|
|
- /**
- * Javascript implementation of PKCS#12.
- *
- * @author Dave Longley
- * @author Stefan Siegl <stesie@brokenpipe.de>
- *
- * Copyright (c) 2010-2014 Digital Bazaar, Inc.
- * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
- *
- * The ASN.1 representation of PKCS#12 is as follows
- * (see ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12-tc1.pdf for details)
- *
- * PFX ::= SEQUENCE {
- * version INTEGER {v3(3)}(v3,...),
- * authSafe ContentInfo,
- * macData MacData OPTIONAL
- * }
- *
- * MacData ::= SEQUENCE {
- * mac DigestInfo,
- * macSalt OCTET STRING,
- * iterations INTEGER DEFAULT 1
- * }
- * Note: The iterations default is for historical reasons and its use is
- * deprecated. A higher value, like 1024, is recommended.
- *
- * DigestInfo is defined in PKCS#7 as follows:
- *
- * DigestInfo ::= SEQUENCE {
- * digestAlgorithm DigestAlgorithmIdentifier,
- * digest Digest
- * }
- *
- * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
- *
- * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters
- * for the algorithm, if any. In the case of SHA1 there is none.
- *
- * AlgorithmIdentifer ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL
- * }
- *
- * Digest ::= OCTET STRING
- *
- *
- * ContentInfo ::= SEQUENCE {
- * contentType ContentType,
- * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
- * }
- *
- * ContentType ::= OBJECT IDENTIFIER
- *
- * AuthenticatedSafe ::= SEQUENCE OF ContentInfo
- * -- Data if unencrypted
- * -- EncryptedData if password-encrypted
- * -- EnvelopedData if public key-encrypted
- *
- *
- * SafeContents ::= SEQUENCE OF SafeBag
- *
- * SafeBag ::= SEQUENCE {
- * bagId BAG-TYPE.&id ({PKCS12BagSet})
- * bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}),
- * bagAttributes SET OF PKCS12Attribute OPTIONAL
- * }
- *
- * PKCS12Attribute ::= SEQUENCE {
- * attrId ATTRIBUTE.&id ({PKCS12AttrSet}),
- * attrValues SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})
- * } -- This type is compatible with the X.500 type 'Attribute'
- *
- * PKCS12AttrSet ATTRIBUTE ::= {
- * friendlyName | -- from PKCS #9
- * localKeyId, -- from PKCS #9
- * ... -- Other attributes are allowed
- * }
- *
- * CertBag ::= SEQUENCE {
- * certId BAG-TYPE.&id ({CertTypes}),
- * certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId})
- * }
- *
- * x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {certTypes 1}}
- * -- DER-encoded X.509 certificate stored in OCTET STRING
- *
- * sdsiCertificate BAG-TYPE ::= {IA5String IDENTIFIED BY {certTypes 2}}
- * -- Base64-encoded SDSI certificate stored in IA5String
- *
- * CertTypes BAG-TYPE ::= {
- * x509Certificate |
- * sdsiCertificate,
- * ... -- For future extensions
- * }
- */
- var forge = require('./forge');
- require('./asn1');
- require('./hmac');
- require('./oids');
- require('./pkcs7asn1');
- require('./pbe');
- require('./random');
- require('./rsa');
- require('./sha1');
- require('./util');
- require('./x509');
-
- // shortcut for asn.1 & PKI API
- var asn1 = forge.asn1;
- var pki = forge.pki;
-
- // shortcut for PKCS#12 API
- var p12 = module.exports = forge.pkcs12 = forge.pkcs12 || {};
-
- var contentInfoValidator = {
- name: 'ContentInfo',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SEQUENCE, // a ContentInfo
- constructed: true,
- value: [{
- name: 'ContentInfo.contentType',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.OID,
- constructed: false,
- capture: 'contentType'
- }, {
- name: 'ContentInfo.content',
- tagClass: asn1.Class.CONTEXT_SPECIFIC,
- constructed: true,
- captureAsn1: 'content'
- }]
- };
-
- var pfxValidator = {
- name: 'PFX',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SEQUENCE,
- constructed: true,
- value: [{
- name: 'PFX.version',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.INTEGER,
- constructed: false,
- capture: 'version'
- },
- contentInfoValidator, {
- name: 'PFX.macData',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SEQUENCE,
