1 |
|
|
#include "base_object-inl.h" |
2 |
|
|
#include "crypto_x509.h" |
3 |
|
|
#include "crypto_common.h" |
4 |
|
|
#include "crypto_context.h" |
5 |
|
|
#include "crypto_keys.h" |
6 |
|
|
#include "crypto_bio.h" |
7 |
|
|
#include "env-inl.h" |
8 |
|
|
#include "memory_tracker-inl.h" |
9 |
|
|
#include "node_errors.h" |
10 |
|
|
#include "util-inl.h" |
11 |
|
|
#include "v8.h" |
12 |
|
|
|
13 |
|
|
#include <string> |
14 |
|
|
#include <vector> |
15 |
|
|
|
16 |
|
|
namespace node { |
17 |
|
|
|
18 |
|
|
using v8::ArrayBufferView; |
19 |
|
|
using v8::Context; |
20 |
|
|
using v8::EscapableHandleScope; |
21 |
|
|
using v8::Function; |
22 |
|
|
using v8::FunctionCallbackInfo; |
23 |
|
|
using v8::FunctionTemplate; |
24 |
|
|
using v8::Local; |
25 |
|
|
using v8::MaybeLocal; |
26 |
|
|
using v8::Object; |
27 |
|
|
using v8::Uint32; |
28 |
|
|
using v8::Value; |
29 |
|
|
|
30 |
|
|
namespace crypto { |
31 |
|
|
|
32 |
|
53 |
ManagedX509::ManagedX509(X509Pointer&& cert) : cert_(std::move(cert)) {} |
33 |
|
|
|
34 |
|
|
ManagedX509::ManagedX509(const ManagedX509& that) { |
35 |
|
|
*this = that; |
36 |
|
|
} |
37 |
|
|
|
38 |
|
|
ManagedX509& ManagedX509::operator=(const ManagedX509& that) { |
39 |
|
|
cert_.reset(that.get()); |
40 |
|
|
|
41 |
|
|
if (cert_) |
42 |
|
|
X509_up_ref(cert_.get()); |
43 |
|
|
|
44 |
|
|
return *this; |
45 |
|
|
} |
46 |
|
|
|
47 |
|
|
void ManagedX509::MemoryInfo(MemoryTracker* tracker) const { |
48 |
|
|
// This is an approximation based on the der encoding size. |
49 |
|
|
int size = i2d_X509(cert_.get(), nullptr); |
50 |
|
|
tracker->TrackFieldWithSize("cert", size); |
51 |
|
|
} |
52 |
|
|
|
53 |
|
56 |
Local<FunctionTemplate> X509Certificate::GetConstructorTemplate( |
54 |
|
|
Environment* env) { |
55 |
|
56 |
Local<FunctionTemplate> tmpl = env->x509_constructor_template(); |
56 |
✓✓ |
56 |
if (tmpl.IsEmpty()) { |
57 |
|
3 |
tmpl = FunctionTemplate::New(env->isolate()); |
58 |
|
6 |
tmpl->InstanceTemplate()->SetInternalFieldCount( |
59 |
|
|
BaseObject::kInternalFieldCount); |
60 |
|
3 |
tmpl->Inherit(BaseObject::GetConstructorTemplate(env)); |
61 |
|
3 |
tmpl->SetClassName( |
62 |
|
|
FIXED_ONE_BYTE_STRING(env->isolate(), "X509Certificate")); |
63 |
|
3 |
env->SetProtoMethod(tmpl, "subject", Subject); |
64 |
|
3 |
env->SetProtoMethod(tmpl, "subjectAltName", SubjectAltName); |
65 |
|
3 |
env->SetProtoMethod(tmpl, "infoAccess", InfoAccess); |
66 |
|
3 |
env->SetProtoMethod(tmpl, "issuer", Issuer); |
67 |
|
3 |
env->SetProtoMethod(tmpl, "validTo", ValidTo); |
68 |
|
3 |
env->SetProtoMethod(tmpl, "validFrom", ValidFrom); |
69 |
|
3 |
env->SetProtoMethod(tmpl, "fingerprint", Fingerprint); |
70 |
|
3 |
env->SetProtoMethod(tmpl, "fingerprint256", Fingerprint256); |
71 |
|
3 |
env->SetProtoMethod(tmpl, "fingerprint512", Fingerprint512); |
72 |
|
3 |
env->SetProtoMethod(tmpl, "keyUsage", KeyUsage); |
73 |
|
3 |
env->SetProtoMethod(tmpl, "serialNumber", SerialNumber); |
74 |
|
3 |
env->SetProtoMethod(tmpl, "pem", Pem); |
75 |
|
3 |
env->SetProtoMethod(tmpl, "raw", Raw); |
76 |
|
3 |
env->SetProtoMethod(tmpl, "publicKey", PublicKey); |
77 |
|
3 |
env->SetProtoMethod(tmpl, "checkCA", CheckCA); |
78 |
|
3 |
