXQuYmUwaAYIKwYBBQUHAQEEXDBaMC0GCCsGAQUFBzAChiFodHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFNHSUFHMy5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnBraS5nb29nL0dUU0dJQUczMB0GA1UdDgQWBBT8E5DiGEc7xHswBMF5K5EmFzx6fDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFHfCuFCaZ3Z2sS3ChtCDoH6mfrpLMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFAzAIBgZngQwBAgIwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5wa2kuZ29vZy9HVFNHSUFHMy5jcmwwDQYJKoZIhvcNAQELBQADggEBAGrWCimTdP8%2B6qCqNh1Xza9Wlm%2FGDVb%2BKp0PHUZaNDMThFQQqGn2XVi7ZkhqsxTtMw88Nrl97Bi1OsnNPlabhDwxtRyWkNkLdpFxebRz73CsjyoB3cboH%2FZ8sU9LLwXe%2FIJgMkvT7fznKtKSweWV%2BmAYG%2F3KzaIyLrowYpyOsWaYytPJK7ypuk6yOPxuQcQnelotWpuHUBR3mo3FIW56BPCy20KwqwvWoZe27BNxO%2F11Ym%2FPnric2fWXwgmHdkvVqqssUMFs%2BmG2tS%2FpqnR5yZdQL60xOgDq70mVWYgQT4yUTm7i8qvugvNnuSIjjsbelHgbC8f5%2Fx%2Bo2pEyw%2FDYyKw%3D"; + +async function checValiditySection(url) { + await BrowserTestUtils.withNewTab(url, async function (browser) { + await SpecialPowers.spawn(browser, [], async function () { + let certificateSection = await ContentTaskUtils.waitForCondition(() => { + return content.document.querySelector("certificate-section"); + }, "Certificate section found"); + + let validitySection = certificateSection.shadowRoot.querySelector( + "info-group.validity" + ); + Assert.ok(validitySection, "validitySection found"); + + let infoItems = validitySection.shadowRoot.querySelectorAll("info-item"); + Assert.ok(infoItems, "infoItems found"); + Assert.equal( + infoItems.length, + 2, + "There must be render just one date for Not Before and one for Not After" + ); + + for (let infoItem of infoItems) { + let label = infoItem.shadowRoot + .querySelector("label") + .getAttribute("data-l10n-id"); + + Assert.notEqual(label, "", "Label shouldn't be empty"); + + let infoElem = infoItem.shadowRoot.querySelector(".info"); + let title = infoElem.textContent; + Assert.equal( + title.includes("GMT"), + true, + "UTC timezone should be displayed in the label" + ); + } + }); + }); +} + +add_task(async function test() { + let input = [github_url, mozilla_url, youtube_url]; + for (let url of input) { + await checValiditySection(url); + } +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_downloadLink.js b/toolkit/components/certviewer/tests/browser/browser_downloadLink.js new file mode 100644 index 0000000000..5b7b587733 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_downloadLink.js @@ -0,0 +1,126 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const validCert = + "about:certificate?cert=MIIGMDCCBRigAwIBAgIQCa2oS7Nau6nwv1WyRNIJnzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA2MDYwMDAwMDBaFw0xOTA5MDQxMjAwMDBaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTWVubG8gUGFyazEXMBUGA1UEChMORmFjZWJvb2ssIEluYy4xFzAVBgNVBAMMDiouZmFjZWJvb2suY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEALPlfjd8gHkIMDeBOFhRt0e%2B%2F3fdm%2BZdzdM4s1WIHVbYztgmdEy20PUwDCviYKJX4GG%2BT9ivT8kJ%2FvWl1P%2FYqOCA54wggOaMB8GA1UdIwQYMBaAFFFo%2F5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBTsQZVRTuib7KY9w3FfOYsZHvOC9zCBxwYDVR0RBIG%2FMIG8gg4qLmZhY2Vib29rLmNvbYINbWVzc2VuZ2VyLmNvbYILKi5mYmNkbi5uZXSCCCouZmIuY29tghAqLm0uZmFjZWJvb2suY29tggZmYi5jb22CDiouZmFjZWJvb2submV0gg4qLnh4LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDyoubWVzc2VuZ2VyLmNvbYILKi5mYnNieC5jb22CDioueHkuZmJjZG4ubmV0ggxmYWNlYm9vay5jb20wDgYDVR0PAQH%2FBAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH%2FBAIwADCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AKS5CZC0GFgUh7sTosxncAo8NZgE%2BRvfuON3zQ7IDdwQAAABay5CAaUAAAQDAEYwRAIgMwBM6q%2BdBwu2mNtMMjTEwJZZxyoUlHUEYO%2BbfkId%2F9MCIAQ2bxhnxrapYv74fzyoTkt9m%2BELq6%2B43OVpivRVKDKTAHcAdH7agzGtMxCRIZzOJU9CcMK%2F%2FV5CIAjGNzV55hB7zFYAAAFrLkIA%2FAAABAMASDBGAiEA0x1xPWue6RMSE9nbjYBt637CRC86ixrODP%2FEIlI5mCgCIQCHNdqgOlswd0LqaW4QRii2JHN4bnoEj%2FD9j7%2BkqEB7LjANBgkqhkiG9w0BAQsFAAOCAQEAnRdIVNZ850s7IvLgg%2BU9kKxA18kLKVpIF%2FrJHkXTkymvBHKAGOFNfzqF2YxHFhkDMIuoMO2F%2BA1E0Eo8zb1atL6%2FL59broEHTOH6xFmJAlZW0h6mZg8iRJ9Ae0pTN%2FfowaoN9aFVRnVr9ccKhOdqsXYyEZ3Ze39sEwx7Uau9KhzyuJW12Jh3S%2BZJYUdBADeeJNL5ZXSUFIyjgkwSQZPaaWAzSGHZFt3sWhMjdNoBkjRJFlASLDM3m1ZWsKA47vuXvJc%2FDXT35lC1DJmyhYb9qNPR71a1hJ8TS7vUwdDd%2BdEHiJj2wQLV3m7Tn7YvWyJOEyi4n6%2FrPqT44LZmgK7HWw%3D%3D&cert=MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C%2FCJAbIbQRf1%2B8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU%2BUDlqUH1VWtMICKq%2FQmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK%2FIHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j%2F018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I%2B4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV%2FUyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC%2FzA%2FWiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH%2FAgEAMA4GA1UdDwEB%2FwQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj%2FkK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS%2BNa0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk%2FgNHE%2Br1hspZcX30BJZr01lYPf7TMSVcGDiEo%2Bafgv2MW5gxTs14nhr9hctJqvIni5ly%2FD6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX%2F78whQYwvwt%2FTv9XBZ0k7YXDK%2FumdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY%2B3sAzm2fTYS5yh%2BRp%2FBIAV0AecPUeybQ%3D&cert=MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm%2B9S75S0tMqbf5YE%2Fyc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG%2B%2BMXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx%2BmM0aBhakaHPQNAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH%2FBAQDAgGGMA8GA1UdEwEB%2FwQFMAMBAf8wHQYDVR0OBBYEFLE%2Bw2kD%2BL9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE%2Bw2kD%2BL9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe%2FEW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9%2BMpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2Yzi9RKR%2F5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2%2FS6cCZdkGCevEsXCS%2B0yx5DaMkHJ8HSXPfqIbloEpw8nL%2Be%2FIBcm2PN7EeqJSdnoDfzAIJ9VNep%2BOkuE6N36B9K"; + +add_task(async function test_checkForErrorSection() { + await BrowserTestUtils.openNewForegroundTab(gBrowser, () => { + gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, validCert); + }); + + await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function () { + let infoGroups; + let downloadLinkContainers = []; + + await ContentTaskUtils.waitForCondition(() => { + infoGroups = content.document + .querySelector("certificate-section") + .shadowRoot.querySelectorAll(".miscellaneous"); + for (let i = 0; i < infoGroups.length; i++) { + downloadLinkContainers.push( + infoGroups[i].shadowRoot + .querySelector(".download") + .shadowRoot.querySelector(".info") + ); + } + return downloadLinkContainers.length; + }, "Found download info items."); + + ok(downloadLinkContainers.length, "Download info items should exist."); + + let certTabs = content.document + .querySelector("certificate-section") + .shadowRoot.querySelectorAll(".certificate-tab"); + + await ContentTaskUtils.waitForCondition( + () => certTabs.length, + "Certificate tabs should exist." + ); + + let url = new URL(content.document.documentURI); + let certs = url.searchParams.getAll("cert"); + let certChain = []; + for (let i = 0; i < certs.length; i++) { + certChain.push( + `-----BEGIN CERTIFICATE-----\r\n${certs[i]}\r\n-----END CERTIFICATE-----\r\n` + ); + } + certChain = certChain.join("").replace(/(\r\n|\n|\r)/gm, ""); + + for (let i = 0; i < certTabs.length; i++) { + let downloadLink = + downloadLinkContainers[i].querySelector(".download-link"); + + let downloadChainLink = downloadLinkContainers[i].querySelector( + ".download-link-chain" + ); + + let cert = certs[i]; + cert = `-----BEGIN CERTIFICATE-----\r\n${cert}\r\n-----END CERTIFICATE-----\r\n`; + cert = cert.replace(/(\r\n|\n|\r)/gm, ""); + + let linkCert = downloadLink.getAttribute("href"); + linkCert = linkCert.replace("data:,", ""); + linkCert = decodeURI(linkCert); + let certLineLength = Math.max( + ...linkCert.split(/\r\n|\n|\r/m).map(x => x.length) + ); + linkCert = linkCert.replace(/(\r\n|\n|\r)/gm, ""); + + let downloadChainCert = downloadChainLink.getAttribute("href"); + downloadChainCert = downloadChainCert.replace("data:,", ""); + downloadChainCert = decodeURI(downloadChainCert); + let chainLineLength = Math.max( + ...downloadChainCert.split(/\r\n|\n|\r/m).map(x => x.length) + ); + downloadChainCert = downloadChainCert.replace(/(\r\n|\n|\r)/gm, ""); + + Assert.lessOrEqual( + certLineLength, + 64, + "PEM cert line length should be capped to 64" + ); + Assert.lessOrEqual( + chainLineLength, + 64, + "PEM chain line length should be capped to 64" + ); + + Assert.equal( + cert, + linkCert, + "Download link href should be equal to URL cert." + ); + + Assert.equal( + certChain, + downloadChainCert, + "Download chain link href should be equal to URL cert." + ); + + await content.document.l10n.translateElements([ + downloadChainLink, + downloadLink, + ]); + + Assert.equal( + downloadLinkContainers[i].textContent, + "PEM (cert)PEM (chain)", + "Download should contain links to PEM cert and PEM chain." + ); + + if (certTabs[i + 1]) { + certTabs[i + 1].click(); + + await ContentTaskUtils.waitForCondition( + () => certTabs[i + 1].classList.contains("selected"), + "Cert tab should be selected" + ); + } + } + }); + gBrowser.removeCurrentTab(); // closes