lerko/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
9dbea9fff5b86e2326f0bd96656c2013c2e86bca
portfolio/node_modules/.cache/babel-loader/c5b5cfe29d6d41eec3d93bbc6de7d01f.json
Tyler Koenig c612b7d702 applying transfer to react app
2021-09-20 16:54:47 -04:00

1 line
40 KiB
JSON
Raw Blame History

{"ast":null,"code":"// Copyright 2016 Joyent, Inc.\nmodule.exports = Certificate;\n\nvar assert = require('assert-plus');\n\nvar Buffer = require('safer-buffer').Buffer;\n\nvar algs = require('./algs');\n\nvar crypto = require('crypto');\n\nvar Fingerprint = require('./fingerprint');\n\nvar Signature = require('./signature');\n\nvar errs = require('./errors');\n\nvar util = require('util');\n\nvar utils = require('./utils');\n\nvar Key = require('./key');\n\nvar PrivateKey = require('./private-key');\n\nvar Identity = require('./identity');\n\nvar formats = {};\nformats['openssh'] = require('./formats/openssh-cert');\nformats['x509'] = require('./formats/x509');\nformats['pem'] = require('./formats/x509-pem');\nvar CertificateParseError = errs.CertificateParseError;\nvar InvalidAlgorithmError = errs.InvalidAlgorithmError;\n\nfunction Certificate(opts) {\n assert.object(opts, 'options');\n assert.arrayOfObject(opts.subjects, 'options.subjects');\n utils.assertCompatible(opts.subjects[0], Identity, [1, 0], 'options.subjects');\n utils.assertCompatible(opts.subjectKey, Key, [1, 0], 'options.subjectKey');\n utils.assertCompatible(opts.issuer, Identity, [1, 0], 'options.issuer');\n\n if (opts.issuerKey !== undefined) {\n utils.assertCompatible(opts.issuerKey, Key, [1, 0], 'options.issuerKey');\n }\n\n assert.object(opts.signatures, 'options.signatures');\n assert.buffer(opts.serial, 'options.serial');\n assert.date(opts.validFrom, 'options.validFrom');\n assert.date(opts.validUntil, 'optons.validUntil');\n assert.optionalArrayOfString(opts.purposes, 'options.purposes');\n this._hashCache = {};\n this.subjects = opts.subjects;\n this.issuer = opts.issuer;\n this.subjectKey = opts.subjectKey;\n this.issuerKey = opts.issuerKey;\n this.signatures = opts.signatures;\n this.serial = opts.serial;\n this.validFrom = opts.validFrom;\n this.validUntil = opts.validUntil;\n this.purposes = opts.purposes;\n}\n\nCertificate.formats = formats;\n\nCertificate.prototype.toBuffer = function (format, options) {\n if (format === undefined) format = 'x509';\n assert.string(format, 'format');\n assert.object(formats[format], 'formats[format]');\n assert.optionalObject(options, 'options');\n return formats[format].write(this, options);\n};\n\nCertificate.prototype.toString = function (format, options) {\n if (format === undefined) format = 'pem';\n return this.toBuffer(format, options).toString();\n};\n\nCertificate.prototype.fingerprint = function (algo) {\n if (algo === undefined) algo = 'sha256';\n assert.string(algo, 'algorithm');\n var opts = {\n type: 'certificate',\n hash: this.hash(algo),\n algorithm: algo\n };\n return new Fingerprint(opts);\n};\n\nCertificate.prototype.hash = function (algo) {\n assert.string(algo, 'algorithm');\n algo = algo.toLowerCase();\n if (algs.hashAlgs[algo] === undefined) throw new InvalidAlgorithmError(algo);\n if (this._hashCache[algo]) return this._hashCache[algo];\n var hash = crypto.createHash(algo).update(this.toBuffer('x509')).digest();\n this._hashCache[algo] = hash;\n return hash;\n};\n\nCertificate.prototype.isExpired = function (when) {\n if (when === undefined) when = new Date();\n return !(when.getTime() >= this.validFrom.getTime() && when.getTime() < this.validUntil.getTime());\n};\n\nCertificate.prototype.isSignedBy = function (issuerCert) {\n utils.assertCompatible(issuerCert, Certificate, [1, 0], 'issuer');\n if (!this.issuer.equals(issuerCert.subjects[0])) return false;\n\n if (this.issuer.purposes && this.issuer.purposes.length > 0 && this.issuer.purposes.indexOf('ca') === -1) {\n return false;\n }\n\n return this.isSignedByKey(issuerCert.subjectKey);\n};\n\nCertificate.prototype.getExtension = function (keyOrOid) {\n assert.string(keyOrOid, 'keyOrOid');\n var ext = this.getExtensions().filter(function (maybeExt) {\n if (maybeExt.format === 'x509') return maybeExt.oid === keyOrOid;\n if (maybeExt.format === 'openssh') return maybeExt.name === keyOrOid;\n return false;\n })[0];\n return ext;\n};\n\nCertificate.prototype.getExtensions = function () {\n var exts = [];\n var x509 = this.signatures.x509;\n\n if (x509 && x509.extras && x509.extras.exts) {\n x509.extras.exts.forEach(function (ext) {\n ext.format = 'x509';\n exts.push(ext);\n });\n }\n\n var openssh = this.signatures.openssh;\n\n if (openssh && openssh.exts) {\n openssh.exts.forEach(function (ext) {\n ext.format = 'openssh';\n exts.push(ext);\n });\n }\n\n return exts;\n};\n\nCertificate.prototype.isSignedByKey = function (issuerKey) {\n utils.assertCompatible(issuerKey, Key, [1, 2], 'issuerKey');\n\n if (this.issuerKey !