env->SetProtoMethod(tmpl, "checkHost", CheckHost); |
79 |
|
3 |
env->SetProtoMethod(tmpl, "checkEmail", CheckEmail); |
80 |
|
3 |
env->SetProtoMethod(tmpl, "checkIP", CheckIP); |
81 |
|
3 |
env->SetProtoMethod(tmpl, "checkIssued", CheckIssued); |
82 |
|
3 |
env->SetProtoMethod(tmpl, "checkPrivateKey", CheckPrivateKey); |
83 |
|
3 |
env->SetProtoMethod(tmpl, "verify", Verify); |
84 |
|
3 |
env->SetProtoMethod(tmpl, "toLegacy", ToLegacy); |
85 |
|
3 |
env->SetProtoMethod(tmpl, "getIssuerCert", GetIssuerCert); |
86 |
|
3 |
env->set_x509_constructor_template(tmpl); |
87 |
|
|
} |
88 |
|
56 |
return tmpl; |
89 |
|
|
} |
90 |
|
|
|
91 |
|
2 |
bool X509Certificate::HasInstance(Environment* env, Local<Object> object) { |
92 |
|
4 |
return GetConstructorTemplate(env)->HasInstance(object); |
93 |
|
|
} |
94 |
|
|
|
95 |
|
53 |
MaybeLocal<Object> X509Certificate::New( |
96 |
|
|
Environment* env, |
97 |
|
|
X509Pointer cert, |
98 |
|
|
STACK_OF(X509)* issuer_chain) { |
99 |
|
53 |
std::shared_ptr<ManagedX509> mcert(new ManagedX509(std::move(cert))); |
100 |
|
53 |
return New(env, std::move(mcert), issuer_chain); |
101 |
|
|
} |
102 |
|
|
|
103 |
|
54 |
MaybeLocal<Object> X509Certificate::New( |
104 |
|
|
Environment* env, |
105 |
|
|
std::shared_ptr<ManagedX509> cert, |
106 |
|
|
STACK_OF(X509)* issuer_chain) { |
107 |
|
54 |
EscapableHandleScope scope(env->isolate()); |
108 |
|
|
Local<Function> ctor; |
109 |
✗✓ |
162 |
if (!GetConstructorTemplate(env)->GetFunction(env->context()).ToLocal(&ctor)) |
110 |
|
|
return MaybeLocal<Object>(); |
111 |
|
|
|
112 |
|
|
Local<Object> obj; |
113 |
✗✓ |
108 |
if (!ctor->NewInstance(env->context()).ToLocal(&obj)) |
114 |
|
|
return MaybeLocal<Object>(); |
115 |
|
|
|
116 |
|
54 |
new X509Certificate(env, obj, std::move(cert), issuer_chain); |
117 |
|
54 |
return scope.Escape(obj); |
118 |
|
|
} |
119 |
|
|
|
120 |
|
1 |
MaybeLocal<Object> X509Certificate::GetCert( |
121 |
|
|
Environment* env, |
122 |
|
|
const SSLPointer& ssl) { |
123 |
|
1 |
ClearErrorOnReturn clear_error_on_return; |
124 |
|
1 |
X509* cert = SSL_get_certificate(ssl.get()); |
125 |
✗✓ |
1 |
if (cert == nullptr) |
126 |
|
|
return MaybeLocal<Object>(); |
127 |
|
|
|
128 |
|
1 |
X509Pointer ptr(X509_dup(cert)); |
129 |
|
1 |
return New(env, std::move(ptr)); |
130 |
|
|
} |
131 |
|
|
|
132 |
✗✓ |
1 |
MaybeLocal<Object> X509Certificate::GetPeerCert( |
133 |
|
|
Environment* env, |
134 |
|
|
const SSLPointer& ssl, |
135 |
|
|
GetPeerCertificateFlag flag) { |
136 |
|
1 |
ClearErrorOnReturn clear_error_on_return; |
137 |
|
|
Local<Object> obj; |
138 |
|
|
MaybeLocal<Object> maybe_cert; |
139 |
|
|
|
140 |
|
1 |
bool is_server = |
141 |
|
1 |
static_cast<int>(flag) & static_cast<int>(GetPeerCertificateFlag::SERVER); |
142 |
|
|
|
143 |
✗✓ |
2 |
X509Pointer cert(is_server ? SSL_get_peer_certificate(ssl.get()) : nullptr); |
144 |
|
1 |
STACK_OF(X509)* ssl_certs = SSL_get_peer_cert_chain(ssl.get()); |
145 |
✓✗✓✗
✗✓✗✓
|
1 |
if (!cert && (ssl_certs == nullptr || sk_X509_num(ssl_certs) == 0)) |
146 |
|
|
return MaybeLocal<Object>(); |
147 |
|
|
|
148 |
|
1 |
std::vector<Local<Value>> certs; |
149 |
|
|
|
150 |
✓✗ |
1 |
if (!cert) { |
151 |
|
1 |
