pacnpal/bug-em
1
0
Fork 0
mirror of https://github.com/thewesker/bug-em.git synced 2025-12-21 12:31:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

lol

Browse Source
This commit is contained in:
Talor Berthelson
2016-06-17 20:49:15 -04:00
commit 889faf9c1c
699 changed files with 112020 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
node_modules/http-signature/lib/index.js generated vendored Normal file
View File

@@ -0,0 +1,27 @@
// Copyright 2015 Joyent, Inc.
var parser = require('./parser');
var signer = require('./signer');
var verify = require('./verify');
var util = require('./util');
///--- API
module.exports = {
parse: parser.parseRequest,
parseRequest: parser.parseRequest,
sign: signer.signRequest,
signRequest: signer.signRequest,
sshKeyToPEM: util.sshKeyToPEM,
sshKeyFingerprint: util.fingerprint,
pemToRsaSSHKey: util.pemToRsaSSHKey,
verify: verify.verifySignature,
verifySignature: verify.verifySignature,
verifyHMAC: verify.verifyHMAC
};

304
node_modules/http-signature/lib/parser.js generated vendored Normal file
View File

@@ -0,0 +1,304 @@
// Copyright 2012 Joyent, Inc. All rights reserved.
var assert = require('assert-plus');
var util = require('util');
///--- Globals
var Algorithms = {
'rsa-sha1': true,
'rsa-sha256': true,
'rsa-sha512': true,
'dsa-sha1': true,
'hmac-sha1': true,
'hmac-sha256': true,
'hmac-sha512': true
};
var State = {
New: 0,
Params: 1
};
var ParamsState = {
Name: 0,
Quote: 1,
Value: 2,
Comma: 3
};
///--- Specific Errors
function HttpSignatureError(message, caller) {
if (Error.captureStackTrace)
Error.captureStackTrace(this, caller || HttpSignatureError);
this.message = message;
this.name = caller.name;
}
util.inherits(HttpSignatureError, Error);
function ExpiredRequestError(message) {
HttpSignatureError.call(this, message, ExpiredRequestError);
}
util.inherits(ExpiredRequestError, HttpSignatureError);
function InvalidHeaderError(message) {
HttpSignatureError.call(this, message, InvalidHeaderError);
}
util.inherits(InvalidHeaderError, HttpSignatureError);
function InvalidParamsError(message) {
HttpSignatureError.call(this, message, InvalidParamsError);
}
util.inherits(InvalidParamsError, HttpSignatureError);
function MissingHeaderError(message) {
HttpSignatureError.call(this, message, MissingHeaderError);
}
util.inherits(MissingHeaderError, HttpSignatureError);
///--- Exported API
module.exports = {
/**
* Parses the 'Authorization' header out of an http.ServerRequest object.
*
* Note that this API will fully validate the Authorization header, and throw
* on any error. It will not however check the signature, or the keyId format
* as those are specific to your environment. You can use the options object
* to pass in extra constraints.
*
* As a response object you can expect this:
*
* {
* "scheme": "Signature",
* "params": {
* "keyId": "foo",
* "algorithm": "rsa-sha256",
* "headers": [
* "date" or "x-date",
* "content-md5"
* ],
* "signature": "base64"
* },
* "signingString": "ready to be passed to crypto.verify()"
* }
*
* @param {Object} request an http.ServerRequest.
* @param {Object} options an optional options object with:
* - clockSkew: allowed clock skew in seconds (default 300).
* - headers: required header names (def: date or x-date)
* - algorithms: algorithms to support (default: all).
* @return {Object} parsed out object (see above).
* @throws {TypeError} on invalid input.
* @throws {InvalidHeaderError} on an invalid Authorization header error.
* @throws {InvalidParamsError} if the params in the scheme are invalid.
* @throws {MissingHeaderError} if the params indicate a header not present,
* either in the request headers from the params,
* or not in the params from a required header
* in options.
* @throws {ExpiredRequestError} if the value of date or x-date exceeds skew.
*/
parseRequest: function parseRequest(request, options) {
assert.object(request, 'request');
assert.object(request.headers, 'request.headers');
if (options === undefined) {
options = {};
}
if (options.headers === undefined) {
options.headers = [request.headers['x-date'] ? 'x-date' : 'date'];
}
assert.object(options, 'options');