== undefined) {\n return this.issuerKey.fingerprint('sha512').matches(issuerKey);\n }\n\n var fmt = Object.keys(this.signatures)[0];\n var valid = formats[fmt].verify(this, issuerKey);\n if (valid) this.issuerKey = issuerKey;\n return valid;\n};\n\nCertificate.prototype.signWith = function (key) {\n utils.assertCompatible(key, PrivateKey, [1, 2], 'key');\n var fmts = Object.keys(formats);\n var didOne = false;\n\n for (var i = 0; i < fmts.length; ++i) {\n if (fmts[i] !== 'pem') {\n var ret = formats[fmts[i]].sign(this, key);\n if (ret === true) didOne = true;\n }\n }\n\n if (!didOne) {\n throw new Error('Failed to sign the certificate for any ' + 'available certificate formats');\n }\n};\n\nCertificate.createSelfSigned = function (subjectOrSubjects, key, options) {\n var subjects;\n if (Array.isArray(subjectOrSubjects)) subjects = subjectOrSubjects;else subjects = [subjectOrSubjects];\n assert.arrayOfObject(subjects);\n subjects.forEach(function (subject) {\n utils.assertCompatible(subject, Identity, [1, 0], 'subject');\n });\n utils.assertCompatible(key, PrivateKey, [1, 2], 'private key');\n assert.optionalObject(options, 'options');\n if (options === undefined) options = {};\n assert.optionalObject(options.validFrom, 'options.validFrom');\n assert.optionalObject(options.validUntil, 'options.validUntil');\n var validFrom = options.validFrom;\n var validUntil = options.validUntil;\n if (validFrom === undefined) validFrom = new Date();\n\n if (validUntil === undefined) {\n assert.optionalNumber(options.lifetime, 'options.lifetime');\n var lifetime = options.lifetime;\n if (lifetime === undefined) lifetime = 10 * 365 * 24 * 3600;\n validUntil = new Date();\n validUntil.setTime(validUntil.getTime() + lifetime * 1000);\n }\n\n assert.optionalBuffer(options.serial, 'options.serial');\n var serial = options.serial;\n if (serial === undefined) serial = Buffer.from('0000000000000001', 'hex');\n var purposes = options.purposes;\n if (purposes === undefined) purposes = [];\n if (purposes.indexOf('signature') === -1) purposes.push('signature');\n /* Self-signed certs are always CAs. */\n\n if (purposes.indexOf('ca') === -1) purposes.push('ca');\n if (purposes.indexOf('crl') === -1) purposes.push('crl');\n /*\n * If we weren't explicitly given any other purposes, do the sensible\n * thing and add some basic ones depending on the subject type.\n */\n\n if (purposes.length <= 3) {\n var hostSubjects = subjects.filter(function (subject) {\n return subject.type === 'host';\n });\n var userSubjects = subjects.filter(function (subject) {\n return subject.type === 'user';\n });\n\n if (hostSubjects.length > 0) {\n if (purposes.indexOf('serverAuth') === -1) purposes.push('serverAuth');\n }\n\n if (userSubjects.length > 0) {\n if (purposes.indexOf('clientAuth') === -1) purposes.push('clientAuth');\n }\n\n if (userSubjects.length > 0 || hostSubjects.length > 0) {\n if (purposes.indexOf('keyAgreement') === -1) purposes.push('keyAgreement');\n if (key.type === 'rsa' && purposes.indexOf('encryption') === -1) purposes.push('encryption');\n }\n }\n\n var cert = new Certificate({\n subjects: subjects,\n issuer: subjects[0],\n subjectKey: key.toPublic(),\n issuerKey: key.toPublic(),\n signatures: {},\n serial: serial,\n validFrom: validFrom,\n validUntil: validUntil,\n purposes: purposes\n });\n cert.signWith(key);\n return cert;\n};\n\nCertificate.create = function (subjectOrSubjects, key, issuer, issuerKey, options) {\n var subjects;\n if (Array.isArray(subjectOrSubjects)) subjects = subjectOrSubjects;else subjects = [subjectOrSubjects];\n assert.arrayOfObject(subjects);\n subjects.forEach(function (subject) {\n utils.assertCompatible(subject, Identity, [1, 0], 'subject');\n });\n utils.assertCompatible(key, Key, [1, 0], 'key');\n if (PrivateKey.isPrivateKey(key)) key = key.toPublic();\n utils.assertCompatible(issuer, Identity, [1, 0], 'issuer');\n utils.assertCompatible(issuerKey, PrivateKey, [1, 2], 'issuer key');\n assert.optionalObject(options, 'options');\n if (options === undefined) options = {};\n assert.optionalObject(options.validFrom, 'options.validFrom');\n assert.optionalObject(options.validUntil, 'options.validUntil');\n var validFrom = options.validFrom;\n var validUntil = options.validUntil;\n if (validFrom === undefined) validFrom = new Date();\n\n if (validUntil === undefined) {\n assert.optionalNumber(options.lifetime, 'options.lifetime');\n var lifetime = options.lifetime;\n if (lifetime === undefined) lifetime = 10 * 365 * 24 * 3600;\n validUntil = new Date();\n validUntil.setTime(validUntil.getTime() + lifetime * 1000);\n }\n\n assert.optionalBuffer(options.serial, 'options.serial');\n var serial = options.serial;\n if (serial === undefined) serial = Buffer.from('0000000000000001', 'hex');\n var purposes = options.purposes;\n if (purposes === undefined) purposes = [];\n if (purposes.indexOf('signature') === -1) purposes.push('signature');\n\n if (options.ca === true) {\n if (purposes.indexOf('ca') === -1) purposes.push('ca');\n if (purposes.indexOf('crl') === -1) purposes.push('crl');\n }\n\n var hostSubjects = subjects.filter(function (subject) {\n return subject.type === 'host';\n });\n var userSubjects = subjects.filter(function (subject) {\n return subject.type === 'user';\n });\n\n if (hostSubjects.length > 0) {\n