cert.reset(sk_X509_value(ssl_certs, 0)); |
152 |
|
1 |
sk_X509_delete(ssl_certs, 0); |
153 |
|
|
} |
154 |
|
|
|
155 |
|
1 |
return sk_X509_num(ssl_certs) |
156 |
|
2 |
? New(env, std::move(cert), ssl_certs) |
157 |
✓✗✗✓
✓✗ |
2 |
: New(env, std::move(cert)); |
158 |
|
|
} |
159 |
|
|
|
160 |
|
50 |
void X509Certificate::Parse(const FunctionCallbackInfo<Value>& args) { |
161 |
|
50 |
Environment* env = Environment::GetCurrent(args); |
162 |
|
|
|
163 |
✗✓ |
50 |
CHECK(args[0]->IsArrayBufferView()); |
164 |
|
100 |
ArrayBufferViewContents<unsigned char> buf(args[0].As<ArrayBufferView>()); |
165 |
|
50 |
const unsigned char* data = buf.data(); |
166 |
✓✗ |
50 |
unsigned data_len = buf.length(); |
167 |
|
|
|
168 |
|
|
ClearErrorOnReturn clear_error_on_return; |
169 |
|
50 |
BIOPointer bio(LoadBIO(env, args[0])); |
170 |
✗✓ |
50 |
if (!bio) |
171 |
|
|
return ThrowCryptoError(env, ERR_get_error()); |
172 |
|
|
|
173 |
|
|
Local<Object> cert; |
174 |
|
|
|
175 |
|
|
X509Pointer pem(PEM_read_bio_X509_AUX( |
176 |
|
50 |
bio.get(), nullptr, NoPasswordCallback, nullptr)); |
177 |
✗✓ |
50 |
if (!pem) { |
178 |
|
|
// Try as DER, but return the original PEM failure if it isn't DER. |
179 |
|
|
MarkPopErrorOnReturn mark_here; |
180 |
|
|
|
181 |
|
|
X509Pointer der(d2i_X509(nullptr, &data, data_len)); |
182 |
|
|
if (!der) |
183 |
|
|
return ThrowCryptoError(env, ERR_get_error()); |
184 |
|
|
|
185 |
|
|
if (!X509Certificate::New(env, std::move(der)).ToLocal(&cert)) |
186 |
|
|
return; |
187 |
✗✓ |
100 |
} else if (!X509Certificate::New(env, std::move(pem)).ToLocal(&cert)) { |
188 |
|
|
return; |
189 |
|
|
} |
190 |
|
|
|
191 |
|
100 |
args.GetReturnValue().Set(cert); |
192 |
|
|
} |
193 |
|
|
|
194 |
|
13 |
void X509Certificate::Subject(const FunctionCallbackInfo<Value>& args) { |
195 |
|
13 |
Environment* env = Environment::GetCurrent(args); |
196 |
|
|
X509Certificate* cert; |
197 |
✗✓ |
13 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
198 |
|
26 |
BIOPointer bio(BIO_new(BIO_s_mem())); |
199 |
✗✓ |
13 |
CHECK(bio); |
200 |
|
|
Local<Value> ret; |
201 |
✓✗ |
26 |
if (GetSubject(env, bio, cert->get()).ToLocal(&ret)) |
202 |
|
26 |
args.GetReturnValue().Set(ret); |
203 |
|
|
} |
204 |
|
|
|
205 |
|
11 |
void X509Certificate::Issuer(const FunctionCallbackInfo<Value>& args) { |
206 |
|
11 |
Environment* env = Environment::GetCurrent(args); |
207 |
|
|
X509Certificate* cert; |
208 |
✗✓ |
11 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
209 |
|
22 |
BIOPointer bio(BIO_new(BIO_s_mem())); |
210 |
✗✓ |
11 |
CHECK(bio); |
211 |
|
|
Local<Value> ret; |
212 |
✓✗ |
22 |
if (GetIssuerString(env, bio, cert->get()).ToLocal(&ret)) |
213 |
|
22 |
args.GetReturnValue().Set(ret); |
214 |
|
|
} |
215 |
|
|
|
216 |
|
34 |
void X509Certificate::SubjectAltName(const FunctionCallbackInfo<Value>& args) { |
217 |
|
34 |
Environment* env = Environment::GetCurrent(args); |
218 |
|
|
X509Certificate* cert; |
219 |
✗✓ |
34 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
220 |
|
68 |
BIOPointer bio(BIO_new(BIO_s_mem())); |
221 |
✗✓ |
34 |
CHECK(bio); |
222 |
|
|
Local<Value> ret; |
223 |
✓✗ |
68 |
if (GetSubjectAltNameString(env, bio, cert->get()).ToLocal(&ret)) |