- constructed: true,
- optional: true,
- captureAsn1: 'mac',
- value: [{
- name: 'PFX.macData.mac',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SEQUENCE, // DigestInfo
- constructed: true,
- value: [{
- name: 'PFX.macData.mac.digestAlgorithm',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SEQUENCE, // DigestAlgorithmIdentifier
- constructed: true,
- value: [{
- name: 'PFX.macData.mac.digestAlgorithm.algorithm',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.OID,
- constructed: false,
- capture: 'macAlgorithm'
- }, {
- name: 'PFX.macData.mac.digestAlgorithm.parameters',
- tagClass: asn1.Class.UNIVERSAL,
- captureAsn1: 'macAlgorithmParameters'
- }]
- }, {
- name: 'PFX.macData.mac.digest',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.OCTETSTRING,
- constructed: false,
- capture: 'macDigest'
- }]
- }, {
- name: 'PFX.macData.macSalt',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.OCTETSTRING,
- constructed: false,
- capture: 'macSalt'
- }, {
- name: 'PFX.macData.iterations',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.INTEGER,
- constructed: false,
- optional: true,
- capture: 'macIterations'
- }]
- }]
- };
-
- var safeBagValidator = {
- name: 'SafeBag',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SEQUENCE,
- constructed: true,
- value: [{
- name: 'SafeBag.bagId',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.OID,
- constructed: false,
- capture: 'bagId'
- }, {
- name: 'SafeBag.bagValue',
- tagClass: asn1.Class.CONTEXT_SPECIFIC,
- constructed: true,
- captureAsn1: 'bagValue'
- }, {
- name: 'SafeBag.bagAttributes',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SET,
- constructed: true,
- optional: true,
- capture: 'bagAttributes'
- }]
- };
-
- var attributeValidator = {
- name: 'Attribute',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SEQUENCE,
- constructed: true,
- value: [{
- name: 'Attribute.attrId',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.OID,
- constructed: false,
- capture: 'oid'
- }, {
- name: 'Attribute.attrValues',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SET,
- constructed: true,
- capture: 'values'
- }]
- };
-
- var certBagValidator = {
- name: 'CertBag',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SEQUENCE,
- constructed: true,
- value: [{
- name: 'CertBag.certId',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.OID,
- constructed: false,
- capture: 'certId'
- }, {
- name: 'CertBag.certValue',
- tagClass: asn1.Class.CONTEXT_SPECIFIC,
- constructed: true,
- /* So far we only support X.509 certificates (which are wrapped in
- an OCTET STRING, hence hard code that here). */
- value: [{
- name: 'CertBag.certValue[0]',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Class.OCTETSTRING,
- constructed: false,
- capture: 'cert'
- }]
- }]
- };
-
- /**
- * Search SafeContents structure for bags with matching attributes.
- *
- * The search can optionally be narrowed by a certain bag type.
- *
- * @param safeContents the SafeContents structure to search in.
- * @param attrName the name of the attribute to compare against.
- * @param attrValue the attribute value to search for.
- * @param [bagType] bag type to narrow search by.
- *
- * @return an array of matching bags.
- */
- function _getBagsByAttribute(safeContents, attrName, attrValue, bagType) {
- var result = [];
-
- for(var i = 0; i < safeContents.length; i++) {
- for(var j = 0; j < safeContents[i].safeBags.length; j++) {
- var bag = safeContents[i].safeBags[j];
- if(bagType !== undefined && bag.type !== bagType) {
- continue;
- }
- // only filter by bag type, no attribute specified
- if(attrName === null) {
- result.push(bag);
- continue;
- }
- if(bag.attributes[attrName] !== undefined &&
- bag.attributes[attrName].indexOf(attrValue) >= 0) {
- result.push(bag);
- }
- }
- }
-
- return result;
- }
-
- /**
- * Converts a PKCS#12 PFX in ASN.1 notation into a PFX object.