if (purposes.indexOf('serverAuth') === -1) purposes.push('serverAuth');\n }\n\n if (userSubjects.length > 0) {\n if (purposes.indexOf('clientAuth') === -1) purposes.push('clientAuth');\n }\n\n if (userSubjects.length > 0 || hostSubjects.length > 0) {\n if (purposes.indexOf('keyAgreement') === -1) purposes.push('keyAgreement');\n if (key.type === 'rsa' && purposes.indexOf('encryption') === -1) purposes.push('encryption');\n }\n\n var cert = new Certificate({\n subjects: subjects,\n issuer: issuer,\n subjectKey: key,\n issuerKey: issuerKey.toPublic(),\n signatures: {},\n serial: serial,\n validFrom: validFrom,\n validUntil: validUntil,\n purposes: purposes\n });\n cert.signWith(issuerKey);\n return cert;\n};\n\nCertificate.parse = function (data, format, options) {\n if (typeof data !== 'string') assert.buffer(data, 'data');\n if (format === undefined) format = 'auto';\n assert.string(format, 'format');\n if (typeof options === 'string') options = {\n filename: options\n };\n assert.optionalObject(options, 'options');\n if (options === undefined) options = {};\n assert.optionalString(options.filename, 'options.filename');\n if (options.filename === undefined) options.filename = '(unnamed)';\n assert.object(formats[format], 'formats[format]');\n\n try {\n var k = formats[format].read(data, options);\n return k;\n } catch (e) {\n throw new CertificateParseError(options.filename, format, e);\n }\n};\n\nCertificate.isCertificate = function (obj, ver) {\n return utils.isCompatible(obj, Certificate, ver);\n};\n/*\n * API versions for Certificate:\n * [1,0] -- initial ver\n * [1,1] -- openssh format now unpacks extensions\n */\n\n\nCertificate.prototype._sshpkApiVersion = [1, 1];\n\nCertificate._oldVersionDetect = function (obj) {\n return [1, 0];\n};","map":{"version":3,"sources":["/Users/tylerkoenig/Code/personal/react-scss2/node_modules/sshpk/lib/certificate.js"],"names":["module","exports","Certificate","assert","require","Buffer","algs","crypto","Fingerprint","Signature","errs","util","utils","Key","PrivateKey","Identity","formats","CertificateParseError","InvalidAlgorithmError","opts","object","arrayOfObject","subjects","assertCompatible","subjectKey","issuer","issuerKey","undefined","signatures","buffer","serial","date","validFrom","validUntil","optionalArrayOfString","purposes","_hashCache","prototype","toBuffer","format","options","string","optionalObject","write","toString","fingerprint","algo","type","hash","algorithm","toLowerCase","hashAlgs","createHash","update","digest","isExpired","when","Date","getTime","isSignedBy","issuerCert","equals","length","indexOf","isSignedByKey","getExtension","keyOrOid","ext","getExtensions","filter","maybeExt","oid","name","exts","x509","extras","forEach","push","openssh","matches","fmt","Object","keys","valid","verify","signWith","key","fmts","didOne","i","ret","sign","Error","createSelfSigned","subjectOrSubjects","Array","isArray","subject","optionalNumber","lifetime","setTime","optionalBuffer","from","hostSubjects","userSubjects","cert","toPublic","create","isPrivateKey","ca","parse","data","filename","optionalString","k","read","e","isCertificate","obj","ver","isCompatible","_sshpkApiVersion","_oldVersionDetect"],"mappings":"AAAA;AAEAA,MAAM,CAACC,OAAP,GAAiBC,WAAjB;;AAEA,IAAIC,MAAM,GAAGC,OAAO,CAAC,aAAD,CAApB;;AACA,IAAIC,MAAM,GAAGD,OAAO,CAAC,cAAD,CAAP,CAAwBC,MAArC;;AACA,IAAIC,IAAI,GAAGF,OAAO,CAAC,QAAD,CAAlB;;AACA,IAAIG,MAAM,GAAGH,OAAO,CAAC,QAAD,CAApB;;AACA,IAAII,WAAW,GAAGJ,OAAO,CAAC,eAAD,CAAzB;;AACA,IAAIK,SAAS,GAAGL,OAAO,CAAC,aAAD,CAAvB;;AACA,IAAIM,IAAI,GAAGN,OAAO,CAAC,UAAD,CAAlB;;AACA,IAAIO,IAAI,GAAGP,OAAO,CAAC,MAAD,CAAlB;;AACA,IAAIQ,KAAK,GAAGR,OAAO,CAAC,SAAD,CAAnB;;AACA,IAAIS,GAAG,GAAGT,OAAO,CAAC,OAAD,CAAjB;;AACA,IAAIU,UAAU,GAAGV,OAAO,CAAC,eAAD,CAAxB;;AACA,IAAIW,QAAQ,GAAGX,OAAO,CAAC,YAAD,CAAtB;;AAEA,IAAIY,OAAO,GAAG,EAAd;AACAA,OAAO,CAAC,SAAD,CAAP,GAAqBZ,OAAO,CAAC,wBAAD,CAA5B;AACAY,OAAO,CAAC,MAAD,CAAP,GAAkBZ,OAAO,CAAC,gBAAD,CAAzB;AACAY,OAAO,CAAC,KAAD,CAAP,GAAiBZ,OAAO,CAAC,oBAAD,CAAxB;AAEA,IAAIa,qBAAqB,GAAGP,IAAI,CAACO,qBAAjC;AACA,IAAIC,qBAAqB,GAAGR,IAAI,CAACQ,qBAAjC;;AAEA,SAAShB,WAAT,CAAqBiB,IAArB,EAA2B;AAC1BhB,EAAAA,MAAM,CAACiB,MAAP,CAAcD,IAAd,EAAoB,SAApB;AACAhB,EAAAA,MAAM,CAACkB,aAAP,CAAqBF,IAAI,CAACG,QAA1B,EAAoC,kBAApC;AACAV,EAAAA,KAAK,CAACW,gBAAN,CAAuBJ,IAAI,CAACG,QAAL,CAAc,CAAd,CAAvB,EAAyCP,QAAzC,EAAmD,CAAC,CAAD,EAAI,CAAJ,CAAnD,EACI,kBADJ;AAEAH,EAAAA,KAAK,CAACW,gBAAN,CAAuBJ,IAAI,CAACK,UAA5B,EAAwCX,GAAxC,EAA6C,CAAC,CAAD,EAAI,CAAJ,CAA7C,EACI,oBADJ;AAEAD,EAAAA,KAAK,CAACW,gBAAN,CAAuBJ,IAAI,CAACM,MAA5B,EAAoCV,QAApC,EAA8C,CAAC,CAAD,EAAI,CAAJ,CAA9C,EAAsD,gBAAtD;;AACA,MAAII,IAAI,CAACO,SAAL,KAAmBC,SAAvB,EAAkC;AACjCf,IAAAA,KAAK,CAACW,gBAAN,CAAuBJ,IAAI,CAACO,SAA5B,EAAuCb,GAAvC,EAA4C,CAAC,CAAD,EAAI,CAAJ,CAA5C,EACI,mBADJ;AAEA;;AACDV,EAAAA,MAAM,CAACiB,MAAP,CAAcD,IAAI,CAACS,UAAnB,EAA+B,oBAA/B;AACAzB,EAAAA,MAAM,CAAC0B,MAAP,CAAcV,IAAI,CAACW,MAAnB,EAA2B,gBAA3B;AACA3B,EAAAA,MAAM,CAAC4B,IAAP,CAAYZ,IAAI,CAACa,SAAjB,EAA4B,mBAA5B;AACA7B,EAAAA,MAAM,CAAC4B,IAAP,CAAYZ,IAAI,CAACc,UAAjB,EAA6B,mBAA7B;AAEA9B,EAAAA,MAAM,CAAC+B,qBAAP,CAA6Bf,IAAI,CAACgB,QAAlC,EAA4C,kBAA5C;AAEA,OAAKC,UAAL,GAAkB,EAAlB;