add exploration of certificate signing request

erossignon · erossignon · commit 5d3adae2a3be · 2020-12-29T23:09:31.000+01:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -14,7 +14,8 @@
     "makedoc": "npx typedoc -out doc",
     "cost-of-modules": "npx cost-of-modules --no-install",
     "release-it": "npx release-it",
-    "prettier-format": "prettier --config .prettierrc.js lib/**/*.ts test/**/*.ts --write"
+    "prettier-format": "prettier --config .prettierrc.js lib/**/*.ts test/**/*.ts --write",
+    "ncu": "npx npm-check-updates -u"
   },
   "keywords": [
     "OPCUA",
@@ -28,13 +29,13 @@
   "license": "MIT",
   "devDependencies": {
     "@types/mocha": "^8.2.0",
-    "@types/node": "^14.14.12",
+    "@types/node": "^14.14.16",
     "@types/should": "^13.0.0",
-    "@typescript-eslint/eslint-plugin": "^4.9.1",
-    "@typescript-eslint/parser": "^4.9.1",
-    "eslint": "^7.15.0",
-    "eslint-config-prettier": "^7.0.0",
-    "eslint-plugin-prettier": "^3.2.0",
+    "@typescript-eslint/eslint-plugin": "^4.11.1",
+    "@typescript-eslint/parser": "^4.11.1",
+    "eslint": "^7.16.0",
+    "eslint-config-prettier": "^7.1.0",
+    "eslint-plugin-prettier": "^3.3.0",
     "lorem-ipsum": "^2.0.3",
     "mocha": "^8.2.1",
     "prettier": "^2.2.1",
@@ -43,8 +44,8 @@
     "source-map-support": "^0.5.19",
     "ts-node": "^9.1.1",
     "tslint": "^6.1.3",
-    "typescript": "^4.1.3",
-    "tslint-config-prettier": "^1.18.0"
+    "tslint-config-prettier": "^1.18.0",
+    "typescript": "^4.1.3"
   },
   "dependencies": {
     "better-assert": "^1.0.2",
diff --git a/source/crypto_explore_certificate.ts b/source/crypto_explore_certificate.ts
@@ -385,7 +385,7 @@ function readExtKeyUsage(oid: string, buffer: Buffer): string {
  -- by extnID
  }
  */
-function _readExtension(buffer: Buffer, block: BlockInfo) {
+export function _readExtension(buffer: Buffer, block: BlockInfo) {
     const inner_blocks = _readStruct(buffer, block);
 
     if (inner_blocks.length === 3) {
@@ -544,7 +544,7 @@ export interface TbsCertificate {
     extensions: CertificateExtension | null;
 }
 
-function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertificate {
+export function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertificate {
     const blocks = _readStruct(buffer, block);
 