about:certificate +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_handleMultipleCertsURL.js b/toolkit/components/certviewer/tests/browser/browser_handleMultipleCertsURL.js new file mode 100644 index 0000000000..b0199cce83 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_handleMultipleCertsURL.js @@ -0,0 +1,251 @@ +// valids +const multipleCerts1 = + "about:certificate?cert=MIIGRjCCBS6gAwIBAgIQDJduPkI49CDWPd%2BG7%2Bu6kDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA1MDAwMDAwWhcNMTkxMTEzMTIwMDAwWjCBgzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xDzANBgNVBAsTBldlYk9wczEYMBYGA1UEAxMPd3d3Lm1vemlsbGEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKruymkkmkqCJh7QjmXlUOBcLFRyw5LG%2FvUUWVrsxC2gsbR8WJq%2BcYoYBpoNVStKrO4U2rBh1GEbccvT6qKOQI%2BpjjDxx9cmRdubGTGp8L0MF1ohVvhIvYLumOEoRDDPU4PvGJjGhek%2FojvedPWe8dhciHkxOC2qPFZvVFMwg1%2Fo%2Fb80147BwZQmzB18mnHsmcyKlpsCN8pxw86uao9Iun8gZQrsllW64rTZlRR56pHdAcuGAoZjYZxwS9Z%2BlvrSjEgrddemWyGGalqyFp1rXlVM1Tf4%2FIYWAQXTgTUN303u3xMjss7QK7eUDsACRxiWPLW9XQDd1c%2ByvaYJKzgJ2wIDAQABo4IC6TCCAuUwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFNpSvSGcN2VT%2FB9TdQ8eXwebo60%2FMCcGA1UdEQQgMB6CD3d3dy5tb3ppbGxhLm9yZ4ILbW96aWxsYS5vcmcwDgYDVR0PAQH%2FBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC%2BgLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH%2FBAIwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0GFgUh7sTosxncAo8NZgE%2BRvfuON3zQ7IDdwQAAABZuYWiHwAAAQDAEYwRAIgZnMSH1JdG6NASHWTwD0mlP%2Fzbr0hzP263c02Ym0DU64CIEe4QHJDP47j0b6oTFu6RrZz1NQ9cq8Az1KnMKRuaFAlAHUAh3W%2F51l8%2BIxDmV%2B9827%2FVo1HVjb%2FSrVgwbTq%2F16ggw8AAAFm5haJAgAABAMARjBEAiAxGLXkUaOAkZhXNeNR3pWyahZeKmSaMXadgu18SfK1ZAIgKtwu5eGxK76rgaszLCZ9edBIjuU0DKorzPUuxUXFY0QwDQYJKoZIhvcNAQELBQADggEBAKLJAFO3wuaP5MM%2Fed1lhk5Uc2aDokhcM7XyvdhEKSHbgPhcgMoT9YIVoPa70gNC6KHcwoXu0g8wt7X6Vm1ql%2F68G5q844kFuC6JPl4LVT9mciD%2BVW6bHUSXD9xifL9DqdJ0Ic0SllTlM%2Boq5aAeOxUQGXhXIqj6fSQv9fQN6mXxQIoc%2Fgjxteskq%2FVl8YmY1FIZP9Bh7g27kxZ9GAAGQtjTL03RzKAuSg6yeImYVdQWasc7UPnBXlRAzZ8%2BOJThUbzK16a2CI3Rg4agKSJk%2BuA47h1%2FImmngpFLRb%2FMvRX6H1oWcUuyH6O7PZdl0YpwTpw1THIuqCGl%2FwpPgyQgcTM%3D&cert=MIIHQjCCBiqgAwIBAgIQCgYwQn9bvO1pVzllk7ZFHzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDUwODAwMDAwMFoXDTIwMDYwMzEyMDAwMFowgccxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQFEwc1MTU3NTUwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjyq8jyXDDrBTyitcnB90865tWBzpHSbindG%2FXqYQkzFMBlXmqkzC%2BFdTRBYyneZw5Pz%2BXWQvL%2B74JW6LsWNc2EF0xCEqLOJuC9zjPAqbr7uroNLghGxYf13YdqbG5oj%2F4x%2BogEG3dF%2FU5YIwVr658DKyESMV6eoYV9mDVfTuJastkqcwero%2B5ZAKfYVMLUEsMwFtoTDJFmVf6JlkOWwsxp1WcQ%2FMRQK1cyqOoUFUgYylgdh3yeCDPeF22Ax8AlQxbcaI%2BGwfQL1FB7Jy%2Bh%2BKjME9lE%2FUpgV6Qt2R1xNSmvFCBWu%2BNFX6epwFP%2FJRbkMfLz0beYFUvmMgLtwVpEPSwIDAQABo4IDeTCCA3UwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFMnCU2FmnV%2BrJfQmzQ84mqhJ6kipMCUGA1UdEQQeMByCCmdpdGh1Yi5jb22CDnd3dy5naXRodWIuY29tMA4GA1UdDwEB%2FwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG%2FWwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWNBYm0KAAAEAwBHMEUCIQDRZp38cTWsWH2GdBpe%2FuPTWnsu%2Fm4BEC2%2BdIcvSykZYgIgCP5gGv6yzaazxBK2NwGdmmyuEFNSg2pARbMJlUFgU5UAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWNBYm0tAAAEAwBHMEUCIQCi7omUvYLm0b2LobtEeRAYnlIo7n6JxbYdrtYdmPUWJQIgVgw1AZ51vK9ENinBg22FPxb82TvNDO05T17hxXRC2IYAdgC72d%2B8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWNBYm3fAAAEAwBHMEUCIQChzdTKUU2N%2BXcqcK0OJYrN8EYynloVxho4yPk6Dq3EPgIgdNH5u8rC3UcslQV4B9o0a0w204omDREGKTVuEpxGeOQwDQYJKoZIhvcNAQELBQADggEBAHAPWpanWOW%2Fip2oJ5grAH8mqQfaunuCVE%2Bvac%2B88lkDK%2FLVdFgl2B6kIHZiYClzKtfczG93hWvKbST4NRNHP9LiaQqdNC17e5vNHnXVUGw%2ByxyjMLGqkgepOnZ2Rb14kcTOGp4i5AuJuuaMwXmCo7jUwPwfLe1NUlVBKqg6LK0Hcq4K0sZnxE8HFxiZ92WpV2AVWjRMEc%2F2z2shNoDvxvFUYyY1Oe67xINkmyQKc%2BygSBZzyLnXSFVWmHr3u5dcaaQGGAR42v6Ydr4iL38Hd4dOiBma%2BFXsXBIqWUjbST4VXmdaol7uzFMojA4zkxQDZAvF5XgJlAFadfySna%2Fteik%3D"; +const multipleCerts2 = + "about:certificate?cert=MIIIIDCCBwigAwIBAgIQGk0sGNQUuaOL9Rii2XQ4yjANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMSUwIwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEczMB4XDTE5MDYxODA4MjE1OFoXDTE5MDkxMDA4MTUwMFowZjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBMTEMxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMRScn8kk6qy3LHVktWZWxm%2FMq4kowlEdxQH40wijThZ%2B%2F5Jrqh6UlWnWuiulNorHH2DEW4OkSKreFoYze7w8O6jggWlMIIFoTATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCB4AwggRqBgNVHREEggRhMIIEXYIMKi5nb29nbGUuY29tgg0qLmFuZHJvaWQuY29tghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIGKi5nLmNvgg4qLmdjcC5ndnQyLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22CCiouZ2dwaHQuY26CFiouZ29vZ2xlLWFuYWx5dGljcy5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5nb29nbGUuY28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIPKi5nb29nbGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50coIPKi5nb29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIPKi5nb29nbGVhcGlzLmNughEqLmdvb2dsZWNuYXBwcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESouZ29vZ2xldmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CEiouZ3N0YXRpY2NuYXBwcy5jboIKKi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0YXRpYy5jb22CDCoudXJjaGluLmNvbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0dWJlLW5vY29va2llLmNvbYINKi55b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIRKi55b3V0dWJla2lkcy5jb22CByoueXQuYmWCCyoueXRpbWcuY29tghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVsb3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdvb2dsZS5jboIEZy5jb4IIZ2dwaHQuY26CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdvb2dsZS5jb22CD2dvb2dsZWNuYXBwcy5jboISZ29vZ2xlY29tbWVyY2UuY29tghhzb3VyY2UuYW5kcm9pZC5nb29nbGUuY26CCnVyY2hpbi5jb22CCnd3dy5nb28uZ2yCCHlvdXR1LmJlggt5b3V0dWJlLmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVraWRzLmNvbYIFeXQuYmUwaAYIKwYBBQUHAQEEXDBaMC0GCCsGAQUFBzAChiFodHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFNHSUFHMy5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnBraS5nb29nL0dUU0dJQUczMB0GA1UdDgQWBBT8E5DiGEc7xHswBMF5K5EmFzx6fDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFHfCuFCaZ3Z2sS3ChtCDoH6mfrpLMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFAzAIBgZngQwBAgIwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5wa2kuZ29vZy9HVFNHSUFHMy5jcmwwDQYJKoZIhvcNAQELBQADggEBAGrWCimTdP8%2B6qCqNh1Xza9Wlm%2FGDVb%2BKp0PHUZaNDMThFQQqGn2XVi7ZkhqsxTtMw88Nrl97Bi1OsnNPlabhDwxtRyWkNkLdpFxebRz73CsjyoB3cboH%2FZ8sU9LLwXe%2FIJgMkvT7fznKtKSweWV%2BmAYG%2F3KzaIyLrowYpyOsWaYytPJK7ypuk6yOPxuQcQnelotWpuHUBR3mo3FIW56BPCy20KwqwvWoZe27BNxO%2F11Ym%2FPnric2fWXwgmHdkvVqqssUMFs%2BmG2tS%2FpqnR5yZdQL60xOgDq70mVWYgQT4yUTm7i8qvugvNnuSIjjsbelHgbC8f5%2Fx%2Bo2pEyw%2FDYyKw%3D&cert=MIIGcTCCBVmgAwIBAgIQCHx760AsIFydVjey10GPXTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xOTA1MjQwMDAwMDBaFw0yMDA1MjMxMjAwMDBaMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRYwFAYDVQQKEw1Ud2l0dGVyLCBJbmMuMQ0wCwYDVQQLEwRhdGxhMRYwFAYDVQQDDA0qLnR3aXR0ZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4IL8Mo0RIfgZmVhwMiaq30EfjJzcB1dalwHZb2K6P6LtmEpLs%2Bnqm1FCdfZgKO3u4CAbd5Oc2EaZB5KjhOcEo6GjhGKcLS430y%2FXhqWo6dDWWYal1Ulu7CCvNLir0Q5aQ2m8EJuafK%2BqwxSBCGXiWeT4HXqabyU34i70bQbgBSjvffaHr27HVrD4hxq0DspKTIpf0fc4%2B%2Fs%2FTTbxEmX7FbVgmu3Y3rTpeNXegL2Lp5nrGp1drWpcM6g8PlrlhcWujdD2Sb0BpIO0dFNCmvOwDspKt8Ih7t0Sw3Q7u0EGEGJLt%2BgY7nrBoRm1G0DSBd0Ih4coHzfgoGBPy11atynvLwIDAQABo4IC%2FDCCAvgwHwYDVR0jBBgwFoAUUWj%2FkK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFNFZBVr1ptzC%2FiUkvSIQ8QAGfB5jMCUGA1UdEQQeMByCDSoudHdpdHRlci5jb22CC3R3aXR0ZXIuY29tMA4GA1UdDwEB%2FwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG%2FWwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB%2FwQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgDuS723dc5guuFCaR%2Br4Z5mow9%2BX7By2IMAxHuJeqj9ywAAAWrrCDXmAAAEAwBHMEUCIQCSwzRMoifj1DjYLJuMOH%2BZ6coX83bWIgWgWynLUED87wIgFKdipP9ycAE8S9apXJxKQyp0RoA%2Ftca5%2BWHQE5VlF68AdwCHdb%2FnWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr%2FXqCDDwAAAWrrCDakAAAEAwBIMEYCIQCcmFOfp58BDMFZZS%2FRVl2uiY94RcTozBrcmtkpoWhgkgIhAN%2BX3ODViV4HnN2ZpZ383mFaEHIjKACRdWTRL%2BcYA43lMA0GCSqGSIb3DQEBCwUAA4IBAQB8LQLmUzevGtdw%2FXVL8aFrotloF3zsUPb2Q7CONLzlMGrmfv%2BNKDXN9xqPLLzmX4MddOjfpbVcDX1mJkuvuYNhh5AQrsaxcfEgfMcqPOdELA1mHPfk8H5a8Tvno1nF9wQWqkCQjLedjKReivmDOGfs1%2Fl%2FDnrprc0v4f28cWvN7YkJsdqfEGLbJ6SKsAxNbtNn%2Ffi6LxnemjLbcTrZYps11Ex55PtDNc200ejqpbpzHolgAew4KUzsyElaYSvDwkLMdmfwYSI9wgcPmrPBfZ0N12TAfmJJbE%2FkZc0jIOi92A%2FVgZLKvQrxadnBqPzAR%2F2SrZMT5joWa5sHpwl9fg5Z"; + +// both invalids +const errorCerts1 = "about:certificate?cert=aa&cert=bb&cert=abc"; +// one invalid and other valid +const errorCerts2 = + "about:certificate?cert=aa&cert=MIIGRjCCBS6gAwIBAgIQDJduPkI49CDWPd%2BG7%2Bu6kDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA1MDAwMDAwWhcNMTkxMTEzMTIwMDAwWjCBgzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xDzANBgNVBAsTBldlYk9wczEYMBYGA1UEAxMPd3d3Lm1vemlsbGEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKruymkkmkqCJh7QjmXlUOBcLFRyw5LG%2FvUUWVrsxC2gsbR8WJq%2BcYoYBpoNVStKrO4U2rBh1GEbccvT6qKOQI%2BpjjDxx9cmRdubGTGp8L0MF1ohVvhIvYLumOEoRDDPU4PvGJjGhek%2FojvedPWe8dhciHkxOC2qPFZvVFMwg1%2Fo%2Fb80147BwZQmzB18mnHsmcyKlpsCN8pxw86uao9Iun8gZQrsllW64rTZlRR56pHdAcuGAoZjYZxwS9Z%2BlvrSjEgrddemWyGGalqyFp1rXlVM1Tf4%2FIYWAQXTgTUN303u3xMjss7QK7eUDsACRxiWPLW9XQDd1c%2ByvaYJKzgJ2wIDAQABo4IC6TCCAuUwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFNpSvSGcN2VT%2FB9TdQ8eXwebo60%2FMCcGA1UdEQQgMB6CD3d3dy5tb3ppbGxhLm9yZ4ILbW96aWxsYS5vcmcwDgYDVR0PAQH%2FBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC%2BgLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH%2FBAIwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0GFgUh7sTosxncAo8NZgE%2BRvfuON3zQ7IDdwQAAABZuYWiHwAAAQDAEYwRAIgZnMSH1JdG6NASHWTwD0mlP%2Fzbr0hzP263c02Ym0DU64CIEe4QHJDP47j0b6oTFu6RrZz1NQ9cq8Az1KnMKRuaFAlAHUAh3W%2F51l8%2BIxDmV%2B9827%2FVo1HVjb%2FSrVgwbTq%2F16ggw8AAAFm5haJAgAABAMARjBEAiAxGLXkUaOAkZhXNeNR3pWyahZeKmSaMXadgu18SfK1ZAIgKtwu5eGxK76rgaszLCZ9edBIjuU0DKorzPUuxUXFY0QwDQYJKoZIhvcNAQELBQADggEBAKLJAFO3wuaP5MM%2Fed1lhk5Uc2aDokhcM7XyvdhEKSHbgPhcgMoT9YIVoPa70gNC6KHcwoXu0g8wt7X6Vm1ql%2F68G5q844kFuC6JPl4LVT9mciD%2BVW6bHUSXD9xifL9DqdJ0Ic0SllTlM%2Boq5aAeOxUQGXhXIqj6fSQv9fQN6mXxQIoc%2Fgjxteskq%2FVl8YmY1FIZP9Bh7g27kxZ9GAAGQtjTL03RzKAuSg6yeImYVdQWasc7UPnBXlRAzZ8%2BOJThUbzK16a2CI3Rg4agKSJk%2BuA47h1%2FImmngpFLRb%2FMvRX6H1oWcUuyH6O7PZdl0YpwTpw1THIuqCGl%2FwpPgyQgcTM%3D"; + +async function checkSubjectName(inputPage, subjectsNameInfo) { + await BrowserTestUtils.withNewTab( + { + gBrowser, + url: inputPage, + }, + async function (browser) { + await SpecialPowers.spawn( + browser, + [subjectsNameInfo], + async function (subjectsNameInfoExpected) { + let certificateSection = await ContentTaskUtils.waitForCondition( + () => { + return content.document.querySelector("certificate-section"); + }, + "Certificate section found" + ); + + async function selectTab(tabName, index) { + let tabs = + certificateSection.shadowRoot.querySelector(".certificate-tabs"); + + let tab = tabs.querySelector(`.tab[idnumber="${index}"]`); + Assert.ok(tab, `Tab at index ${index} found`); + Assert.equal( + tab.innerText, + tabName, + `Tab name should be ${tabName}` + ); + + tab.click(); + } + + function checkSelectedTab(sectionItemsExpected, index) { + let infoGroup = certificateSection.shadowRoot.querySelector( + `#panel${index} info-group` + ); + Assert.ok(infoGroup, "infoGroup found"); + + let sectionTitle = + infoGroup.shadowRoot.querySelector(".info-group-title").innerText; + Assert.equal( + sectionTitle, + "Subject Name", + "Subject Name must be the selected item" + ); + + let infoItems = infoGroup.shadowRoot.querySelectorAll("info-item"); + Assert.equal( + infoItems.length, + sectionItemsExpected.length, + "sectionItems must be the same length" + ); + } + + for (let i = 0; i < subjectsNameInfoExpected.length; i++) { + await selectTab(subjectsNameInfoExpected[i].tabName, i); + checkSelectedTab(subjectsNameInfoExpected[i].sectionItems, i); + } + } + ); + } + ); +} + +async function checkTabsName(inputPage, tabsNames) { + await BrowserTestUtils.withNewTab( + { + gBrowser, + url: inputPage, + }, + async function (browser) { + await SpecialPowers.spawn( + browser, + [tabsNames], + async function (expectedTabsNames) { + let certificateSection = await ContentTaskUtils.waitForCondition( + () => { + return content.document.querySelector("certificate-section"); + }, + "Certificate section found" + ); + + let tabsSection = + certificateSection.shadowRoot.querySelector(".certificate-tabs"); + Assert.ok(tabsSection, "Tabs section found"); + + let tabs = tabsSection.children; + Assert.equal( + tabs.length, + expectedTabsNames.length, + `There must be ${expectedTabsNames.length} tabs` + ); + + for (let i = 0; i < expectedTabsNames.length; i++) { + Assert.equal( + tabs[i].innerText, + expectedTabsNames[i], + "Tab name must be equal to expected tab name" + ); + if (i === 0) { + Assert.ok( + tabs[i].className.includes("selected"), + "First tab must be selected" + ); + } else { + Assert.equal( + tabs[i].className.includes("selected"), + false, + "Just the first tab must be selected" + ); + } + } + } + ); + } + ); +} + +async function checkDOM(inputPage, errorExpected) { + await BrowserTestUtils.withNewTab( + { + gBrowser, + url: inputPage, + }, + async function (browser) { + await SpecialPowers.spawn( + browser, + [errorExpected], + async function (errorExpected) { + let certificateSection = await ContentTaskUtils.waitForCondition( + () => { + return content.document.querySelector("certificate-section"); + }, + "Certificate section found" + ); + + let errorSection = + certificateSection.shadowRoot.querySelector("error-section"); + + if (errorExpected) { + // should render error page + Assert.ok(errorSection, "Error section found"); + } else { + // should render page with certificate info + Assert.equal(errorSection, null, "Error section was not found"); + } + } + ); + } + ); +} + +add_task(async function runTests() { + let inputs = [ + { + url: multipleCerts1, + tabsNames: ["www.mozilla.org", "github.com"], + errorPageExpected: false, + subjectNameInfo: [ + { + tabName: "www.mozilla.org", + sectionTitle: "Subject Name", + sectionItems: [ + { label: "Country", info: "US" }, + { label: "State / Province", info: "California" }, + { label: "Locality", info: "Mountain View" }, + { label: "Organization", info: "Mozilla Corporation" }, + { label: "Organizational Unit", info: "WebOps" }, + { label: "Common Name", info: "www.mozilla.org" }, + ], + }, + { + tabName: "github.com", + sectionTitle: "Subject Name", + sectionItems: [ + { label: "Business Category", info: "Private Organization" }, + { label: "Inc. Country", info: "US" }, + { label: "Inc. State / Province", info: "Delaware" }, + { label: "Serial Number", info: "5157550" }, + { label: "Country", info: "US" }, + { label: "State / Province", info: "California" }, + { label: "Locality", info: "San Francisco" }, + { label: "Organization", info: "GitHub, Inc." }, + { label: "Common Name", info: "github.com" }, + ], + }, + ], + }, + { + url: multipleCerts2, + tabsNames: ["*.google.com", "*.twitter.com"], + errorPageExpected: false, + subjectNameInfo: [ + { + tabName: "*.google.com", + sectionTitle: "Subject Name", + sectionItems: [ + { label: "Country", info: "US" }, + { label: "State / Province", info: "California" }, + { label: "Locality", info: "Mountain View" }, + { label: "Organization", info: "Google LLC" }, + { label: "Common Name", info: "*.google.com" }, + ], + }, + { + tabName: "*.twitter.com", + sectionTitle: "Subject Name", + sectionItems: [ + { label: "Country", info: "US" }, + { label: "State / Province", info: "California" }, + { label: "Locality", info: "San Francisco" }, + { label: "Organization", info: "Twitter, Inc." }, + { label: "Organizational Unit", info: "atla" }, + { label: "Common Name", info: "*.twitter.com" }, + ], + }, + ], + }, + { + url: errorCerts1, + tabsNames: [], + errorPageExpected: true, + }, + { + url: errorCerts2, + tabsNames: [], + errorPageExpected: true, + }, + ]; + + for (let input of inputs) { + await checkDOM(input.url, input.errorPageExpected); + if (!input.errorPageExpected) { + await checkTabsName(input.url, input.tabsNames); + await checkSubjectName(input.url, input.subjectNameInfo); + } + } +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_openTabAndSendCertInfo.js b/toolkit/components/certviewer/tests/browser/browser_openTabAndSendCertInfo.js new file mode 100644 index 0000000000..abc62d4ee3 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_openTabAndSendCertInfo.js @@ -0,0 +1,271 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const TEST_CERT_BASE64 = + "MIIGRjCCBS6gAwIBAgIQDJduPkI49CDWPd+G7+u6kDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA1MDAwMDAwWhcNMTkxMTEzMTIwMDAwWjCBgzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xDzANBgNVBAsTBldlYk9wczEYMBYGA1UEAxMPd3d3Lm1vemlsbGEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKruymkkmkqCJh7QjmXlUOBcLFRyw5LG/vUUWVrsxC2gsbR8WJq+cYoYBpoNVStKrO4U2rBh1GEbccvT6qKOQI+pjjDxx9cmRdubGTGp8L0MF1ohVvhIvYLumOEoRDDPU4PvGJjGhek/ojvedPWe8dhciHkxOC2qPFZvVFMwg1/o/b80147BwZQmzB18mnHsmcyKlpsCN8pxw86uao9Iun8gZQrsllW64rTZlRR56pHdAcuGAoZjYZxwS9Z+lvrSjEgrddemWyGGalqyFp1rXlVM1Tf4/IYWAQXTgTUN303u3xMjss7QK7eUDsACRxiWPLW9XQDd1c+yvaYJKzgJ2wIDAQABo4IC6TCCAuUwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFNpSvSGcN2VT/B9TdQ8eXwebo60/MCcGA1UdEQQgMB6CD3d3dy5tb3ppbGxhLm9yZ4ILbW96aWxsYS5vcmcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZuYWiHwAAAQDAEYwRAIgZnMSH1JdG6NASHWTwD0mlP/zbr0hzP263c02Ym0DU64CIEe4QHJDP47j0b6oTFu6RrZz1NQ9cq8Az1KnMKRuaFAlAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFm5haJAgAABAMARjBEAiAxGLXkUaOAkZhXNeNR3pWyahZeKmSaMXadgu18SfK1ZAIgKtwu5eGxK76rgaszLCZ9edBIjuU0DKorzPUuxUXFY0QwDQYJKoZIhvcNAQELBQADggEBAKLJAFO3wuaP5MM/ed1lhk5Uc2aDokhcM7XyvdhEKSHbgPhcgMoT9YIVoPa70gNC6KHcwoXu0g8wt7X6Vm1ql/68G5q844kFuC6JPl4LVT9mciD+VW6bHUSXD9xifL9DqdJ0Ic0SllTlM+oq5aAeOxUQGXhXIqj6fSQv9fQN6mXxQIoc/gjxteskq/Vl8YmY1FIZP9Bh7g27kxZ9GAAGQtjTL03RzKAuSg6yeImYVdQWasc7UPnBXlRAzZ8+OJThUbzK16a2CI3Rg4agKSJk+uA47h1/ImmngpFLRb/MvRX6H1oWcUuyH6O7PZdl0YpwTpw1THIuqCGl/wpPgyQgcTM="; + +function checkSpec(spec) { + Assert.ok( + spec.startsWith("about:certificate"), + "about:certificate was opened" + ); + + let newUrl = new URL(spec); + let certEncoded = newUrl.searchParams.get("cert"); + let certDecoded = decodeURIComponent(certEncoded); + Assert.equal( + btoa(atob(certDecoded)), + certDecoded, + "We received an base64 string" + ); +} + +function checksCertTab(tabsCount) { + Assert.equal(gBrowser.tabs.length, tabsCount + 1, "New tab