Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump ini from 1.3.5 to 1.3.8 #36

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Bump ini from 1.3.5 to 1.3.8 #36

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
999016e
Add cmp certfetch to remote box
muromec Feb 5, 2022
a777c04
Bump ini from 1.3.5 to 1.3.8
dependabot[bot] Feb 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,27 @@ Example commandline for privatbank keys:
--no-tax \
--tsp all

## Certificate discovery

For key-6.dat files you also have an option to let agent download certificates from CA server. JKS files don't need this, as certificates are part of jks file itself:

node index.js --sign \
--key Key-6.dat:password \
--cert-fetch http://acskidd.gov.ua/services/cmp/ \
--cert-fetch http://czo.gov.ua/services/cmp/ \
--input text.pdf --output text.pdf.p7s \
--no-tax \
--tsp all

Notice, that cert-fetch can be passed more then once, in this case all mentioned URLs will be called in parallel. If you don't know the url of CMP service, you can let jkurwa guess cmp server urls from CA bundle. Please note, that all urls are being queried sequentially in order they are found in CA bundle and loading CA bundle takes some CPU time. Example:

node index.js --sign \
--key Key-6.dat:password \
--cert-fetch \
--ca_path CACertificates.3322cbdc.p7b \
--input text.pdf --output text.pdf.p7s \
--no-tax \
--tsp all

## Write detached signature

Expand Down
23 changes: 19 additions & 4 deletions agent.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,10 @@ async function do_sc(
cert_rcrypt = Certificate.from_asn1(buf).as_pem();
shouldCrypt = true;
}
if (!box.keys[0].cert) {
error('No certificate loaded for key 0, use --cert filename or --cert-fetch url');
return;
}

const ipn_ext = box.keys[0].cert.extension.ipn;
const subject = box.keys[0].cert.subject;
Expand Down Expand Up @@ -292,7 +296,7 @@ async function do_parse(inputF, outputF, box, tsp, ocsp) {
}
});

if (isErr === false) {
if (isErr === false && outputF !== null) {
await output(outputF, textinfo.content, isWin);
}

Expand Down Expand Up @@ -328,6 +332,17 @@ async function main(argv, setIo) {
box = await get_local_box(argv.key, argv.cert, argv.ca_path);
}

let certFetch = argv['cert-fetch'];
if (certFetch) {
let urls = [];
if (typeof certFetch === 'string') {
urls = [certFetch];
} else if (Array.isArray(certFetch)) {
urls = certFetch;
}
await box.findCertsCmp(urls);
}

if (argv.sign || argv.crypt) {
if (argv.crypt === true && !argv.recipient_cert) {
return error(
Expand Down Expand Up @@ -356,10 +371,10 @@ async function main(argv, setIo) {
);
}

if (argv.decrypt) {
if (argv.decrypt || argv.verify) {
ret = await do_parse(
argv.input,
argv.output,
argv.input || argv.decrypt || argv.verify,
argv.verify ? null : argv.output,
box,
tsp_arg(argv.tsp),
argv.ocsp
Expand Down
17 changes: 15 additions & 2 deletions lib/frame/client.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ var connect = function (opts) {
};

var RemoteBox = function (cb) {
this.readyCb = cb;
this.readyCB = cb;
this.sock = connect({
connected: this.haveLink.bind(this),
data: this.haveData.bind(this),
Expand All @@ -46,7 +46,7 @@ RemoteBox.prototype.haveData = function(contents, type) {
});
}
if (type === 'printstr' && contents.op === 'READY') {
this.readyCb(this);
this.readyCB(this);
}
if (type === 'printstr' && contents.op === 'META') {
data = this._data;
Expand All @@ -58,11 +58,16 @@ RemoteBox.prototype.haveData = function(contents, type) {
delete this._data;
this.rpipeCB(data);
}
if (type === 'printstr' && contents.op === 'RCMP') {
this.frame.send({op: 'INFO'});
}
if (type === 'printstr' && contents.op === 'ERROR') {
if(contents.code === 'EPIPE') {
this.rpipeCB({error: true});
} else if (contents.code === 'EUNWRAP') {
this.unwrapCB({error: true});
} else if (contents.code === 'ECMP') {
this.cmpCB({error: true});
}
}

Expand All @@ -89,6 +94,14 @@ RemoteBox.prototype.unwrap = function(content, content2, opts) {
});
};

RemoteBox.prototype.findCertsCmp = function(urls) {
return new Promise(resolve=> {
this.frame.send({ op: 'CMP', urls });
this.readyCB = resolve;
this.cmpCB = resolve;
});
}

var remoteBox = function(cb) {
var box = new RemoteBox(cb);
};
Expand Down
6 changes: 6 additions & 0 deletions lib/frame/daemon.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,12 @@ var start = function (opts) {
};
});
frame.send({ op: "CLEAR", keys });
} else if (contents.op === 'CMP') {
box.findCertsCmp(contents.urls).then((number)=> {
frame.send({ op: 'RCMP', number });
}, ()=> {
frame.send({ op: 'ERROR', code: 'ECMP'});
});
} else if (!box) {
frame.send({ op: "ERROR", code: "ENOENT", bid: contents.bid });
} else {
Expand Down
31 changes: 16 additions & 15 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
"encoding": "^0.1.12",
"gost89": "^0.1.11",
"jksreader": "^1.0.0",
"jkurwa": "^1.12.0",
"jkurwa": "^1.14.0",
"yargs": "1.3.x"
}
}