224 |
|
68 |
args.GetReturnValue().Set(ret); |
225 |
|
|
} |
226 |
|
|
|
227 |
|
6 |
void X509Certificate::InfoAccess(const FunctionCallbackInfo<Value>& args) { |
228 |
|
6 |
Environment* env = Environment::GetCurrent(args); |
229 |
|
|
X509Certificate* cert; |
230 |
✗✓ |
6 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
231 |
|
12 |
BIOPointer bio(BIO_new(BIO_s_mem())); |
232 |
✗✓ |
6 |
CHECK(bio); |
233 |
|
|
Local<Value> ret; |
234 |
✓✗ |
12 |
if (GetInfoAccessString(env, bio, cert->get()).ToLocal(&ret)) |
235 |
|
12 |
args.GetReturnValue().Set(ret); |
236 |
|
|
} |
237 |
|
|
|
238 |
|
1 |
void X509Certificate::ValidFrom(const FunctionCallbackInfo<Value>& args) { |
239 |
|
1 |
Environment* env = Environment::GetCurrent(args); |
240 |
|
|
X509Certificate* cert; |
241 |
✗✓ |
1 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
242 |
|
2 |
BIOPointer bio(BIO_new(BIO_s_mem())); |
243 |
✗✓ |
1 |
CHECK(bio); |
244 |
|
|
Local<Value> ret; |
245 |
✓✗ |
2 |
if (GetValidFrom(env, cert->get(), bio).ToLocal(&ret)) |
246 |
|
2 |
args.GetReturnValue().Set(ret); |
247 |
|
|
} |
248 |
|
|
|
249 |
|
1 |
void X509Certificate::ValidTo(const FunctionCallbackInfo<Value>& args) { |
250 |
|
1 |
Environment* env = Environment::GetCurrent(args); |
251 |
|
|
X509Certificate* cert; |
252 |
✗✓ |
1 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
253 |
|
2 |
BIOPointer bio(BIO_new(BIO_s_mem())); |
254 |
✗✓ |
1 |
CHECK(bio); |
255 |
|
|
Local<Value> ret; |
256 |
✓✗ |
2 |
if (GetValidTo(env, cert->get(), bio).ToLocal(&ret)) |
257 |
|
2 |
args.GetReturnValue().Set(ret); |
258 |
|
|
} |
259 |
|
|
|
260 |
|
1 |
void X509Certificate::Fingerprint(const FunctionCallbackInfo<Value>& args) { |
261 |
|
1 |
Environment* env = Environment::GetCurrent(args); |
262 |
|
|
X509Certificate* cert; |
263 |
✗✓ |
1 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
264 |
|
|
Local<Value> ret; |
265 |
✓✗ |
2 |
if (GetFingerprintDigest(env, EVP_sha1(), cert->get()).ToLocal(&ret)) |
266 |
|
2 |
args.GetReturnValue().Set(ret); |
267 |
|
|
} |
268 |
|
|
|
269 |
|
1 |
void X509Certificate::Fingerprint256(const FunctionCallbackInfo<Value>& args) { |
270 |
|
1 |
Environment* env = Environment::GetCurrent(args); |
271 |
|
|
X509Certificate* cert; |
272 |
✗✓ |
1 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
273 |
|
|
Local<Value> ret; |
274 |
✓✗ |
2 |
if (GetFingerprintDigest(env, EVP_sha256(), cert->get()).ToLocal(&ret)) |
275 |
|
2 |
args.GetReturnValue().Set(ret); |
276 |
|
|
} |
277 |
|
|
|
278 |
|
1 |
void X509Certificate::Fingerprint512(const FunctionCallbackInfo<Value>& args) { |
279 |
|
1 |
Environment* env = Environment::GetCurrent(args); |
280 |
|
|
X509Certificate* cert; |
281 |
✗✓ |
1 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
282 |
|
|
Local<Value> ret; |
283 |
✓✗ |
2 |
if (GetFingerprintDigest(env, EVP_sha512(), cert->get()).ToLocal(&ret)) |
284 |
|
2 |
args.GetReturnValue().Set(ret); |
285 |
|
|
} |
286 |
|
|
|
287 |
|
1 |
void X509Certificate::KeyUsage(const FunctionCallbackInfo<Value>& args) { |
288 |
|
1 |
Environment* env = Environment::GetCurrent(args); |
289 |
|
|
X509Certificate* cert; |
290 |
✗✓ |
1 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