was opened"); + let spec = gBrowser.tabs[tabsCount].linkedBrowser.documentURI.spec; + checkSpec(spec); +} + +async function checkCertChain(browser) { + await SpecialPowers.spawn(browser, [], async function () { + let certificateTabs; + await ContentTaskUtils.waitForCondition(() => { + let certificateSection = content.document.querySelector( + "certificate-section" + ); + if (!certificateSection) { + return false; + } + certificateTabs = + certificateSection.shadowRoot.querySelectorAll(".certificate-tab"); + return certificateTabs.length; + }, "Found certificate tabs."); + + Assert.greaterOrEqual( + certificateTabs.length, + 1, + "Certificate chain tabs shown" + ); + }); +} + +// taken from https://searchfox.org/mozilla-central/rev/7ed8e2d3d1d7a1464ba42763a33fd2e60efcaedc/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js#47 +function openCertDownloadDialog(cert) { + let returnVals = Cc["@mozilla.org/hash-property-bag;1"].createInstance( + Ci.nsIWritablePropertyBag2 + ); + let win = window.openDialog( + "chrome://pippki/content/downloadcert.xhtml", + "", + "", + cert, + returnVals + ); + return new Promise((resolve, reject) => { + win.addEventListener( + "load", + function () { + executeSoon(() => resolve([win])); + }, + { once: true } + ); + }); +} + +add_task(async function openFromPopUp() { + info("Testing openFromPopUp"); + + const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService( + Ci.nsIX509CertDB + ); + let cert = certdb.constructX509FromBase64(TEST_CERT_BASE64); + + let [win] = await openCertDownloadDialog(cert); + let viewCertButton = win.document.getElementById("viewC-button"); + let newWinOpened = BrowserTestUtils.waitForNewWindow(); + viewCertButton.click(); + + let topWin = await newWinOpened; + let browser = topWin.gBrowser.selectedBrowser; + + // We're racing against messages sent up from the content process that + // loads about:certificate. It may or may not have had the opportunity + // to tell the parent that it had loaded the page yet. If not, we wait + // for the page to load. + // + // Note that we can't use the URL parameter for + // BrowserTestUtils.waitForNewWindow, since we need to use a function + // to choose the right URL. + if (!browser.currentURI.spec.startsWith("about:certificate")) { + await BrowserTestUtils.browserLoaded(browser, false, spec => + spec.startsWith("about:certificate") + ); + } + + let spec = browser.currentURI.spec; + checkSpec(spec); + + await checkCertChain(browser); + + await BrowserTestUtils.closeWindow(topWin); // closes about:certificate + win.document.getElementById("download_cert").cancelDialog(); + await BrowserTestUtils.windowClosed(win); +}); + +add_task(async function testBadCert() { + info("Testing bad cert"); + + let tab = await openErrorPage(); + + let tabsCount = gBrowser.tabs.length; + let loaded = BrowserTestUtils.waitForNewTab(gBrowser, null, true); + + await SpecialPowers.spawn(tab.linkedBrowser, [], async function () { + let advancedButton = content.document.getElementById("advancedButton"); + Assert.ok(advancedButton, "advancedButton found"); + Assert.equal( + advancedButton.hasAttribute("disabled"), + false, + "advancedButton should be clickable" + ); + advancedButton.click(); + let viewCertificate = content.document.getElementById("viewCertificate"); + Assert.ok(viewCertificate, "viewCertificate found"); + Assert.equal( + viewCertificate.hasAttribute("disabled"), + false, + "viewCertificate should be clickable" + ); + + viewCertificate.click(); + }); + await loaded; + checksCertTab(tabsCount); + await checkCertChain(gBrowser.selectedBrowser); + + gBrowser.removeCurrentTab(); // closes about:certificate + gBrowser.removeCurrentTab(); // closes https://expired.example.com/ +}); + +add_task(async function testBadCertIframe() { + info("Testing bad cert in an iframe"); + + let tab = await openErrorPage(true); + + let tabsCount = gBrowser.tabs.length; + let loaded = BrowserTestUtils.waitForNewTab(gBrowser, null, true); + + await SpecialPowers.spawn(tab.linkedBrowser, [], async function () { + let doc = content.document.querySelector("iframe").contentDocument; + let advancedButton = doc.getElementById("advancedButton"); + Assert.ok(advancedButton, "advancedButton found"); + Assert.equal( + advancedButton.hasAttribute("disabled"), + false, + "advancedButton should be clickable" + ); + advancedButton.click(); + let viewCertificate = doc.getElementById("viewCertificate"); + Assert.ok(viewCertificate, "viewCertificate found"); + Assert.equal( + viewCertificate.hasAttribute("disabled"), + false, + "viewCertificate should be clickable" + ); + + viewCertificate.click(); + }); + await loaded; + checksCertTab(tabsCount); + await checkCertChain(gBrowser.selectedBrowser); + + gBrowser.removeCurrentTab(); // closes about:certificate + gBrowser.removeCurrentTab(); // closes https://expired.example.com/ +}); + +add_task(async function testGoodCert() { + info("Testing page info"); + let url = "https://example.com/"; + + let tabsCount = gBrowser.tabs.length; + + info(`Loading ${url}`); + await BrowserTestUtils.withNewTab({ gBrowser, url }, async function () { + info("Opening pageinfo"); + let pageInfo = BrowserPageInfo(url, "securityTab", {}); + await BrowserTestUtils.waitForEvent(pageInfo, "load"); + + let securityTab = pageInfo.document.getElementById("securityTab"); + await TestUtils.waitForCondition( + () => BrowserTestUtils.is_visible(securityTab), + "Security tab should be visible." + ); + Assert.ok(securityTab, "Security tab is available"); + let viewCertButton = pageInfo.document.getElementById("security-view-cert"); + await TestUtils.waitForCondition( + () => BrowserTestUtils.is_visible(viewCertButton), + "view cert button should be visible." + ); + + let loaded = BrowserTestUtils.waitForNewTab(gBrowser, null, true); + checkAndClickButton(pageInfo.document, "security-view-cert"); + await loaded; + + await checkCertChain(gBrowser.selectedBrowser); + pageInfo.close(); + }); + checksCertTab(tabsCount); + + gBrowser.removeCurrentTab(); // closes about:certificate +}); + +add_task(async function testPreferencesCert() { + info("Testing preferences cert"); + let url = "about:preferences#privacy"; + + let tabsCount; + + info(`Loading ${url}`); + await BrowserTestUtils.withNewTab( + { gBrowser, url }, + async function (browser) { + tabsCount = gBrowser.tabs.length; + checkAndClickButton(browser.contentDocument, "viewCertificatesButton"); + + let certDialogLoaded = promiseLoadSubDialog( + "chrome://pippki/content/certManager.xhtml" + ); + let dialogWin = await certDialogLoaded; + let doc = dialogWin.document; + Assert.ok(doc, "doc loaded"); + + doc.getElementById("certmanagertabs").selectedTab = + doc.getElementById("mine_tab"); + let treeView = doc.getElementById("user-tree").view; + let selectedCert; + // See https://searchfox.org/mozilla-central/rev/40ef22080910c2e2c27d9e2120642376b1d8b8b2/browser/components/preferences/in-content/tests/browser_cert_export.js#41 + for (let i = 0; i < treeView.rowCount; i++) { + treeView.selection.select(i); + dialogWin.getSelectedCerts(); + let certs = dialogWin.selected_certs; + if (certs && certs[0]) { + selectedCert = certs[0]; + break; + } + } + Assert.ok(selectedCert, "A cert should be selected"); + let viewButton = doc.getElementById("mine_viewButton"); + Assert.equal(viewButton.disabled, false, "Should enable view button"); + + let loaded = BrowserTestUtils.waitForNewTab(gBrowser, null, true); + viewButton.click(); + await loaded; + + checksCertTab(tabsCount); + await checkCertChain(gBrowser.selectedBrowser); + } + ); + gBrowser.removeCurrentTab(); // closes about:certificate +}); diff --git a/toolkit/components/certviewer/tests/browser/browser_renderCertToUI.js b/toolkit/components/certviewer/tests/browser/browser_renderCertToUI.js new file mode 100644 index 0000000000..0ecb93f176 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/browser_renderCertToUI.js @@ -0,0 +1,192 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const url = + "about:certificate?cert=MIIHQjCCBiqgAwIBAgIQCgYwQn9bvO1pVzllk7ZFHzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDUwODAwMDAwMFoXDTIwMDYwMzEyMDAwMFowgccxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQFEwc1MTU3NTUwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjyq8jyXDDrBTyitcnB90865tWBzpHSbindG%2FXqYQkzFMBlXmqkzC%2BFdTRBYyneZw5Pz%2BXWQvL%2B74JW6LsWNc2EF0xCEqLOJuC9zjPAqbr7uroNLghGxYf13YdqbG5oj%2F4x%2BogEG3dF%2FU5YIwVr658DKyESMV6eoYV9mDVfTuJastkqcwero%2B5ZAKfYVMLUEsMwFtoTDJFmVf6JlkOWwsxp1WcQ%2FMRQK1cyqOoUFUgYylgdh3yeCDPeF22Ax8AlQxbcaI%2BGwfQL1FB7Jy%2Bh%2BKjME9lE%2FUpgV6Qt2R1xNSmvFCBWu%2BNFX6epwFP%2FJRbkMfLz0beYFUvmMgLtwVpEPSwIDAQABo4IDeTCCA3UwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFMnCU2FmnV%2BrJfQmzQ84mqhJ6kipMCUGA1UdEQQeMByCCmdpdGh1Yi5jb22CDnd3dy5naXRodWIuY29tMA4GA1UdDwEB%2FwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG%2FWwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWNBYm0KAAAEAwBHMEUCIQDRZp38cTWsWH2GdBpe%2FuPTWnsu%2Fm4BEC2%2BdIcvSykZYgIgCP5gGv6yzaazxBK2NwGdmmyuEFNSg2pARbMJlUFgU5UAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWNBYm0tAAAEAwBHMEUCIQCi7omUvYLm0b2LobtEeRAYnlIo7n6JxbYdrtYdmPUWJQIgVgw1AZ51vK9ENinBg22FPxb82TvNDO05T17hxXRC2IYAdgC72d%2B8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWNBYm3fAAAEAwBHMEUCIQChzdTKUU2N%2BXcqcK0OJYrN8EYynloVxho4yPk6Dq3EPgIgdNH5u8rC3UcslQV4B9o0a0w204omDREGKTVuEpxGeOQwDQYJKoZIhvcNAQELBQADggEBAHAPWpanWOW%2Fip2oJ5grAH8mqQfaunuCVE%2Bvac%2B88lkDK%2FLVdFgl2B6kIHZiYClzKtfczG93hWvKbST4NRNHP9LiaQqdNC17e5vNHnXVUGw%2ByxyjMLGqkgepOnZ2Rb14kcTOGp4i5AuJuuaMwXmCo7jUwPwfLe1NUlVBKqg6LK0Hcq4K0sZnxE8HFxiZ92WpV2AVWjRMEc%2F2z2shNoDvxvFUYyY1Oe67xINkmyQKc%2BygSBZzyLnXSFVWmHr3u5dcaaQGGAR42v6Ydr4iL38Hd4dOiBma%2BFXsXBIqWUjbST4VXmdaol7uzFMojA4zkxQDZAvF5XgJlAFadfySna%2Fteik%3D"; + +Services.scriptloader.loadSubScript( + "chrome://mochitests/content/browser/toolkit/components/certviewer/tests/browser/adjustedCerts.js", + this +); + +add_task(async function test() { + Assert.ok(adjustedCerts, "adjustedCerts found"); + + let tabName = adjustedCerts[0].tabName; + let certItems = adjustedCerts[0].certItems; + + await BrowserTestUtils.withNewTab(url, async function (browser) { + await SpecialPowers.spawn( + browser, + [[certItems, tabName]], + async function ([adjustedCerts, expectedTabName]) { + let certificateSection = await ContentTaskUtils.waitForCondition(() => { + return content.document.querySelector("certificate-section"); + }, "Certificate section found"); + + let infoGroups = + certificateSection.shadowRoot.querySelectorAll("info-group"); + Assert.ok(infoGroups, "infoGroups found"); + Assert.equal( + infoGroups.length, + adjustedCerts.length, + "infoGroups must have the same length of adjustedCerts" + ); + + let tabName = + certificateSection.shadowRoot.querySelector( + ".tab[idnumber='0']" + ).textContent; + Assert.equal(tabName, expectedTabName, "Tab name should be the same"); + + function getElementByAttribute(source, property, target) { + for (let elem of source) { + if (elem.hasOwnProperty(property) && elem[property] === target) { + return elem; + } + } + return null; + } + + function checkBooleans(got, expected) { + info( + "If adjustedCertElments returned true, this value should be Yes, otherwise it should be No" + ); + let gotBool; + if (got === "Yes") { + gotBool = true; + } else if (got === "No") { + gotBool = false; + } else { + gotBool = null; + } + Assert.equal( + gotBool, + expected, + `Expected ${expected}, got ${gotBool}` + ); + } + + for (let infoGroup of infoGroups) { + let sectionId = infoGroup.shadowRoot + .querySelector(".info-group-title") + .getAttribute("data-l10n-id") + .replace("certificate-viewer-", ""); + + let adjustedCertsElem = getElementByAttribute( + adjustedCerts, + "sectionId", + sectionId + ); + Assert.ok(adjustedCertsElem, "The element exists in adjustedCerts"); + + let infoItems = infoGroup.shadowRoot.querySelectorAll("info-item"); + Assert.equal( + infoItems.length, + adjustedCertsElem.sectionItems.length, + "sectionItems must be the same length" + ); + + let i = 0; + // Message ID mappings + let stringMapping = { + signaturealgorithm: "signature-algorithm", + }; + for (let infoItem of infoItems) { + let infoItemLabel = infoItem.shadowRoot + .querySelector("label") + .getAttribute("data-l10n-id"); + let infoElem = infoItem.shadowRoot.querySelector(".info"); + let infoItemInfo = infoElem.textContent; + let adjustedCertsElemLabel = + adjustedCertsElem.sectionItems[i].labelId; + let adjustedCertsElemInfo = adjustedCertsElem.sectionItems[i].info; + + if (adjustedCertsElemLabel == null) { + adjustedCertsElemLabel = ""; + } + adjustedCertsElemLabel = adjustedCertsElemLabel + .replace(/\s+/g, "-") + .replace(/\./g, "") + .replace(/\//g, "") + .replace(/--/g, "-") + .toLowerCase(); + adjustedCertsElemLabel = + stringMapping[adjustedCertsElemLabel] || adjustedCertsElemLabel; + + if (adjustedCertsElemInfo == null) { + adjustedCertsElemInfo = ""; + } + if (typeof adjustedCertsElemInfo === "boolean") { + checkBooleans(infoItemInfo, adjustedCertsElemInfo); + continue; + } + + if ( + adjustedCertsElemLabel === "timestamp" || + adjustedCertsElemLabel === "not-after" || + adjustedCertsElemLabel === "not-before" + ) { + Assert.equal( + infoElem.textContent, + adjustedCertsElemInfo.utc, + "Timestamps must be equal" + ); + i++; + continue; + } + if (adjustedCertsElemLabel === "download") { + Assert.equal(infoElem.children.length, 2, "Should have 2 links."); + for (let kid of infoElem.children) { + Assert.equal( + kid.localName, + "a", + "Should get a cert/chain link." + ); + Assert.ok( + kid.download.endsWith("pem"), + "Link `download` attribute should point to pem file." + ); + Assert.ok( + kid.dataset.l10nId.includes("pem"), + "Link should be labeled" + ); + Assert.equal( + kid.dataset.l10nId.includes("chain"), + kid.download.includes("chain"), + "Download label and filename should match" + ); + } + // Remaining tests in browser_downloadLink.js + + i++; + continue; + } + + if (Array.isArray(adjustedCertsElemInfo)) { + // there is a case where we have a boolean + adjustedCertsElemInfo = adjustedCertsElemInfo + .toString() + .replace(/,/g, ", "); + } + + Assert.ok( + infoItemLabel.includes(adjustedCertsElemLabel), + "data-l10n-id must contain the original label" + ); + + Assert.equal( + infoItemInfo, + adjustedCertsElemInfo, + "Info must be equal" + ); + + i++; + } + } + } + ); + }); +}); diff --git a/toolkit/components/certviewer/tests/browser/dummy_page.html b/toolkit/components/certviewer/tests/browser/dummy_page.html new file mode 100644 index 0000000000..1a87e28408 --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/dummy_page.html @@ -0,0 +1,9 @@ + + +Dummy test page + + + +

Dummy test page

+ + diff --git a/toolkit/components/certviewer/tests/browser/head.js b/toolkit/components/certviewer/tests/browser/head.js new file mode 100644 index 0000000000..d02c99797b --- /dev/null +++ b/toolkit/components/certviewer/tests/browser/head.js @@ -0,0 +1,124 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +function checkAndClickButton(document, id) { + let button = document.getElementById(id); + Assert.ok(button, `${id} button found`); + Assert.equal( + button.hasAttribute("disabled"), + false, + "button should be clickable" + ); + button.click(); +} + +function is_element_visible(aElement, aMsg) { + isnot(aElement, null, "Element should not be null, when checking visibility"); + Assert.ok(!BrowserTestUtils.is_hidden(aElement), aMsg); +} + +// Extracted from https://searchfox.org/mozilla-central/rev/40ef22080910c2e2c27d9e2120642376b1d8b8b2/browser/components/preferences/in-content/tests/head.js#41 +function promiseLoadSubDialog(aURL) { + return new Promise((resolve, reject) => { + content.gSubDialog._dialogStack.addEventListener( + "dialogopen", + function dialogopen(aEvent) { + if ( + aEvent.detail.dialog._frame.contentWindow.location == "about:blank" + ) { + return; + } + content.gSubDialog._dialogStack.removeEventListener( + "dialogopen", + dialogopen + ); + + Assert.equal( + aEvent.detail.dialog._frame.contentWindow.location.toString(), + aURL, + "Check the proper URL is loaded" + ); + + // Check visibility + is_element_visible(aEvent.detail.dialog._overlay, "Overlay is visible"); + + // Check that stylesheets were injected + let expectedStyleSheetURLs = + aEvent.detail.dialog._injectedStyleSheets.slice(0); + for (let styleSheet of aEvent.detail.dialog._frame.contentDocument + .styleSheets) { + let i = expectedStyleSheetURLs.indexOf(styleSheet.href); + if (i >= 0) { + info("found " + styleSheet.href); + expectedStyleSheetURLs.splice(i, 1); + } + } + Assert.equal( + expectedStyleSheetURLs.length, + 0, + "All expectedStyleSheetURLs should have been found" + ); + + // Wait for the next event tick to make sure the remaining part of the + // testcase runs after the dialog gets ready for input. + executeSoon(() => resolve(aEvent.detail.dialog._frame.contentWindow)); + } + ); + }); +} + +function injectErrorPageFrame(tab, src) { + return SpecialPowers.spawn( + tab.linkedBrowser, + [{ frameSrc: src }], + async function ({ frameSrc }) { + let loaded = ContentTaskUtils.waitForEvent( + content.wrappedJSObject, + "DOMFrameContentLoaded" + ); + let iframe = content.document.createElement("iframe"); + iframe.src = frameSrc; + content.document.body.appendChild(iframe); + await loaded; + // We will have race conditions when accessing the frame content after setting a src, + // so we can't wait for AboutNetErrorLoad. Let's wait for the certerror class to + // appear instead (which should happen at the same time as AboutNetErrorLoad). + await ContentTaskUtils.waitForCondition(() => + iframe.contentDocument.body.classList.contains("certerror") + ); + } + ); +} + +async function openErrorPage(useFrame = false) { + let src = "https://expired.example.com/"; + let dummyPage = + getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "https://example.com" + ) + "dummy_page.html"; + + let tab; + if (useFrame) { + info("Loading cert error page in an iframe"); + tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, dummyPage); + await injectErrorPageFrame(tab, src); + } else { + let certErrorLoaded; + tab = await BrowserTestUtils.openNewForegroundTab( + gBrowser, + () => { + gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, src); + let browser = gBrowser.selectedBrowser; + certErrorLoaded = BrowserTestUtils.waitForErrorPage(browser); + }, + false + ); + info("Loading and waiting for the cert error"); + await certErrorLoaded; + } + + return tab; +} diff --git a/toolkit/components/certviewer/tests/chrome/CSoutput.mjs b/toolkit/components/certviewer/tests/chrome/CSoutput.mjs new file mode 100644 index 0000000000..d90026353e --- /dev/null +++ b/toolkit/components/certviewer/tests/chrome/CSoutput.mjs @@ -0,0 +1,144 @@ +export const certOutputCS = [ + { + ext: { + aia: { + descriptions: [ + { + location: "http://ocsp.digicert.com", + method: "Online Certificate Status Protocol (OCSP)", + }, + { + location: + "http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt", + method: "CA Issuers", + }, + ], + critical: false, + }, + aKID: { + critical: false, + id: "0F:80:61:1C:82:31:61:D5:2F:28:E7:8D:46:38:B4:2C:E1:C6:D9:E2", + }, + basicConstraints: { cA: false, critical: true }, + crlPoints: { + critical: false, + points: [ + "http://crl3.digicert.com/ssca-sha2-g6.crl", + "http://crl4.digicert.com/ssca-sha2-g6.crl", + ], + }, + cp: { + critical: false, + policies: [ + { + id: "2.16.840", + name: "ANSI Organizational Identifier", + qualifiers: [ + { + qualifierId: "1.3.6.1.5.5.7.2.1", + qualifierName: "Practices Statement", + qualifierValue: "https://www.digicert.com/CPS", + }, + ], + value: "2.16.840.1.114412.1.1", + }, + { + id: "2.23.140.1.2.2", + name: "Certificate Type", + value: "Organization Validation", + }, + ], + }, + eKeyUsages: { + critical: false, + purposes: ["Server Authentication", "Client Authentication"], + }, + keyUsages: { + critical: true, + purposes: ["Digital Signature", "Key Encipherment"], + }, + msCrypto: { exists: false }, + ocspStaple: { critical: false, required: false }, + scts: { + critical: false, + timestamps: [ + { + logId: + "A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10", + name: "Google “Pilot”", + signatureAlgorithm: "SHA-256 ECDSA", + timestamp: "11/5/2018, 8:55:28 PM (Brasilia Standard Time)", + timestampUTC: "Mon, 05 Nov 2018 22:55:28 GMT", + version: 1, + }, + { + logId: + "87:75:BF:E7:59:7C:F8:8C:43:99:5F:BD:F3:6E:FF:56:8D:47:56:36:FF:4A:B5:60:C1:B4:EA:FF:5E:A0:83:0F", + name: "DigiCert Server 2", + signatureAlgorithm: "SHA-256 ECDSA", + timestamp: "11/5/2018, 8:55:28 PM (Brasilia Standard Time)", + timestampUTC: "Mon, 05 Nov 2018 22:55:28 GMT", + version: 1, + }, + ], + }, + sKID: { + critical: false, + id: "DA:52:BD:21:9C:37:65:53:FC:1F:53:75:0F:1E:5F:07:9B:A3:AD:3F", + }, + san: { + altNames: [ + ["DNS Name", "www.mozilla.org"], + ["DNS Name", "mozilla.org"], + ], + critical: false, + }, + }, + files: { + pem: "-----BEGIN%20CERTIFICATE-----%0D%0AMIIGRjCCBS6gAwIBAgIQDJduPkI49CDWPd+G7+u6kDANBgkqhkiG9w0BAQsFADBN%0D%0AMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E%0D%0AaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA1MDAwMDAwWhcN%0D%0AMTkxMTEzMTIwMDAwWjCBgzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju%0D%0AaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29y%0D%0AcG9yYXRpb24xDzANBgNVBAsTBldlYk9wczEYMBYGA1UEAxMPd3d3Lm1vemlsbGEu%0D%0Ab3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKruymkkmkqCJh7Q%0D%0AjmXlUOBcLFRyw5LG/vUUWVrsxC2gsbR8WJq+cYoYBpoNVStKrO4U2rBh1GEbccvT%0D%0A6qKOQI+pjjDxx9cmRdubGTGp8L0MF1ohVvhIvYLumOEoRDDPU4PvGJjGhek/ojve%0D%0AdPWe8dhciHkxOC2qPFZvVFMwg1/o/b80147BwZQmzB18mnHsmcyKlpsCN8pxw86u%0D%0Aao9Iun8gZQrsllW64rTZlRR56pHdAcuGAoZjYZxwS9Z+lvrSjEgrddemWyGGalqy%0D%0AFp1rXlVM1Tf4/IYWAQXTgTUN303u3xMjss7QK7eUDsACRxiWPLW9XQDd1c+yvaYJ%0D%0AKzgJ2wIDAQABo4IC6TCCAuUwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG%0D%0A2eIwHQYDVR0OBBYEFNpSvSGcN2VT/B9TdQ8eXwebo60/MCcGA1UdEQQgMB6CD3d3%0D%0Ady5tb3ppbGxhLm9yZ4ILbW96aWxsYS5vcmcwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud%0D%0AJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRw%0D%0AOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0%0D%0AcDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUw%0D%0AQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl%0D%0AcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzAB%0D%0AhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9j%0D%0AYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5j%0D%0AcnQwDAYDVR0TAQH/BAIwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0%0D%0AGFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZuYWiHwAAAQDAEYwRAIgZnMS%0D%0AH1JdG6NASHWTwD0mlP/zbr0hzP263c02Ym0DU64CIEe4QHJDP47j0b6oTFu6RrZz%0D%0A1NQ9cq8Az1KnMKRuaFAlAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16g%0D%0Agw8AAAFm5haJAgAABAMARjBEAiAxGLXkUaOAkZhXNeNR3pWyahZeKmSaMXadgu18%0D%0ASfK1ZAIgKtwu5eGxK76rgaszLCZ9edBIjuU0DKorzPUuxUXFY0QwDQYJKoZIhvcN%0D%0AAQELBQADggEBAKLJAFO3wuaP5MM/ed1lhk5Uc2aDokhcM7XyvdhEKSHbgPhcgMoT%0D%0A9YIVoPa70gNC6KHcwoXu0g8wt7X6Vm1ql/68G5q844kFuC6JPl4LVT9mciD+VW6b%0D%0AHUSXD9xifL9DqdJ0Ic0SllTlM+oq5aAeOxUQGXhXIqj6fSQv9fQN6mXxQIoc/gjx%0D%0Ateskq/Vl8YmY1FIZP9Bh7g27kxZ9GAAGQtjTL03RzKAuSg6yeImYVdQWasc7UPnB%0D%0AXlRAzZ8+OJThUbzK16a2CI3Rg4agKSJk+uA47h1/ImmngpFLRb/MvRX6H1oWcUuy%0D%0AH6O7PZdl0YpwTpw1THIuqCGl/wpPgyQgcTM=%0D%0A-----END%20CERTIFICATE-----%0D%0A", + }, + fingerprint: { + sha1: "0E:95:79:81:17:5C:51:D2:76:05:AC:8E:C4:61:71:61:97:29:ED:61", + sha256: + "30:23:CB:EC:1B:A8:C2:D9:E7:45:05:D5:4A:E2:0F:73:E1:51:C4:2D:46:59:CE:B4:EE:E6:51:7B:9E:CB:84:7B", + }, + issuer: { + cn: "DigiCert SHA2 Secure Server CA", + dn: "c=US, o=DigiCert Inc, cn=DigiCert SHA2 Secure Server CA", + entries: [ + ["Country", "US"], + ["Organization", "DigiCert Inc"], + ["Common Name", "DigiCert SHA2 Secure Server CA"], + ], + }, + notBefore: "11/4/2018, 10:00:00 PM (Brasilia Standard Time)", + notBeforeUTC: "Mon, 05 Nov 2018 00:00:00 GMT", + notAfter: "11/13/2019, 10:00:00 AM (Brasilia Standard Time)", + notAfterUTC: "Wed, 13 Nov 2019 12:00:00 GMT", + subject: { + cn: "www.mozilla.org", + dn: "c=US, s=California, l=Mountain View, o=Mozilla Corporation, ou=WebOps, cn=www.mozilla.org", + entries: [ + ["Country", "US"], + ["State / Province", "California"], + ["Locality", "Mountain View"], + ["Organization", "Mozilla Corporation"], + ["Organizational Unit", "WebOps"], + ["Common Name", "www.mozilla.org"], + ], + }, + serialNumber: "0C:97:6E:3E:42:38:F4:20:D6:3D:DF:86:EF:EB:BA:90", + signature: { + name: "SHA-256 with RSA Encryption", + type: "1.2.840.113549.1.1.11", + }, + subjectPublicKeyInfo: { + e: 65537, + kty: "RSA", + n: "B8:AA:EE:CA:69:24:9A:4A:82:26:1E:D0:8E:65:E5:50:E0:5C:2C:54:72:C3:92:C6:FE:F5:14:59:5A:EC:C4:2D:A0:B1:B4:7C:58:9A:BE:71:8A:18:06:9A:0D:55:2B:4A:AC:EE:14:DA:B0:61:D4:61:1B:71:CB:D3:EA:A2:8E:40:8F:A9:8E:30:F1:C7:D7:26:45:DB:9B:19:31:A9:F0:BD:0C:17:5A:21:56:F8:48:BD:82:EE:98:E1:28:44:30:CF:53:83:EF:18:98:C6:85:E9:3F:A2:3B:DE:74:F5:9E:F1:D8:5C:88:79:31:38:2D:AA:3C:56:6F:54:53:30:83:5F:E8:FD:BF:34:D7:8E:C1:C1:94:26:CC:1D:7C:9A:71:EC:99:CC:8A:96:9B:02:37:CA:71:C3:CE:AE:6A:8F:48:BA:7F:20:65:0A:EC:96:55:BA:E2:B4:D9:95:14:79:EA:91:DD:01:CB:86:02:86:63:61:9C:70:4B:D6:7E:96:FA:D2:8C:48:2B:75:D7:A6:5B:21:86:6A:5A:B2:16:9D:6B:5E:55:4C:D5:37:F8:FC:86:16:01:05:D3:81:35:0D:DF:4D:EE:DF:13:23:B2:CE:D0:2B:B7:94:0E:C0:02:47:18:96:3C:B5:BD:5D:00:DD:D5:CF:B2:BD:A6:09:2B:38:09:DB", + keysize: 2048, + }, + unsupportedExtensions: [], + version: "3", + }, +]; diff --git a/toolkit/components/certviewer/tests/chrome/chrome.ini b/toolkit/components/certviewer/tests/chrome/chrome.ini new file mode 100644 index 0000000000..6f07743875 --- /dev/null +++ b/toolkit/components/certviewer/tests/chrome/chrome.ini @@ -0,0 +1,12 @@ +[DEFAULT] +scheme=https +[test_adjustCertInformation.html] +support-files = + parseOutput.mjs +[test_certDecoder.html] +[test_certDecoderFields.html] +support-files = + CSoutput.mjs +[test_kebabCaseInAdjustCertInformation.html] +support-files = + parseOutput.mjs diff --git a/toolkit/components/certviewer/tests/chrome/parseOutput.mjs b/toolkit/components/certviewer/tests/chrome/parseOutput.mjs new file mode 100644 index 0000000000..947801145e --- /dev/null +++ b/toolkit/components/certviewer/tests/chrome/parseOutput.mjs @@ -0,0 +1,330 @@ +export const parseOutput = [ + { + ext: { + aia: { + descriptions: [ + { + location: "http://ocsp.digicert.com", + method: "Online Certificate Status Protocol (OCSP)", + }, + { + location: + "http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt", + method: "CA Issuers", + }, + ], + critical: false, + }, + aKID: { + critical: false, + id: "3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F", + }, + basicConstraints: { cA: false, critical: true }, + crlPoints: { + critical: false, + points: [ + "http://crl3.digicert.com/sha2-ev-server-g2.crl", + "http://crl4.digicert.com/sha2-ev-server-g2.crl", + ], + }, + cp: { + critical: false, + policies: [ + { + id: "2.16.840", + name: "ANSI Organizational Identifier", + qualifiers: [ + { + id: "1.3.6.1.5.5.7.2.1", + name: "Practices Statement", + value: "https://www.digicert.com/CPS", + }, + ], + value: "2.16.840.1.114412.2.1", + }, + { + id: "2.23.140.1.1", + name: "Certificate Type", + value: "Extended Validation", + }, + ], + }, + eKeyUsages: { + critical: false, + purposes: ["Server Authentication", "Client Authentication"], + }, + keyUsages: { + critical: true, + purposes: ["Digital Signature", "Key Encipherment"], + }, + msCrypto: { exists: false }, + ocspStaple: { critical: false, required: false }, + scts: { + critical: false, + timestamps: [ + { + logId: + "A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10", + name: "Google “Pilot”", + signatureAlgorithm: "SHA-256 ECDSA", + timestamp: "11/7/2018, 7:50:01 PM (Brasilia Standard Time)", + timestampUTC: "Wed, 07 Nov 2018 21:50:01 GMT", + version: 1, + }, + { + logId: + "87:75:BF:E7:59:7C:F8:8C:43:99:5F:BD:F3:6E:FF:56:8D:47:56:36:FF:4A:B5:60:C1:B4:EA:FF:5E:A0:83:0F", + name: "DigiCert Server 2", + signatureAlgorithm: "SHA-256 ECDSA", + timestamp: "11/7/2018, 7:50:01 PM (Brasilia Standard Time)", + timestampUTC: "Wed, 07 Nov 2018 21:50:01 GMT", + version: 1, + }, + { + logId: + "EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB", + name: "Google “Rocketeer”", + signatureAlgorithm: "SHA-256 ECDSA", + timestamp: "11/7/2018, 7:50:01 PM (Brasilia Standard Time)", + timestampUTC: "Wed, 07 Nov 2018 21:50:01 GMT", + version: 1, + }, + ], + }, + sKID: { + critical: false, + id: "6C:B0:43:56:FE:3D:E8:12:EC:D9:12:F5:63:D5:C4:CA:07:AF:B0:76", + }, + san: { + altNames: [ + ["DNS Name", "www.digicert.com"], + ["DNS Name", "admin.digicert.com"], + ["DNS Name", "digicert.com"], + ["DNS Name", "content.digicert.com"], + ["DNS Name", "login.digicert.com"], + ["DNS Name", "api.digicert.com"], + ["DNS Name", "ws.digicert.com"], + ["DNS Name", "www.origin.digicert.com"], + ], + critical: false, + }, + }, + files: { + pem: "-----BEGIN%20CERTIFICATE-----%0D%0AMIIIzDCCB7SgAwIBAgIQDrbqtBjIc9jzwDHc3d8YsDANBgkqhkiG9w0BAQsFADB1%0D%0AMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3%0D%0Ad3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk%0D%0AIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MTEwNzAwMDAwMFoXDTIwMTExMzEy%0D%0AMDAwMFowgc8xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB%0D%0ABAGCNzwCAQMTAlVTMRUwEwYLKwYBBAGCNzwCAQITBFV0YWgxFTATBgNVBAUTDDUy%0D%0AOTk1MzctMDE0MjELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxDTALBgNVBAcT%0D%0ABExlaGkxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMQwwCgYDVQQLEwNTUkUxGTAX%0D%0ABgNVBAMTEHd3dy5kaWdpY2VydC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw%0D%0AggIKAoICAQDOn4XKOTAwt/aYabScEF1QOyVj0OVo1NmlyizWNZWyPg0pi53ggUoE%0D%0A98CeNUkz+6scEYqWNY6l3qKB56pJJIqNQmo9NoWO8k2G/jTIjFFGqNWYIq23i4+H%0D%0AqaXi1/H/aWFgazk1qkyyAOQQA/p56bG9m5Ok/IBM/BZnLqVJLGJOx9ihgG1dI9Dr%0D%0A6vap+8QaPRau3t9sEd2cxe4Ix7gLdaYG3vxsYf3BycKTSKtyrbkX1Qy0dsSxy+GC%0D%0AM2ETxE1gMa7vRomQ/ZoZo8Ib55kFp6lIT6UOOkkdyiJdpWPXIZZlsZR5wkegWDsJ%0D%0AP7Xv7nE0WMkY1+05iNYtrzZRhhlnBw2AoMGNI+tsBXLQKeZfWFmU30bhkzX99pmv%0D%0AIYJ3f1fQGLao44nQEjdknIvpm0HMgvagYCnQVnnhJStzyYz324flWLPSp57OQeNM%0D%0Atr6O5W0HdWyhUZU+D4R6wObYQMZ5biYjRhtAQjMg8EVQEfZzEdr0WGO5JRHLHyot%0D%0A8tErXM9DiF5cCbzfcjeuoik2SHW+vbuPagMiHTM9+3lr0oRO+ZWwcM7fJvn1JfR2%0D%0APDLAaI3QUv7OLhSH32UfQsk+1ICq05m2HwSxiAviDRl5De66MEZDdvu03sUAQTHv%0D%0AWnw0Mr7Jgbjtn0DeUKLYwsRWg+spqoFTJHWGbb9RIb+3lxev7nIqOQIDAQABo4ID%0D%0A+zCCA/cwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYE%0D%0AFGywQ1b+PegS7NkS9WPVxMoHr7B2MIGlBgNVHREEgZ0wgZqCEHd3dy5kaWdpY2Vy%0D%0AdC5jb22CEmFkbWluLmRpZ2ljZXJ0LmNvbYIMZGlnaWNlcnQuY29tghRjb250ZW50%0D%0ALmRpZ2ljZXJ0LmNvbYISbG9naW4uZGlnaWNlcnQuY29tghBhcGkuZGlnaWNlcnQu%0D%0AY29tgg93cy5kaWdpY2VydC5jb22CF3d3dy5vcmlnaW4uZGlnaWNlcnQuY29tMA4G%0D%0AA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYD%0D%0AVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYt%0D%0Ac2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3No%0D%0AYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG/WwCATAqMCgG%0D%0ACCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEB%0D%0AMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj%0D%0AZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t%0D%0AL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAMBgNV%0D%0AHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdQCkuQmQtBhYFIe7%0D%0AE6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWbwJ1QeAAAEAwBGMEQCIAzNFnn0UQyL%0D%0A5ZkwA7BX2JiQkjCk9QZrNHR9S1So7l8LAiAzoHDpWV5Dq5iM5NU86nJwqB1qsjZt%0D%0Aa4fWlvNKs0S+eQB3AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAAB%0D%0AZvAnVbMAAAQDAEgwRgIhAOr0s3YbgyIs7dytmC1s5ClugVmo+r+W6ZKqRpphsIjT%0D%0AAiEAqgzFns9X9+SKwTSz0h1epijxrnWH+qZ815QgaJVd83UAdwDuS723dc5guuFC%0D%0AaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWbwJ1RAAAAEAwBIMEYCIQCsFv4KXmNK%0D%0A+POADrfs37hcjApxSuiK14+tN5wFGby6QQIhANa+RvbVx1nYk13IyLCBiCMENLEV%0D%0A9urcBZfprZN+ZsrlMA0GCSqGSIb3DQEBCwUAA4IBAQB+tQhW07rk6eb2L2Ir+Wwq%0D%0Al5ZJaoaZq3zwoG8vPMFTZbcWPYsSVI5KuXELdB1QnmPbHebTJuI/gjfD65vf7C3N%0D%0ABjgLoXui39mwN4UNTBCc2Ls8s8/aVfTZGPCNNwynCEsY9h0HRobI8kiVPvU0kyBJ%0D%0AO3p3msqR7W2lAIWciJWmoPQkEFh7u84/oc7Pz2SSE6tqMW9lZmyBqjSuBufRJn1g%0D%0ACTdp/5DZdQWTNL6L5GSsRoXQnarsVtFVriqOjWf5R4O4z6LQznlbBQCMUR3geUNq%0D%0A0vSblnmgav0+L9HK97wqtONu1CrJ9/Q2JwoxFAs/zps/nh9oJU2ToK9lzl/38gpo%0D%0A-----END%20CERTIFICATE-----%0D%0A", + }, + fingerprint: { + sha1: "8E:43:B7:D0:84:FD:B2:6C:08:9E:D3:F1:10:0C:D2:1D:D4:AD:C6:DF", + sha256: + "37:BF:44:A9:28:03:8A:22:AE:0C:E3:2D:96:3C:36:F5:D2:2D:37:99:D6:B2:63:CB:9C:1D:45:D1:CF:FE:B0:69", + }, + issuer: { + cn: "DigiCert SHA2 Extended Validation Server CA", + dn: "c=US, o=DigiCert Inc, ou=www.digicert.com, cn=DigiCert SHA2 Extended Validation Server CA", + entries: [ + ["Country", "US"], + ["Organization", "DigiCert Inc"], + ["Organizational Unit", "www.digicert.com"], + ["Common Name", "DigiCert SHA2 Extended Validation Server CA"], + ], + }, + notBefore: "11/6/2018, 10:00:00 PM (Brasilia Standard Time)", + notBeforeUTC: "Wed, 07 Nov 2018 00:00:00 GMT", + notAfter: "11/13/2020, 9:00:00 AM (Brasilia Standard Time)", + notAfterUTC: "Fri, 13 Nov 2020 12:00:00 GMT", + subject: { + cn: "www.digicert.com", + dn: "OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Utah, serialNumber=5299537-0142, c=US, s=Utah, l=Lehi, o=DigiCert, Inc., ou=SRE, cn=www.digicert.com", + entries: [ + ["Business Category", "Private Organization"], + ["Inc. Country", "US"], + ["Inc. State / Province", "Utah"], + ["Serial Number", "5299537-0142"], + ["Country", "US"], + ["State / Province", "Utah"], + ["Locality", "Lehi"], + ["Organization", "DigiCert, Inc."], + ["Organizational Unit", "SRE"], + ["Common Name", "www.digicert.com"], + ], + }, + serialNumber: "0E:B6:EA:B4:18:C8:73:D8:F3:C0:31:DC:DD:DF:18:B0", + signature: { + name: "SHA-256 with RSA Encryption", + type: "1.2.840.113549.1.1.11", + }, + subjectPublicKeyInfo: { + e: 65537, + kty: "RSA", + n: "CE:9F:85:CA:39:30:30:B7:F6:98:69:B4:9C:10:5D:50:3B:25:63:D0:E5:68:D4:D9:A5:CA:2C:D6:35:95:B2:3E:0D:29:8B:9D:E0:81:4A:04:F7:C0:9E:35:49:33:FB:AB:1C:11:8A:96:35:8E:A5:DE:A2:81:E7:AA:49:24:8A:8D:42:6A:3D:36:85:8E:F2:4D:86:FE:34:C8:8C:51:46:A8:D5:98:22:AD:B7:8B:8F:87:A9:A5:E2:D7:F1:FF:69:61:60:6B:39:35:AA:4C:B2:00:E4:10:03:FA:79:E9:B1:BD:9B:93:A4:FC:80:4C:FC:16:67:2E:A5:49:2C:62:4E:C7:D8:A1:80:6D:5D:23:D0:EB:EA:F6:A9:FB:C4:1A:3D:16:AE:DE:DF:6C:11:DD:9C:C5:EE:08:C7:B8:0B:75:A6:06:DE:FC:6C:61:FD:C1:C9:C2:93:48:AB:72:AD:B9:17:D5:0C:B4:76:C4:B1:CB:E1:82:33:61:13:C4:4D:60:31:AE:EF:46:89:90:FD:9A:19:A3:C2:1B:E7:99:05:A7:A9:48:4F:A5:0E:3A:49:1D:CA:22:5D:A5:63:D7:21:96:65:B1:94:79:C2:47:A0:58:3B:09:3F:B5:EF:EE:71:34:58:C9:18:D7:ED:39:88:D6:2D:AF:36:51:86:19:67:07:0D:80:A0:C1:8D:23:EB:6C:05:72:D0:29:E6:5F:58:59:94:DF:46:E1:93:35:FD:F6:99:AF:21:82:77:7F:57:D0:18:B6:A8:E3:89:D0:12:37:64:9C:8B:E9:9B:41:CC:82:F6:A0:60:29:D0:56:79:E1:25:2B:73:C9:8C:F7:DB:87:E5:58:B3:D2:A7:9E:CE:41:E3:4C:B6:BE:8E:E5:6D:07:75:6C:A1:51:95:3E:0F:84:7A:C0:E6:D8:40:C6:79:6E:26:23:46:1B:40:42:33:20:F0:45:50:11:F6:73:11:DA:F4:58:63:B9:25:11:CB:1F:2A:2D:F2:D1:2B:5C:CF:43:88:5E:5C:09:BC:DF:72:37:AE:A2:29:36:48:75:BE:BD:BB:8F:6A:03:22:1D:33:3D:FB:79:6B:D2:84:4E:F9:95:B0:70:CE:DF:26:F9:F5:25:F4:76:3C:32:C0:68:8D:D0:52:FE:CE:2E:14:87:DF:65:1F:42:C9:3E:D4:80:AA:D3:99:B6:1F:04:B1:88:0B:E2:0D:19:79:0D:EE:BA:30:46:43:76:FB:B4:DE:C5:00:41:31:EF:5A:7C:34:32:BE:C9:81:B8:ED:9F:40:DE:50:A2:D8:C2:C4:56:83:EB:29:AA:81:53:24:75:86:6D:BF:51:21:BF:B7:97:17:AF:EE:72:2A:39", + keysize: 4096, + }, + unsupportedExtensions: [], + version: "3", + }, + { + ext: { + aia: { + descriptions: [ + { + location: "http://ocsp.digicert.com", + method: "Online Certificate Status Protocol (OCSP)", + }, + ], + critical: false, + }, + aKID: { + critical: false, + id: "B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3", + }, + basicConstraints: { cA: true, critical: true }, + crlPoints: { + critical: false, + points: ["http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl"], + }, + cp: { + critical: false, + policies: [ + { + id: "2.5.29.32.0", + qualifiers: [ + { + id: "1.3.6.1.5.5.7.2.1", + name: "Practices Statement", + value: "https://www.digicert.com/CPS", + }, + ], + }, + ], + }, + eKeyUsages: { + critical: false, + purposes: ["Server Authentication", "Client Authentication"], + }, + keyUsages: { + critical: true, + purposes: ["Digital Signature", "Certificate Signing", "CRL Signing"], + }, + msCrypto: { exists: false }, + ocspStaple: { critical: false, required: false }, + scts: { critical: false, timestamps: [] }, + sKID: { + critical: false, + id: "3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F", + }, + san: { altNames: [], critical: false }, + }, + files: { + pem: "-----BEGIN%20CERTIFICATE-----%0D%0AMIIEtjCCA56gAwIBAgIQDHmpRLCMEZUgkmFf4msdgzANBgkqhkiG9w0BAQsFADBs%0D%0AMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3%0D%0Ad3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j%0D%0AZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowdTEL%0D%0AMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3%0D%0ALmRpZ2ljZXJ0LmNvbTE0MDIGA1UEAxMrRGlnaUNlcnQgU0hBMiBFeHRlbmRlZCBW%0D%0AYWxpZGF0aW9uIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC%0D%0AggEBANdTpARR+JmmFkhLZyeqk0nQOe0MsLAAh/FnKIaFjI5j2ryxQDji0/XspQUY%0D%0AuD0+xZkXMuwYjPrxDKZkIYXLBxA0sFKIKx9om9KxjxKws9LniB8f7zh3VFNfgHk/%0D%0ALhqqqB5LKw2rt2O5Nbd9FLxZS99RStKh4gzikIKHaq7q12TWmFXo/a8aUGxUvBHy%0D%0A/Urynbt/DvTVvo4WiRJV2MBxNO723C3sxIclho3YIeSwTQyJ3DkmF93215SF2AQh%0D%0AcJ1vb/9cuhnhRctWVyh+HA1BV6q3uCe7seT6Ku8hI3UarS2bhjWMnHe1c63YlC3k%0D%0A8wyd7sFOYn4XwHGeLN7x+RAoGTMCAwEAAaOCAUkwggFFMBIGA1UdEwEB/wQIMAYB%0D%0AAf8CAQAwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF%0D%0ABQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp%0D%0AZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2Vy%0D%0AdC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2%0D%0AMDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5j%0D%0Ab20vQ1BTMB0GA1UdDgQWBBQ901Cl1qCt7vNKYApl0yHU+PjWDzAfBgNVHSMEGDAW%0D%0AgBSxPsNpA/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAnbbQkIbh%0D%0AhgLtxaDwNBx0wY12zIYKqPBKikLWP8ipTa18CK3mtlC4ohpNiAexKSHc59rGPCHg%0D%0A4xFJcKx6HQGkyhE6V6t9VypAdP3THYUYUN9XR3WhfVUgLkc3UHKMf4Ib0mKPLQNa%0D%0A2sPIoc4sUqIAY+tzunHISScjl2SFnjgOrWNoPLpSgVh5oywM395t6zHyuqB8bPEs%0D%0A1OG9d4Q3A84ytciagRpKkk47RpqF/oOi+Z6Mo8wNXrM9zwR4jxQUezKcxwCmXMS1%0D%0AoVWNWlZopCJwqjyBcdmdqEU79OX2olHdx3ti6G8MdOu42vi/hw15UJGQmxg7kVkn%0D%0A8TUoE6smftX3eg==%0D%0A-----END%20CERTIFICATE-----%0D%0A", + }, + fingerprint: { + sha1: "7E:2F:3A:4F:8F:E8:FA:8A:57:30:AE:CA:02:96:96:63:7E:98:6F:3F", + sha256: + "40:3E:06:2A:26:53:05:91:13:28:5B:AF:80:A0:D4:AE:42:2C:84:8C:9F:78:FA:D0:1F:C9:4B:C5:B8:7F:EF:1A", + }, + issuer: { + cn: "DigiCert High Assurance EV Root CA", + dn: "c=US, o=DigiCert Inc, ou=www.digicert.com, cn=DigiCert High Assurance EV Root CA", + entries: [ + ["Country", "US"], + ["Organization", "DigiCert Inc"], + ["Organizational Unit", "www.digicert.com"], + ["Common Name", "DigiCert High Assurance EV Root CA"], + ], + }, + notBefore: "10/22/2013, 10:00:00 AM (Brasilia Standard Time)", + notBeforeUTC: "Tue, 22 Oct 2013 12:00:00 GMT", + notAfter: "10/22/2028, 9:00:00 AM (Brasilia Standard Time)", + notAfterUTC: "Sun, 22 Oct 2028 12:00:00 GMT", + subject: { + cn: "DigiCert SHA2 Extended Validation Server CA", + dn: "c=US, o=DigiCert Inc, ou=www.digicert.com, cn=DigiCert SHA2 Extended Validation Server CA", + entries: [ + ["Country", "US"], + ["Organization", "DigiCert Inc"], + ["Organizational Unit", "www.digicert.com"], + ["Common Name", "DigiCert SHA2 Extended Validation Server CA"], + ], + }, + serialNumber: "0C:79:A9:44:B0:8C:11:95:20:92:61:5F:E2:6B:1D:83", + signature: { + name: "SHA-256 with RSA Encryption", + type: "1.2.840.113549.1.1.11", + }, + subjectPublicKeyInfo: { + e: 65537, + kty: "RSA", + n: "D7:53:A4:04:51:F8:99:A6:16:48:4B:67:27:AA:93:49:D0:39:ED:0C:B0:B0:00:87:F1:67:28:86:85:8C:8E:63:DA:BC:B1:40:38:E2:D3:F5:EC:A5:05:18:B8:3D:3E:C5:99:17:32:EC:18:8C:FA:F1:0C:A6:64:21:85:CB:07:10:34:B0:52:88:2B:1F:68:9B:D2:B1:8F:12:B0:B3:D2:E7:88:1F:1F:EF:38:77:54:53:5F:80:79:3F:2E:1A:AA:A8:1E:4B:2B:0D:AB:B7:63:B9:35:B7:7D:14:BC:59:4B:DF:51:4A:D2:A1:E2:0C:E2:90:82:87:6A:AE:EA:D7:64:D6:98:55:E8:FD:AF:1A:50:6C:54:BC:11:F2:FD:4A:F2:9D:BB:7F:0E:F4:D5:BE:8E:16:89:12:55:D8:C0:71:34:EE:F6:DC:2D:EC:C4:87:25:86:8D:D8:21:E4:B0:4D:0C:89:DC:39:26:17:DD:F6:D7:94:85:D8:04:21:70:9D:6F:6F:FF:5C:BA:19:E1:45:CB:56:57:28:7E:1C:0D:41:57:AA:B7:B8:27:BB:B1:E4:FA:2A:EF:21:23:75:1A:AD:2D:9B:86:35:8C:9C:77:B5:73:AD:D8:94:2D:E4:F3:0C:9D:EE:C1:4E:62:7E:17:C0:71:9E:2C:DE:F1:F9:10:28:19:33", + keysize: 2048, + }, + unsupportedExtensions: [], + version: "3", + }, + { + ext: { + aia: { critical: false }, + aKID: { + critical: false, + id: "B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3", + }, + basicConstraints: { cA: true, critical: true }, + cp: { critical: false }, + keyUsages: { + critical: true, + purposes: ["Digital Signature", "Certificate Signing", "CRL Signing"], + }, + msCrypto: { exists: false }, + ocspStaple: { critical: false, required: false }, + scts: { critical: false, timestamps: [] }, + sKID: { + critical: false, + id: "B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3", + }, + san: { altNames: [], critical: false }, + }, + files: { + pem: "-----BEGIN%20CERTIFICATE-----%0D%0AMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs%0D%0AMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3%0D%0Ad3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j%0D%0AZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL%0D%0AMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3%0D%0ALmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug%0D%0ARVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm%0D%0A+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW%0D%0APNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM%0D%0AxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB%0D%0AIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3%0D%0AhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg%0D%0AEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF%0D%0AMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA%0D%0AFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec%0D%0AnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z%0D%0AeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF%0D%0AhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2%0D%0AYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe%0D%0AvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep%0D%0A+OkuE6N36B9K%0D%0A-----END%20CERTIFICATE-----%0D%0A", + }, + fingerprint: { + sha1: "5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25", + sha256: + "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF", + }, + issuer: { + cn: "DigiCert High Assurance EV Root CA", + dn: "c=US, o=DigiCert Inc, ou=www.digicert.com, cn=DigiCert High Assurance EV Root CA", + entries: [ + ["Country", "US"], + ["Organization", "DigiCert Inc"], + ["Organizational Unit", "www.digicert.com"], + ["Common Name", "DigiCert High Assurance EV Root CA"], + ], + }, + notBefore: "11/9/2006, 10:00:00 PM (Brasilia Standard Time)", + notBeforeUTC: "Fri, 10 Nov 2006 00:00:00 GMT", + notAfter: "11/9/2031, 9:00:00 PM (Brasilia Standard Time)", + notAfterUTC: "Mon, 10 Nov 2031 00:00:00 GMT", + subject: { + cn: "DigiCert High Assurance EV Root CA", + dn: "c=US, o=DigiCert Inc, ou=www.digicert.com, cn=DigiCert High Assurance EV Root CA", + entries: [ + ["Country", "US"], + ["Organization", "DigiCert Inc"], + ["Organizational Unit", "www.digicert.com"], + ["Common Name", "DigiCert High Assurance EV Root CA"], + ], + }, + serialNumber: "02:AC:5C:26:6A:0B:40:9B:8F:0B:79:F2:AE:46:25:77", + signature: { + name: "SHA-1 with RSA Encryption", + type: "1.2.840.113549.1.1.5", + }, + subjectPublicKeyInfo: { + e: 65537, + kty: "RSA", + n: "C6:CC:E5:73:E6:FB:D4:BB:E5:2D:2D:32:A6:DF:E5:81:3F:C9:CD:25:49:B6:71:2A:C3:D5:94:34:67:A2:0A:1C:B0:5F:69:A6:40:B1:C4:B7:B2:8F:D0:98:A4:A9:41:59:3A:D3:DC:94:D6:3C:DB:74:38:A4:4A:CC:4D:25:82:F7:4A:A5:53:12:38:EE:F3:49:6D:71:91:7E:63:B6:AB:A6:5F:C3:A4:84:F8:4F:62:51:BE:F8:C5:EC:DB:38:92:E3:06:E5:08:91:0C:C4:28:41:55:FB:CB:5A:89:15:7E:71:E8:35:BF:4D:72:09:3D:BE:3A:38:50:5B:77:31:1B:8D:B3:C7:24:45:9A:A7:AC:6D:00:14:5A:04:B7:BA:13:EB:51:0A:98:41:41:22:4E:65:61:87:81:41:50:A6:79:5C:89:DE:19:4A:57:D5:2E:E6:5D:1C:53:2C:7E:98:CD:1A:06:16:A4:68:73:D0:34:04:13:5C:A1:71:D3:5A:7C:55:DB:5E:64:E1:37:87:30:56:04:E5:11:B4:29:80:12:F1:79:39:88:A2:02:11:7C:27:66:B7:88:B7:78:F2:CA:0A:A8:38:AB:0A:64:C2:BF:66:5D:95:84:C1:A1:25:1E:87:5D:1A:50:0B:20:12:CC:41:BB:6E:0B:51:38:B8:4B:CB", + keysize: 2048, + }, + unsupportedExtensions: [], + version: "3", + }, +]; diff --git a/toolkit/components/certviewer/tests/chrome/test_adjustCertInformation.html b/toolkit/components/certviewer/tests/chrome/test_adjustCertInformation.html new file mode 100644 index 0000000000..ddd4c8a0b3 --- /dev/null +++ b/toolkit/components/certviewer/tests/chrome/test_adjustCertInformation.html @@ -0,0 +1,45 @@ + + + + certviewer adjustCertInformation test + + + + + + + + diff --git a/toolkit/components/certviewer/tests/chrome/test_certDecoder.html b/toolkit/components/certviewer/tests/chrome/test_certDecoder.html new file mode 100644 index 0000000000..67ad083242 --- /dev/null +++ b/toolkit/components/certviewer/tests/chrome/test_certDecoder.html @@ -0,0 +1,39 @@ + + + + certviewer parse test + + + + + + + + diff --git a/toolkit/components/certviewer/tests/chrome/test_certDecoderFields.html b/toolkit/components/certviewer/tests/chrome/test_certDecoderFields.html new file mode 100644 index 0000000000..1f54cced4b --- /dev/null +++ b/toolkit/components/certviewer/tests/chrome/test_certDecoderFields.html @@ -0,0 +1,84 @@ + + + + certviewer parse test + + + + + + + + diff --git a/toolkit/components/certviewer/tests/chrome/test_kebabCaseInAdjustCertInformation.html b/toolkit/components/certviewer/tests/chrome/test_kebabCaseInAdjustCertInformation.html new file mode 100644 index 0000000000..b9f7b98d89 --- /dev/null +++ b/toolkit/components/certviewer/tests/chrome/test_kebabCaseInAdjustCertInformation.html @@ -0,0 +1,106 @@ + + + + certviewer adjustCertInformation test + + + + + + + + -- cgit v1.2.3