AAEA,OAAKd,QAAL,GAAgBH,IAAI,CAACG,QAArB;AACA,OAAKG,MAAL,GAAcN,IAAI,CAACM,MAAnB;AACA,OAAKD,UAAL,GAAkBL,IAAI,CAACK,UAAvB;AACA,OAAKE,SAAL,GAAiBP,IAAI,CAACO,SAAtB;AACA,OAAKE,UAAL,GAAkBT,IAAI,CAACS,UAAvB;AACA,OAAKE,MAAL,GAAcX,IAAI,CAACW,MAAnB;AACA,OAAKE,SAAL,GAAiBb,IAAI,CAACa,SAAtB;AACA,OAAKC,UAAL,GAAkBd,IAAI,CAACc,UAAvB;AACA,OAAKE,QAAL,GAAgBhB,IAAI,CAACgB,QAArB;AACA;;AAEDjC,WAAW,CAACc,OAAZ,GAAsBA,OAAtB;;AAEAd,WAAW,CAACmC,SAAZ,CAAsBC,QAAtB,GAAiC,UAAUC,MAAV,EAAkBC,OAAlB,EAA2B;AAC3D,MAAID,MAAM,KAAKZ,SAAf,EACCY,MAAM,GAAG,MAAT;AACDpC,EAAAA,MAAM,CAACsC,MAAP,CAAcF,MAAd,EAAsB,QAAtB;AACApC,EAAAA,MAAM,CAACiB,MAAP,CAAcJ,OAAO,CAACuB,MAAD,CAArB,EAA+B,iBAA/B;AACApC,EAAAA,MAAM,CAACuC,cAAP,CAAsBF,OAAtB,EAA+B,SAA/B;AAEA,SAAQxB,OAAO,CAACuB,MAAD,CAAP,CAAgBI,KAAhB,CAAsB,IAAtB,EAA4BH,OAA5B,CAAR;AACA,CARD;;AAUAtC,WAAW,CAACmC,SAAZ,CAAsBO,QAAtB,GAAiC,UAAUL,MAAV,EAAkBC,OAAlB,EAA2B;AAC3D,MAAID,MAAM,KAAKZ,SAAf,EACCY,MAAM,GAAG,KAAT;AACD,SAAQ,KAAKD,QAAL,CAAcC,MAAd,EAAsBC,OAAtB,EAA+BI,QAA/B,EAAR;AACA,CAJD;;AAMA1C,WAAW,CAACmC,SAAZ,CAAsBQ,WAAtB,GAAoC,UAAUC,IAAV,EAAgB;AACnD,MAAIA,IAAI,KAAKnB,SAAb,EACCmB,IAAI,GAAG,QAAP;AACD3C,EAAAA,MAAM,CAACsC,MAAP,CAAcK,IAAd,EAAoB,WAApB;AACA,MAAI3B,IAAI,GAAG;AACV4B,IAAAA,IAAI,EAAE,aADI;AAEVC,IAAAA,IAAI,EAAE,KAAKA,IAAL,CAAUF,IAAV,CAFI;AAGVG,IAAAA,SAAS,EAAEH;AAHD,GAAX;AAKA,SAAQ,IAAItC,WAAJ,CAAgBW,IAAhB,CAAR;AACA,CAVD;;AAYAjB,WAAW,CAACmC,SAAZ,CAAsBW,IAAtB,GAA6B,UAAUF,IAAV,EAAgB;AAC5C3C,EAAAA,MAAM,CAACsC,MAAP,CAAcK,IAAd,EAAoB,WAApB;AACAA,EAAAA,IAAI,GAAGA,IAAI,CAACI,WAAL,EAAP;AACA,MAAI5C,IAAI,CAAC6C,QAAL,CAAcL,IAAd,MAAwBnB,SAA5B,EACC,MAAO,IAAIT,qBAAJ,CAA0B4B,IAA1B,CAAP;AAED,MAAI,KAAKV,UAAL,CAAgBU,IAAhB,CAAJ,EACC,OAAQ,KAAKV,UAAL,CAAgBU,IAAhB,CAAR;AAED,MAAIE,IAAI,GAAGzC,MAAM,CAAC6C,UAAP,CAAkBN,IAAlB,EACPO,MADO,CACA,KAAKf,QAAL,CAAc,MAAd,CADA,EACuBgB,MADvB,EAAX;AAEA,OAAKlB,UAAL,CAAgBU,IAAhB,IAAwBE,IAAxB;AACA,SAAQA,IAAR;AACA,CAbD;;AAeA9C,WAAW,CAACmC,SAAZ,CAAsBkB,SAAtB,GAAkC,UAAUC,IAAV,EAAgB;AACjD,MAAIA,IAAI,KAAK7B,SAAb,EACC6B,IAAI,GAAG,IAAIC,IAAJ,EAAP;AACD,SAAQ,EAAGD,IAAI,CAACE,OAAL,MAAkB,KAAK1B,SAAL,CAAe0B,OAAf,EAAnB,IACRF,IAAI,CAACE,OAAL,KAAiB,KAAKzB,UAAL,CAAgByB,OAAhB,EADX,CAAR;AAEA,CALD;;AAOAxD,WAAW,CAACmC,SAAZ,CAAsBsB,UAAtB,GAAmC,UAAUC,UAAV,EAAsB;AACxDhD,EAAAA,KAAK,CAACW,gBAAN,CAAuBqC,UAAvB,EAAmC1D,WAAnC,EAAgD,CAAC,CAAD,EAAI,CAAJ,CAAhD,EAAwD,QAAxD;AAEA,MAAI,CAAC,KAAKuB,MAAL,CAAYoC,MAAZ,CAAmBD,UAAU,CAACtC,QAAX,CAAoB,CAApB,CAAnB,CAAL,EACC,OAAQ,KAAR;;AACD,MAAI,KAAKG,MAAL,CAAYU,QAAZ,IAAwB,KAAKV,MAAL,CAAYU,QAAZ,CAAqB2B,MAArB,GAA8B,CAAtD,IACA,KAAKrC,MAAL,CAAYU,QAAZ,CAAqB4B,OAArB,CAA6B,IAA7B,MAAuC,CAAC,CAD5C,EAC+C;AAC9C,WAAQ,KAAR;AACA;;AAED,SAAQ,KAAKC,aAAL,CAAmBJ,UAAU,CAACpC,UAA9B,CAAR;AACA,CAXD;;AAaAtB,WAAW,CAACmC,SAAZ,CAAsB4B,YAAtB,GAAqC,UAAUC,QAAV,EAAoB;AACxD/D,EAAAA,MAAM,CAACsC,MAAP,CAAcyB,QAAd,EAAwB,UAAxB;AACA,MAAIC,GAAG,GAAG,KAAKC,aAAL,GAAqBC,MAArB,CAA4B,UAAUC,QAAV,EAAoB;AACzD,QAAIA,QAAQ,CAAC/B,MAAT,KAAoB,MAAxB,EACC,OAAQ+B,QAAQ,CAACC,GAAT,KAAiBL,QAAzB;AACD,QAAII,QAAQ,CAAC/B,MAAT,KAAoB,SAAxB,EACC,OAAQ+B,QAAQ,CAACE,IAAT,KAAkBN,QAA1B;AACD,WAAQ,KAAR;AACA,GANS,EAMP,CANO,CAAV;AAOA,SAAQC,GAAR;AACA,CAVD;;AAYAjE,WAAW,CAACmC,SAAZ,CAAsB+B,aAAtB,GAAsC,YAAY;AACjD,MAAIK,IAAI,GAAG,EAAX;AACA,MAAIC,IAAI,GAAG,KAAK9C,UAAL,CAAgB8C,IAA3B;;AACA,MAAIA,IAAI,IAAIA,IAAI,CAACC,MAAb,IAAuBD,IAAI,CAACC,MAAL,CAAYF,IAAvC,EAA6C;AAC5CC,IAAAA,IAAI,CAACC,MAAL,CAAYF,IAAZ,CAAiBG,OAAjB,CAAyB,UAAUT,GAAV,EAAe;AACvCA,MAAAA,GAAG,CAAC5B,MAAJ,GAAa,MAAb;AACAkC,MAAAA,IAAI,CAACI,IAAL,CAAUV,GAAV;AACA,KAHD;AAIA;;AACD,MAAIW,OAAO,GAAG,KAAKlD,UAAL,CAAgBkD,OAA9B;;AACA,MAAIA,OAAO,IAAIA,OAAO,CAACL,IAAvB,EAA6B;AAC5BK,IAAAA,OAAO,CAACL,IAAR,CAAaG,OAAb,CAAqB,UAAUT,GAAV,EAAe;AACnCA,MAAAA,GAAG,CAAC5B,MAAJ,GAAa,SAAb;AACAkC,MAAAA,IAAI,CAACI,IAAL,CAAUV,GAAV;AACA,KAHD;AAIA;;AACD,SAAQM,IAAR;AACA,CAjBD;;AAmBAvE,WAAW,CAACmC,SAAZ,CAAsB2B,aAAtB,GAAsC,UAAUtC,SAAV,EAAqB;AAC1Dd,EAAAA,KAAK,CAACW,gBAAN,CAAuBG,SAAvB,EAAkCb,GAAlC,EAAuC,CAAC,CAAD,EAAI,CAAJ,CAAvC,EAA+C,WAA/C;;AAEA,MAAI,KAAKa,SAAL,KAAmBC,SAAvB,EAAkC;AACjC,WAAQ,KAAKD,SAAL,CACJmB,WADI,CACQ,QADR,EACkBkC,OADlB,CAC0BrD,SAD1B,CAAR;AAEA;;AAED,MAAIsD,GAAG,GAAGC,MAAM,CAACC,IAAP,CAAY,KAAKtD,UAAjB,EAA6B,CAA7B,CAAV;AACA,MAAIuD,KAAK,GAAGnE,OAAO,CAACgE,GAAD,CAAP,CAAaI,MAAb,CAAoB,IAApB,EAA0B1D,SAA1B,CAAZ;AACA,MAAIyD,KAAJ,EACC,KAAKzD,SAAL,GAAiBA,SAAjB;AACD,SAAQyD,KAAR;AACA,CAbD;;AAeAjF,WAAW,CAACmC,SAAZ,CAAsBgD,QAAtB,GAAiC,UAAUC,GAAV,EAAe;AAC/C1E,EAAAA,KAAK,CAACW,gBAAN,CAAuB+D,GAAvB,EAA4BxE,UAA5B,EAAwC,CAAC,CAAD,EAAI,CAAJ,CAAxC,EAAgD,KAAhD;AACA,MAAIyE,IAAI,GAAGN,MAAM,CAACC,IAAP,CAAYlE,OAAZ,CAAX;AACA,MAAIwE,MAAM,GAAG,KAAb;;AACA,OAAK,IAAIC,CAAC,GAAG,CAAb,EAAgBA,CAAC,GAAGF,IAAI,CAACzB,MAAzB,EAAiC,EAAE2B,CAAnC,EAAsC;AACrC,QAAIF,IAAI,CAACE,CAAD,CAAJ,KAAY,KAAhB,EAAuB;AACtB,UAAIC,GAAG,GAAG1E,OAAO,CAACuE,IAAI,CAACE,CAAD,CAAL,CAAP,CAAiBE,IAAjB,CAAsB,IAAtB,EAA4BL,GAA5B,CAAV;AACA,UAAII,GAAG,KAAK,IAAZ,EACCF,MAAM,GAAG,IAAT;AACD;AACD;;AACD,MAAI,CAACA,MAAL,EAAa;AACZ,UAAO,IAAII,KAAJ,CAAU,4CACb,+BADG,CAAP;AAEA;AACD,CAfD;;AAiBA1F,WAAW,CAAC2F,gBAAZ,GAA+B,UAAUC,iBAAV,EAA6BR,GAA7B,EAAkC9C,OAAlC,EAA2C;AACzE,MAAIlB,QAAJ;AACA,MAAIyE,KAAK,CAACC,OAAN,CAAcF,iBAAd,CAAJ,EACCxE,QAAQ,GAAGwE,iBAAX,CADD,KAGCxE,QAAQ,GAAG,CAACwE,iBAAD,CAAX;AAED3F,EAAAA,MAAM,CAACkB,aAAP,CAAqBC,QAArB