source: trip-planner-front/node_modules/node-forge/lib/pkcs7asn1.js@ 6fe77af

Last change on this file since 6fe77af was 6a3a178, checked in by Ema <ema_spirova@…>, 3 years ago

initial commit

  • Property mode set to 100644
File size: 11.2 KB
RevLine 
[6a3a178]1/**
2 * Javascript implementation of ASN.1 validators for PKCS#7 v1.5.
3 *
4 * @author Dave Longley
5 * @author Stefan Siegl
6 *
7 * Copyright (c) 2012-2015 Digital Bazaar, Inc.
8 * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
9 *
10 * The ASN.1 representation of PKCS#7 is as follows
11 * (see RFC #2315 for details, http://www.ietf.org/rfc/rfc2315.txt):
12 *
13 * A PKCS#7 message consists of a ContentInfo on root level, which may
14 * contain any number of further ContentInfo nested into it.
15 *
16 * ContentInfo ::= SEQUENCE {
17 * contentType ContentType,
18 * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
19 * }
20 *
21 * ContentType ::= OBJECT IDENTIFIER
22 *
23 * EnvelopedData ::= SEQUENCE {
24 * version Version,
25 * recipientInfos RecipientInfos,
26 * encryptedContentInfo EncryptedContentInfo
27 * }
28 *
29 * EncryptedData ::= SEQUENCE {
30 * version Version,
31 * encryptedContentInfo EncryptedContentInfo
32 * }
33 *
34 * id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
35 * us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
36 *
37 * SignedData ::= SEQUENCE {
38 * version INTEGER,
39 * digestAlgorithms DigestAlgorithmIdentifiers,
40 * contentInfo ContentInfo,
41 * certificates [0] IMPLICIT Certificates OPTIONAL,
42 * crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
43 * signerInfos SignerInfos
44 * }
45 *
46 * SignerInfos ::= SET OF SignerInfo
47 *
48 * SignerInfo ::= SEQUENCE {
49 * version Version,
50 * issuerAndSerialNumber IssuerAndSerialNumber,
51 * digestAlgorithm DigestAlgorithmIdentifier,
52 * authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
53 * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
54 * encryptedDigest EncryptedDigest,
55 * unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
56 * }
57 *
58 * EncryptedDigest ::= OCTET STRING
59 *
60 * Attributes ::= SET OF Attribute
61 *
62 * Attribute ::= SEQUENCE {
63 * attrType OBJECT IDENTIFIER,
64 * attrValues SET OF AttributeValue
65 * }
66 *
67 * AttributeValue ::= ANY
68 *
69 * Version ::= INTEGER
70 *
71 * RecipientInfos ::= SET OF RecipientInfo
72 *
73 * EncryptedContentInfo ::= SEQUENCE {
74 * contentType ContentType,
75 * contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
76 * encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
77 * }
78 *
79 * ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
80 *
81 * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters
82 * for the algorithm, if any. In the case of AES and DES3, there is only one,
83 * the IV.
84 *
85 * AlgorithmIdentifer ::= SEQUENCE {
86 * algorithm OBJECT IDENTIFIER,
87 * parameters ANY DEFINED BY algorithm OPTIONAL
88 * }
89 *
90 * EncryptedContent ::= OCTET STRING
91 *
92 * RecipientInfo ::= SEQUENCE {
93 * version Version,
94 * issuerAndSerialNumber IssuerAndSerialNumber,
95 * keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
96 * encryptedKey EncryptedKey
97 * }
98 *
99 * IssuerAndSerialNumber ::= SEQUENCE {
100 * issuer Name,
101 * serialNumber CertificateSerialNumber
102 * }
103 *
104 * CertificateSerialNumber ::= INTEGER
105 *
106 * KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
107 *
108 * EncryptedKey ::= OCTET STRING
109 */
110var forge = require('./forge');
111require('./asn1');
112require('./util');
113
114// shortcut for ASN.1 API
115var asn1 = forge.asn1;
116
117// shortcut for PKCS#7 API
118var p7v = module.exports = forge.pkcs7asn1 = forge.pkcs7asn1 || {};
119forge.pkcs7 = forge.pkcs7 || {};
120forge.pkcs7.asn1 = p7v;
121
122var contentInfoValidator = {
123 name: 'ContentInfo',
124 tagClass: asn1.Class.UNIVERSAL,
125 type: asn1.Type.SEQUENCE,
