cleanup (and JWK-to-PEM prep)
This commit is contained in:
parent
5ea00472c3
commit
f798abf2a6
4 changed files with 136 additions and 71 deletions
119
lib/rasha.js
119
lib/rasha.js
|
@ -5,7 +5,6 @@ var SSH = require('./ssh.js');
|
|||
var PEM = require('./pem.js');
|
||||
var x509 = require('./x509.js');
|
||||
var ASN1 = require('./asn1.js');
|
||||
var Enc = require('./encoding.js');
|
||||
|
||||
/*global Promise*/
|
||||
RSA.parse = function parseRsa(opts) {
|
||||
|
@ -26,17 +25,13 @@ RSA.parse = function parseRsa(opts) {
|
|||
var meta = x509.guess(block.der, asn1);
|
||||
|
||||
if ('pkcs1' === meta.format) {
|
||||
jwk = RSA.parsePkcs1(block.der, asn1, jwk);
|
||||
jwk = x509.parsePkcs1(block.der, asn1, jwk);
|
||||
} else {
|
||||
jwk = RSA.parsePkcs8(block.der, asn1, jwk);
|
||||
jwk = x509.parsePkcs8(block.der, asn1, jwk);
|
||||
}
|
||||
|
||||
if (opts.public) {
|
||||
jwk = {
|
||||
kty: jwk.kty
|
||||
, n: jwk.n
|
||||
, e: jwk.e
|
||||
};
|
||||
jwk = RSA.nueter(jwk);
|
||||
}
|
||||
return jwk;
|
||||
});
|
||||
|
@ -58,63 +53,65 @@ RSAPrivateKey ::= SEQUENCE {
|
|||
}
|
||||
*/
|
||||
|
||||
RSA.parsePkcs1 = function parseRsaPkcs1(buf, asn1, jwk) {
|
||||
if (!asn1.children.every(function(el) {
|
||||
return 0x02 === el.type;
|
||||
})) {
|
||||
throw new Error("not an RSA PKCS#1 public or private key (not all ints)");
|
||||
RSA.pack = function (opts) {
|
||||
return Promise.resolve().then(function () {
|
||||
if (!opts || !opts.jwk || 'object' !== typeof opts.jwk) {
|
||||
throw new Error("must pass { jwk: jwk }");
|
||||
}
|
||||
|
||||
if (2 === asn1.children.length) {
|
||||
|
||||
jwk.n = Enc.bufToUrlBase64(asn1.children[0].value);
|
||||
jwk.e = Enc.bufToUrlBase64(asn1.children[1].value);
|
||||
return jwk;
|
||||
|
||||
} else if (asn1.children.length >= 9) {
|
||||
// the standard allows for "otherPrimeInfos", hence at least 9
|
||||
|
||||
jwk.n = Enc.bufToUrlBase64(asn1.children[1].value);
|
||||
jwk.e = Enc.bufToUrlBase64(asn1.children[2].value);
|
||||
jwk.d = Enc.bufToUrlBase64(asn1.children[3].value);
|
||||
jwk.p = Enc.bufToUrlBase64(asn1.children[4].value);
|
||||
jwk.q = Enc.bufToUrlBase64(asn1.children[5].value);
|
||||
jwk.dp = Enc.bufToUrlBase64(asn1.children[6].value);
|
||||
jwk.dq = Enc.bufToUrlBase64(asn1.children[7].value);
|
||||
jwk.qi = Enc.bufToUrlBase64(asn1.children[8].value);
|
||||
return jwk;
|
||||
|
||||
var jwk = JSON.parse(JSON.stringify(opts.jwk));
|
||||
var format = opts.format;
|
||||
var pub = opts.public;
|
||||
if (pub || -1 !== [ 'spki', 'pkix', 'ssh', 'rfc4716' ].indexOf(format)) {
|
||||
jwk = RSA.nueter(jwk);
|
||||
}
|
||||
if ('RSA' !== jwk.kty) {
|
||||
throw new Error("options.jwk.kty must be 'RSA' for RSA keys");
|
||||
}
|
||||
if (!jwk.p) {
|
||||
// TODO test for n and e
|
||||
pub = true;
|
||||
if (!format || 'pkcs1' === format) {
|
||||
format = 'pkcs1';
|
||||
} else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) {
|
||||
format = 'spki';
|
||||
} else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) {
|
||||
format = 'ssh';
|
||||
} else {
|
||||
throw new Error("not an RSA PKCS#1 public or private key (wrong number of ints)");
|
||||
throw new Error("options.format must be 'spki', 'pkcs1', or 'ssh' for public RSA keys, not ("
|
||||
+ typeof format + ") " + format);
|
||||
}
|
||||
} else {
|
||||
// TODO test for all necessary keys (d, p, q ...)