;AACAA,EAAAA,QAAQ,CAACsD,OAAT,CAAiB,UAAUqB,OAAV,EAAmB;AACnCrF,IAAAA,KAAK,CAACW,gBAAN,CAAuB0E,OAAvB,EAAgClF,QAAhC,EAA0C,CAAC,CAAD,EAAI,CAAJ,CAA1C,EAAkD,SAAlD;AACA,GAFD;AAIAH,EAAAA,KAAK,CAACW,gBAAN,CAAuB+D,GAAvB,EAA4BxE,UAA5B,EAAwC,CAAC,CAAD,EAAI,CAAJ,CAAxC,EAAgD,aAAhD;AAEAX,EAAAA,MAAM,CAACuC,cAAP,CAAsBF,OAAtB,EAA+B,SAA/B;AACA,MAAIA,OAAO,KAAKb,SAAhB,EACCa,OAAO,GAAG,EAAV;AACDrC,EAAAA,MAAM,CAACuC,cAAP,CAAsBF,OAAO,CAACR,SAA9B,EAAyC,mBAAzC;AACA7B,EAAAA,MAAM,CAACuC,cAAP,CAAsBF,OAAO,CAACP,UAA9B,EAA0C,oBAA1C;AACA,MAAID,SAAS,GAAGQ,OAAO,CAACR,SAAxB;AACA,MAAIC,UAAU,GAAGO,OAAO,CAACP,UAAzB;AACA,MAAID,SAAS,KAAKL,SAAlB,EACCK,SAAS,GAAG,IAAIyB,IAAJ,EAAZ;;AACD,MAAIxB,UAAU,KAAKN,SAAnB,EAA8B;AAC7BxB,IAAAA,MAAM,CAAC+F,cAAP,CAAsB1D,OAAO,CAAC2D,QAA9B,EAAwC,kBAAxC;AACA,QAAIA,QAAQ,GAAG3D,OAAO,CAAC2D,QAAvB;AACA,QAAIA,QAAQ,KAAKxE,SAAjB,EACCwE,QAAQ,GAAG,KAAG,GAAH,GAAO,EAAP,GAAU,IAArB;AACDlE,IAAAA,UAAU,GAAG,IAAIwB,IAAJ,EAAb;AACAxB,IAAAA,UAAU,CAACmE,OAAX,CAAmBnE,UAAU,CAACyB,OAAX,KAAuByC,QAAQ,GAAC,IAAnD;AACA;;AACDhG,EAAAA,MAAM,CAACkG,cAAP,CAAsB7D,OAAO,CAACV,MAA9B,EAAsC,gBAAtC;AACA,MAAIA,MAAM,GAAGU,OAAO,CAACV,MAArB;AACA,MAAIA,MAAM,KAAKH,SAAf,EACCG,MAAM,GAAGzB,MAAM,CAACiG,IAAP,CAAY,kBAAZ,EAAgC,KAAhC,CAAT;AAED,MAAInE,QAAQ,GAAGK,OAAO,CAACL,QAAvB;AACA,MAAIA,QAAQ,KAAKR,SAAjB,EACCQ,QAAQ,GAAG,EAAX;AAED,MAAIA,QAAQ,CAAC4B,OAAT,CAAiB,WAAjB,MAAkC,CAAC,CAAvC,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,WAAd;AAED;;AACA,MAAI1C,QAAQ,CAAC4B,OAAT,CAAiB,IAAjB,MAA2B,CAAC,CAAhC,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,IAAd;AACD,MAAI1C,QAAQ,CAAC4B,OAAT,CAAiB,KAAjB,MAA4B,CAAC,CAAjC,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,KAAd;AAED;AACD;AACA;AACA;;AACC,MAAI1C,QAAQ,CAAC2B,MAAT,IAAmB,CAAvB,EAA0B;AACzB,QAAIyC,YAAY,GAAGjF,QAAQ,CAAC+C,MAAT,CAAgB,UAAU4B,OAAV,EAAmB;AACrD,aAAQA,OAAO,CAAClD,IAAR,KAAiB,MAAzB;AACA,KAFkB,CAAnB;AAGA,QAAIyD,YAAY,GAAGlF,QAAQ,CAAC+C,MAAT,CAAgB,UAAU4B,OAAV,EAAmB;AACrD,aAAQA,OAAO,CAAClD,IAAR,KAAiB,MAAzB;AACA,KAFkB,CAAnB;;AAGA,QAAIwD,YAAY,CAACzC,MAAb,GAAsB,CAA1B,EAA6B;AAC5B,UAAI3B,QAAQ,CAAC4B,OAAT,CAAiB,YAAjB,MAAmC,CAAC,CAAxC,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,YAAd;AACD;;AACD,QAAI2B,YAAY,CAAC1C,MAAb,GAAsB,CAA1B,EAA6B;AAC5B,UAAI3B,QAAQ,CAAC4B,OAAT,CAAiB,YAAjB,MAAmC,CAAC,CAAxC,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,YAAd;AACD;;AACD,QAAI2B,YAAY,CAAC1C,MAAb,GAAsB,CAAtB,IAA2ByC,YAAY,CAACzC,MAAb,GAAsB,CAArD,EAAwD;AACvD,UAAI3B,QAAQ,CAAC4B,OAAT,CAAiB,cAAjB,MAAqC,CAAC,CAA1C,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,cAAd;AACD,UAAIS,GAAG,CAACvC,IAAJ,KAAa,KAAb,IACAZ,QAAQ,CAAC4B,OAAT,CAAiB,YAAjB,MAAmC,CAAC,CADxC,EAEC5B,QAAQ,CAAC0C,IAAT,CAAc,YAAd;AACD;AACD;;AAED,MAAI4B,IAAI,GAAG,IAAIvG,WAAJ,CAAgB;AAC1BoB,IAAAA,QAAQ,EAAEA,QADgB;AAE1BG,IAAAA,MAAM,EAAEH,QAAQ,CAAC,CAAD,CAFU;AAG1BE,IAAAA,UAAU,EAAE8D,GAAG,CAACoB,QAAJ,EAHc;AAI1BhF,IAAAA,SAAS,EAAE4D,GAAG,CAACoB,QAAJ,EAJe;AAK1B9E,IAAAA,UAAU,EAAE,EALc;AAM1BE,IAAAA,MAAM,EAAEA,MANkB;AAO1BE,IAAAA,SAAS,EAAEA,SAPe;AAQ1BC,IAAAA,UAAU,EAAEA,UARc;AAS1BE,IAAAA,QAAQ,EAAEA;AATgB,GAAhB,CAAX;AAWAsE,EAAAA,IAAI,CAACpB,QAAL,CAAcC,GAAd;AAEA,SAAQmB,IAAR;AACA,CA3FD;;AA6FAvG,WAAW,CAACyG,MAAZ,GACI,UAAUb,iBAAV,EAA6BR,GAA7B,EAAkC7D,MAAlC,EAA0CC,SAA1C,EAAqDc,OAArD,EAA8D;AACjE,MAAIlB,QAAJ;AACA,MAAIyE,KAAK,CAACC,OAAN,CAAcF,iBAAd,CAAJ,EACCxE,QAAQ,GAAGwE,iBAAX,CADD,KAGCxE,QAAQ,GAAG,CAACwE,iBAAD,CAAX;AAED3F,EAAAA,MAAM,CAACkB,aAAP,CAAqBC,QAArB;AACAA,EAAAA,QAAQ,CAACsD,OAAT,CAAiB,UAAUqB,OAAV,EAAmB;AACnCrF,IAAAA,KAAK,CAACW,gBAAN,CAAuB0E,OAAvB,EAAgClF,QAAhC,EAA0C,CAAC,CAAD,EAAI,CAAJ,CAA1C,EAAkD,SAAlD;AACA,GAFD;AAIAH,EAAAA,KAAK,CAACW,gBAAN,CAAuB+D,GAAvB,EAA4BzE,GAA5B,EAAiC,CAAC,CAAD,EAAI,CAAJ,CAAjC,EAAyC,KAAzC;AACA,MAAIC,UAAU,CAAC8F,YAAX,CAAwBtB,GAAxB,CAAJ,EACCA,GAAG,GAAGA,GAAG,CAACoB,QAAJ,EAAN;AACD9F,EAAAA,KAAK,CAACW,gBAAN,CAAuBE,MAAvB,EAA+BV,QAA/B,EAAyC,CAAC,CAAD,EAAI,CAAJ,CAAzC,EAAiD,QAAjD;AACAH,EAAAA,KAAK,CAACW,gBAAN,CAAuBG,SAAvB,EAAkCZ,UAAlC,EAA8C,CAAC,CAAD,EAAI,CAAJ,CAA9C,EAAsD,YAAtD;AAEAX,EAAAA,MAAM,CAACuC,cAAP,CAAsBF,OAAtB,EAA+B,SAA/B;AACA,MAAIA,OAAO,KAAKb,SAAhB,EACCa,OAAO,GAAG,EAAV;AACDrC,EAAAA,MAAM,CAACuC,cAAP,CAAsBF,OAAO,CAACR,SAA9B,EAAyC,mBAAzC;AACA7B,EAAAA,MAAM,CAACuC,cAAP,CAAsBF,OAAO,CAACP,UAA9B,EAA0C,oBAA1C;AACA,MAAID,SAAS,GAAGQ,OAAO,CAACR,SAAxB;AACA,MAAIC,UAAU,GAAGO,OAAO,CAACP,UAAzB;AACA,MAAID,SAAS,KAAKL,SAAlB,EACCK,SAAS,GAAG,IAAIyB,IAAJ,EAAZ;;AACD,MAAIxB,UAAU,KAAKN,SAAnB,EAA8B;AAC7BxB,IAAAA,MAAM,CAAC+F,cAAP,CAAsB1D,OAAO,CAAC2D,QAA9B,EAAwC,kBAAxC;AACA,QAAIA,QAAQ,GAAG3D,OAAO,CAAC2D,QAAvB;AACA,QAAIA,QAAQ,KAAKxE,SAAjB,EACCwE,QAAQ,GAAG,KAAG,GAAH,GAAO,EAAP,GAAU,IAArB;AACDlE,IAAAA,UAAU,GAAG,IAAIwB,IAAJ,EAAb;AACAxB,IAAAA,UAAU,CAACmE,OAAX,CAAmBnE,UAAU,CAACyB,OAAX,KAAuByC,QAAQ,GAAC,IAAnD;AACA;;AACDhG,EAAAA,MAAM,CAACkG,cAAP,CAAsB7D,OAAO,CAACV,MAA9B,EAAsC,gBAAtC;AACA,MAAIA,MAAM,GAAGU,OAAO,CAACV,MAArB;AACA,MAAIA,MAAM,KAAKH,SAAf,EACCG,MAAM,GAAGzB,MAAM,CAACiG,IAAP,CAAY,kBAAZ,EAAgC,KAAhC,CAAT;AAED,MAAInE,QAAQ,GAAGK,OAAO,CAACL,QAAvB;AACA,MAAIA,QAAQ,KAAKR,SAAjB,EACCQ,QAAQ,GAAG,EAAX;AAED,MAAIA,QAAQ,CAAC4B,OAAT,CAAiB,WAAjB,MAAkC,CAAC,CAAvC,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,WAAd;;AAED,MAAIrC,OAAO,CAACqE,EAAR,KAAe,IAAnB,EAAyB;AACxB,QAAI1E,QAAQ,CAAC4B,OAAT,CAAiB,IAAjB,MAA2B,CAAC,CAAhC,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,IAAd;AACD,QAAI1C,QAAQ,CAAC4B,OAAT,CAAiB,KAAjB,MAA4B,CAAC,CAAjC,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,KAAd;AACD;;AAED,MAAI0B,YAAY,GAAGjF,QAAQ,CAAC+C,MAAT,CAAgB,UAAU4B,OAAV,EAAmB;AACrD,WAAQA,OAAO,CAAClD,IAAR,KAAiB,MAAzB;AACA,GAFkB,CAAnB;AAGA,MAAIyD,YAAY,GAAGlF,QAAQ,CAAC+C,MAAT,CAAgB,UAAU4B,OAAV,EAAmB;AACrD,WAAQA,OAAO,CAAClD,IAAR,KAAiB,MAAzB;AACA,GAFkB,CAAnB;;AAGA,MAAIwD,YAAY,CAACzC,MAAb,GAAsB,CAA1B,EAA6B;AAC5B,QAAI3B,QAAQ,CAAC4B,OAAT,CAAiB,YAAjB,MAAmC,CAAC,CAAxC,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,YAAd;AACD;;AACD,MAAI2B,YAAY,CAAC1C,MAAb,GAAsB,CAA1B,EAA6B;AAC5B,QAAI3B,QAAQ,CAAC4B,OAAT,CAAiB,YAAjB,MAAmC,CAAC,CAAxC,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,YAAd;AACD;;AACD,MAAI2B,YAAY,CAAC1C,MAAb,GAAsB,CAAtB,IAA2ByC,YAAY,CAACzC,MAAb,GAAsB,CAArD,EAAwD;AACvD,QAAI3B,QAAQ,CAAC4B,OAAT,CAAiB,cAAjB,MAAqC,CAAC,CAA1C,EACC5B,QAAQ,CAAC0C,IAAT,CAAc,cAAd;AACD,QAAIS,GAAG,CAACvC,IAAJ,KAAa,KAAb,IACAZ,QAAQ,CAAC4B,OAAT,CAAiB,YAAjB,MAAmC,CAAC,CADxC,EAEC5B,QAAQ,CAAC0C,IAAT,CAAc,YAAd;AACD;;AAED,MAAI4B,IAAI,GAAG,IAAIvG,WAAJ,CAAgB;AAC1BoB,IAAAA,QAAQ,EAAEA,QADgB;AAE1BG,IAAAA,MAAM,EAAEA,MAFkB;AAG1BD,IAAAA,UAAU,EAAE8D,GAHc;AAI1B5D,IAAAA,SAAS,EAAEA,SAAS,CAACgF,QAAV,EAJe;AAK1B9E,IAAAA,UAAU,EAAE,EALc;AAM1BE,IAAAA,MAAM,EAAEA,MANkB;AAO1BE,IAAAA,SAAS,EAAEA,SAPe;AAQ1BC,IAAAA,UAAU,EAAEA,UARc;AAS1BE,IAAAA,QAAQ,EAAEA;AATgB,GAAhB,CAAX;AAWAsE,EAAAA,IAAI,CAACpB,QAAL,CAAc3D,SAAd;AAEA,SAAQ+E,IAAR;AACA,CA3FD;;AA6FAvG,WAAW,CAAC4G,KAAZ,GAAoB,UAAUC,IAAV,EAAgBxE,MAAhB,EAAwBC,OAAxB,EAAiC;AACpD,MAAI,OAAQuE,IAAR,KAAkB,QAAtB,EACC5G,MAAM,CAAC0B,MAAP,CAAckF,IAAd,EAAoB,MAApB;AACD,MAAIxE,MAAM,KAAKZ,SAAf,EACCY,MAAM,GAAG,MAAT;AACDpC,EAAAA,MAAM,CAACsC,MAAP,CAAcF,MAAd,EAAsB,QAAtB;AACA,MAAI,OAAQC,OAAR,KAAqB,QAAzB,EACCA,OAAO,GAAG;AAAEwE,IAAAA,QAAQ,EAAExE;AAAZ,GAAV;AACDrC,EAAAA,MAAM,CAACuC,cAAP,CAAsBF,OAAtB,EAA+B,SAA/B;AACA,MAAIA,OAAO,KAAKb,SAAhB,EACCa,OAAO,GAAG,EAAV;AACDrC,EAAAA,MAAM,CAAC8G,cAAP,CAAsBzE,OAAO,CAACwE,QAA9B,EAAwC,kBAAxC;AACA,MAAIxE,OAAO,CAACwE,QAAR,KAAqBrF,SAAzB,EACCa,OAAO,CAACwE,QAAR,GAAmB,WAAnB;AAED7G,EAAAA,MAAM,CAACiB,MAAP,CAAcJ,OAAO,CAACuB,MAAD,CAArB,EAA+B,iBAA/B;;AAEA,MAAI;AACH,QAAI2E,CAAC,GAAGlG,OAAO,CAACuB,MAAD,CAAP,CAAgB4E,IAAhB,CAAqBJ,IAArB,EAA2BvE,OAA3B,CAAR;AACA,WAAQ0E,CAAR;AACA,GAHD,CAGE,OAAOE,CAAP,EAAU;AACX,UAAO,IAAInG,qBAAJ,CAA0BuB,OAAO,CAACwE,QAAlC,EAA4CzE,MAA5C,EAAoD6E,CAApD,CAAP;AACA;AACD,CAvBD;;AAyBAlH,WAAW,CAACmH,aAAZ,GAA4B,UAAUC,GAAV,EAAeC,GAAf,EAAoB;AAC/C,SAAQ3G,KAAK,CAAC4G,YAAN,CAAmBF,GAAnB,EAAwBpH,WAAxB,EAAqCqH,GAArC,CAAR;AACA,CAFD;AAIA;AACA;AACA;AACA;AACA;;;AACArH,WAAW,CAACmC,SAAZ,CAAsBoF,gBAAtB,GAAyC,CAAC,CAAD,EAAI,CAAJ,CAAzC;;AAEAvH,WAAW,CAACwH,iBAAZ,GAAgC,UAAUJ,GAAV,EAAe;AAC9C,SAAQ,CAAC,CAAD,EAAI,CAAJ,CAAR;AACA,CAFD","sourcesContent":["// Copyright 2016 Joyent, Inc.\n\nmodule.exports = Certificate;\n\nvar assert = require('assert-plus');\nvar Buffer = require('safer-buffer').Buffer;\nvar algs = require('./algs');\nvar crypto = require('crypto');\nvar Fingerprint = require('./fingerprint');\nvar Signature = require('./signature');\nvar errs = require('./errors');\nvar util = require('util');\nvar utils = require('./utils');\nvar Key = require('./key');\nvar PrivateKey = require('./private-key');\nvar Identity = require('./identity');\n\nvar formats = {};\nformats['openssh'] = require('./formats/openssh-cert');\nformats['x509'] = require('./formats/x509');\nformats['pem'] = require('./formats/x509-pem');\n\nvar CertificateParseError = errs.CertificateParseError;\nvar InvalidAlgorithmError = errs.InvalidAlgorithmError;\n\nfunction Certificate(opts) {\n\tassert.object(opts, 'options');\n\tassert.arrayOfObject(opts.subjects, 'options.subjects');\n\tutils.assertCompatible(opts.subjects[0], Identity, [1, 0],\n\t 'options.subjects');\n\tutils.assertCompatible(opts.subjectKey, Key, [1, 0],\n\t 'options.subjectKey');\n\tutils.assertCompatible(opts.issuer, Identity, [1, 0], 'options.issuer');\n\tif (opts.issuerKey !== undefined) {\n\t\tutils.assertCompatible(opts.issuerKey, Key, [1, 0],\n\t\t 'options.issuerKey');\n\t}\n\tassert.object(opts.signatures, 'options.signatures');\n\tassert.buffer(opts.serial, 'options.serial');\n\tassert.date(opts.validFrom, 'options.validFrom');\n\tassert.date(opts.validUntil, 'optons.validUntil');\n\n\tassert.optionalArrayOfString(opts.purposes, 'options.purposes');\n\n\tthis._hashCache = {};\n\n\tthis.subjects = opts.subjects;\n\tthis.issuer = opts.issuer;\n\tthis.subjectKey = opts.subjectKey;\n\tthis.issuerKey = opts.issuerKey;\n\tthis.signatures = opts.signatures;\n\tthis.serial = opts.serial;\n\tthis.validFrom = opts.validFrom;\n\tthis.validUntil = opts.validUntil;\n\tthis.purposes = opts.purposes;\n}\n\nCertificate.formats = formats;\n\nCertificate.prototype.toBuffer = function (format, options) {\n\tif (format === undefined)\n\t\tformat = 'x509';\n\tassert.string(format, 'format');\n\tassert.object(formats[format], 'formats[format]');\n\tassert.optionalObject(options, 'options');\n\n\treturn (formats[format].write(this, options));\n};\n\nCertificate.prototype.toString = function (format, options) {\n\tif (format === undefined)\n\t\tformat = 'pem';\n\treturn (this.toBuffer(format, options).toString());\n};\n\nCertificate.prototype.fingerprint = function (algo) {\n\tif (algo === undefined)\n\t\talgo = 'sha256';\n\tassert.string(algo, 'algorithm');\n\tvar opts = {\n\t\ttype: 'certificate',\n\t\thash: this.hash(algo),\n\t\talgorithm: algo\n\t};\n\treturn (new Fingerprint(opts));\n};\n\nCertificate.prototype.hash = function (algo) {\n\tassert.string(algo, 'algorithm');\n\talgo = algo.toLowerCase();\n\tif (algs.hashAlgs[algo] === undefined)\n\t\tthrow (new InvalidAlgorithmError(algo));\n\n\tif (this._hashCache[algo])\n\t\treturn (this._hashCache[algo]);\n\n\tvar hash = crypto.createHash(algo).