126 constructed: true,
127 value: [{
128 name: 'ContentInfo.ContentType',
129 tagClass: asn1.Class.UNIVERSAL,
130 type: asn1.Type.OID,
131 constructed: false,
132 capture: 'contentType'
133 }, {
134 name: 'ContentInfo.content',
135 tagClass: asn1.Class.CONTEXT_SPECIFIC,
136 type: 0,
137 constructed: true,
138 optional: true,
139 captureAsn1: 'content'
140 }]
141};
142p7v.contentInfoValidator = contentInfoValidator;
143
144var encryptedContentInfoValidator = {
145 name: 'EncryptedContentInfo',
146 tagClass: asn1.Class.UNIVERSAL,
147 type: asn1.Type.SEQUENCE,
148 constructed: true,
149 value: [{
150 name: 'EncryptedContentInfo.contentType',
151 tagClass: asn1.Class.UNIVERSAL,
152 type: asn1.Type.OID,
153 constructed: false,
154 capture: 'contentType'
155 }, {
156 name: 'EncryptedContentInfo.contentEncryptionAlgorithm',
157 tagClass: asn1.Class.UNIVERSAL,
158 type: asn1.Type.SEQUENCE,
159 constructed: true,
160 value: [{
161 name: 'EncryptedContentInfo.contentEncryptionAlgorithm.algorithm',
162 tagClass: asn1.Class.UNIVERSAL,
163 type: asn1.Type.OID,
164 constructed: false,
165 capture: 'encAlgorithm'
166 }, {
167 name: 'EncryptedContentInfo.contentEncryptionAlgorithm.parameter',
168 tagClass: asn1.Class.UNIVERSAL,
169 captureAsn1: 'encParameter'
170 }]
171 }, {
172 name: 'EncryptedContentInfo.encryptedContent',
173 tagClass: asn1.Class.CONTEXT_SPECIFIC,
174 type: 0,
175 /* The PKCS#7 structure output by OpenSSL somewhat differs from what
176 * other implementations do generate.
177 *
178 * OpenSSL generates a structure like this:
179 * SEQUENCE {
180 * ...
181 * [0]
182 * 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38
183 * C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45
184 * ...
185 * }
186 *
187 * Whereas other implementations (and this PKCS#7 module) generate:
188 * SEQUENCE {
189 * ...
190 * [0] {
191 * OCTET STRING
192 * 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38
193 * C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45
194 * ...
195 * }
196 * }
197 *
198 * In order to support both, we just capture the context specific
199 * field here. The OCTET STRING bit is removed below.
200 */
201 capture: 'encryptedContent',
202 captureAsn1: 'encryptedContentAsn1'
203 }]
204};
205
206p7v.envelopedDataValidator = {
207 name: 'EnvelopedData',
208 tagClass: asn1.Class.UNIVERSAL,
209 type: asn1.Type.SEQUENCE,
210 constructed: true,
211 value: [{
212 name: 'EnvelopedData.Version',
213 tagClass: asn1.Class.UNIVERSAL,
214 type: asn1.Type.INTEGER,
215 constructed: false,
216 capture: 'version'
217 }, {
218 name: 'EnvelopedData.RecipientInfos',
219 tagClass: asn1.Class.UNIVERSAL,
220 type: asn1.Type.SET,
221 constructed: true,
222 captureAsn1: 'recipientInfos'
223 }].concat(encryptedContentInfoValidator)
224};
225
226p7v.encryptedDataValidator = {
227 name: 'EncryptedData',
228 tagClass: asn1.Class.UNIVERSAL,
229 type: asn1.Type.SEQUENCE,
230 constructed: true,
231 value: [{
232 name: 'EncryptedData.Version',
233 tagClass: asn1.Class.UNIVERSAL,
234 type: asn1.Type.INTEGER,
235 constructed: false,
236 capture: 'version'
237 }].concat(encryptedContentInfoValidator)
238};
239
240var signerValidator = {
241 name: 'SignerInfo',
242 tagClass: asn1.Class.UNIVERSAL,
243 type: asn1.Type.SEQUENCE,
244 constructed: true,
245 value: [{
246 name: 'SignerInfo.version',
247 tagClass: asn1.Class.UNIVERSAL,
248 type: asn1.Type.INTEGER,
249 constructed: false
250 }, {
251 name: 'SignerInfo.issuerAndSerialNumber',
252 tagClass: asn1.Class.UNIVERSAL,
253 type: asn1.Type.SEQUENCE,
254 constructed: true,
255 value: [{
256 name: 'SignerInfo.issuerAndSerialNumber.issuer',
257 tagClass: asn1.Class.UNIVERSAL,
258 type: asn1.Type.SEQUENCE,
259 constructed: true,
260 captureAsn1: 'issuer'
261 }, {
262 name: 'SignerInfo.issuerAndSerialNumber.serialNumber',
263 tagClass: asn1.Class.UNIVERSAL,
264 type: asn1.Type.INTEGER,