|
||||
if (!format || 'pkcs1' === format) {
|
||||
format = 'pkcs1';
|
||||
} else if ('pkcs8' !== format) {
|
||||
throw new Error("options.format must be 'pkcs1' or 'pkcs8' for private RSA keys");
|
||||
}
|
||||
}
|
||||
|
||||
if ('pkcs1' === format) {
|
||||
return PEM.packBlock({ type: "RSA PRIVATE KEY", bytes: x509.packPkcs1(jwk) });
|
||||
} else if ('pkcs8' === format) {
|
||||
return PEM.packBlock({ type: "PRIVATE KEY", bytes: x509.packPkcs8(jwk) });
|
||||
} else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) {
|
||||
return PEM.packBlock({ type: "PUBLIC KEY", bytes: x509.packSpki(jwk) });
|
||||
} else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) {
|
||||
return SSH.packSsh(jwk);
|
||||
} else {
|
||||
throw new Error("Sanity Error: reached unreachable code block with format: " + format);
|
||||
}
|
||||
});
|
||||
};
|
||||
RSA.toPem = RSA.export = RSA.pack;
|
||||
|
||||
RSA.parsePkcs8 = function parseRsaPkcs8(buf, asn1, jwk) {
|
||||
if (2 === asn1.children.length
|
||||
&& 0x03 === asn1.children[1].type
|
||||
&& 0x30 === asn1.children[1].value[0]) {
|
||||
|
||||
asn1 = ASN1.parse(asn1.children[1].value);
|
||||
jwk.n = Enc.bufToUrlBase64(asn1.children[0].value);
|
||||
jwk.e = Enc.bufToUrlBase64(asn1.children[1].value);
|
||||
|
||||
} else if (3 === asn1.children.length
|
||||
&& 0x04 === asn1.children[2].type
|
||||
&& 0x30 === asn1.children[2].children[0].type
|
||||
&& 0x02 === asn1.children[2].children[0].children[0].type) {
|
||||
|
||||
asn1 = asn1.children[2].children[0];
|
||||
jwk.n = Enc.bufToUrlBase64(asn1.children[1].value);
|
||||
jwk.e = Enc.bufToUrlBase64(asn1.children[2].value);
|
||||
jwk.d = Enc.bufToUrlBase64(asn1.children[3].value);
|
||||
jwk.p = Enc.bufToUrlBase64(asn1.children[4].value);
|
||||
jwk.q = Enc.bufToUrlBase64(asn1.children[5].value);
|
||||
jwk.dp = Enc.bufToUrlBase64(asn1.children[6].value);
|
||||
jwk.dq = Enc.bufToUrlBase64(asn1.children[7].value);
|
||||
jwk.qi = Enc.bufToUrlBase64(asn1.children[8].value);
|
||||
|
||||
} else {
|
||||
throw new Error("not an RSA PKCS#8 public or private key (wrong format)");
|
||||
}
|
||||
// snip the _private_ parts... hAHAHAHA!