- *
- * @param obj The PKCS#12 PFX in ASN.1 notation.
- * @param strict true to use strict DER decoding, false not to (default: true).
- * @param {String} password Password to decrypt with (optional).
- *
- * @return PKCS#12 PFX object.
- */
- p12.pkcs12FromAsn1 = function(obj, strict, password) {
- // handle args
- if(typeof strict === 'string') {
- password = strict;
- strict = true;
- } else if(strict === undefined) {
- strict = true;
- }
-
- // validate PFX and capture data
- var capture = {};
- var errors = [];
- if(!asn1.validate(obj, pfxValidator, capture, errors)) {
- var error = new Error('Cannot read PKCS#12 PFX. ' +
- 'ASN.1 object is not an PKCS#12 PFX.');
- error.errors = error;
- throw error;
- }
-
- var pfx = {
- version: capture.version.charCodeAt(0),
- safeContents: [],
-
- /**
- * Gets bags with matching attributes.
- *
- * @param filter the attributes to filter by:
- * [localKeyId] the localKeyId to search for.
- * [localKeyIdHex] the localKeyId in hex to search for.
- * [friendlyName] the friendly name to search for.
- * [bagType] bag type to narrow each attribute search by.
- *
- * @return a map of attribute type to an array of matching bags or, if no
- * attribute was given but a bag type, the map key will be the
- * bag type.
- */
- getBags: function(filter) {
- var rval = {};
-
- var localKeyId;
- if('localKeyId' in filter) {
- localKeyId = filter.localKeyId;
- } else if('localKeyIdHex' in filter) {
- localKeyId = forge.util.hexToBytes(filter.localKeyIdHex);
- }
-
- // filter on bagType only
- if(localKeyId === undefined && !('friendlyName' in filter) &&
- 'bagType' in filter) {
- rval[filter.bagType] = _getBagsByAttribute(
- pfx.safeContents, null, null, filter.bagType);
- }
-
- if(localKeyId !== undefined) {
- rval.localKeyId = _getBagsByAttribute(
- pfx.safeContents, 'localKeyId',
- localKeyId, filter.bagType);
- }
- if('friendlyName' in filter) {
- rval.friendlyName = _getBagsByAttribute(
- pfx.safeContents, 'friendlyName',
- filter.friendlyName, filter.bagType);
- }
-
- return rval;
- },
-
- /**
- * DEPRECATED: use getBags() instead.
- *
- * Get bags with matching friendlyName attribute.
- *
- * @param friendlyName the friendly name to search for.
- * @param [bagType] bag type to narrow search by.
- *
- * @return an array of bags with matching friendlyName attribute.
- */
- getBagsByFriendlyName: function(friendlyName, bagType) {
- return _getBagsByAttribute(
- pfx.safeContents, 'friendlyName', friendlyName, bagType);
- },
-
- /**
- * DEPRECATED: use getBags() instead.
- *
- * Get bags with matching localKeyId attribute.
- *
- * @param localKeyId the localKeyId to search for.
- * @param [bagType] bag type to narrow search by.
- *
- * @return an array of bags with matching localKeyId attribute.
