]> gerrit.simantics Code Review - simantics/district.git/blobdiff - org.simantics.maps.server/node/node-v4.8.0-win-x64/node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/certificate.js
Adding integrated tile server
[simantics/district.git] / org.simantics.maps.server / node / node-v4.8.0-win-x64 / node_modules / npm / node_modules / request / node_modules / http-signature / node_modules / sshpk / lib / certificate.js
diff --git a/org.simantics.maps.server/node/node-v4.8.0-win-x64/node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/certificate.js b/org.simantics.maps.server/node/node-v4.8.0-win-x64/node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/certificate.js
new file mode 100644 (file)
index 0000000..4fbe6ab
--- /dev/null
@@ -0,0 +1,291 @@
+// Copyright 2016 Joyent, Inc.
+
+module.exports = Certificate;
+
+var assert = require('assert-plus');
+var algs = require('./algs');
+var crypto = require('crypto');
+var Fingerprint = require('./fingerprint');
+var Signature = require('./signature');
+var errs = require('./errors');
+var util = require('util');
+var utils = require('./utils');
+var Key = require('./key');
+var PrivateKey = require('./private-key');
+var Identity = require('./identity');
+
+var formats = {};
+formats['openssh'] = require('./formats/openssh-cert');
+formats['x509'] = require('./formats/x509');
+formats['pem'] = require('./formats/x509-pem');
+
+var CertificateParseError = errs.CertificateParseError;
+var InvalidAlgorithmError = errs.InvalidAlgorithmError;
+
+function Certificate(opts) {
+       assert.object(opts, 'options');
+       assert.arrayOfObject(opts.subjects, 'options.subjects');
+       utils.assertCompatible(opts.subjects[0], Identity, [1, 0],
+           'options.subjects');
+       utils.assertCompatible(opts.subjectKey, Key, [1, 0],
+           'options.subjectKey');
+       utils.assertCompatible(opts.issuer, Identity, [1, 0], 'options.issuer');
+       if (opts.issuerKey !== undefined) {
+               utils.assertCompatible(opts.issuerKey, Key, [1, 0],
+                   'options.issuerKey');
+       }
+       assert.object(opts.signatures, 'options.signatures');
+       assert.buffer(opts.serial, 'options.serial');
+       assert.date(opts.validFrom, 'options.validFrom');
+       assert.date(opts.validUntil, 'optons.validUntil');
+
+       this._hashCache = {};
+
+       this.subjects = opts.subjects;
+       this.issuer = opts.issuer;
+       this.subjectKey = opts.subjectKey;
+       this.issuerKey = opts.issuerKey;
+       this.signatures = opts.signatures;
+       this.serial = opts.serial;
+       this.validFrom = opts.validFrom;
+       this.validUntil = opts.validUntil;
+}
+
+Certificate.formats = formats;
+
+Certificate.prototype.toBuffer = function (format, options) {
+       if (format === undefined)
+               format = 'x509';
+       assert.string(format, 'format');
+       assert.object(formats[format], 'formats[format]');
+       assert.optionalObject(options, 'options');
+
+       return (formats[format].write(this, options));
+};
+
+Certificate.prototype.toString = function (format, options) {
+       if (format === undefined)
+               format = 'pem';
+       return (this.toBuffer(format, options).toString());
+};
+
+Certificate.prototype.fingerprint = function (algo) {
+       if (algo === undefined)
+               algo = 'sha256';
+       assert.string(algo, 'algorithm');
+       var opts = {
+               type: 'certificate',
+               hash: this.hash(algo),
+               algorithm: algo
+       };
+       return (new Fingerprint(opts));
+};
+
+Certificate.prototype.hash = function (algo) {
+       assert.string(algo, 'algorithm');
+       algo = algo.toLowerCase();
+       if (algs.hashAlgs[algo] === undefined)
+               throw (new InvalidAlgorithmError(algo));
+
+       if (this._hashCache[algo])
+               return (this._hashCache[algo]);
+
+       var hash = crypto.createHash(algo).
+           update(this.toBuffer('x509')).digest();
+       this._hashCache[algo] = hash;
+       return (hash);
+};
+
+Certificate.prototype.isExpired = function (when) {
+       if (when === undefined)
+               when = new Date();
+       return (!((when.getTime() >= this.validFrom.getTime()) &&
+               (when.getTime() < this.validUntil.getTime())));
+};
+
+Certificate.prototype.isSignedBy = function (issuerCert) {
+       utils.assertCompatible(issuerCert, Certificate, [1, 0], 'issuer');
+
+       if (!this.issuer.equals(issuerCert.subjects[0]))
+               return (false);
+
+       return (this.isSignedByKey(issuerCert.subjectKey));
+};
+
+Certificate.prototype.isSignedByKey = function (issuerKey) {
+       utils.assertCompatible(issuerKey, Key, [1, 2], 'issuerKey');
+
+       if (this.issuerKey !== undefined) {
+               return (this.issuerKey.
