tentakelfabrik
/
tiny-consent
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
18 MiB
Tree: f184cd7e2a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f184cd7e2a'
${ noResults }
tiny-consent/node_modules/node-forge/lib/pkcs7asn1.js

409 lines
11 KiB
Raw Normal View History

adding
4 years ago
 
  1. /**
  2.  * Javascript implementation of ASN.1 validators for PKCS#7 v1.5.
  3.  *
  4.  * @author Dave Longley
  5.  * @author Stefan Siegl
  6.  *
  7.  * Copyright (c) 2012-2015 Digital Bazaar, Inc.
  8.  * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
  9.  *
  10.  * The ASN.1 representation of PKCS#7 is as follows
  11.  * (see RFC #2315 for details, http://www.ietf.org/rfc/rfc2315.txt):

  12.  *
  13.  * A PKCS#7 message consists of a ContentInfo on root level, which may
  14.  * contain any number of further ContentInfo nested into it.
  15.  *
  16.  * ContentInfo ::= SEQUENCE {
  17.  *   contentType                ContentType,
  18.  *   content               [0]  EXPLICIT ANY DEFINED BY contentType OPTIONAL
  19.  * }
  20.  *
  21.  * ContentType ::= OBJECT IDENTIFIER
  22.  *
  23.  * EnvelopedData ::= SEQUENCE {
  24.  *   version                    Version,
  25.  *   recipientInfos             RecipientInfos,
  26.  *   encryptedContentInfo       EncryptedContentInfo
  27.  * }
  28.  *
  29.  * EncryptedData ::= SEQUENCE {
  30.  *   version                    Version,
  31.  *   encryptedContentInfo       EncryptedContentInfo
  32.  * }
  33.  *
  34.  * id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
  35.  *   us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
  36.  *
  37.  * SignedData ::= SEQUENCE {
  38.  *   version           INTEGER,
  39.  *   digestAlgorithms  DigestAlgorithmIdentifiers,
  40.  *   contentInfo       ContentInfo,
  41.  *   certificates      [0] IMPLICIT Certificates OPTIONAL,
  42.  *   crls              [1] IMPLICIT CertificateRevocationLists OPTIONAL,
  43.  *   signerInfos       SignerInfos
  44.  * }
  45.  *
  46.  * SignerInfos ::= SET OF SignerInfo
  47.  *
  48.  * SignerInfo ::= SEQUENCE {
  49.  *   version                    Version,
  50.  *   issuerAndSerialNumber      IssuerAndSerialNumber,
  51.  *   digestAlgorithm            DigestAlgorithmIdentifier,
  52.  *   authenticatedAttributes    [0] IMPLICIT Attributes OPTIONAL,
  53.  *   digestEncryptionAlgorithm  DigestEncryptionAlgorithmIdentifier,
  54.  *   encryptedDigest            EncryptedDigest,
  55.  *   unauthenticatedAttributes  [1] IMPLICIT Attributes OPTIONAL
  56.  * }
  57.  *
  58.  * EncryptedDigest ::= OCTET STRING
  59.  *
  60.  * Attributes ::= SET OF Attribute
  61.  *
  62.  * Attribute ::= SEQUENCE {
  63.  *   attrType    OBJECT IDENTIFIER,
  64.  *   attrValues  SET OF AttributeValue
  65.  * }
  66.  *
  67.  * AttributeValue ::= ANY
  68.  *
  69.  * Version ::= INTEGER
  70.  *
  71.  * RecipientInfos ::= SET OF RecipientInfo
  72.  *
  73.  * EncryptedContentInfo ::= SEQUENCE {
  74.  *   contentType                 ContentType,
  75.  *   contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,
  76.  *   encryptedContent       [0]  IMPLICIT EncryptedContent OPTIONAL
  77.  * }
  78.  *
  79.  * ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
  80.  *
  81.  * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters
  82.  * for the algorithm, if any. In the case of AES and DES3, there is only one,
  83.  * the IV.
  84.  *
  85.  * AlgorithmIdentifer ::= SEQUENCE {
  86.  *    algorithm OBJECT IDENTIFIER,
  87.  *    parameters ANY DEFINED BY algorithm OPTIONAL
  88.  * }
  89.  *
  90.  * EncryptedContent ::= OCTET STRING
  91.  *
  92.  * RecipientInfo ::= SEQUENCE {
  93.  *   version                     Version,
  94.  *   issuerAndSerialNumber       IssuerAndSerialNumber,
  95.  *   keyEncryptionAlgorithm      KeyEncryptionAlgorithmIdentifier,
  96.  *   encryptedKey                EncryptedKey
  97.  * }
  98.  *
  99.  * IssuerAndSerialNumber ::= SEQUENCE {
  100.  *   issuer                      Name,
  101.  *   serialNumber                CertificateSerialNumber
  102.  * }
  103.  *
  104.  * CertificateSerialNumber ::= INTEGER
  105.  *
  106.  * KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
  107.  *
  108.  * EncryptedKey ::= OCTET STRING
  109.  */
  110. var forge = require('./forge');
  111. require('./asn1');
  112. require('./util');
  113. 