265 constructed: false,
266 capture: 'serial'
267 }]
268 }, {
269 name: 'SignerInfo.digestAlgorithm',
270 tagClass: asn1.Class.UNIVERSAL,
271 type: asn1.Type.SEQUENCE,
272 constructed: true,
273 value: [{
274 name: 'SignerInfo.digestAlgorithm.algorithm',
275 tagClass: asn1.Class.UNIVERSAL,
276 type: asn1.Type.OID,
277 constructed: false,
278 capture: 'digestAlgorithm'
279 }, {
280 name: 'SignerInfo.digestAlgorithm.parameter',
281 tagClass: asn1.Class.UNIVERSAL,
282 constructed: false,
283 captureAsn1: 'digestParameter',
284 optional: true
285 }]
286 }, {
287 name: 'SignerInfo.authenticatedAttributes',
288 tagClass: asn1.Class.CONTEXT_SPECIFIC,
289 type: 0,
290 constructed: true,
291 optional: true,
292 capture: 'authenticatedAttributes'
293 }, {
294 name: 'SignerInfo.digestEncryptionAlgorithm',
295 tagClass: asn1.Class.UNIVERSAL,
296 type: asn1.Type.SEQUENCE,
297 constructed: true,
298 capture: 'signatureAlgorithm'
299 }, {
300 name: 'SignerInfo.encryptedDigest',
301 tagClass: asn1.Class.UNIVERSAL,
302 type: asn1.Type.OCTETSTRING,
303 constructed: false,
304 capture: 'signature'
305 }, {
306 name: 'SignerInfo.unauthenticatedAttributes',
307 tagClass: asn1.Class.CONTEXT_SPECIFIC,
308 type: 1,
309 constructed: true,
310 optional: true,
311 capture: 'unauthenticatedAttributes'
312 }]
313};
314
315p7v.signedDataValidator = {
316 name: 'SignedData',
317 tagClass: asn1.Class.UNIVERSAL,
318 type: asn1.Type.SEQUENCE,
319 constructed: true,
320 value: [{
321 name: 'SignedData.Version',
322 tagClass: asn1.Class.UNIVERSAL,
323 type: asn1.Type.INTEGER,
324 constructed: false,
325 capture: 'version'
326 }, {
327 name: 'SignedData.DigestAlgorithms',
328 tagClass: asn1.Class.UNIVERSAL,
329 type: asn1.Type.SET,
330 constructed: true,
331 captureAsn1: 'digestAlgorithms'
332 },
333 contentInfoValidator,
334 {
335 name: 'SignedData.Certificates',
336 tagClass: asn1.Class.CONTEXT_SPECIFIC,
337 type: 0,
338 optional: true,
339 captureAsn1: 'certificates'
340 }, {
341 name: 'SignedData.CertificateRevocationLists',
342 tagClass: asn1.Class.CONTEXT_SPECIFIC,
343 type: 1,
344 optional: true,
345 captureAsn1: 'crls'
346 }, {
347 name: 'SignedData.SignerInfos',
348 tagClass: asn1.Class.UNIVERSAL,
349 type: asn1.Type.SET,
350 capture: 'signerInfos',
351 optional: true,
352 value: [signerValidator]
353 }]
354};
355
356p7v.recipientInfoValidator = {
357 name: 'RecipientInfo',
358 tagClass: asn1.Class.UNIVERSAL,
359 type: asn1.Type.SEQUENCE,
360 constructed: true,
361 value: [{
362 name: 'RecipientInfo.version',
363 tagClass: asn1.Class.UNIVERSAL,
364 type: asn1.Type.INTEGER,
365 constructed: false,
366 capture: 'version'
367 }, {
368 name: 'RecipientInfo.issuerAndSerial',
369 tagClass: asn1.Class.UNIVERSAL,
370 type: asn1.Type.SEQUENCE,
371 constructed: true,
372 value: [{
373 name: 'RecipientInfo.issuerAndSerial.issuer',
374 tagClass: asn1.Class.UNIVERSAL,
375 type: asn1.Type.SEQUENCE,
376 constructed: true,
377 captureAsn1: 'issuer'
378 }, {
379 name: 'RecipientInfo.issuerAndSerial.serialNumber',
380 tagClass: asn1.Class.UNIVERSAL,
381 type: asn1.Type.INTEGER,
382 constructed: false,
383 capture: 'serial'
384 }]
385 }, {
386 name: 'RecipientInfo.keyEncryptionAlgorithm',
387 tagClass: asn1.Class.UNIVERSAL,
388 type: asn1.Type.SEQUENCE,
389 constructed: true,
390 value: [{
391 name: 'RecipientInfo.keyEncryptionAlgorithm.algorithm',
392 tagClass: asn1.Class.UNIVERSAL,
393 type: asn1.Type.OID,
394 constructed: false,
395 capture: 'encAlgorithm'
396 }, {
397 name: 'RecipientInfo.keyEncryptionAlgorithm.parameter',
398 tagClass: asn1.Class.UNIVERSAL,
399 constructed: false,
400 captureAsn1: 'encParameter'
401 }]
402 }, {
403 name: 'RecipientInfo.encryptedKey',
404 tagClass: asn1.Class.UNIVERSAL,
405 type: asn1.Type.OCTETSTRING,
406 constructed: false,
407 capture: 'encKey'
408 }]
409};
Note: See TracBrowser for help on using the repository browser.