diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 55079e6e6..5932eda0c 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -25024,17 +25024,17 @@ var require_hmac = __commonJS({ var _ipadding = null; var _opadding = null; var ctx = {}; - ctx.start = function(md, key) { - if (md !== null) { - if (typeof md === "string") { - md = md.toLowerCase(); - if (md in forge.md.algorithms) { - _md = forge.md.algorithms[md].create(); + ctx.start = function(md2, key) { + if (md2 !== null) { + if (typeof md2 === "string") { + md2 = md2.toLowerCase(); + if (md2 in forge.md.algorithms) { + _md = forge.md.algorithms[md2].create(); } else { - throw new Error('Unknown hash algorithm "' + md + '"'); + throw new Error('Unknown hash algorithm "' + md2 + '"'); } } else { - _md = md; + _md = md2; } } if (key === null) { @@ -25108,7 +25108,7 @@ var require_md5 = __commonJS({ var _state = null; var _input = forge.util.createBuffer(); var _w = new Array(16); - var md = { + var md2 = { algorithm: "md5", blockLength: 64, digestLength: 16, @@ -25119,12 +25119,12 @@ var require_md5 = __commonJS({ // size of message length in bytes messageLengthSize: 8 }; - md.start = function() { - md.messageLength = 0; - md.fullMessageLength = md.messageLength64 = []; - var int32s = md.messageLengthSize / 4; + md2.start = function() { + md2.messageLength = 0; + md2.fullMessageLength = md2.messageLength64 = []; + var int32s = md2.messageLengthSize / 4; for (var i = 0; i < int32s; ++i) { - md.fullMessageLength.push(0); + md2.fullMessageLength.push(0); } _input = forge.util.createBuffer(); _state = { @@ -25133,20 +25133,20 @@ var require_md5 = __commonJS({ h2: 2562383102, h3: 271733878 }; - return md; + return md2; }; - md.start(); - md.update = function(msg, encoding) { + md2.start(); + md2.update = function(msg, encoding) { if (encoding === "utf8") { msg = forge.util.encodeUtf8(msg); } var len = msg.length; - md.messageLength += len; + md2.messageLength += len; len = [len / 4294967296 >>> 0, len >>> 0]; - for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { - md.fullMessageLength[i] += len[1]; - len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); - md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; + for (var i = md2.fullMessageLength.length - 1; i >= 0; --i) { + md2.fullMessageLength[i] += len[1]; + len[1] = len[0] + (md2.fullMessageLength[i] / 4294967296 >>> 0); + md2.fullMessageLength[i] = md2.fullMessageLength[i] >>> 0; len[0] = len[1] / 4294967296 >>> 0; } _input.putBytes(msg); @@ -25154,17 +25154,17 @@ var require_md5 = __commonJS({ if (_input.read > 2048 || _input.length() === 0) { _input.compact(); } - return md; + return md2; }; - md.digest = function() { + md2.digest = function() { var finalBlock = forge.util.createBuffer(); finalBlock.putBytes(_input.bytes()); - var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; - var overflow = remaining & md.blockLength - 1; - finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); + var remaining = md2.fullMessageLength[md2.fullMessageLength.length - 1] + md2.messageLengthSize; + var overflow = remaining & md2.blockLength - 1; + finalBlock.putBytes(_padding.substr(0, md2.blockLength - overflow)); var bits, carry = 0; - for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { - bits = md.fullMessageLength[i] * 8 + carry; + for (var i = md2.fullMessageLength.length - 1; i >= 0; --i) { + bits = md2.fullMessageLength[i] * 8 + carry; carry = bits / 4294967296 >>> 0; finalBlock.putInt32Le(bits >>> 0); } @@ -25182,7 +25182,7 @@ var require_md5 = __commonJS({ rval.putInt32Le(s2.h3); return rval; }; - return md; + return md2; }; var _padding = null; var _g = null; @@ -25786,14 +25786,14 @@ var require_pbkdf2 = __commonJS({ if (forge.util.isNodejs && !forge.options.usePureJavaScript) { crypto2 = require("crypto"); } - module2.exports = forge.pbkdf2 = pkcs5.pbkdf2 = function(p, s, c, dkLen, md, callback) { - if (typeof md === "function") { - callback = md; - md = null; + module2.exports = forge.pbkdf2 = pkcs5.pbkdf2 = function(p, s, c, dkLen, md2, callback) { + if (typeof md2 === "function") { + callback = md2; + md2 = null; } - if (forge.util.isNodejs && !forge.options.usePureJavaScript && crypto2.pbkdf2 && (md === null || typeof md !