     let version, serialNumber, signature, issuer, validity, subject, subjectFingerPrint, subjectPublicKeyInfo, extensions;
diff --git a/source/explore_certificate_signing_request.ts b/source/explore_certificate_signing_request.ts
@@ -0,0 +1,59 @@
+import * as  assert  from "assert";
+import { BlockInfo, readTag, _findBlockAtIndex, _getBlock, _readObjectIdentifier, _readStruct, _readVersionValue } from "./asn1";
+
+import { BasicConstraints, _readExtension } from "./crypto_explore_certificate";
+
+export interface ExtensionRequest {
+    basicConstraints: BasicConstraints,
+    keyUsage: KeyUsage,
+    subjectAltName: any
+}
+export interface CertificateSigningRequestInfo {
+    extensionRequest: ExtensionRequest
+}
+
+function _readExtensionRequest(buffer: Buffer): ExtensionRequest {
+    const block = readTag(buffer, 0);
+
+
+    const inner_blocks = _readStruct(buffer, block);
+    const extensions = inner_blocks.map((block1) => _readExtension(buffer, block1));
+
+    const result: any = {};
+    for (const e of extensions) {
+        result[e.identifier.name] = e.value;
+    }
+    const { basicConstraints, keyUsage, subjectAltName } = result;
+    return { basicConstraints, keyUsage, subjectAltName };
+}
+
+export function readCertificationRequestInfo(buffer: Buffer, block: BlockInfo): CertificateSigningRequestInfo {
+    const blocks = _readStruct(buffer, block);
+    if (blocks.length === 4) {
+        const extensionRequestBlock = _findBlockAtIndex(blocks, 0);
+        if (!extensionRequestBlock) {
+            throw new Error("cannot find extensionRequest block");
+        }
+        const blocks1 = _readStruct(buffer, extensionRequestBlock);
+        const blocks2 = _readStruct(buffer, blocks1[0]);
+        const identifier = _readObjectIdentifier(buffer, blocks2[0]);
+        if (identifier.name !== "extensionRequest") {
+            throw new Error(" Cannot find extension Request in ASN1 block");
+        }
+        const buf = _getBlock(buffer, blocks2[1]);
+        
+        const extensionRequest = _readExtensionRequest(buf);
+
+        return { extensionRequest };
+    }
+    throw new Error("Invalid CSR or ");
+}
+
+// see https://tools.ietf.org/html/rfc2986 : Certification Request Syntax Specification Version 1.7
+
+export function exploreCertificateSigningRequest(crl: Buffer): CertificateSigningRequestInfo {
+    const blockInfo = readTag(crl, 0);
+    const blocks = _readStruct(crl, blockInfo);
+    const csrInfo = readCertificationRequestInfo(crl, blocks[0]);
+    return csrInfo;
+}
diff --git a/source/index.ts b/source/index.ts
@@ -8,3 +8,4 @@ export * from "./crypto_utils";
 export * from "./crypto_explore_certificate";
 export * from "./verify_certificate_signature";
 export * from "./explore_certificate_revocation_list";
+export * from "./explore_certificate_signing_request";
diff --git a/source_nodejs/index.ts b/source_nodejs/index.ts
@@ -1,2 +1,3 @@
 export * from "./read";
 export * from "./read_certificate_revocation_list";
+export * from "./read_certificate_signing_request";
diff --git a/source_nodejs/read_certificate_signing_request.ts b/source_nodejs/read_certificate_signing_request.ts
@@ -0,0 +1,17 @@
+import * as fs from "fs";
+import { promisify } from "util";
+import { convertPEMtoDER } from "../source/crypto_utils";
+import { CertificateRevocationList } from "../source/common";
+import { assert } from "console";
+
+export type CertificateSigningRequest = Buffer;
+
+export async function readCertificateSigningRequest(filename: string): Promise<CertificateSigningRequest> {
+    const csr = await promisify(fs.readFile)(filename);
+    if (csr[0] === 0x30 && csr[1] === 0x82) {
+        // der format
+        return csr as CertificateRevocationList;
+    }
+    const raw_crl = csr.toString();
+    return convertPEMtoDER(raw_crl);
+}
diff --git a/test/fixtures/csr/csr1.pem b/test/fixtures/csr/csr1.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC8jCCAdoCAQAwTTELMAkGA1UEBhMCRlIxEDAOBgNVBAcMB09STEVBTlMxETAP
+BgNVBAoMCFN0ZXJmaXZlMRkwFwYDVQQDDBBGYWtlLU9QQ1VBU2VydmVyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJrwfWy0ZAy4hXdtMFmoz4FY+31x
+7cKFSEW1YUrHnfsnmO/rlD7U3InQL6jhIXZQNgPQ+MGc/E/VEJ2d0EzX0Q0gNrcv
+RTXiXsjRaY5oyBK6BWHuiykb45kz7oY3h7hvnAlKbhlib2MeWCOSFLQDEB6zsWKY
