Implement node:crypto X509Certificate

cloudflare · Jun 27, 2024 · 45b8f44 · 45b8f44
1 parent 900909e
commit 45b8f44
Show file tree

Hide file tree

Showing 16 changed files with 1,870 additions and 2 deletions.
diff --git a/.github/secret_scanning.yml b/.github/secret_scanning.yml
@@ -2,3 +2,4 @@ paths-ignore:
  - "src/workerd/api/node/crypto_keys-test.js"
  - "src/workerd/api/node/crypto_dh-test.js"
  - "src/workerd/jsg/url-test-corpus-success.h"
+ - "src/workerd/api/node/tests/crypto_x509-test.js"
diff --git a/src/node/crypto.ts b/src/node/crypto.ts
@@ -77,6 +77,10 @@ import {
  createSecretKey,
 } from 'node-internal:crypto_keys';
 
+import {
+ X509Certificate,
+} from 'node-internal:crypto_x509';
+
 export {
  // DH
  DiffieHellman,
@@ -126,6 +130,8 @@ export {
  createPrivateKey,
  createPublicKey,
  createSecretKey,
+ // X509
+ X509Certificate,
 }
 
 export function getCiphers() {
@@ -231,6 +237,8 @@ export default {
  // WebCrypto
  subtle,
  webcrypto,
+ // X509
+ X509Certificate,
 };
 
 // Classes
@@ -245,7 +253,7 @@ export default {
 // * [ ] crypto.KeyObject
 // * [ ] crypto.Sign
 // * [ ] crypto.Verify
-// * [ ] crypto.X509Certificate
+// * [x] crypto.X509Certificate
 // * [ ] crypto.constants
 // * [ ] crypto.DEFAULT_ENCODING
 // * Primes

diff --git a/src/node/internal/crypto.d.ts b/src/node/internal/crypto.d.ts
@@ -11,6 +11,42 @@ export function checkPrimeSync(candidate: ArrayBufferView, num_checks: number):
 export function randomPrime(size: number, safe: boolean, add?: ArrayBufferView|undefined,
  rem?: ArrayBufferView|undefined): ArrayBuffer;
 
+// X509Certificate
+export interface CheckOptions {
+ subject?: string;
+ wildcards?: boolean;
+ partialWildcards?: boolean;
+ multiLabelWildcards?: boolean;
+ singleLabelSubdomains?: boolean;
+}
+
+export class X509Certificate {
+ public static parse(data: ArrayBuffer|ArrayBufferView): X509Certificate;
+ public get subject(): string|undefined;
+ public get subjectAltName(): string|undefined;
+ public get infoAccess(): string|undefined;
+ public get issuer(): string|undefined;
+ public get issuerCert(): X509Certificate|undefined;
+ public get validFrom(): string|undefined;
+ public get validTo(): string|undefined;
+ public get fingerprint(): string|undefined;
+ public get fingerprint256(): string|undefined;
+ public get fingerprint512(): string|undefined;
+ public get keyUsage(): string[]|undefined;
+ public get serialNumber(): string|undefined;
+ public get pem(): string|undefined;
+ public get raw(): ArrayBuffer|undefined;
+ public get publicKey(): CryptoKey|undefined;
+ public get isCA(): boolean;
+ public checkHost(host: string, options?: CheckOptions): string|undefined;
+ public checkEmail(email: string, options?: CheckOptions): string|undefined;
+ public checkIp(ip: string, options?: CheckOptions): string|undefined;
+ public checkIssued(cert: X509Certificate): boolean;
+ public checkPrivateKey(key: CryptoKey): boolean;
+ public verify(key: CryptoKey): boolean;
+ public toLegacyObject(): object;
+}
+
 // Hash and Hmac
 export class HashHandle {
  public constructor(algorithm: string, xofLen: number);