[pkcs12] new package for PKCS#12 utilities #2773
Conversation
packages/pkcs12/src/index.ts
Outdated
| return certificate; | ||
| } | ||
|
|
||
| export function getPKCS12( |
There was a problem hiding this comment.
maybe parse or decode would be better here
There was a problem hiding this comment.
I'm not sure pkcs12FromAsn1 returns decrypted values, but if that is the case then yes decrypt would be a better name.
There was a problem hiding this comment.
i think parse would be better here -- it definitely parse/decodes the base64 p12 to an object. It also optionally uses the password to decrypt the p12 if the content type is marked as 'encryptedData' https://github.com/digitalbazaar/forge/blob/588c41062d9a13f8dc91be3723b159c6cc434b15/lib/pkcs12.js#L554
| ? p12BufferOrBase64String.toString('base64') | ||
| : p12BufferOrBase64String; | ||
| const password = String(maybePassword || ''); | ||
| const p12Der = forge.util.decode64(base64EncodedP12); |
There was a problem hiding this comment.
what is the format of p12Der? just want to make sure we're not doing extra work converting a buffer to base64 and then converting it back to some buffer-like data type.
There was a problem hiding this comment.
p12Der is a binary encoded string. The way we are getting the p12 file is how node-forge recommends in their docs for pkcs12 files. The methods they expose are basically to get the base64 p12 -> decode it into a binary encoded string (p12Der) -> convert it to an asn1 object -> convert it to a pkcs12 object.
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Why
Creates a new pkcs12 utility package meant to replace PKCS12Utils.ts in xdl. This is because:
wwwdepends onxdl, but only uses this fileeas-clihas a duplicated PKCS12Utils file, and we can refactor it out to a common packagexdlandexpo-clican eventually be refactored to use this common packageIntegration Plan
www. This is the most urgent usecase because we need keystore pkcs12 support ASAP. This is also a good place to start because if there are any bugs, it will be the easiest to detect in Google Cloud Logs and the easiest to rollback. 🚨🚨🚨eas-cli,xdlandexpo-cliHow
keytoolbinary)Notable Changes
Functions have been changed to be more modular to account for the different p12 formats
getPKCSdeserializes encoded p12 filegetx509Certificateandgetx509CertificateByFriendlyNameextract the certificate from a p12 object. For use by conventional p12 and keystore formatted p12 formats, respectively.getCertificateFingerprintcalculates the various hashes for a certificate objectgetFormattedSerialNumbercalculates the serial number for a certificate object