- */
- getBagsByLocalKeyId: function(localKeyId, bagType) {
- return _getBagsByAttribute(
- pfx.safeContents, 'localKeyId', localKeyId, bagType);
- }
- };
-
- if(capture.version.charCodeAt(0) !== 3) {
- var error = new Error('PKCS#12 PFX of version other than 3 not supported.');
- error.version = capture.version.charCodeAt(0);
- throw error;
- }
-
- if(asn1.derToOid(capture.contentType) !== pki.oids.data) {
- var error = new Error('Only PKCS#12 PFX in password integrity mode supported.');
- error.oid = asn1.derToOid(capture.contentType);
- throw error;
- }
-
- var data = capture.content.value[0];
- if(data.tagClass !== asn1.Class.UNIVERSAL ||
- data.type !== asn1.Type.OCTETSTRING) {
- throw new Error('PKCS#12 authSafe content data is not an OCTET STRING.');
- }
- data = _decodePkcs7Data(data);
-
- // check for MAC
- if(capture.mac) {
- var md = null;
- var macKeyBytes = 0;
- var macAlgorithm = asn1.derToOid(capture.macAlgorithm);
- switch(macAlgorithm) {
- case pki.oids.sha1:
- md = forge.md.sha1.create();
- macKeyBytes = 20;
- break;
- case pki.oids.sha256:
- md = forge.md.sha256.create();
- macKeyBytes = 32;
- break;
- case pki.oids.sha384:
- md = forge.md.sha384.create();
- macKeyBytes = 48;
- break;
- case pki.oids.sha512:
- md = forge.md.sha512.create();
- macKeyBytes = 64;
- break;
- case pki.oids.md5:
- md = forge.md.md5.create();
- macKeyBytes = 16;
- break;
- }
- if(md === null) {
- throw new Error('PKCS#12 uses unsupported MAC algorithm: ' + macAlgorithm);
- }
-
- // verify MAC (iterations default to 1)
- var macSalt = new forge.util.ByteBuffer(capture.macSalt);
- var macIterations = (('macIterations' in capture) ?
- parseInt(forge.util.bytesToHex(capture.macIterations), 16) : 1);
- var macKey = p12.generateKey(
- password, macSalt, 3, macIterations, macKeyBytes, md);
- var mac = forge.hmac.create();
- mac.start(md, macKey);
- mac.update(data.value);
- var macValue = mac.getMac();
- if(macValue.getBytes() !== capture.macDigest) {
- throw new Error('PKCS#12 MAC could not be verified. Invalid password?');
- }
- }
-
- _decodeAuthenticatedSafe(pfx, data.value, strict, password);
- return pfx;
- };
-
- /**
- * Decodes PKCS#7 Data. PKCS#7 (RFC 2315) defines "Data" as an OCTET STRING,
- * but it is sometimes an OCTET STRING that is composed/constructed of chunks,
- * each its own OCTET STRING. This is BER-encoding vs. DER-encoding. This
- * function transforms this corner-case into the usual simple,
- * non-composed/constructed OCTET STRING.
- *
- * This function may be moved to ASN.1 at some point to better deal with
- * more BER-encoding issues, should they arise.
- *
- * @param data the ASN.1 Data object to transform.
- */
- function _decodePkcs7Data(data) {
- // handle special case of "chunked" data content: an octet string composed
- // of other octet strings
- if(data.composed || data.constructed) {
- var value = forge.util.createBuffer();
- for(var i = 0; i < data.value.length; ++i) {
- value.putBytes(data.value[i].value);
- }
- data.composed = data.constructed = false;
- data.value = value.getBytes();
- }
- return data;
- }
-
- /**
- * Decode PKCS#12 AuthenticatedSafe (BER encoded) into PFX object.
- *
- * The AuthenticatedSafe is a BER-encoded SEQUENCE OF ContentInfo.
- *
- * @param pfx The PKCS#12 PFX object to fill.
- * @param {String} authSafe BER-encoded AuthenticatedSafe.
- * @param strict true to use strict DER decoding, false not to.
- * @param {String} password Password to decrypt with (optional).