+                   fingerprint('sha512').matches(issuerKey));
+       }
+
+       var fmt = Object.keys(this.signatures)[0];
+       var valid = formats[fmt].verify(this, issuerKey);
+       if (valid)
+               this.issuerKey = issuerKey;
+       return (valid);
+};
+
+Certificate.prototype.signWith = function (key) {
+       utils.assertCompatible(key, PrivateKey, [1, 2], 'key');
+       var fmts = Object.keys(formats);
+       var didOne = false;
+       for (var i = 0; i < fmts.length; ++i) {
+               if (fmts[i] !== 'pem') {
+                       var ret = formats[fmts[i]].sign(this, key);
+                       if (ret === true)
+                               didOne = true;
+               }
+       }
+       if (!didOne) {
+               throw (new Error('Failed to sign the certificate for any ' +
+                   'available certificate formats'));
+       }
+};
+
+Certificate.createSelfSigned = function (subjectOrSubjects, key, options) {
+       var subjects;
+       if (Array.isArray(subjectOrSubjects))
+               subjects = subjectOrSubjects;
+       else
+               subjects = [subjectOrSubjects];
+
+       assert.arrayOfObject(subjects);
+       subjects.forEach(function (subject) {
+               utils.assertCompatible(subject, Identity, [1, 0], 'subject');
+       });
+
+       utils.assertCompatible(key, PrivateKey, [1, 2], 'private key');
+
+       assert.optionalObject(options, 'options');
+       if (options === undefined)
+               options = {};
+       assert.optionalObject(options.validFrom, 'options.validFrom');
+       assert.optionalObject(options.validUntil, 'options.validUntil');
+       var validFrom = options.validFrom;
+       var validUntil = options.validUntil;
+       if (validFrom === undefined)
+               validFrom = new Date();
+       if (validUntil === undefined) {
+               assert.optionalNumber(options.lifetime, 'options.lifetime');
+               var lifetime = options.lifetime;
+               if (lifetime === undefined)
+                       lifetime = 10*365*24*3600;
+               validUntil = new Date();
+               validUntil.setTime(validUntil.getTime() + lifetime*1000);
+       }
+       assert.optionalBuffer(options.serial, 'options.serial');
+       var serial = options.serial;
+       if (serial === undefined)
+               serial = new Buffer('0000000000000001', 'hex');
+
+       var cert = new Certificate({
+               subjects: subjects,
+               issuer: subjects[0],
+               subjectKey: key.toPublic(),
+               issuerKey: key.toPublic(),
+               signatures: {},
+               serial: serial,
+               validFrom: validFrom,
+               validUntil: validUntil
+       });
+       cert.signWith(key);
+
+       return (cert);
+};
+
+Certificate.create =
+    function (subjectOrSubjects, key, issuer, issuerKey, options) {
+       var subjects;
+       if (Array.isArray(subjectOrSubjects))
+               subjects = subjectOrSubjects;
+       else
+               subjects = [subjectOrSubjects];
+
+       assert.arrayOfObject(subjects);
+       subjects.forEach(function (subject) {
+               utils.assertCompatible(subject, Identity, [1, 0], 'subject');
+       });
+
+       utils.assertCompatible(key, Key, [1, 0], 'key');
+       if (PrivateKey.isPrivateKey(key))
+               key = key.toPublic();
+       utils.assertCompatible(issuer, Identity, [1, 0], 'issuer');
+       utils.assertCompatible(issuerKey, PrivateKey, [1, 2], 'issuer key');
+
+       assert.optionalObject(options, 'options');
+       if (options === undefined)
+               options = {};
+       assert.optionalObject(options.validFrom, 'options.validFrom');
+       assert.optionalObject(options.validUntil, 'options.validUntil');
+       var validFrom = options.validFrom;
+       var validUntil = options.validUntil;
+       if (validFrom === undefined)
+               validFrom = new Date();
+       if (validUntil === undefined) {
+               assert.optionalNumber(options.lifetime, 'options.lifetime');
+               var lifetime = options.lifetime;
+               if (lifetime === undefined)
+                       lifetime = 10*365*24*3600;
+               validUntil = new Date();
+               validUntil.setTime(validUntil.getTime() + lifetime*1000);
+       }
+       assert.optionalBuffer(options.serial, 'options.serial');
+       var serial = options.serial;
+       if (serial === undefined)
+               serial = new Buffer('0000000000000001', 'hex');
+
+       var cert = new Certificate({
+               subjects: subjects,
+               issuer: issuer,
+               subjectKey: key,
+               issuerKey: issuerKey.toPublic(),
+               signatures: {},
+               serial: serial,
+               validFrom: validFrom,
+               validUntil: validUntil
+       });
+       cert.signWith(issuerKey);
+
+       return (cert);
+};
+
+Certificate.parse = function (data, format, options) {
+       if (typeof (data) !== 'string')
+               assert.buffer(data, 'data');
+       if (format === undefined)
+               format = 'auto';
+       assert.string(format, 'format');
+       if (typeof (options) === 'string')
+               options = { filename: options };
+       assert.optionalObject(options, 'options');
+       if (options === undefined)
+               options = {};
+       assert.optionalString(options.filename, 'options.filename');
+       if (options.filename === undefined)
+               options.filename = '(unnamed)';
+
+       assert.object(formats[format], 'formats[format]');
+
+       try {
+               var k = formats[format].read(data, options);
+               return (k);
+       } catch (e) {
+               throw (new CertificateParseError(options.filename, format, e));
+       }
+};
+
+Certificate.isCertificate = function (obj, ver) {
+       return (utils.isCompatible(obj, Certificate, ver));
+};
+
+/*
+ * API versions for Certificate:
+ * [1,0] -- initial ver
+ */
+Certificate.prototype._sshpkApiVersion = [1, 0];
+
+Certificate._oldVersionDetect = function (obj) {
+       return ([1, 0]);
+};