Implement node:crypto X509Certificate (#2335)

cloudflare · Jul 11, 2024 · 8651bd1 · 8651bd1
1 parent 1b46dce
commit 8651bd1
Show file tree

Hide file tree

Showing 19 changed files with 1,884 additions and 2 deletions.
diff --git a/.github/secret_scanning.yml b/.github/secret_scanning.yml
@@ -2,3 +2,4 @@ paths-ignore:
   - "src/workerd/api/node/crypto_keys-test.js"
   - "src/workerd/api/node/crypto_dh-test.js"
   - "src/workerd/jsg/url-test-corpus-success.h"
+  - "src/workerd/api/node/tests/crypto_x509-test.js"
diff --git a/src/node/crypto.ts b/src/node/crypto.ts
@@ -79,6 +79,10 @@ import {
 
 import { Certificate } from 'node-internal:crypto_spkac';
 
+import {
+  X509Certificate,
+} from 'node-internal:crypto_x509';
+
 export {
   // DH
   DiffieHellman,
@@ -130,6 +134,8 @@ export {
   createSecretKey,
   // Spkac
   Certificate,
+  // X509
+  X509Certificate,
 }
 
 export function getCiphers() {
@@ -235,6 +241,8 @@ export default {
   // WebCrypto
   subtle,
   webcrypto,
+  // X509
+  X509Certificate,
 };
 
 // Classes
@@ -249,7 +257,7 @@ export default {
 //   * [ ] crypto.KeyObject
 //   * [ ] crypto.Sign
 //   * [ ] crypto.Verify
-//   * [ ] crypto.X509Certificate
+//   * [x] crypto.X509Certificate
 //   * [ ] crypto.constants
 //   * [ ] crypto.DEFAULT_ENCODING
 // * Primes

diff --git a/src/node/internal/crypto.d.ts b/src/node/internal/crypto.d.ts
@@ -11,6 +11,42 @@ export function checkPrimeSync(candidate: ArrayBufferView, num_checks: number):
 export function randomPrime(size: number, safe: boolean, add?: ArrayBufferView|undefined,
                             rem?: ArrayBufferView|undefined): ArrayBuffer;
 
+// X509Certificate
+export interface CheckOptions {
+  subject?: string;
+  wildcards?: boolean;
+  partialWildcards?: boolean;
+  multiLabelWildcards?: boolean;
+  singleLabelSubdomains?: boolean;
+}
+
+export class X509Certificate {
+  public static parse(data: ArrayBuffer|ArrayBufferView): X509Certificate;
+  public get subject(): string|undefined;
+  public get subjectAltName(): string|undefined;
+  public get infoAccess(): string|undefined;
+  public get issuer(): string|undefined;
+  public get issuerCert(): X509Certificate|undefined;
+  public get validFrom(): string|undefined;
+  public get validTo(): string|undefined;
+  public get fingerprint(): string|undefined;
+  public get fingerprint256(): string|undefined;
+  public get fingerprint512(): string|undefined;
+  public get keyUsage(): string[]|undefined;
+  public get serialNumber(): string|undefined;
+  public get pem(): string|undefined;
+  public get raw(): ArrayBuffer|undefined;
+  public get publicKey(): CryptoKey|undefined;
+  public get isCA(): boolean;
+  public checkHost(host: string, options?: CheckOptions): string|undefined;
+  public checkEmail(email: string, options?: CheckOptions): string|undefined;
+  public checkIp(ip: string, options?: CheckOptions): string|undefined;
+  public checkIssued(cert: X509Certificate): boolean;
+  public checkPrivateKey(key: CryptoKey): boolean;
+  public verify(key: CryptoKey): boolean;
+  public toLegacyObject(): object;
+}
+
 // Hash and Hmac
 export class HashHandle {
   public constructor(algorithm: string, xofLen: number);