- */
- function _decodeAuthenticatedSafe(pfx, authSafe, strict, password) {
- authSafe = asn1.fromDer(authSafe, strict); /* actually it's BER encoded */
-
- if(authSafe.tagClass !== asn1.Class.UNIVERSAL ||
- authSafe.type !== asn1.Type.SEQUENCE ||
- authSafe.constructed !== true) {
- throw new Error('PKCS#12 AuthenticatedSafe expected to be a ' +
- 'SEQUENCE OF ContentInfo');
- }
-
- for(var i = 0; i < authSafe.value.length; i++) {
- var contentInfo = authSafe.value[i];
-
- // validate contentInfo and capture data
- var capture = {};
- var errors = [];
- if(!asn1.validate(contentInfo, contentInfoValidator, capture, errors)) {
- var error = new Error('Cannot read ContentInfo.');
- error.errors = errors;
- throw error;
- }
-
- var obj = {
- encrypted: false
- };
- var safeContents = null;
- var data = capture.content.value[0];
- switch(asn1.derToOid(capture.contentType)) {
- case pki.oids.data:
- if(data.tagClass !== asn1.Class.UNIVERSAL ||
- data.type !== asn1.Type.OCTETSTRING) {
- throw new Error('PKCS#12 SafeContents Data is not an OCTET STRING.');
- }
- safeContents = _decodePkcs7Data(data).value;
- break;
- case pki.oids.encryptedData:
- safeContents = _decryptSafeContents(data, password);
- obj.encrypted = true;
- break;
- default:
- var error = new Error('Unsupported PKCS#12 contentType.');
- error.contentType = asn1.derToOid(capture.contentType);
- throw error;
- }
-
- obj.safeBags = _decodeSafeContents(safeContents, strict, password);
- pfx.safeContents.push(obj);
- }
- }
-
- /**
- * Decrypt PKCS#7 EncryptedData structure.
- *
- * @param data ASN.1 encoded EncryptedContentInfo object.
- * @param password The user-provided password.
- *
- * @return The decrypted SafeContents (ASN.1 object).
- */
- function _decryptSafeContents(data, password) {
- var capture = {};
- var errors = [];
- if(!asn1.validate(
- data, forge.pkcs7.asn1.encryptedDataValidator, capture, errors)) {
- var error = new Error('Cannot read EncryptedContentInfo.');
- error.errors = errors;
- throw error;
- }
-
- var oid = asn1.derToOid(capture.contentType);
- if(oid !== pki.oids.data) {
- var error = new Error(
- 'PKCS#12 EncryptedContentInfo ContentType is not Data.');
- error.oid = oid;
- throw error;
- }
-
- // get cipher
- oid = asn1.derToOid(capture.encAlgorithm);
- var cipher = pki.pbe.getCipher(oid, capture.encParameter, password);
-
- // get encrypted data
- var encryptedContentAsn1 = _decodePkcs7Data(capture.encryptedContentAsn1);
- var encrypted = forge.util.createBuffer(encryptedContentAsn1.value);
-
- cipher.update(encrypted);
- if(!cipher.finish()) {
- throw new Error('Failed to decrypt PKCS#12 SafeContents.');
- }
-
- return cipher.output.getBytes();
- }
-
- /**
- * Decode PKCS#12 SafeContents (BER-encoded) into array of Bag objects.
- *
- * The safeContents is a BER-encoded SEQUENCE OF SafeBag.
- *
- * @param {String} safeContents BER-encoded safeContents.
- * @param strict true to use strict DER decoding, false not to.
- * @param {String} password Password to decrypt with (optional).
- *
- * @return {Array} Array of Bag objects.
- */
- function _decodeSafeContents(safeContents, strict, password) {
- // if strict and no safe contents, return empty safes
- if(!strict && safeContents.length === 0) {
- return [];
- }
-
- // actually it's BER-encoded
- safeContents = asn1.fromDer(safeContents, strict);
-
- if(safeContents.tagClass !== asn1.Class.UNIVERSAL ||
- safeContents.type !== asn1.Type.SEQUENCE ||
- safeContents.constructed !== true) {
- throw new Error(
- 'PKCS#12 SafeContents expected to be a SEQUENCE OF SafeBag.');
- }
-
- var res = [];
- for(var i = 0; i < safeContents.value.length; i++) {
- var safeBag = safeContents.value[i];
-
- // validate SafeBag and capture data
- var capture = {};
- var errors = [];
- if(!asn1.validate(safeBag, safeBagValidator, capture, errors)) {
- var error = new Error('Cannot read SafeBag.');
- error.errors = errors;
- throw error;
- }
-
- /* Create bag object and push to result array. */
- var bag = {
- type: asn1.derToOid(capture.bagId),
- attributes: _decodeBagAttributes(capture.bagAttributes)
- };
- res.push(bag);
-
- var validator, decoder;
- var bagAsn1 = capture.bagValue.value[0];
- switch(bag.type) {
- case pki.oids.pkcs8ShroudedKeyBag:
- /* bagAsn1 has a EncryptedPrivateKeyInfo, which we need to decrypt.