291 |
|
|
Local<Value> ret; |
292 |
✓✗ |
2 |
if (GetKeyUsage(env, cert->get()).ToLocal(&ret)) |
293 |
|
2 |
args.GetReturnValue().Set(ret); |
294 |
|
|
} |
295 |
|
|
|
296 |
|
3 |
void X509Certificate::SerialNumber(const FunctionCallbackInfo<Value>& args) { |
297 |
|
3 |
Environment* env = Environment::GetCurrent(args); |
298 |
|
|
X509Certificate* cert; |
299 |
✗✓ |
3 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
300 |
|
|
Local<Value> ret; |
301 |
✓✗ |
6 |
if (GetSerialNumber(env, cert->get()).ToLocal(&ret)) |
302 |
|
6 |
args.GetReturnValue().Set(ret); |
303 |
|
|
} |
304 |
|
|
|
305 |
|
2 |
void X509Certificate::Raw(const FunctionCallbackInfo<Value>& args) { |
306 |
|
2 |
Environment* env = Environment::GetCurrent(args); |
307 |
|
|
X509Certificate* cert; |
308 |
✗✓ |
2 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
309 |
|
|
Local<Value> ret; |
310 |
✓✗ |
4 |
if (GetRawDERCertificate(env, cert->get()).ToLocal(&ret)) |
311 |
|
4 |
args.GetReturnValue().Set(ret); |
312 |
|
|
} |
313 |
|
|
|
314 |
|
2 |
void X509Certificate::PublicKey(const FunctionCallbackInfo<Value>& args) { |
315 |
|
2 |
Environment* env = Environment::GetCurrent(args); |
316 |
|
|
X509Certificate* cert; |
317 |
✗✓ |
2 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
318 |
|
|
|
319 |
|
4 |
EVPKeyPointer pkey(X509_get_pubkey(cert->get())); |
320 |
|
4 |
ManagedEVPPKey epkey(std::move(pkey)); |
321 |
|
|
std::shared_ptr<KeyObjectData> key_data = |
322 |
|
4 |
KeyObjectData::CreateAsymmetric(kKeyTypePublic, epkey); |
323 |
|
|
|
324 |
|
|
Local<Value> ret; |
325 |
✓✗ |
4 |
if (KeyObjectHandle::Create(env, key_data).ToLocal(&ret)) |
326 |
|
4 |
args.GetReturnValue().Set(ret); |
327 |
|
|
} |
328 |
|
|
|
329 |
|
1 |
void X509Certificate::Pem(const FunctionCallbackInfo<Value>& args) { |
330 |
|
1 |
Environment* env = Environment::GetCurrent(args); |
331 |
|
|
X509Certificate* cert; |
332 |
✗✓ |
1 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
333 |
|
2 |
BIOPointer bio(BIO_new(BIO_s_mem())); |
334 |
✗✓ |
1 |
CHECK(bio); |
335 |
✓✗ |
1 |
if (PEM_write_bio_X509(bio.get(), cert->get())) |
336 |
|
2 |
args.GetReturnValue().Set(ToV8Value(env, bio)); |
337 |
|
|
} |
338 |
|
|
|
339 |
|
1 |
void X509Certificate::CheckCA(const FunctionCallbackInfo<Value>& args) { |
340 |
|
|
X509Certificate* cert; |
341 |
✗✓ |
1 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
342 |
✗✓ |
2 |
args.GetReturnValue().Set(X509_check_ca(cert->get()) == 1); |
343 |
|
|
} |
344 |
|
|
|
345 |
|
11 |
void X509Certificate::CheckHost(const FunctionCallbackInfo<Value>& args) { |
346 |
|
11 |
Environment* env = Environment::GetCurrent(args); |
347 |
|
|
X509Certificate* cert; |
348 |
✗✓ |
11 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
349 |
|
|
|
350 |
✗✓ |
22 |
CHECK(args[0]->IsString()); // name |
351 |
✗✓ |
11 |
CHECK(args[1]->IsUint32()); // flags |
352 |
|
|
|
353 |
|
22 |
Utf8Value name(env->isolate(), args[0]); |
354 |
|
22 |
uint32_t flags = args[1].As<Uint32>()->Value(); |
355 |
|
|
char* peername; |
356 |
|
|
|
357 |
✓✓✓✗
|
22 |
switch (X509_check_host( |
358 |
|
|
cert->get(), |
359 |
|
11 |
*name, |
360 |
|
|
name.length(), |
361 |
|
|
