mirror of
https://github.com/fluencelabs/js-libp2p
synced 2025-05-04 06:52:14 +00:00
97 lines
2.7 KiB
JavaScript
97 lines
2.7 KiB
JavaScript
'use strict'
|
|
|
|
const async = require('async')
|
|
const forge = require('node-forge')
|
|
const util = require('./util')
|
|
|
|
class CMS {
|
|
constructor (keystore) {
|
|
if (!keystore) {
|
|
throw new Error('keystore is required')
|
|
}
|
|
|
|
this.keystore = keystore
|
|
}
|
|
|
|
createAnonymousEncryptedData (name, plain, callback) {
|
|
const self = this
|
|
if (!Buffer.isBuffer(plain)) {
|
|
return callback(new Error('Data is required'))
|
|
}
|
|
|
|
self.keystore._getPrivateKey(name, (err, key) => {
|
|
if (err) {
|
|
return callback(err)
|
|
}
|
|
|
|
try {
|
|
const privateKey = forge.pki.decryptRsaPrivateKey(key, self.keystore._())
|
|
util.certificateForKey(privateKey, (err, certificate) => {
|
|
if (err) return callback(err)
|
|
|
|
// create a p7 enveloped message
|
|
const p7 = forge.pkcs7.createEnvelopedData()
|
|
p7.addRecipient(certificate)
|
|
p7.content = forge.util.createBuffer(plain)
|
|
p7.encrypt()
|
|
|
|
// convert message to DER
|
|
const der = forge.asn1.toDer(p7.toAsn1()).getBytes()
|
|
callback(null, Buffer.from(der, 'binary'))
|
|
})
|
|
} catch (err) {
|
|
callback(err)
|
|
}
|
|
})
|
|
}
|
|
|
|
readData (cmsData, callback) {
|
|
if (!Buffer.isBuffer(cmsData)) {
|
|
return callback(new Error('CMS data is required'))
|
|
}
|
|
|
|
const self = this
|
|
let cms
|
|
try {
|
|
const buf = forge.util.createBuffer(cmsData.toString('binary'))
|
|
const obj = forge.asn1.fromDer(buf)
|
|
cms = forge.pkcs7.messageFromAsn1(obj)
|
|
} catch (err) {
|
|
return callback(new Error('Invalid CMS: ' + err.message))
|
|
}
|
|
|
|
// Find a recipient whose key we hold. We only deal with recipient certs
|
|
// issued by ipfs (O=ipfs).
|
|
const recipients = cms.recipients
|
|
.filter(r => r.issuer.find(a => a.shortName === 'O' && a.value === 'ipfs'))
|
|
.filter(r => r.issuer.find(a => a.shortName === 'CN'))
|
|
.map(r => {
|
|
return {
|
|
recipient: r,
|
|
keyId: r.issuer.find(a => a.shortName === 'CN').value
|
|
}
|
|
})
|
|
async.detect(
|
|
recipients,
|
|
(r, cb) => self.keystore.findKeyById(r.keyId, (err, info) => cb(null, !err && info)),
|
|
(err, r) => {
|
|
if (err) return callback(err)
|
|
if (!r) return callback(new Error('No key found for decryption'))
|
|
|
|
async.waterfall([
|
|
(cb) => self.keystore.findKeyById(r.keyId, cb),
|
|
(key, cb) => self.keystore._getPrivateKey(key.name, cb)
|
|
], (err, pem) => {
|
|
if (err) return callback(err)
|
|
|
|
const privateKey = forge.pki.decryptRsaPrivateKey(pem, self.keystore._())
|
|
cms.decrypt(r.recipient, privateKey)
|
|
async.setImmediate(() => callback(null, Buffer.from(cms.content.getBytes(), 'binary')))
|
|
})
|
|
}
|
|
)
|
|
}
|
|
}
|
|
|
|
module.exports = CMS
|