  114. // shortcut for ASN.1 API

  115. var asn1 = forge.asn1;
  116. 

  117. // shortcut for PKCS#7 API

  118. var p7v = module.exports = forge.pkcs7asn1 = forge.pkcs7asn1 || {};
  119. forge.pkcs7 = forge.pkcs7 || {};
  120. forge.pkcs7.asn1 = p7v;
  121. 

  122. var contentInfoValidator = {
  123.   name: 'ContentInfo',
  124.   tagClass: asn1.Class.UNIVERSAL,
  125.   type: asn1.Type.SEQUENCE,
  126.   constructed: true,
  127.   value: [{
  128.     name: 'ContentInfo.ContentType',
  129.     tagClass: asn1.Class.UNIVERSAL,
  130.     type: asn1.Type.OID,
  131.     constructed: false,
  132.     capture: 'contentType'
  133.   }, {
  134.     name: 'ContentInfo.content',
  135.     tagClass: asn1.Class.CONTEXT_SPECIFIC,
  136.     type: 0,
  137.     constructed: true,
  138.     optional: true,
  139.     captureAsn1: 'content'
  140.   }]
  141. };
  142. p7v.contentInfoValidator = contentInfoValidator;
  143. 

  144. var encryptedContentInfoValidator = {
  145.   name: 'EncryptedContentInfo',
  146.   tagClass: asn1.Class.UNIVERSAL,
  147.   type: asn1.Type.SEQUENCE,
  148.   constructed: true,
  149.   value: [{
  150.     name: 'EncryptedContentInfo.contentType',
  151.     tagClass: asn1.Class.UNIVERSAL,
  152.     type: asn1.Type.OID,
  153.     constructed: false,
  154.     capture: 'contentType'
  155.   }, {
  156.     name: 'EncryptedContentInfo.contentEncryptionAlgorithm',
  157.     tagClass: asn1.Class.UNIVERSAL,
  158.     type: asn1.Type.SEQUENCE,
  159.     constructed: true,
  160.     value: [{
  161.       name: 'EncryptedContentInfo.contentEncryptionAlgorithm.algorithm',
  162.       tagClass: asn1.Class.UNIVERSAL,
  163.       type: asn1.Type.OID,
  164.       constructed: false,
  165.       capture: 'encAlgorithm'
  166.     }, {
  167.       name: 'EncryptedContentInfo.contentEncryptionAlgorithm.parameter',
  168.       tagClass: asn1.Class.UNIVERSAL,
  169.       captureAsn1: 'encParameter'
  170.     }]
  171.   }, {
  172.     name: 'EncryptedContentInfo.encryptedContent',
  173.     tagClass: asn1.Class.CONTEXT_SPECIFIC,
  174.     type: 0,
  175.     /* The PKCS#7 structure output by OpenSSL somewhat differs from what
  176.      * other implementations do generate.
  177.      *
  178.      * OpenSSL generates a structure like this:
  179.      * SEQUENCE {
  180.      *    ...
  181.      *    [0]
  182.      *       26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38
  183.      *       C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45
  184.      *       ...
  185.      * }
  186.      *
  187.      * Whereas other implementations (and this PKCS#7 module) generate:
  188.      * SEQUENCE {
  189.      *    ...
  190.      *    [0] {
  191.      *       OCTET STRING
  192.      *          26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38
  193.      *          C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45
  194.      *          ...
  195.      *    }
  196.      * }
  197.      *
  198.      * In order to support both, we just capture the context specific
  199.      * field here.  The OCTET STRING bit is removed below.
  200.      */
  201.     capture: 'encryptedContent',
  202.     captureAsn1: 'encryptedContentAsn1'
  203.   }]
  204. };
  205. 

