[pkcs12] new package for PKCS#12 utilities #2773
Conversation
packages/pkcs12/src/index.ts
Outdated
return certificate; | ||
} | ||
|
||
export function getPKCS12( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe parse
or decode
would be better here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Decrypt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure pkcs12FromAsn1
returns decrypted values, but if that is the case then yes decrypt would be a better name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think parse would be better here -- it definitely parse/decodes the base64 p12 to an object. It also optionally uses the password to decrypt the p12 if the content type is marked as 'encryptedData' https://github.com/digitalbazaar/forge/blob/588c41062d9a13f8dc91be3723b159c6cc434b15/lib/pkcs12.js#L554
? p12BufferOrBase64String.toString('base64') | ||
: p12BufferOrBase64String; | ||
const password = String(maybePassword || ''); | ||
const p12Der = forge.util.decode64(base64EncodedP12); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is the format of p12Der? just want to make sure we're not doing extra work converting a buffer to base64 and then converting it back to some buffer-like data type.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
p12Der is a binary encoded string. The way we are getting the p12 file is how node-forge
recommends in their docs for pkcs12 files. The methods they expose are basically to get the base64 p12 -> decode it into a binary encoded string (p12Der) -> convert it to an asn1 object -> convert it to a pkcs12 object.
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Co-authored-by: James Ide <ide@users.noreply.github.com>
Why
Creates a new pkcs12 utility package meant to replace PKCS12Utils.ts in xdl. This is because:
www
depends onxdl
, but only uses this fileeas-cli
has a duplicated PKCS12Utils file, and we can refactor it out to a common packagexdl
andexpo-cli
can eventually be refactored to use this common packageIntegration Plan
www
. This is the most urgent usecase because we need keystore pkcs12 support ASAP. This is also a good place to start because if there are any bugs, it will be the easiest to detect in Google Cloud Logs and the easiest to rollback. 🚨🚨🚨eas-cli
,xdl
andexpo-cli
How
keytool
binary)Notable Changes
Functions have been changed to be more modular to account for the different p12 formats
getPKCS
deserializes encoded p12 filegetx509Certificate
andgetx509CertificateByFriendlyName
extract the certificate from a p12 object. For use by conventional p12 and keystore formatted p12 formats, respectively.getCertificateFingerprint
calculates the various hashes for a certificate objectgetFormattedSerialNumber
calculates the serial number for a certificate object