== "object") && (crypto2.pbkdf2Sync.length > 4 || (!md || md === "sha1"))) { - if (typeof md !== "string") { - md = "sha1"; + if (forge.util.isNodejs && !forge.options.usePureJavaScript && crypto2.pbkdf2 && (md2 === null || typeof md2 !== "object") && (crypto2.pbkdf2Sync.length > 4 || (!md2 || md2 === "sha1"))) { + if (typeof md2 !== "string") { + md2 = "sha1"; } p = Buffer.from(p, "binary"); s = Buffer.from(s, "binary"); @@ -25801,7 +25801,7 @@ var require_pbkdf2 = __commonJS({ if (crypto2.pbkdf2Sync.length === 4) { return crypto2.pbkdf2Sync(p, s, c, dkLen).toString("binary"); } - return crypto2.pbkdf2Sync(p, s, c, dkLen, md).toString("binary"); + return crypto2.pbkdf2Sync(p, s, c, dkLen, md2).toString("binary"); } if (crypto2.pbkdf2Sync.length === 4) { return crypto2.pbkdf2(p, s, c, dkLen, function(err2, key) { @@ -25811,23 +25811,23 @@ var require_pbkdf2 = __commonJS({ callback(null, key.toString("binary")); }); } - return crypto2.pbkdf2(p, s, c, dkLen, md, function(err2, key) { + return crypto2.pbkdf2(p, s, c, dkLen, md2, function(err2, key) { if (err2) { return callback(err2); } callback(null, key.toString("binary")); }); } - if (typeof md === "undefined" || md === null) { - md = "sha1"; + if (typeof md2 === "undefined" || md2 === null) { + md2 = "sha1"; } - if (typeof md === "string") { - if (!(md in forge.md.algorithms)) { - throw new Error("Unknown hash algorithm: " + md); + if (typeof md2 === "string") { + if (!(md2 in forge.md.algorithms)) { + throw new Error("Unknown hash algorithm: " + md2); } - md = forge.md[md].create(); + md2 = forge.md[md2].create(); } - var hLen = md.digestLength; + var hLen = md2.digestLength; if (dkLen > 4294967295 * hLen) { var err = new Error("Derived key is too long."); if (callback) { @@ -25838,7 +25838,7 @@ var require_pbkdf2 = __commonJS({ var len = Math.ceil(dkLen / hLen); var r = dkLen - (len - 1) * hLen; var prf = forge.hmac.create(); - prf.start(md, p); + prf.start(md2, p); var dk = ""; var xor, u_c, u_c1; if (!callback) { @@ -25904,7 +25904,7 @@ var require_sha256 = __commonJS({ var _state = null; var _input = forge.util.createBuffer(); var _w = new Array(64); - var md = { + var md2 = { algorithm: "sha256", blockLength: 64, digestLength: 32, @@ -25915,12 +25915,12 @@ var require_sha256 = __commonJS({ // size of message length in bytes messageLengthSize: 8 }; - md.start = function() { - md.messageLength = 0; - md.fullMessageLength = md.messageLength64 = []; - var int32s = md.messageLengthSize / 4; + md2.start = function() { + md2.messageLength = 0; + md2.fullMessageLength = md2.messageLength64 = []; + var int32s = md2.messageLengthSize / 4; for (var i = 0; i < int32s; ++i) { - md.fullMessageLength.push(0); + md2.fullMessageLength.push(0); } _input = forge.util.createBuffer(); _state = { @@ -25933,20 +25933,20 @@ var require_sha256 = __commonJS({ h6: 528734635, h7: 1541459225 }; - return md; + return md2; }; - md.start(); - md.update = function(msg, encoding) { + md2.start(); + md2.update = function(msg, encoding) { if (encoding === "utf8") { msg = forge.util.encodeUtf8(msg); } var len = msg.length; - md.messageLength += len; + md2.messageLength += len; len = [len / 4294967296 >>> 0, len >>> 0]; - for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { - md.fullMessageLength[i] += len[1]; - len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); - md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; + for (var i = md2.fullMessageLength.length - 1; i >= 0; --i) { + md2.fullMessageLength[i] += len[1]; + len[1] = len[0] + (md2.fullMessageLength[i] / 4294967296 >>> 0); + md2.fullMessageLength[i] = md2.fullMessageLength[i] >>> 0; len[0] = len[1] / 4294967296 >>> 0; } _input.putBytes(msg); @@ -25954,18 +25954,18 @@ var require_sha256 = __commonJS({ if (_input.read > 2048 || _input.length() === 0) { _input.compact(); } - return md; + return md2; }; - md.digest = function() { + md2.digest = function() { var finalBlock = forge.util.createBuffer(); finalBlock.putBytes(_input.bytes()); - var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; - var overflow = remaining & md.blockLength - 1; - finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); + var remaining = md2.fullMessageLength[md2.fullMessageLength.length - 1] + md2.messageLengthSize; + var