marcogll/passkit-generator
1
0
Fork 0
mirror of https://github.com/marcogll/passkit-generator.git synced 2026-03-15 18:25:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Moved generateSignature func into Pass class as _sign method

Browse Source
This commit is contained in:
Alexander Cerutti
2018-06-16 16:48:15 +02:00
parent e4d56bf7a1
commit b9c39cc938
1 changed files with 63 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
index.js
View File

@@ -330,10 +330,10 @@ class Pass {
return bundleCallback(null); return bundleCallback(null);
}); });
} }
], function _composeStream() { ], () => {
archive.append(JSON.stringify(manifest), { name: "manifest.json" }); archive.append(JSON.stringify(manifest), { name: "manifest.json" });
let signatureBuffer = createSignature(manifest); let signatureBuffer = this._sign(manifest);
archive.append(signatureBuffer, { name: "signature" }); archive.append(signatureBuffer, { name: "signature" });
let passStream = new stream.PassThrough(); let passStream = new stream.PassThrough();
@@ -349,6 +349,67 @@ class Pass {
}); });
}); });
} }
/**
Generates the PKCS #7 cryptografic signature for the manifest file.
@method _sign
@params {String|Object} manifest - Manifest content.
@returns {Object} Promise
*/
_sign(manifest) {
let signature = forge.pkcs7.createSignedData();
if (typeof manifest === "object") {
signature.content = forge.util.createBuffer(JSON.stringify(manifest), "utf8")
} else if (typeof manifest === "string") {
signature.content = manifest;
} else {
throw new Error(`Manifest content must be a string or an object. Unable to accept manifest of type ${typeof manifest}`);
}
signature.addCertificate(Certificates.wwdr);
signature.addCertificate(Certificates.signerCert);
signature.addSigner({
key: Certificates.signerKey,
certificate: Certificates.signerCert,
digestAlgorithm: forge.pki.oids.sha1,
authenticatedAttributes: [{
type: forge.pki.oids.contentType,
value: forge.pki.oids.data
}, {
type: forge.pki.oids.messageDigest,
}, {
// the value is autogenerated
type: forge.pki.oids.signingTime,
}]
});
signature.sign();
/*
* Signing creates in contentInfo a JSON object nested BER/TLV (X.690 standard) structure.
* Each object represents a component of ASN.1 (Abstract Syntax Notation)
* For a more complete reference, refer to: https://en.wikipedia.org/wiki/X.690#BER_encoding
*
* signature.contentInfo.type => SEQUENCE OF (16)
* signature.contentInfo.value[0].type => OBJECT IDENTIFIER (6)
* signature.contantInfo.value[1].type => END OF CONTENT (EOC - 0)
*
* EOC are only present only in constructed indefinite-length methods
* Since `signature.contentInfo.value[1].value` contains an object whose value contains the content we passed,
* we have to pop the whole object away to avoid signature content invalidation.
*
*/
signature.contentInfo.value.pop();
// Converting the JSON Structure into a DER (which is a subset of BER), ASN.1 valid structure
// Returning the buffer of the signature
return Buffer.from(forge.asn1.toDer(signature.toAsn1()).getBytes(), 'binary');
}
} }
@@ -404,68 +465,6 @@ function loadConfiguration(setup) {
}); });
} }
/**
Generates the PKCS #7 cryptografic signature for the manifest file.
@function createSignature
@params {String} manifestPath - temp dir path created to keep the manifest file.
@returns {Object} Promise
*/
function createSignature(manifest) {
let signature = forge.pkcs7.createSignedData();
if (typeof manifest === "object") {
signature.content = forge.util.createBuffer(JSON.stringify(manifest), "utf8")
} else if (typeof manifest === "string") {
signature.content = manifest;
} else {
throw new Error(`Manifest content must be a string or an object. Unable to accept manifest of type ${typeof manifest}`);
}
signature.addCertificate(Certificates.wwdr);
signature.addCertificate(Certificates.signerCert);
signature.addSigner({
key: Certificates.signerKey,
certificate: Certificates.signerCert,
digestAlgorithm: forge.pki.oids.sha1,
authenticatedAttributes: [{
type: forge.pki.oids.contentType,
value: forge.pki.oids.data
}, {
type: forge.pki.oids.messageDigest,
}, {
// the value is autogenerated
type: forge.pki.oids.signingTime,
}]
});
signature.sign();
/*
* Signing creates in contentInfo a JSON object nested BER/TLV (X.690 standard) structure.
* Each object represents a component of ASN.1 (Abstract Syntax Notation)
* For a more complete reference, refer to: https://en.wikipedia.org/wiki/X.690#BER_encoding
*
* signature.contentInfo.type => SEQUENCE OF (16)
* signature.contentInfo.value[0].type => OBJECT IDENTIFIER (6)
* signature.contantInfo.value[1].type => END OF CONTENT (EOC - 0)
*
* EOC are only present only in constructed indefinite-length methods
* Since `signature.contentInfo.value[1].value` contains an object whose value contains the content we passed,
* we have to pop the whole object away to avoid signature content invalidation.
*
*/
signature.contentInfo.value.pop();
// Converting the JSON Structure into a DER (which is a subset of BER), ASN.1 valid structure
// Returning the buffer of the signature
return Buffer.from(forge.asn1.toDer(signature.toAsn1()).getBytes(), 'binary');
}
/** /**
Filters the options received in the query from http request into supported options Filters the options received in the query from http request into supported options
by Apple and this application, based on the functions that can be provided to keys by Apple and this application, based on the functions that can be provided to keys