- Afterwards we can handle it like a keyBag,
- which is a PrivateKeyInfo. */
- bagAsn1 = pki.decryptPrivateKeyInfo(bagAsn1, password);
- if(bagAsn1 === null) {
- throw new Error(
- 'Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password?');
- }
-
- /* fall through */
- case pki.oids.keyBag:
- /* A PKCS#12 keyBag is a simple PrivateKeyInfo as understood by our
- PKI module, hence we don't have to do validation/capturing here,
- just pass what we already got. */
- try {
- bag.key = pki.privateKeyFromAsn1(bagAsn1);
- } catch(e) {
- // ignore unknown key type, pass asn1 value
- bag.key = null;
- bag.asn1 = bagAsn1;
- }
- continue; /* Nothing more to do. */
-
- case pki.oids.certBag:
- /* A PKCS#12 certBag can wrap both X.509 and sdsi certificates.
- Therefore put the SafeBag content through another validator to
- capture the fields. Afterwards check & store the results. */
- validator = certBagValidator;
- decoder = function() {
- if(asn1.derToOid(capture.certId) !== pki.oids.x509Certificate) {
- var error = new Error(
- 'Unsupported certificate type, only X.509 supported.');
- error.oid = asn1.derToOid(capture.certId);
- throw error;
- }
-
- // true=produce cert hash
- var certAsn1 = asn1.fromDer(capture.cert, strict);
- try {
- bag.cert = pki.certificateFromAsn1(certAsn1, true);
- } catch(e) {
- // ignore unknown cert type, pass asn1 value
- bag.cert = null;
- bag.asn1 = certAsn1;
- }
- };
- break;
-
- default:
- var error = new Error('Unsupported PKCS#12 SafeBag type.');
- error.oid = bag.type;
- throw error;
- }
-
- /* Validate SafeBag value (i.e. CertBag, etc.) and capture data if needed. */
- if(validator !== undefined &&
- !asn1.validate(bagAsn1, validator, capture, errors)) {
- var error = new Error('Cannot read PKCS#12 ' + validator.name);
- error.errors = errors;
- throw error;
- }
-
- /* Call decoder function from above to store the results. */
- decoder();
- }
-
- return res;
- }
-
- /**
- * Decode PKCS#12 SET OF PKCS12Attribute into JavaScript object.
- *
- * @param attributes SET OF PKCS12Attribute (ASN.1 object).
- *
- * @return the decoded attributes.
- */
- function _decodeBagAttributes(attributes) {
- var decodedAttrs = {};
-
- if(attributes !== undefined) {
- for(var i = 0; i < attributes.length; ++i) {
- var capture = {};
- var errors = [];
- if(!asn1.validate(attributes[i], attributeValidator, capture, errors)) {
- var error = new Error('Cannot read PKCS#12 BagAttribute.');
- error.errors = errors;
- throw error;
- }
-
- var oid = asn1.derToOid(capture.oid);
- if(pki.oids[oid] === undefined) {
- // unsupported attribute type, ignore.
- continue;
- }
-
- decodedAttrs[pki.oids[oid]] = [];
- for(var j = 0; j < capture.values.length; ++j) {
- decodedAttrs[pki.oids[oid]].push(capture.values[j].value);
- }
- }
- }
-
- return decodedAttrs;
- }
-
- /**
- * Wraps a private key and certificate in a PKCS#12 PFX wrapper. If a
- * password is provided then the private key will be encrypted.