flags, |
362 |
|
|
&peername)) { |
363 |
✓✗ |
5 |
case 1: { // Match! |
364 |
|
5 |
Local<Value> ret = args[0]; |
365 |
✓✗ |
5 |
if (peername != nullptr) { |
366 |
|
5 |
ret = OneByteString(env->isolate(), peername); |
367 |
|
5 |
OPENSSL_free(peername); |
368 |
|
|
} |
369 |
|
10 |
return args.GetReturnValue().Set(ret); |
370 |
|
|
} |
371 |
|
5 |
case 0: // No Match! |
372 |
|
5 |
return; // No return value is set |
373 |
|
1 |
case -2: // Error! |
374 |
|
1 |
return THROW_ERR_INVALID_ARG_VALUE(env, "Invalid name"); |
375 |
|
|
default: // Error! |
376 |
|
|
return THROW_ERR_CRYPTO_OPERATION_FAILED(env); |
377 |
|
|
} |
378 |
|
|
} |
379 |
|
|
|
380 |
|
3 |
void X509Certificate::CheckEmail(const FunctionCallbackInfo<Value>& args) { |
381 |
|
3 |
Environment* env = Environment::GetCurrent(args); |
382 |
|
|
X509Certificate* cert; |
383 |
✗✓ |
3 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
384 |
|
|
|
385 |
✗✓ |
6 |
CHECK(args[0]->IsString()); // name |
386 |
✗✓ |
3 |
CHECK(args[1]->IsUint32()); // flags |
387 |
|
|
|
388 |
|
6 |
Utf8Value name(env->isolate(), args[0]); |
389 |
|
6 |
uint32_t flags = args[1].As<Uint32>()->Value(); |
390 |
|
|
|
391 |
✓✓✓✗
|
6 |
switch (X509_check_email( |
392 |
|
|
cert->get(), |
393 |
|
3 |
*name, |
394 |
|
|
name.length(), |
395 |
|
|
flags)) { |
396 |
|
1 |
case 1: // Match! |
397 |
✓✗ |
2 |
return args.GetReturnValue().Set(args[0]); |
398 |
|
1 |
case 0: // No Match! |
399 |
|
1 |
return; // No return value is set |
400 |
|
1 |
case -2: // Error! |
401 |
|
1 |
return THROW_ERR_INVALID_ARG_VALUE(env, "Invalid name"); |
402 |
|
|
default: // Error! |
403 |
|
|
return THROW_ERR_CRYPTO_OPERATION_FAILED(env); |
404 |
|
|
} |
405 |
|
|
} |
406 |
|
|
|
407 |
|
3 |
void X509Certificate::CheckIP(const FunctionCallbackInfo<Value>& args) { |
408 |
|
3 |
Environment* env = Environment::GetCurrent(args); |
409 |
|
|
X509Certificate* cert; |
410 |
✗✓ |
3 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
411 |
|
|
|
412 |
✗✓ |
6 |
CHECK(args[0]->IsString()); // IP |
413 |
✗✓ |
3 |
CHECK(args[1]->IsUint32()); // flags |
414 |
|
|
|
415 |
|
6 |
Utf8Value name(env->isolate(), args[0]); |
416 |
|
6 |
uint32_t flags = args[1].As<Uint32>()->Value(); |
417 |
|
|
|
418 |
✗✓✓✗
|
3 |
switch (X509_check_ip_asc(cert->get(), *name, flags)) { |
419 |
|
|
case 1: // Match! |
420 |
|
|
return args.GetReturnValue().Set(args[0]); |
421 |
|
2 |
case 0: // No Match! |
422 |
|
2 |
return; // No return value is set |
423 |
|
1 |
case -2: // Error! |
424 |
|
1 |
return THROW_ERR_INVALID_ARG_VALUE(env, "Invalid IP"); |
425 |
|
|
default: // Error! |
426 |
|
|
return THROW_ERR_CRYPTO_OPERATION_FAILED(env); |
427 |
|
|
} |
428 |
|
|
} |
429 |
|
|
|
430 |
|
2 |
void X509Certificate::CheckIssued(const FunctionCallbackInfo<Value>& args) { |
431 |
|
2 |
Environment* env = Environment::GetCurrent(args); |
432 |
|
|
X509Certificate* cert; |
433 |
✗✓ |
2 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
434 |
|
|
|
435 |
✗✓ |
2 |
CHECK(args[0]->IsObject()); |
436 |
✗✓ |
4 |
CHECK(X509Certificate::HasInstance(env, args[0].As<Object>())); |
437 |
|
|
|
438 |
|
|
X509Certificate* issuer; |
439 |
✗✓ |
2 |
ASSIGN_OR_RETURN_UNWRAP(&issuer, args[0]); |