+AR5rwA3mqzlBG2MlRs+Xj4zHegVXyPSnRF2fNcJWVrH11DD5rdxqEEnlRLPiTPgp
+QLJWealXGgMly35XyCQi+exGevBuwVXB1IEwupjJ3VBLwL4Qe7E4Bs8rVeYKMHCO
+Rireug/uaGcG3sY6aJ9irrWa2fnNoE64TOP0aXUp8civDxL2kQS8pt92BQIDAQAB
+oGAwXgYJKoZIhvcNAQkOMVEwTzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIBBjAy
+BgNVHREEKzAphhZ1cm46U29tZS1GYWtlLVNlcnZlci0xgg9ERVNLVE9QLTZQMDc0
+TFIwDQYJKoZIhvcNAQELBQADggEBABj6lJ4v9hCektKk+d2T9lamV9J2MLSktEWe
+HL70fhYF6OeUzhfL0q6xRbBrCYpHt+UwXjYDJcbEUh3uh40sLXGeKXfnEbgwaZy4
+YOl1z1V3HmUg4V4GDhvYhj1Y5PkSzblnrBwqAGol3zWAlkgcHTLI8WJdrutz+lry
+BLubv3R8cHa158bWTnmnH0ThAlVOrELVuIMSZ86WZX2PQH09+v8Xg1Rgva6vOeLa
+DFqRVNcj/dXUjsyQM5XG30dZRfDnG4kBcML1fzCl2YLwLBrT+d6V0NR6BP0gkCs1
+3PshAiIJ0KCeE+iwml4V0th7Of+LF6c4pLvxDQrkd6gDpxy+DUk=
+-----END CERTIFICATE REQUEST-----
diff --git a/test/fixtures/csr/csr2.pem b/test/fixtures/csr/csr2.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDEDCCAfgCAQAwTTELMAkGA1UEBhMCRlIxEDAOBgNVBAcMB09STEVBTlMxETAP
+BgNVBAoMCFN0ZXJmaXZlMRkwFwYDVQQDDBBGYWtlLU9QQ1VBU2VydmVyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJrwfWy0ZAy4hXdtMFmoz4FY+31x
+7cKFSEW1YUrHnfsnmO/rlD7U3InQL6jhIXZQNgPQ+MGc/E/VEJ2d0EzX0Q0gNrcv
+RTXiXsjRaY5oyBK6BWHuiykb45kz7oY3h7hvnAlKbhlib2MeWCOSFLQDEB6zsWKY
+AR5rwA3mqzlBG2MlRs+Xj4zHegVXyPSnRF2fNcJWVrH11DD5rdxqEEnlRLPiTPgp
+QLJWealXGgMly35XyCQi+exGevBuwVXB1IEwupjJ3VBLwL4Qe7E4Bs8rVeYKMHCO
+Rireug/uaGcG3sY6aJ9irrWa2fnNoE64TOP0aXUp8civDxL2kQS8pt92BQIDAQAB
+oH4wfAYJKoZIhvcNAQkOMW8wbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIBBjBQ
+BgNVHREESTBHhhZ1cm46U29tZS1GYWtlLVNlcnZlci0xgg9ERVNLVE9QLTZQMDc0
+TFKHBKweoAGHBKwbAAGHBMCoARKHBKwX8AGHBKwbgAEwDQYJKoZIhvcNAQELBQAD
+ggEBAE+yxWv79IQrKC1INF2QerxvKXm0IrrEG6P2kBnEZpmOS4yTKpIZfxg0zYM5
+ocfBrzc9/XqrZNb1pkd9NHauAhtFrAMPd2oF6uslVWs4sINjk0Vi4ADD+uO/QqXb
+JR2GedevxInLvmmF4c3ZoA0uZPzdcWkUwwF/sn3RLhnTlsN6oTbDi0gsrr/w+3tN
+0kmQVpKr6Cg8au4tSYotyf3m4f9qqiECHvdNdwFLqDiVLwioye2l/3RlAjeNQOiX
+wIUH9H8VfzLiIzJ0lJ7MGzSua9plD5zWK6HrdvKFSVuzT/abgF2cy6dkIgrxSNMT
+zv8Y7pNs/PuPusN5ZHypZ3N3dc8=
+-----END CERTIFICATE REQUEST-----
diff --git a/test/test_explore_csr.ts b/test/test_explore_csr.ts
@@ -0,0 +1,30 @@
+import * as path from "path";
+import { exploreCertificateSigningRequest } from "../source/explore_certificate_signing_request";
+
+import { readCertificateSigningRequest } from "../source_nodejs";
+
+const doDebug = !!process.env.DEBUG;
+
+
+describe("Explore Certificate Signing Request", () => {
+    it("ECSR1- should read and explore a Certificate Signing Request", async () => {
+        const csr1Filename = path.join(__dirname, "fixtures/csr/csr1.pem");
+        const csr1 = await readCertificateSigningRequest(csr1Filename);
+
+        const csrInfo = exploreCertificateSigningRequest(csr1);
+        
+        csrInfo.extensionRequest.subjectAltName.should.eql({
+            uniformResourceIdentifier: [
+                "urn:Some-Fake-Server-1"
+            ],
+            dNSName: [
+                "DESKTOP-6P074LR"
+            ]
+        });
+
+        if (doDebug) {
+            console.log(JSON.stringify(csrInfo,null, " "));
+        }
+    });
+
+});

Original file line number	Diff line number	Diff line change
`@@ -385,7 +385,7 @@ function readExtKeyUsage(oid: string, buffer: Buffer): string {`
`385`	`385`	`-- by extnID`
`386`	`386`	`}`
`387`	`387`	`*/`
`388`		`-function _readExtension(buffer: Buffer, block: BlockInfo) {`
	`388`	`+export function _readExtension(buffer: Buffer, block: BlockInfo) {`
`389`	`389`	`const inner_blocks = _readStruct(buffer, block);`
`390`	`390`
`391`	`391`	`if (inner_blocks.length === 3) {`
`@@ -544,7 +544,7 @@ export interface TbsCertificate {`
`544`	`544`	`extensions: CertificateExtension \| null;`
`545`	`545`	`}`
`546`	`546`
`547`		`-function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertificate {`
	`547`	`+export function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertificate {`
`548`	`548`	`const blocks = _readStruct(buffer, block);`
`549`	`549`
`550`	`550`	`let version, serialNumber, signature, issuer, validity, subject, subjectFingerPrint, subjectPublicKeyInfo, extensions;`
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`export * from "./read";`
`2`	`2`	`export * from "./read_certificate_revocation_list";`
	`3`	`+export * from "./read_certificate_signing_request";`