|
||||
RSA.nueter = function (jwk) {
|
||||
// (snip rather than new object to keep potential extra data)
|
||||
// otherwise we could just do this:
|
||||
// return { kty: jwk.kty, n: jwk.n, e: jwk.e };
|
||||
[ 'p', 'q', 'd', 'dp', 'dq', 'qi' ].forEach(function (key) {
|
||||
if (key in jwk) { jwk[key] = undefined; }
|
||||
return jwk;
|
||||
});
|
||||
return jwk;
|
||||
};
|
||||
|
|
64
lib/x509.js
64
lib/x509.js
|
@ -1,7 +1,8 @@
|
|||
'use strict';
|
||||
|
||||
//var ASN1 = require('./asn1.js');
|
||||
var x509 = module.exports;
|
||||
var ASN1 = require('./asn1.js');
|
||||
var Enc = require('./encoding.js');
|
||||
|
||||
x509.guess = function (der, asn1) {
|
||||
// accepting der for compatability with other usages
|
||||
|
@ -29,3 +30,64 @@ x509.guess = function (der, asn1) {
|
|||
|
||||
return meta;
|
||||
};
|
||||
|
||||
x509.parsePkcs1 = function parseRsaPkcs1(buf, asn1, jwk) {
|
||||
if (!asn1.children.every(function(el) {
|
||||
return 0x02 === el.type;
|
||||
})) {
|
||||
throw new Error("not an RSA PKCS#1 public or private key (not all ints)");
|
||||
}
|
||||
|
||||
if (2 === asn1.children.length) {
|
||||
|
||||
jwk.n = Enc.bufToUrlBase64(asn1.children[0].value);
|
||||
jwk.e = Enc.bufToUrlBase64(asn1.children[1].value);
|
||||
return jwk;
|
||||
|
||||
} else if (asn1.children.length >= 9) {
|
||||
// the standard allows for "otherPrimeInfos", hence at least 9
|
||||
|
||||
jwk.n = Enc.bufToUrlBase64(asn1.children[1].value);
|
||||
jwk.e = Enc.bufToUrlBase64(asn1.children[2].value);
|
||||
jwk.d = Enc.bufToUrlBase64(asn1.children[3].value);
|
||||
jwk.p = Enc.bufToUrlBase64(asn1.children[4].value);
|
||||
jwk.q = Enc.bufToUrlBase64(asn1.children[5].value);
|
||||
jwk.dp = Enc.bufToUrlBase64(asn1.children[6].value);
|
||||
jwk.dq = Enc.bufToUrlBase64(asn1.children[7].value);
|
||||
jwk.qi = Enc.bufToUrlBase64(asn1.children[8].value);
|
||||
return jwk;
|
||||
|
||||
} else {
|
||||
throw new Error("not an RSA PKCS#1 public or private key (wrong number of ints)");
|
||||
}
|
||||
};
|
||||
|
||||
x509.parsePkcs8 = function parseRsaPkcs8(buf, asn1, jwk) {
|
||||
if (2 === asn1.children.length
|
||||
&& 0x03 === asn1.children[1].type
|
||||
&& 0x30 === asn1.children[1].value[0]) {
|
||||
|
||||
asn1 = ASN1.parse(asn1.children[1].value);
|
||||
jwk.n = Enc.bufToUrlBase64(asn1.children[0].value);
|
||||
jwk.e = Enc.bufToUrlBase64(asn1.children[1].value);
|
||||
|
||||
} else if (3 === asn1.children.length
|
||||
&& 0x04 === asn1.children[2].type
|
||||
&& 0x30 === asn1.children[2].children[0].type
|
||||
&& 0x02 === asn1.children[2].children[0].children[0].type) {
|
||||
|
||||
asn1 = asn1.children[2].children[0];
|
||||
jwk.n = Enc.bufToUrlBase64(asn1.children[1].value);
|
||||
jwk.e = Enc.bufToUrlBase64(asn1.children[2].value);
|
||||
jwk.d = Enc.bufToUrlBase64(asn1.children[3].value);
|
||||
jwk.p = Enc.bufToUrlBase64(asn1.children[4].value);
|
||||
jwk.q = Enc.bufToUrlBase64(asn1.children[5].value);
|
||||
jwk.dp = Enc.bufToUrlBase64(asn1.children[6].value);
|
||||
jwk.dq = Enc.bufToUrlBase64(asn1.children[7].value);
|
||||
jwk.qi = Enc.bufToUrlBase64(asn1.children[8].value);
|
||||
|
||||
} else {
|
||||
throw new Error("not an RSA PKCS#8 public or private key (wrong format)");
|
||||
}
|
||||
return jwk;
|
||||
};
|
||||
|
|
6
test.sh
Executable file
6
test.sh
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs1.pem
|
||||
node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs8.pem
|
||||
node bin/rasha.js ./fixtures/pub-rsa-2048.pkcs1.pem
|
||||
node bin/rasha.js ./fixtures/pub-rsa-2048.spki.pem
|
Loading…
Reference in a new issue