- *
- * An entire certificate chain may also be included. To do this, pass
- * an array for the "cert" parameter where the first certificate is
- * the one that is paired with the private key and each subsequent one
- * verifies the previous one. The certificates may be in PEM format or
- * have been already parsed by Forge.
- *
- * @todo implement password-based-encryption for the whole package
- *
- * @param key the private key.
- * @param cert the certificate (may be an array of certificates in order
- * to specify a certificate chain).
- * @param password the password to use, null for none.
- * @param options:
- * algorithm the encryption algorithm to use
- * ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'.
- * count the iteration count to use.
- * saltSize the salt size to use.
- * useMac true to include a MAC, false not to, defaults to true.
- * localKeyId the local key ID to use, in hex.
- * friendlyName the friendly name to use.
- * generateLocalKeyId true to generate a random local key ID,
- * false not to, defaults to true.
- *
- * @return the PKCS#12 PFX ASN.1 object.
- */
- p12.toPkcs12Asn1 = function(key, cert, password, options) {
- // set default options
- options = options || {};
- options.saltSize = options.saltSize || 8;
- options.count = options.count || 2048;
- options.algorithm = options.algorithm || options.encAlgorithm || 'aes128';
- if(!('useMac' in options)) {
- options.useMac = true;
- }
- if(!('localKeyId' in options)) {
- options.localKeyId = null;
- }
- if(!('generateLocalKeyId' in options)) {
- options.generateLocalKeyId = true;
- }
-
- var localKeyId = options.localKeyId;
- var bagAttrs;
- if(localKeyId !== null) {
- localKeyId = forge.util.hexToBytes(localKeyId);
- } else if(options.generateLocalKeyId) {
- // use SHA-1 of paired cert, if available
- if(cert) {
- var pairedCert = forge.util.isArray(cert) ? cert[0] : cert;
- if(typeof pairedCert === 'string') {
- pairedCert = pki.certificateFromPem(pairedCert);
- }
- var sha1 = forge.md.sha1.create();
- sha1.update(asn1.toDer(pki.certificateToAsn1(pairedCert)).getBytes());
- localKeyId = sha1.digest().getBytes();
- } else {
- // FIXME: consider using SHA-1 of public key (which can be generated
- // from private key components), see: cert.generateSubjectKeyIdentifier
- // generate random bytes
- localKeyId = forge.random.getBytes(20);
- }
- }
-
- var attrs = [];
- if(localKeyId !== null) {
- attrs.push(
- // localKeyID
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // attrId
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
- asn1.oidToDer(pki.oids.localKeyId).getBytes()),
- // attrValues
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
- localKeyId)
- ])
- ]));
- }
- if('friendlyName' in options) {
- attrs.push(
- // friendlyName
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // attrId
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
- asn1.oidToDer(pki.oids.friendlyName).getBytes()),
- // attrValues
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BMPSTRING, false,
- options.friendlyName)
- ])
- ]));
- }
-
- if(attrs.length > 0) {
- bagAttrs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, attrs);
- }
-
- // collect contents for AuthenticatedSafe
- var contents = [];
-
- // create safe bag(s) for certificate chain
- var chain = [];
- if(cert !== null) {
- if(forge.util.isArray(cert)) {
- chain = cert;
- } else {
- chain = [cert];
- }
- }
-
- var certSafeBags = [];
- for(var i = 0; i < chain.length; ++i) {
- // convert cert from PEM as necessary
- cert = chain[i];
- if(typeof cert === 'string') {
- cert = pki.certificateFromPem(cert);
- }
-
- // SafeBag
- var certBagAttrs = (i === 0) ? bagAttrs : undefined;
- var certAsn1 = pki.certificateToAsn1(cert);
- var certSafeBag =
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // bagId
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
- asn1.oidToDer(pki.oids.certBag).getBytes()),
- // bagValue
- asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
- // CertBag
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // certId
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
- asn1.oidToDer(pki.oids.x509Certificate).getBytes()),
- // certValue (x509Certificate)
- asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
- asn1.create(
- asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
- asn1.toDer(certAsn1).getBytes())
- ])])]),
- // bagAttributes (OPTIONAL)
- certBagAttrs
- ]);
- certSafeBags.push(certSafeBag);
- }
-
- if(certSafeBags.length > 0) {
- // SafeContents
- var certSafeContents = asn1.create(
- asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, certSafeBags);