assert.arrayOfString(options.headers, 'options.headers');
assert.optionalNumber(options.clockSkew, 'options.clockSkew');
if (!request.headers.authorization)
throw new MissingHeaderError('no authorization header present in ' +
'the request');
options.clockSkew = options.clockSkew || 300;
var i = 0;
var state = State.New;
var substate = ParamsState.Name;
var tmpName = '';
var tmpValue = '';
var parsed = {
scheme: '',
params: {},
signingString: '',
get algorithm() {
return this.params.algorithm.toUpperCase();
},
get keyId() {
return this.params.keyId;
}
};
var authz = request.headers.authorization;
for (i = 0; i < authz.length; i++) {
var c = authz.charAt(i);
switch (Number(state)) {
case State.New:
if (c !== ' ') parsed.scheme += c;
else state = State.Params;
break;
case State.Params:
switch (Number(substate)) {
case ParamsState.Name:
var code = c.charCodeAt(0);
// restricted name of A-Z / a-z
if ((code >= 0x41 && code <= 0x5a) || // A-Z
(code >= 0x61 && code <= 0x7a)) { // a-z
tmpName += c;
} else if (c === '=') {
if (tmpName.length === 0)
throw new InvalidHeaderError('bad param format');
substate = ParamsState.Quote;
} else {
throw new InvalidHeaderError('bad param format');
}
break;
case ParamsState.Quote:
if (c === '"') {
tmpValue = '';
substate = ParamsState.Value;
} else {
throw new InvalidHeaderError('bad param format');
}
break;
case ParamsState.Value:
if (c === '"') {
parsed.params[tmpName] = tmpValue;
substate = ParamsState.Comma;
} else {
tmpValue += c;
}
break;
case ParamsState.Comma:
if (c === ',') {
tmpName = '';
substate = ParamsState.Name;
} else {
throw new InvalidHeaderError('bad param format');
}
break;
default:
throw new Error('Invalid substate');
}
break;
default:
throw new Error('Invalid substate');
}
}
if (!parsed.params.headers || parsed.params.headers === '') {
if (request.headers['x-date']) {
parsed.params.headers = ['x-date'];
} else {
parsed.params.headers = ['date'];
}
} else {
parsed.params.headers = parsed.params.headers.split(' ');
}
// Minimally validate the parsed object
if (!parsed.scheme || parsed.scheme !== 'Signature')
throw new InvalidHeaderError('scheme was not "Signature"');
if (!parsed.params.keyId)
throw new InvalidHeaderError('keyId was not specified');
if (!parsed.params.algorithm)
throw new InvalidHeaderError('algorithm was not specified');
if (!parsed.params.signature)
throw new InvalidHeaderError('signature was not specified');
// Check the algorithm against the official list
parsed.params.algorithm = parsed.params.algorithm.toLowerCase();
if (!Algorithms[parsed.params.algorithm])
throw new InvalidParamsError(parsed.params.algorithm +
' is not supported');
// Build the signingString
for (i = 0; i < parsed.params.headers.length; i++) {
var h = parsed.params.headers[i].toLowerCase();
parsed.params.headers[i] = h;
if (h !== 'request-line') {
var value = request.headers[h];
if (!value)
throw new MissingHeaderError(h + ' was not in the request');
parsed.signingString += h + ': ' + value;
} else {
parsed.signingString +=
request.method + ' ' + request.url + ' HTTP/' + request.httpVersion;
}
if ((i + 1) < parsed.params.headers.length)
parsed.signingString += '\n';
}
// Check against the constraints
var date;
if (request.headers.date || request.headers['x-date']) {
if (request.headers['x-date']) {
date = new Date(request.headers['x-date']);
} else {
date = new Date(request.headers.date);
}
var now = new Date();
var skew = Math.abs(now.getTime() - date.getTime());
if (skew > options.clockSkew * 1000) {
throw new ExpiredRequestError('clock skew of ' +
(skew / 1000) +
's was greater than ' +
options.clockSkew + 's');
}
}
options.headers.forEach(function (hdr) {
// Remember that we already checked any headers in the params
// were in the request, so if this passes we're good.
if (parsed.params.headers.indexOf(hdr) < 0)
throw new MissingHeaderError(hdr + ' was not a signed header');
});
if (options.algorithms) {
if (options.algorithms.indexOf(parsed.params.algorithm) === -1)
throw new InvalidParamsError(parsed.params.algorithm +
' is not a supported algorithm');
}
return parsed;
}
};