440 |
|
|
|
441 |
✓✓ |
4 |
args.GetReturnValue().Set( |
442 |
|
2 |
X509_check_issued(issuer->get(), cert->get()) == X509_V_OK); |
443 |
|
|
} |
444 |
|
|
|
445 |
|
1 |
void X509Certificate::CheckPrivateKey(const FunctionCallbackInfo<Value>& args) { |
446 |
|
|
X509Certificate* cert; |
447 |
✗✓ |
1 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
448 |
|
|
|
449 |
✗✓ |
1 |
CHECK(args[0]->IsObject()); |
450 |
|
|
KeyObjectHandle* key; |
451 |
✗✓ |
1 |
ASSIGN_OR_RETURN_UNWRAP(&key, args[0]); |
452 |
✗✓ |
1 |
CHECK_EQ(key->Data()->GetKeyType(), kKeyTypePrivate); |
453 |
|
|
|
454 |
✓✗ |
1 |
args.GetReturnValue().Set( |
455 |
|
1 |
X509_check_private_key( |
456 |
|
1 |
cert->get(), |
457 |
|
2 |
key->Data()->GetAsymmetricKey().get()) == 1); |
458 |
|
|
} |
459 |
|
|
|
460 |
|
2 |
void X509Certificate::Verify(const FunctionCallbackInfo<Value>& args) { |
461 |
|
|
X509Certificate* cert; |
462 |
✗✓ |
2 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
463 |
|
|
|
464 |
✗✓ |
2 |
CHECK(args[0]->IsObject()); |
465 |
|
|
KeyObjectHandle* key; |
466 |
✗✓ |
2 |
ASSIGN_OR_RETURN_UNWRAP(&key, args[0]); |
467 |
✗✓ |
2 |
CHECK_EQ(key->Data()->GetKeyType(), kKeyTypePublic); |
468 |
|
|
|
469 |
✓✓ |
2 |
args.GetReturnValue().Set( |
470 |
|
2 |
X509_verify( |
471 |
|
|
cert->get(), |
472 |
|
4 |
key->Data()->GetAsymmetricKey().get()) > 0); |
473 |
|
|
} |
474 |
|
|
|
475 |
|
16 |
void X509Certificate::ToLegacy(const FunctionCallbackInfo<Value>& args) { |
476 |
|
16 |
Environment* env = Environment::GetCurrent(args); |
477 |
|
|
X509Certificate* cert; |
478 |
✗✓ |
16 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
479 |
|
|
Local<Value> ret; |
480 |
✓✗ |
32 |
if (X509ToObject(env, cert->get()).ToLocal(&ret)) |
481 |
|
32 |
args.GetReturnValue().Set(ret); |
482 |
|
|
} |
483 |
|
|
|
484 |
|
3 |
void X509Certificate::GetIssuerCert(const FunctionCallbackInfo<Value>& args) { |
485 |
|
|
X509Certificate* cert; |
486 |
✗✓ |
3 |
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder()); |
487 |
✓✓ |
3 |
if (cert->issuer_cert_) |
488 |
|
4 |
args.GetReturnValue().Set(cert->issuer_cert_->object()); |
489 |
|
|
} |
490 |
|
|
|
491 |
|
54 |
X509Certificate::X509Certificate( |
492 |
|
|
Environment* env, |
493 |
|
|
Local<Object> object, |
494 |
|
|
std::shared_ptr<ManagedX509> cert, |
495 |
|
54 |
STACK_OF(X509)* issuer_chain) |
496 |
|
|
: BaseObject(env, object), |
497 |
|
54 |
cert_(std::move(cert)) { |
498 |
|
54 |
MakeWeak(); |
499 |
|
|
|
500 |
✓✓✓✗
✓✓ |
54 |
if (issuer_chain != nullptr && sk_X509_num(issuer_chain)) { |
501 |
|
1 |
X509Pointer cert(X509_dup(sk_X509_value(issuer_chain, 0))); |
502 |
|
1 |
sk_X509_delete(issuer_chain, 0); |
503 |
|
1 |
Local<Object> obj = sk_X509_num(issuer_chain) |
504 |
|
|
? X509Certificate::New(env, std::move(cert), issuer_chain) |
505 |
|
|
.ToLocalChecked() |
506 |
✓✗✗✓
|
2 |
: X509Certificate::New(env, std::move(cert)) |
507 |
✗✓ |
2 |
.ToLocalChecked(); |
508 |
|
1 |
issuer_cert_.reset(Unwrap<X509Certificate>(obj)); |
509 |
|
|
} |
510 |
|
54 |
} |
511 |
|
|
|
512 |
|
|
void X509Certificate::MemoryInfo(MemoryTracker* tracker) const { |
513 |
|
|
tracker->TrackField("cert", cert_); |
514 |
