Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
logger.info(moduleName, 'Certificate created.');
var userPriKey = forge.pki.privateKeyToPem(keys.privateKey);
var userCert = forge.pki.certificateToPem(cert);
var caCert = loadCaCert();
var certArray = [userCert, caCert];
// create PKCS12
logger.info(moduleName, 'Creating PKCS#12...');
var newPkcs12Asn1 = forge.pkcs12.toPkcs12Asn1(
keys.privateKey, certArray, authorPassword,
{generateLocalKeyId: true, friendlyName: authorCertName});
var newPkcs12Der = forge.asn1.toDer(newPkcs12Asn1).getBytes();
fs.writeFileSync(authorCertPath, newPkcs12Der);
logger.info(moduleName, authorCertPath + ' created.');
} catch(ex) {
if(ex.stack) {
console.log(ex.stack);
} else {
console.log('Error', ex);
}
}
}
exports.createCert = createCert;
const masterPasswordBytes = forge.util.encodeUtf8(masterPassword || '');
const key4File = fs.readFileSync(key4FilePath);
const key4Db = new SQL.Database(key4File);
const metaData = key4Db.exec('SELECT item1, item2 FROM metadata WHERE id = \'password\';');
if (metaData && metaData.length && metaData[0].values && metaData[0].values.length) {
const globalSalt = toByteString(metaData[0].values[0][0].buffer);
const item2 = toByteString(metaData[0].values[0][1].buffer);
const item2Asn1 = forge.asn1.fromDer(item2);
const item2Salt = item2Asn1.value[0].value[1].value[0].value;
const item2Data = item2Asn1.value[1].value;
const item2Value = decryptKey(globalSalt, masterPasswordBytes, item2Salt, item2Data);
if (item2Value && item2Value.data === 'password-check') {
const nssData = key4Db.exec('SELECT a11 FROM nssPrivate WHERE a11 IS NOT NULL;');
if (nssData && nssData.length && nssData[0].values && nssData[0].values.length) {
const a11 = toByteString(nssData[0].values[0][0].buffer);
const a11Asn1 = forge.asn1.fromDer(a11);
const a11Salt = a11Asn1.value[0].value[1].value[0].value;
const a11Data = a11Asn1.value[1].value;
const a11Value = decryptKey(globalSalt, masterPasswordBytes, a11Salt, a11Data);
return forge.util.createBuffer(a11Value).getBytes(24);
}
} else {
// TODO: Support key3.db?
throw new Error('Master password incorrect.');
}
}
throw new Error('Not able to get key from profile directory.');
}
util.certificateForKey(privateKey, (err, certificate) => {
if (err) return callback(err)
// create a p7 enveloped message
const p7 = forge.pkcs7.createEnvelopedData()
p7.addRecipient(certificate)
p7.content = forge.util.createBuffer(plain)
p7.encrypt()
// convert message to DER
const der = forge.asn1.toDer(p7.toAsn1()).getBytes()
callback(null, Buffer.from(der, 'binary'))
})
} catch (err) {
static getExtensionByOid(extensionsData, oid) {
const oidIndex = AnchorProcessor.findOidIndex(extensionsData, { id: oid });
if (oidIndex !== -1) {
const anchorExtension = extensionsData[oidIndex];
const anchorEncodedValue = anchorExtension.value;
// Convert Anchor value from ASN.1 format to an object
const extensionObj = forge.asn1.fromDer(anchorEncodedValue.toString('binary'));
return extensionObj;
}
return null;
}
const selfsigned = (name, dir) => {
if (fs.existsSync(path.join(dir, 'key.pem'))) {
const keyPem = fs.readFileSync(path.join(dir, 'key.pem'))
, certPem = fs.readFileSync(path.join(dir, 'cert.pem'))
, cert = forge.pki.certificateFromPem(certPem)
, certDer = forge.asn1.toDer(forge.pki.certificateToAsn1(cert)).getBytes()
, fprint = forge.md.sha1.create().update(certDer).digest().toHex().match(/../g).join(':')
console.log(`Loaded TLS certificate with fingerprint ${fprint} from ${ dir }`)
return { key: keyPem, cert: certPem }
}
const extensions = [ ...defaultExt, {
name: 'subjectAltName'
, altNames: [ isIp(name) ? { type: 7, ip: name }
: { type: 2, value: name } ]
} ]
const pems = require('selfsigned').generate([ { name: 'commonName', value: name } ]
, { extensions, keySize: 2048, algorithm: 'sha256' })
!fs.existsSync(dir) && mkdirp.sync(dir)
exports.keyId = (privateKey, callback) => {
try {
const publicKey = pki.setRsaPublicKey(privateKey.n, privateKey.e)
const spki = pki.publicKeyToSubjectPublicKeyInfo(publicKey)
const der = new Buffer(forge.asn1.toDer(spki).getBytes(), 'binary')
const jwk = rsaUtils.pkixToJwk(der)
const rsa = new rsaClass.RsaPublicKey(jwk)
rsa.hash((err, kid) => {
if (err) return callback(err)
const kids = multihash.toB58String(kid)
return callback(null, kids)
})
} catch (err) {
callback(err)
}
}
function _getCertData(p12Buffer, passwordRaw) {
if (Buffer.isBuffer(p12Buffer)) {
p12Buffer = p12Buffer.toString('base64');
} else if (typeof p12Buffer !== 'string') {
throw new Error('_getCertData only takes strings and buffers.');
}
const password = String(passwordRaw || '');
const p12Der = forge.util.decode64(p12Buffer);
const p12Asn1 = forge.asn1.fromDer(p12Der);
const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, password);
const certBagType = forge.pki.oids.certBag;
const certData = _.get(p12.getBags({ bagType: certBagType }), [certBagType, 0, 'cert']);
if (!certData) {
throw new Error("_getCertData: couldn't find cert bag");
}
return certData;
}
function _getCertData(p12Buffer, passwordRaw) {
if (Buffer.isBuffer(p12Buffer)) {
p12Buffer = p12Buffer.toString('base64');
} else if (typeof p12Buffer !== 'string') {
throw new Error('_getCertData only takes strings and buffers.');
}
const password = String(passwordRaw || '');
const p12Der = forge.util.decode64(p12Buffer);
const p12Asn1 = forge.asn1.fromDer(p12Der);
const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, password);
const certBagType = forge.pki.oids.certBag;
const certData = _.get(p12.getBags({ bagType: certBagType }), [certBagType, 0, 'cert']);
if (!certData) {
throw new Error("_getCertData: couldn't find cert bag");
}
return certData;
}