178
node_modules/http-signature/lib/signer.js generated vendored Normal file
View File

@@ -0,0 +1,178 @@
// Copyright 2012 Joyent, Inc. All rights reserved.
var assert = require('assert-plus');
var crypto = require('crypto');
var http = require('http');
var sprintf = require('util').format;
///--- Globals
var Algorithms = {
'rsa-sha1': true,
'rsa-sha256': true,
'rsa-sha512': true,
'dsa-sha1': true,
'hmac-sha1': true,
'hmac-sha256': true,
'hmac-sha512': true
};
var Authorization =
'Signature keyId="%s",algorithm="%s",headers="%s",signature="%s"';
///--- Specific Errors
function MissingHeaderError(message) {
this.name = 'MissingHeaderError';
this.message = message;
this.stack = (new Error()).stack;
}
MissingHeaderError.prototype = new Error();
function InvalidAlgorithmError(message) {
this.name = 'InvalidAlgorithmError';
this.message = message;
this.stack = (new Error()).stack;
}
InvalidAlgorithmError.prototype = new Error();
///--- Internal Functions
function _pad(val) {
if (parseInt(val, 10) < 10) {
val = '0' + val;
}
return val;
}
function _rfc1123() {
var date = new Date();
var months = ['Jan',
'Feb',
'Mar',
'Apr',
'May',
'Jun',
'Jul',
'Aug',
'Sep',
'Oct',
'Nov',
'Dec'];
var days = ['Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat'];
return days[date.getUTCDay()] + ', ' +
_pad(date.getUTCDate()) + ' ' +
months[date.getUTCMonth()] + ' ' +
date.getUTCFullYear() + ' ' +
_pad(date.getUTCHours()) + ':' +
_pad(date.getUTCMinutes()) + ':' +
_pad(date.getUTCSeconds()) +
' GMT';
}
///--- Exported API
module.exports = {
/**
* Adds an 'Authorization' header to an http.ClientRequest object.
*
* Note that this API will add a Date header if it's not already set. Any
* other headers in the options.headers array MUST be present, or this
* will throw.
*
* You shouldn't need to check the return type; it's just there if you want
* to be pedantic.
*
* @param {Object} request an instance of http.ClientRequest.
* @param {Object} options signing parameters object:
* - {String} keyId required.
* - {String} key required (either a PEM or HMAC key).
* - {Array} headers optional; defaults to ['date'].
* - {String} algorithm optional; defaults to 'rsa-sha256'.
* - {String} httpVersion optional; defaults to '1.1'.
* @return {Boolean} true if Authorization (and optionally Date) were added.
* @throws {TypeError} on bad parameter types (input).
* @throws {InvalidAlgorithmError} if algorithm was bad.
* @throws {MissingHeaderError} if a header to be signed was specified but
* was not present.
*/
signRequest: function signRequest(request, options) {
assert.object(request, 'request');
assert.object(options, 'options');
assert.optionalString(options.algorithm, 'options.algorithm');
assert.string(options.keyId, 'options.keyId');
assert.optionalArrayOfString(options.headers, 'options.headers');
assert.optionalString(options.httpVersion, 'options.httpVersion');
if (!request.getHeader('Date'))
request.setHeader('Date', _rfc1123());
if (!options.headers)
options.headers = ['date'];
if (!options.algorithm)
options.algorithm = 'rsa-sha256';
if (!options.httpVersion)
options.httpVersion = '1.1';
options.algorithm = options.algorithm.toLowerCase();
if (!Algorithms[options.algorithm])
throw new InvalidAlgorithmError(options.algorithm + ' is not supported');
var i;
var stringToSign = '';
for (i = 0; i < options.headers.length; i++) {
if (typeof (options.headers[i]) !== 'string')
throw new TypeError('options.headers must be an array of Strings');
var h = options.headers[i].toLowerCase();
if (h !== 'request-line') {
var value = request.getHeader(h);
if (!value) {
throw new MissingHeaderError(h + ' was not in the request');
}
stringToSign += h + ': ' + value;
} else {
stringToSign +=
request.method + ' ' + request.path + ' HTTP/' + options.httpVersion;
}
if ((i + 1) < options.headers.length)
stringToSign += '\n';
}
var alg = options.algorithm.match(/(hmac|rsa)-(\w+)/);
var signature;
if (alg[1] === 'hmac') {
var hmac = crypto.createHmac(alg[2].toUpperCase(), options.key);
hmac.update(stringToSign);
signature = hmac.digest('base64');
} else {
var signer = crypto.createSign(options.algorithm.toUpperCase());
signer.update(stringToSign);
signature = signer.sign(options.key, 'base64');
}
request.setHeader('Authorization', sprintf(Authorization,
options.keyId,
options.algorithm,
options.headers.join(' '),
signature));
return true;
}
};