-
- // ContentInfo
- var certCI =
- // PKCS#7 ContentInfo
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // contentType
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
- // OID for the content type is 'data'
- asn1.oidToDer(pki.oids.data).getBytes()),
- // content
- asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
- asn1.create(
- asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
- asn1.toDer(certSafeContents).getBytes())
- ])
- ]);
- contents.push(certCI);
- }
-
- // create safe contents for private key
- var keyBag = null;
- if(key !== null) {
- // SafeBag
- var pkAsn1 = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(key));
- if(password === null) {
- // no encryption
- keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // bagId
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
- asn1.oidToDer(pki.oids.keyBag).getBytes()),
- // bagValue
- asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
- // PrivateKeyInfo
- pkAsn1
- ]),
- // bagAttributes (OPTIONAL)
- bagAttrs
- ]);
- } else {
- // encrypted PrivateKeyInfo
- keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // bagId
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
- asn1.oidToDer(pki.oids.pkcs8ShroudedKeyBag).getBytes()),
- // bagValue
- asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
- // EncryptedPrivateKeyInfo
- pki.encryptPrivateKeyInfo(pkAsn1, password, options)
- ]),
- // bagAttributes (OPTIONAL)
- bagAttrs
- ]);
- }
-
- // SafeContents
- var keySafeContents =
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [keyBag]);
-
- // ContentInfo
- var keyCI =
- // PKCS#7 ContentInfo
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // contentType
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
- // OID for the content type is 'data'
- asn1.oidToDer(pki.oids.data).getBytes()),
- // content
- asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
- asn1.create(
- asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
- asn1.toDer(keySafeContents).getBytes())
- ])
- ]);
- contents.push(keyCI);
- }
-
- // create AuthenticatedSafe by stringing together the contents
- var safe = asn1.create(
- asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, contents);
-
- var macData;
- if(options.useMac) {
- // MacData
- var sha1 = forge.md.sha1.create();
- var macSalt = new forge.util.ByteBuffer(
- forge.random.getBytes(options.saltSize));
- var count = options.count;
- // 160-bit key
- var key = p12.generateKey(password, macSalt, 3, count, 20);
- var mac = forge.hmac.create();
- mac.start(sha1, key);
- mac.update(asn1.toDer(safe).getBytes());
- var macValue = mac.getMac();
- macData = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // mac DigestInfo
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // digestAlgorithm
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // algorithm = SHA-1
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
- asn1.oidToDer(pki.oids.sha1).getBytes()),
- // parameters = Null
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
- ]),
- // digest
- asn1.create(
- asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING,
- false, macValue.getBytes())
- ]),
- // macSalt OCTET STRING
- asn1.create(
- asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, macSalt.getBytes()),
- // iterations INTEGER (XXX: Only support count < 65536)
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
- asn1.integerToDer(count).getBytes()
- )
- ]);
- }
-
- // PFX
- return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // version (3)
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
- asn1.integerToDer(3).getBytes()),
- // PKCS#7 ContentInfo
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // contentType
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
- // OID for the content type is 'data'
- asn1.oidToDer(pki.oids.data).getBytes()),
- // content
- asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
- asn1.create(
- asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
- asn1.toDer(safe).getBytes())
- ])
- ]),
- macData
- ]);
- };
-
- /**
- * Derives a PKCS#12 key.
- *
- * @param password the password to derive the key material from, null or
- * undefined for none.
- * @param salt the salt, as a ByteBuffer, to use.
- * @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).
- * @param iter the iteration count.
- * @param n the number of bytes to derive from the password.
- * @param md the message digest to use, defaults to SHA-1.
- *
- * @return a ByteBuffer with the bytes derived from the password.
- */
- p12.generateKey = forge.pbe.generatePkcs12Key;
|