|
|
} |
515 |
|
|
|
516 |
|
|
BaseObjectPtr<BaseObject> |
517 |
|
1 |
X509Certificate::X509CertificateTransferData::Deserialize( |
518 |
|
|
Environment* env, |
519 |
|
|
Local<Context> context, |
520 |
|
|
std::unique_ptr<worker::TransferData> self) { |
521 |
✗✓ |
2 |
if (context != env->context()) { |
522 |
|
|
THROW_ERR_MESSAGE_TARGET_CONTEXT_UNAVAILABLE(env); |
523 |
|
|
return {}; |
524 |
|
|
} |
525 |
|
|
|
526 |
|
|
Local<Value> handle; |
527 |
✗✓ |
2 |
if (!X509Certificate::New(env, data_).ToLocal(&handle)) |
528 |
|
|
return {}; |
529 |
|
|
|
530 |
|
|
return BaseObjectPtr<BaseObject>( |
531 |
|
1 |
Unwrap<X509Certificate>(handle.As<Object>())); |
532 |
|
|
} |
533 |
|
|
|
534 |
|
|
|
535 |
|
1 |
BaseObject::TransferMode X509Certificate::GetTransferMode() const { |
536 |
|
1 |
return BaseObject::TransferMode::kCloneable; |
537 |
|
|
} |
538 |
|
|
|
539 |
|
1 |
std::unique_ptr<worker::TransferData> X509Certificate::CloneForMessaging() |
540 |
|
|
const { |
541 |
|
1 |
return std::make_unique<X509CertificateTransferData>(cert_); |
542 |
|
|
} |
543 |
|
|
|
544 |
|
|
|
545 |
|
848 |
void X509Certificate::Initialize(Environment* env, Local<Object> target) { |
546 |
|
848 |
env->SetMethod(target, "parseX509", X509Certificate::Parse); |
547 |
|
|
|
548 |
|
2544 |
NODE_DEFINE_CONSTANT(target, X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT); |
549 |
|
2544 |
NODE_DEFINE_CONSTANT(target, X509_CHECK_FLAG_NEVER_CHECK_SUBJECT); |
550 |
|
2544 |
NODE_DEFINE_CONSTANT(target, X509_CHECK_FLAG_NO_WILDCARDS); |
551 |
|
2544 |
NODE_DEFINE_CONSTANT(target, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); |
552 |
|
2544 |
NODE_DEFINE_CONSTANT(target, X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS); |
553 |
|
1696 |
NODE_DEFINE_CONSTANT(target, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS); |
554 |
|
848 |
} |
555 |
|
|
|
556 |
|
5184 |
void X509Certificate::RegisterExternalReferences( |
557 |
|
|
ExternalReferenceRegistry* registry) { |
558 |
|
5184 |
registry->Register(X509Certificate::Parse); |
559 |
|
5184 |
registry->Register(Subject); |
560 |
|
5184 |
registry->Register(SubjectAltName); |
561 |
|
5184 |
registry->Register(InfoAccess); |
562 |
|
5184 |
registry->Register(Issuer); |
563 |
|
5184 |
registry->Register(ValidTo); |
564 |
|
5184 |
registry->Register(ValidFrom); |
565 |
|
5184 |
registry->Register(Fingerprint); |
566 |
|
5184 |
registry->Register(Fingerprint256); |
567 |
|
5184 |
registry->Register(KeyUsage); |
568 |
|
5184 |
registry->Register(SerialNumber); |
569 |
|
5184 |
registry->Register(Pem); |
570 |
|
5184 |
registry->Register(Raw); |
571 |
|
5184 |
registry->Register(PublicKey); |
572 |
|
5184 |
registry->Register(CheckCA); |
573 |
|
5184 |
registry->Register(CheckHost); |
574 |
|
5184 |
registry->Register(CheckEmail); |
575 |
|
5184 |
registry->Register(CheckIP); |
576 |
|
5184 |
registry->Register(CheckIssued); |
577 |
|
5184 |
registry->Register(CheckPrivateKey); |
578 |
|
5184 |
registry->Register(Verify); |
579 |
|
5184 |
registry->Register(ToLegacy); |
580 |
|
5184 |
registry->Register(GetIssuerCert); |
581 |
|
5184 |
} |
582 |
|
|
} // namespace crypto |
583 |
|
|
} // namespace node |