306
node_modules/http-signature/lib/util.js generated vendored Normal file
View File

@@ -0,0 +1,306 @@
// Copyright 2012 Joyent, Inc. All rights reserved.
var assert = require('assert-plus');
var crypto = require('crypto');
var asn1 = require('asn1');
var ctype = require('ctype');
///--- Helpers
function readNext(buffer, offset) {
var len = ctype.ruint32(buffer, 'big', offset);
offset += 4;
var newOffset = offset + len;
return {
data: buffer.slice(offset, newOffset),
offset: newOffset
};
}
function writeInt(writer, buffer) {
writer.writeByte(0x02); // ASN1.Integer
writer.writeLength(buffer.length);
for (var i = 0; i < buffer.length; i++)
writer.writeByte(buffer[i]);
return writer;
}
function rsaToPEM(key) {
var buffer;
var der;
var exponent;
var i;
var modulus;
var newKey = '';
var offset = 0;
var type;
var tmp;
try {
buffer = new Buffer(key.split(' ')[1], 'base64');
tmp = readNext(buffer, offset);
type = tmp.data.toString();
offset = tmp.offset;
if (type !== 'ssh-rsa')
throw new Error('Invalid ssh key type: ' + type);
tmp = readNext(buffer, offset);
exponent = tmp.data;
offset = tmp.offset;
tmp = readNext(buffer, offset);
modulus = tmp.data;
} catch (e) {
throw new Error('Invalid ssh key: ' + key);
}
// DER is a subset of BER
der = new asn1.BerWriter();
der.startSequence();
der.startSequence();
der.writeOID('1.2.840.113549.1.1.1');
der.writeNull();
der.endSequence();
der.startSequence(0x03); // bit string
der.writeByte(0x00);
// Actual key
der.startSequence();
writeInt(der, modulus);
writeInt(der, exponent);
der.endSequence();
// bit string
der.endSequence();
der.endSequence();
tmp = der.buffer.toString('base64');
for (i = 0; i < tmp.length; i++) {
if ((i % 64) === 0)
newKey += '\n';
newKey += tmp.charAt(i);
}
if (!/\\n$/.test(newKey))
newKey += '\n';
return '-----BEGIN PUBLIC KEY-----' + newKey + '-----END PUBLIC KEY-----\n';
}
function dsaToPEM(key) {
var buffer;
var offset = 0;
var tmp;
var der;
var newKey = '';
var type;
var p;
var q;
var g;
var y;
try {
buffer = new Buffer(key.split(' ')[1], 'base64');
tmp = readNext(buffer, offset);
type = tmp.data.toString();
offset = tmp.offset;
/* JSSTYLED */
if (!/^ssh-ds[as].*/.test(type))
throw new Error('Invalid ssh key type: ' + type);
tmp = readNext(buffer, offset);
p = tmp.data;
offset = tmp.offset;
tmp = readNext(buffer, offset);
q = tmp.data;
offset = tmp.offset;
tmp = readNext(buffer, offset);
g = tmp.data;
offset = tmp.offset;
tmp = readNext(buffer, offset);
y = tmp.data;
} catch (e) {
console.log(e.stack);
throw new Error('Invalid ssh key: ' + key);
}
// DER is a subset of BER
der = new asn1.BerWriter();
der.startSequence();
der.startSequence();
der.writeOID('1.2.840.10040.4.1');
der.startSequence();
writeInt(der, p);
writeInt(der, q);
writeInt(der, g);
der.endSequence();
der.endSequence();
der.startSequence(0x03); // bit string
der.writeByte(0x00);
writeInt(der, y);
der.endSequence();
der.endSequence();
tmp = der.buffer.toString('base64');
for (var i = 0; i < tmp.length; i++) {
if ((i % 64) === 0)
newKey += '\n';
newKey += tmp.charAt(i);
}
if (!/\\n$/.test(newKey))
newKey += '\n';