  206. p7v.envelopedDataValidator = {
  207.   name: 'EnvelopedData',
  208.   tagClass: asn1.Class.UNIVERSAL,
  209.   type: asn1.Type.SEQUENCE,
  210.   constructed: true,
  211.   value: [{
  212.     name: 'EnvelopedData.Version',
  213.     tagClass: asn1.Class.UNIVERSAL,
  214.     type: asn1.Type.INTEGER,
  215.     constructed: false,
  216.     capture: 'version'
  217.   }, {
  218.     name: 'EnvelopedData.RecipientInfos',
  219.     tagClass: asn1.Class.UNIVERSAL,
  220.     type: asn1.Type.SET,
  221.     constructed: true,
  222.     captureAsn1: 'recipientInfos'
  223.   }].concat(encryptedContentInfoValidator)
  224. };
  225. 

  226. p7v.encryptedDataValidator = {
  227.   name: 'EncryptedData',
  228.   tagClass: asn1.Class.UNIVERSAL,
  229.   type: asn1.Type.SEQUENCE,
  230.   constructed: true,
  231.   value: [{
  232.     name: 'EncryptedData.Version',
  233.     tagClass: asn1.Class.UNIVERSAL,
  234.     type: asn1.Type.INTEGER,
  235.     constructed: false,
  236.     capture: 'version'
  237.   }].concat(encryptedContentInfoValidator)
  238. };
  239. 

  240. var signerValidator = {
  241.   name: 'SignerInfo',
  242.   tagClass: asn1.Class.UNIVERSAL,
  243.   type: asn1.Type.SEQUENCE,
  244.   constructed: true,
  245.   value: [{
  246.     name: 'SignerInfo.version',
  247.     tagClass: asn1.Class.UNIVERSAL,
  248.     type: asn1.Type.INTEGER,
  249.     constructed: false
  250.   }, {
  251.     name: 'SignerInfo.issuerAndSerialNumber',
  252.     tagClass: asn1.Class.UNIVERSAL,
  253.     type: asn1.Type.SEQUENCE,
  254.     constructed: true,
  255.     value: [{
  256.       name: 'SignerInfo.issuerAndSerialNumber.issuer',
  257.       tagClass: asn1.Class.UNIVERSAL,
  258.       type: asn1.Type.SEQUENCE,
  259.       constructed: true,
  260.       captureAsn1: 'issuer'
  261.     }, {
  262.       name: 'SignerInfo.issuerAndSerialNumber.serialNumber',
  263.       tagClass: asn1.Class.UNIVERSAL,
  264.       type: asn1.Type.INTEGER,
  265.       constructed: false,
  266.       capture: 'serial'
  267.     }]
  268.   }, {
  269.     name: 'SignerInfo.digestAlgorithm',
  270.     tagClass: asn1.Class.UNIVERSAL,
  271.     type: asn1.Type.SEQUENCE,
  272.     constructed: true,
  273.     value: [{
  274.       name: 'SignerInfo.digestAlgorithm.algorithm',
  275.       tagClass: asn1.Class.UNIVERSAL,
  276.       type: asn1.Type.OID,
  277.       constructed: false,
  278.       capture: 'digestAlgorithm'
  279.     }, {
  280.       name: 'SignerInfo.digestAlgorithm.parameter',
  281.       tagClass: asn1.Class.UNIVERSAL,
  282.       constructed: false,
  283.       captureAsn1: 'digestParameter',
  284.       optional: true
  285.     }]
  286.   }, {
  287.     name: 'SignerInfo.authenticatedAttributes',
  288.     tagClass: asn1.Class.CONTEXT_SPECIFIC,
  289.     type: 0,
  290.     constructed: true,
  291.     optional: true,
  292.     capture: 'authenticatedAttributes'
  293.   }, {
  294.     name: 'SignerInfo.digestEncryptionAlgorithm',
  295.     tagClass: asn1.Class.UNIVERSAL,
  296.     type: asn1.Type.SEQUENCE,
  297.     constructed: true,
  298.     capture: 'signatureAlgorithm'
  299.   }, {
  300.     name: 'SignerInfo.encryptedDigest',
  301.     tagClass: asn1.Class.UNIVERSAL,
  302.     type: asn1.Type.OCTETSTRING,
  303.     constructed: false,
  304.     capture: 'signature'
  305.   }, {
  306.     name: 'SignerInfo.unauthenticatedAttributes',
  307.     tagClass: asn1.Class.CONTEXT_SPECIFIC,
  308.     type: 1,
  309.     constructed: true,
  310.     optional: true,
  311.     capture: 'unauthenticatedAttributes'
  312.   }]
  313. };
  314. 