\n\t update(this.toBuffer('x509')).digest();\n\tthis._hashCache[algo] = hash;\n\treturn (hash);\n};\n\nCertificate.prototype.isExpired = function (when) {\n\tif (when === undefined)\n\t\twhen = new Date();\n\treturn (!((when.getTime() >= this.validFrom.getTime()) &&\n\t\t(when.getTime() < this.validUntil.getTime())));\n};\n\nCertificate.prototype.isSignedBy = function (issuerCert) {\n\tutils.assertCompatible(issuerCert, Certificate, [1, 0], 'issuer');\n\n\tif (!this.issuer.equals(issuerCert.subjects[0]))\n\t\treturn (false);\n\tif (this.issuer.purposes && this.issuer.purposes.length > 0 &&\n\t this.issuer.purposes.indexOf('ca') === -1) {\n\t\treturn (false);\n\t}\n\n\treturn (this.isSignedByKey(issuerCert.subjectKey));\n};\n\nCertificate.prototype.getExtension = function (keyOrOid) {\n\tassert.string(keyOrOid, 'keyOrOid');\n\tvar ext = this.getExtensions().filter(function (maybeExt) {\n\t\tif (maybeExt.format === 'x509')\n\t\t\treturn (maybeExt.oid === keyOrOid);\n\t\tif (maybeExt.format === 'openssh')\n\t\t\treturn (maybeExt.name === keyOrOid);\n\t\treturn (false);\n\t})[0];\n\treturn (ext);\n};\n\nCertificate.prototype.getExtensions = function () {\n\tvar exts = [];\n\tvar x509 = this.signatures.x509;\n\tif (x509 && x509.extras && x509.extras.exts) {\n\t\tx509.extras.exts.forEach(function (ext) {\n\t\t\text.format = 'x509';\n\t\t\texts.push(ext);\n\t\t});\n\t}\n\tvar openssh = this.signatures.openssh;\n\tif (openssh && openssh.exts) {\n\t\topenssh.exts.forEach(function (ext) {\n\t\t\text.format = 'openssh';\n\t\t\texts.push(ext);\n\t\t});\n\t}\n\treturn (exts);\n};\n\nCertificate.prototype.isSignedByKey = function (issuerKey) {\n\tutils.assertCompatible(issuerKey, Key, [1, 2], 'issuerKey');\n\n\tif (this.issuerKey !== undefined) {\n\t\treturn (this.issuerKey.\n\t\t fingerprint('sha512').matches(issuerKey));\n\t}\n\n\tvar fmt = Object.keys(this.signatures)[0];\n\tvar valid = formats[fmt].verify(this, issuerKey);\n\tif (valid)\n\t\tthis.issuerKey = issuerKey;\n\treturn (valid);\n};\n\nCertificate.prototype.signWith = function (key) {\n\tutils.assertCompatible(key, PrivateKey, [1, 2], 'key');\n\tvar fmts = Object.keys(formats);\n\tvar didOne = false;\n\tfor (var i = 0; i < fmts.length; ++i) {\n\t\tif (fmts[i] !== 'pem') {\n\t\t\tvar ret = formats[fmts[i]].sign(this, key);\n\t\t\tif (ret === true)\n\t\t\t\tdidOne = true;\n\t\t}\n\t}\n\tif (!didOne) {\n\t\tthrow (new Error('Failed to sign the certificate for any ' +\n\t\t 'available certificate formats'));\n\t}\n};\n\nCertificate.createSelfSigned = function (subjectOrSubjects, key, options) {\n\tvar subjects;\n\tif (Array.isArray(subjectOrSubjects))\n\t\tsubjects = subjectOrSubjects;\n\telse\n\t\tsubjects = [subjectOrSubjects];\n\n\tassert.arrayOfObject(subjects);\n\tsubjects.forEach(function (subject) {\n\t\tutils.assertCompatible(subject, Identity, [1, 0], 'subject');\n\t});\n\n\tutils.assertCompatible(key, PrivateKey, [1, 2], 'private key');\n\n\tassert.optionalObject(options, 'options');\n\tif (options === undefined)\n\t\toptions = {};\n\tassert.optionalObject(options.validFrom, 'options.validFrom');\n\tassert.optionalObject(options.validUntil, 'options.validUntil');\n\tvar validFrom = options.validFrom;\n\tvar validUntil = options.validUntil;\n\tif (validFrom === undefined)\n\t\tvalidFrom = new Date();\n\tif (validUntil === undefined) {\n\t\tassert.optionalNumber(options.lifetime, 'options.lifetime');\n\t\tvar lifetime = options.lifetime;\n\t\tif (lifetime === undefined)\n\t\t\tlifetime = 10*365*24*3600;\n\t\tvalidUntil = new Date();\n\t\tvalidUntil.setTime(validUntil.getTime() + lifetime*1000);\n\t}\n\tassert.optionalBuffer(options.serial, 'options.serial');\n\tvar serial = options.serial;\n\tif (serial === undefined)\n\t\tserial = Buffer.from('0000000000000001', 'hex');\n\n\tvar purposes = options.purposes;\n\tif (purposes === undefined)\n\t\tpurposes = [];\n\n\tif (purposes.indexOf('signature') === -1)\n\t\tpurposes.push('signature');\n\n\t/* Self-signed certs are always CAs. */\n\tif (purposes.indexOf('ca') === -1)\n\t\tpurposes.push('ca');\n\tif (purposes.indexOf('crl') === -1)\n\t\tpurposes.push('crl');\n\n\t/*\n\t * If we weren't explicitly given any other purposes, do the sensible\n\t * thing and add some basic ones depending on the subject type.