return '-----BEGIN PUBLIC KEY-----' + newKey + '-----END PUBLIC KEY-----\n';
}
///--- API
module.exports = {
/**
* Converts an OpenSSH public key (rsa only) to a PKCS#8 PEM file.
*
* The intent of this module is to interoperate with OpenSSL only,
* specifically the node crypto module's `verify` method.
*
* @param {String} key an OpenSSH public key.
* @return {String} PEM encoded form of the RSA public key.
* @throws {TypeError} on bad input.
* @throws {Error} on invalid ssh key formatted data.
*/
sshKeyToPEM: function sshKeyToPEM(key) {
assert.string(key, 'ssh_key');
/* JSSTYLED */
if (/^ssh-rsa.*/.test(key))
return rsaToPEM(key);
/* JSSTYLED */
if (/^ssh-ds[as].*/.test(key))
return dsaToPEM(key);
throw new Error('Only RSA and DSA public keys are allowed');
},
/**
* Generates an OpenSSH fingerprint from an ssh public key.
*
* @param {String} key an OpenSSH public key.
* @return {String} key fingerprint.
* @throws {TypeError} on bad input.
* @throws {Error} if what you passed doesn't look like an ssh public key.
*/
fingerprint: function fingerprint(key) {
assert.string(key, 'ssh_key');
var pieces = key.split(' ');
if (!pieces || !pieces.length || pieces.length < 2)
throw new Error('invalid ssh key');
var data = new Buffer(pieces[1], 'base64');
var hash = crypto.createHash('md5');
hash.update(data);
var digest = hash.digest('hex');
var fp = '';
for (var i = 0; i < digest.length; i++) {
if (i && i % 2 === 0)
fp += ':';
fp += digest[i];
}
return fp;
},
/**
* Converts a PKGCS#8 PEM file to an OpenSSH public key (rsa)
*
* The reverse of the above function.
*/
pemToRsaSSHKey: function pemToRsaSSHKey(pem, comment) {
assert.equal('string', typeof (pem), 'typeof pem');
// chop off the BEGIN PUBLIC KEY and END PUBLIC KEY portion
var cleaned = pem.split('\n').slice(1, -2).join('');
var buf = new Buffer(cleaned, 'base64');
var der = new asn1.BerReader(buf);
der.readSequence();
der.readSequence();
var oid = der.readOID();
assert.equal(oid, '1.2.840.113549.1.1.1', 'pem not in RSA format');
// Null -- XXX this probably isn't good practice
der.readByte();
der.readByte();
// bit string sequence
der.readSequence(0x03);
der.readByte();
der.readSequence();
// modulus
assert.equal(der.peek(), asn1.Ber.Integer, 'modulus not an integer');
der._offset = der.readLength(der.offset + 1);
var modulus = der._buf.slice(der.offset, der.offset + der.length);
der._offset += der.length;
// exponent
assert.equal(der.peek(), asn1.Ber.Integer, 'exponent not an integer');
der._offset = der.readLength(der.offset + 1);
var exponent = der._buf.slice(der.offset, der.offset + der.length);
der._offset += der.length;
// now, make the key
var type = new Buffer('ssh-rsa');
var buffer = new Buffer(4 + type.length + 4 + modulus.length +
4 + exponent.length);
var i = 0;
buffer.writeUInt32BE(type.length, i); i += 4;
type.copy(buffer, i); i += type.length;
buffer.writeUInt32BE(exponent.length, i); i += 4;
exponent.copy(buffer, i); i += exponent.length;
buffer.writeUInt32BE(modulus.length, i); i += 4;
modulus.copy(buffer, i); i += modulus.length;
var s = (type.toString() + ' ' + buffer.toString('base64') + ' ' +
(comment || ''));
return s;
}
};