  315. p7v.signedDataValidator = {
  316.   name: 'SignedData',
  317.   tagClass: asn1.Class.UNIVERSAL,
  318.   type: asn1.Type.SEQUENCE,
  319.   constructed: true,
  320.   value: [{
  321.     name: 'SignedData.Version',
  322.     tagClass: asn1.Class.UNIVERSAL,
  323.     type: asn1.Type.INTEGER,
  324.     constructed: false,
  325.     capture: 'version'
  326.   }, {
  327.     name: 'SignedData.DigestAlgorithms',
  328.     tagClass: asn1.Class.UNIVERSAL,
  329.     type: asn1.Type.SET,
  330.     constructed: true,
  331.     captureAsn1: 'digestAlgorithms'
  332.   },
  333.   contentInfoValidator,
  334.   {
  335.     name: 'SignedData.Certificates',
  336.     tagClass: asn1.Class.CONTEXT_SPECIFIC,
  337.     type: 0,
  338.     optional: true,
  339.     captureAsn1: 'certificates'
  340.   }, {
  341.     name: 'SignedData.CertificateRevocationLists',
  342.     tagClass: asn1.Class.CONTEXT_SPECIFIC,
  343.     type: 1,
  344.     optional: true,
  345.     captureAsn1: 'crls'
  346.   }, {
  347.     name: 'SignedData.SignerInfos',
  348.     tagClass: asn1.Class.UNIVERSAL,
  349.     type: asn1.Type.SET,
  350.     capture: 'signerInfos',
  351.     optional: true,
  352.     value: [signerValidator]
  353.   }]
  354. };
  355. 

  356. p7v.recipientInfoValidator = {
  357.   name: 'RecipientInfo',
  358.   tagClass: asn1.Class.UNIVERSAL,
  359.   type: asn1.Type.SEQUENCE,
  360.   constructed: true,
  361.   value: [{
  362.     name: 'RecipientInfo.version',
  363.     tagClass: asn1.Class.UNIVERSAL,
  364.     type: asn1.Type.INTEGER,
  365.     constructed: false,
  366.     capture: 'version'
  367.   }, {
  368.     name: 'RecipientInfo.issuerAndSerial',
  369.     tagClass: asn1.Class.UNIVERSAL,
  370.     type: asn1.Type.SEQUENCE,
  371.     constructed: true,
  372.     value: [{
  373.       name: 'RecipientInfo.issuerAndSerial.issuer',
  374.       tagClass: asn1.Class.UNIVERSAL,
  375.       type: asn1.Type.SEQUENCE,
  376.       constructed: true,
  377.       captureAsn1: 'issuer'
  378.     }, {
  379.       name: 'RecipientInfo.issuerAndSerial.serialNumber',
  380.       tagClass: asn1.Class.UNIVERSAL,
  381.       type: asn1.Type.INTEGER,
  382.       constructed: false,
  383.       capture: 'serial'
  384.     }]
  385.   }, {
  386.     name: 'RecipientInfo.keyEncryptionAlgorithm',
  387.     tagClass: asn1.Class.UNIVERSAL,
  388.     type: asn1.Type.SEQUENCE,
  389.     constructed: true,
  390.     value: [{
  391.       name: 'RecipientInfo.keyEncryptionAlgorithm.algorithm',
  392.       tagClass: asn1.Class.UNIVERSAL,
  393.       type: asn1.Type.OID,
  394.       constructed: false,
  395.       capture: 'encAlgorithm'
  396.     }, {
  397.       name: 'RecipientInfo.keyEncryptionAlgorithm.parameter',
  398.       tagClass: asn1.Class.UNIVERSAL,
  399.       constructed: false,
  400.       captureAsn1: 'encParameter'
  401.     }]
  402.   }, {
  403.     name: 'RecipientInfo.encryptedKey',
  404.     tagClass: asn1.Class.UNIVERSAL,
  405.     type: asn1.Type.OCTETSTRING,
  406.     constructed: false,
  407.     capture: 'encKey'
  408.   }]
  409. };