\n\t */\n\tif (purposes.length <= 3) {\n\t\tvar hostSubjects = subjects.filter(function (subject) {\n\t\t\treturn (subject.type === 'host');\n\t\t});\n\t\tvar userSubjects = subjects.filter(function (subject) {\n\t\t\treturn (subject.type === 'user');\n\t\t});\n\t\tif (hostSubjects.length > 0) {\n\t\t\tif (purposes.indexOf('serverAuth') === -1)\n\t\t\t\tpurposes.push('serverAuth');\n\t\t}\n\t\tif (userSubjects.length > 0) {\n\t\t\tif (purposes.indexOf('clientAuth') === -1)\n\t\t\t\tpurposes.push('clientAuth');\n\t\t}\n\t\tif (userSubjects.length > 0 || hostSubjects.length > 0) {\n\t\t\tif (purposes.indexOf('keyAgreement') === -1)\n\t\t\t\tpurposes.push('keyAgreement');\n\t\t\tif (key.type === 'rsa' &&\n\t\t\t purposes.indexOf('encryption') === -1)\n\t\t\t\tpurposes.push('encryption');\n\t\t}\n\t}\n\n\tvar cert = new Certificate({\n\t\tsubjects: subjects,\n\t\tissuer: subjects[0],\n\t\tsubjectKey: key.toPublic(),\n\t\tissuerKey: key.toPublic(),\n\t\tsignatures: {},\n\t\tserial: serial,\n\t\tvalidFrom: validFrom,\n\t\tvalidUntil: validUntil,\n\t\tpurposes: purposes\n\t});\n\tcert.signWith(key);\n\n\treturn (cert);\n};\n\nCertificate.create =\n function (subjectOrSubjects, key, issuer, issuerKey, options) {\n\tvar subjects;\n\tif (Array.isArray(subjectOrSubjects))\n\t\tsubjects = subjectOrSubjects;\n\telse\n\t\tsubjects = [subjectOrSubjects];\n\n\tassert.arrayOfObject(subjects);\n\tsubjects.forEach(function (subject) {\n\t\tutils.assertCompatible(subject, Identity, [1, 0], 'subject');\n\t});\n\n\tutils.assertCompatible(key, Key, [1, 0], 'key');\n\tif (PrivateKey.isPrivateKey(key))\n\t\tkey = key.toPublic();\n\tutils.assertCompatible(issuer, Identity, [1, 0], 'issuer');\n\tutils.assertCompatible(issuerKey, PrivateKey, [1, 2], 'issuer key');\n\n\tassert.optionalObject(options, 'options');\n\tif (options === undefined)\n\t\toptions = {};\n\tassert.optionalObject(options.validFrom, 'options.validFrom');\n\tassert.optionalObject(options.validUntil, 'options.validUntil');\n\tvar validFrom = options.validFrom;\n\tvar validUntil = options.validUntil;\n\tif (validFrom === undefined)\n\t\tvalidFrom = new Date();\n\tif (validUntil === undefined) {\n\t\tassert.optionalNumber(options.lifetime, 'options.lifetime');\n\t\tvar lifetime = options.lifetime;\n\t\tif (lifetime === undefined)\n\t\t\tlifetime = 10*365*24*3600;\n\t\tvalidUntil = new Date();\n\t\tvalidUntil.setTime(validUntil.getTime() + lifetime*1000);\n\t}\n\tassert.optionalBuffer(options.serial, 'options.serial');\n\tvar serial = options.serial;\n\tif (serial === undefined)\n\t\tserial = Buffer.from('0000000000000001', 'hex');\n\n\tvar purposes = options.purposes;\n\tif (purposes === undefined)\n\t\tpurposes = [];\n\n\tif (purposes.indexOf('signature') === -1)\n\t\tpurposes.push('signature');\n\n\tif (options.ca === true) {\n\t\tif (purposes.indexOf('ca') === -1)\n\t\t\tpurposes.push('ca');\n\t\tif (purposes.indexOf('crl') === -1)\n\t\t\tpurposes.push('crl');\n\t}\n\n\tvar hostSubjects = subjects.filter(function (subject) {\n\t\treturn (subject.type === 'host');\n\t});\n\tvar userSubjects = subjects.filter(function (subject) {\n\t\treturn (subject.type === 'user');\n\t});\n\tif (hostSubjects.length > 0) {\n\t\tif (purposes.indexOf('serverAuth') === -1)\n\t\t\tpurposes.push('serverAuth');\n\t}\n\tif (userSubjects.length > 0) {\n\t\tif (purposes.indexOf('clientAuth') === -1)\n\t\t\tpurposes.push('clientAuth');\n\t}\n\tif (userSubjects.length > 0 || hostSubjects.length > 0) {\n\t\tif (purposes.indexOf('keyAgreement') === -1)\n\t\t\tpurposes.push('keyAgreement');\n\t\tif (key.type === 'rsa' &&\n\t\t purposes.indexOf('encryption') === -1)\n\t\t\tpurposes.push('encryption');\n\t}\n\n\tvar cert = new Certificate({\n\t\tsubjects: subjects,\n\t\tissuer: issuer,\n\t\tsubjectKey: key,\n\t\tissuerKey: issuerKey.toPublic(),\n\t\tsignatures: {},\n\t\tserial: serial,\n\t\tvalidFrom: validFrom,\n\t\tvalidUntil: validUntil,\n\t\tpurposes: purposes\n\t});\n\tcert.signWith(issuerKey);\n\n\treturn (cert);\n};\n\nCertificate.parse = function (data, format, options) {\n\tif (typeof (data) !== 'string')\n\t\tassert.buffer(data, 'data');\n\tif (format === undefined)\n\t\tformat = 'auto';\n\tassert.string(format, 'format');\n\tif (typeof (options) === 'string')\n\t\toptions = { filename: options };\n\tassert.optionalObject(options, 'options');\n\tif (options === undefined)\n\t\toptions = {};\n\tassert.optionalString(options.filename, 'options.filename');\n\tif (options.filename === undefined)\n\t\toptions.filename = '(unnamed)';\n\n\tassert.object(formats[format], 'formats[format]');\n\n\ttry {\n\t\tvar k = formats[format].read(data, options);\n\t\treturn (k);\n\t} catch (e) {\n\t\tthrow (new CertificateParseError(options.filename, format, e));\n\t}\n};\n\nCertificate.isCertificate = function (obj, ver) {\n\treturn (utils.isCompatible(obj, Certificate, ver));\n};\n\n/*\n * API versions for Certificate:\n * [1,0] -- initial ver\n * [1,1] -- openssh format now unpacks extensions\n */\nCertificate.prototype._sshpkApiVersion = [1, 1];\n\nCertificate._oldVersionDetect = function (obj) {\n\treturn ([1, 0]);\n};\n"]},"metadata":{},"sourceType":"script"}
Reference in New Issue View Git Blame Copy Permalink