56
node_modules/http-signature/lib/verify.js generated vendored Normal file
View File

@@ -0,0 +1,56 @@
// Copyright 2015 Joyent, Inc.
var assert = require('assert-plus');
var crypto = require('crypto');
///--- Exported API
module.exports = {
/**
* Verify RSA/DSA signature against public key. You are expected to pass in
* an object that was returned from `parse()`.
*
* @param {Object} parsedSignature the object you got from `parse`.
* @param {String} pubkey RSA/DSA private key PEM.
* @return {Boolean} true if valid, false otherwise.
* @throws {TypeError} if you pass in bad arguments.
*/
verifySignature: function verifySignature(parsedSignature, pubkey) {
assert.object(parsedSignature, 'parsedSignature');
assert.string(pubkey, 'pubkey');
var alg = parsedSignature.algorithm.match(/^(RSA|DSA)-(\w+)/);
if (!alg || alg.length !== 3)
throw new TypeError('parsedSignature: unsupported algorithm ' +
parsedSignature.algorithm);
var verify = crypto.createVerify(alg[0]);
verify.update(parsedSignature.signingString);
return verify.verify(pubkey, parsedSignature.params.signature, 'base64');
},
/**
* Verify HMAC against shared secret. You are expected to pass in an object
* that was returned from `parse()`.
*
* @param {Object} parsedSignature the object you got from `parse`.
* @param {String} secret HMAC shared secret.
* @return {Boolean} true if valid, false otherwise.
* @throws {TypeError} if you pass in bad arguments.
*/
verifyHMAC: function verifyHMAC(parsedSignature, secret) {
assert.object(parsedSignature, 'parsedHMAC');
assert.string(secret, 'secret');
var alg = parsedSignature.algorithm.match(/^HMAC-(\w+)/);
if (!alg || alg.length !== 2)
throw new TypeError('parsedSignature: unsupported algorithm ' +
parsedSignature.algorithm);
var hmac = crypto.createHmac(alg[1].toUpperCase(), secret);
hmac.update(parsedSignature.signingString);
return (hmac.digest('base64') === parsedSignature.params.signature);
}
};