overflow = remaining & md2.blockLength - 1; + finalBlock.putBytes(_padding.substr(0, md2.blockLength - overflow)); var next, carry; - var bits = md.fullMessageLength[0] * 8; - for (var i = 0; i < md.fullMessageLength.length - 1; ++i) { - next = md.fullMessageLength[i + 1] * 8; + var bits = md2.fullMessageLength[0] * 8; + for (var i = 0; i < md2.fullMessageLength.length - 1; ++i) { + next = md2.fullMessageLength[i + 1] * 8; carry = next / 4294967296 >>> 0; bits += carry; finalBlock.putInt32(bits >>> 0); @@ -25994,7 +25994,7 @@ var require_sha256 = __commonJS({ rval.putInt32(s2.h7); return rval; }; - return md; + return md2; }; var _padding = null; var _initialized = false; @@ -26145,10 +26145,10 @@ var require_prng = __commonJS({ // no initial key bytes keyBytes: "" }; - var md = plugin.md; + var md2 = plugin.md; var pools = new Array(32); for (var i = 0; i < 32; ++i) { - pools[i] = md.create(); + pools[i] = md2.create(); } ctx.pools = pools; ctx.pool = 0; @@ -26233,20 +26233,20 @@ var require_prng = __commonJS({ } function _seed() { ctx.reseeds = ctx.reseeds === 4294967295 ? 0 : ctx.reseeds + 1; - var md2 = ctx.plugin.md.create(); - md2.update(ctx.keyBytes); + var md3 = ctx.plugin.md.create(); + md3.update(ctx.keyBytes); var _2powK = 1; for (var k = 0; k < 32; ++k) { if (ctx.reseeds % _2powK === 0) { - md2.update(ctx.pools[k].digest().getBytes()); + md3.update(ctx.pools[k].digest().getBytes()); ctx.pools[k].start(); } _2powK = _2powK << 1; } - ctx.keyBytes = md2.digest().getBytes(); - md2.start(); - md2.update(ctx.keyBytes); - var seedBytes = md2.digest().getBytes(); + ctx.keyBytes = md3.digest().getBytes(); + md3.start(); + md3.update(ctx.keyBytes); + var seedBytes = md3.digest().getBytes(); ctx.key = ctx.plugin.formatKey(ctx.keyBytes); ctx.seed = ctx.plugin.formatSeed(seedBytes); ctx.generated = 0; @@ -28125,7 +28125,7 @@ var require_sha1 = __commonJS({ var _state = null; var _input = forge.util.createBuffer(); var _w = new Array(80); - var md = { + var md2 = { algorithm: "sha1", blockLength: 64, digestLength: 20, @@ -28136,12 +28136,12 @@ var require_sha1 = __commonJS({ // size of message length in bytes messageLengthSize: 8 }; - md.start = function() { - md.messageLength = 0; - md.fullMessageLength = md.messageLength64 = []; - var int32s = md.messageLengthSize / 4; + md2.start = function() { + md2.messageLength = 0; + md2.fullMessageLength = md2.messageLength64 = []; + var int32s = md2.messageLengthSize / 4; for (var i = 0; i < int32s; ++i) { - md.fullMessageLength.push(0); + md2.fullMessageLength.push(0); } _input = forge.util.createBuffer(); _state = { @@ -28151,20 +28151,20 @@ var require_sha1 = __commonJS({ h3: 271733878, h4: 3285377520 }; - return md; + return md2; }; - md.start(); - md.update = function(msg, encoding) { + md2.start(); + md2.update = function(msg, encoding) { if (encoding === "utf8") { msg = forge.util.encodeUtf8(msg); } var len = msg.length; - md.messageLength += len; + md2.messageLength += len; len = [len / 4294967296 >>> 0, len >>> 0]; - for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { - md.fullMessageLength[i] += len[1]; - len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); - md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; + for (var i = md2.fullMessageLength.length - 1; i >= 0; --i) { + md2.fullMessageLength[i] += len[1]; + len[1] = len[0] + (md2.fullMessageLength[i] / 4294967296 >>> 0); + md2.fullMessageLength[i] = md2.fullMessageLength[i] >>> 0; len[0] = len[1] / 4294967296 >>> 0; } _input.putBytes(msg); @@ -28172,18 +28172,18 @@ var require_sha1 = __commonJS({ if (_input.read > 2048 || _input.length() === 0) { _input.compact(); } - return md; + return md2; }; - md.digest = function() { + md2.digest = function() { var finalBlock = forge.util.createBuffer(); finalBlock.putBytes(_input.bytes()); - var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; - var overflow = remaining & md.blockLength - 1; - finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); + var remaining = md2.fullMessageLength[md2.fullMessageLength.length - 1] + md2.messageLengthSize; + var overflow = remaining & md2.blockLength - 1; + finalBlock.putBytes(_padding.substr(0, md2.blockLength - overflow)); var next, carry; - var bits = md.fullMessageLength[0] * 8; - for (var i = 0; i < md.fullMessageLength.length - 1; ++i) { - next = md.fullMessageLength[i + 1] * 8; + var bits = md2.fullMessageLength[0] * 8; + for (var i = 0; i < md2.fullMessageLength.length - 1; ++i) { + next = md2.fullMessageLength[i + 1] * 8; carry = next / 4294967296 >>> 0; bits += carry; finalBlock.putInt32(bits >>> 0); @@ -28206,7 +28206,7 @@ var require_sha1 = __commonJS({ rval.putInt32(s2.h4); return rval; }; - return md; + return md2; }; var _padding = null; var _initialized = false; @@ -28317,30 +28317,30 @@ var require_pkcs1 = __commonJS({ pkcs1.encode_rsa_oaep = function(key, message, options) { var label; var seed; - var md; + var md2; var mgf1Md; if (typeof options === "string") { label = options; seed = arguments[3] || void 0; - md = arguments[4] || void 0; + md2 = arguments[4] || void 0; } else if (options) { label = options.label || void 0; seed = options.seed || void 0; - md = options.md || void 0; + md2 = options.md || void 0; if (options.mgf1 && options.mgf1.md) { mgf1Md = options.mgf1.md; } } - if (!md) { - md = forge.md.sha1.create(); + if (!md2) { + md2 = forge.md.sha1.create(); } else { - md.start(); + md2.start(); } if (!mgf1Md) { - mgf1Md = md; + mgf1Md = md2; } var keyLength = Math.ceil(key.n.bitLength() / 8); - var maxLength = keyLength - 2 * md.digestLength - 2; + var maxLength = keyLength - 2 * md2.digestLength - 2; if (message.length > maxLength) { var error3 = new Error("RSAES-OAEP input message length is too long."); error3.length = message.length; @@ -28350,8 +28350,8 @@ var require_pkcs1 = __commonJS({ if (!label) { label = ""; } - md.update(label, "raw"); - var lHash = md.digest(); + md2.update(label, "raw"); + var lHash = md2.digest(); var PS = ""; var PS_length = maxLength - message.length; for (var i = 0; i < PS_length; i++) { @@ -28359,29 +28359,29 @@ var require_pkcs1 = __commonJS({ } var DB = lHash.getBytes() + PS + "" + message; if (!seed) { - seed = forge.random.getBytes(md.digestLength); - } else if (seed.length !== md.digestLength) { + seed = forge.random.getBytes(md2.digestLength); + } else if (seed.length !== md2.digestLength) { var error3 = new Error("Invalid RSAES-OAEP seed. The seed length must match the digest length."); error3.seedLength = seed.length; - error3.digestLength = md.digestLength; + error3.digestLength = md2.digestLength; throw error3; } - var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md); + var dbMask = rsa_mgf1(seed, keyLength - md2.digestLength - 1, mgf1Md); var maskedDB = forge.util.xorBytes(DB, dbMask, DB.length); - var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md); + var seedMask = rsa_mgf1(maskedDB, md2.digestLength, mgf1Md); var maskedSeed = forge.util.xorBytes(seed, seedMask, seed.length); return "\0" + maskedSeed + maskedDB; }; pkcs1.decode_rsa_oaep = function(key, em, options) { var label; - var md; + var md2; var mgf1Md; if (typeof options === "string") { label = options; - md = arguments[3] || void 0; + md2 = arguments[3] || void 0; } else if (options) { label = options.label || void 0; - md = options.md || void 0; + md2 = options.md || void 0; if (options.mgf1 && options.mgf1.md) { mgf1Md = options.mgf1.md; } @@ -28393,37 +28393,37 @@ var require_pkcs1 = __commonJS({ error3.expectedLength = keyLength; throw error3; } - if (md === void 0) { - md = forge.md.sha1.create(); + if (md2 === void 0) { + md2 = forge.md.sha1.create(); } else { - md.start(); + md2.start(); } if (!mgf1Md) { - mgf1Md = md; + mgf1Md = md2; } - if (keyLength < 2 * md.digestLength + 2) { + if (keyLength < 2 * md2.digestLength + 2) { throw new Error("RSAES-OAEP key is too short for the hash function."); } if (!label) { label = ""; } - md.update(label, "raw"); - var lHash = md.digest().getBytes(); + md2.update(label, "raw"); + var lHash = md2.digest().getBytes(); var y = em.charAt(0); - var maskedSeed = em.substring(1, md.digestLength + 1); - var maskedDB = em.substring(1 + md.digestLength); - var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md); + var maskedSeed = em.substring(1, md2.digestLength + 1); + var maskedDB = em.substring(1 + md2.digestLength); + var seedMask = rsa_mgf1(maskedDB, md2.digestLength, mgf1Md); var seed = forge.util.xorBytes(maskedSeed, seedMask, maskedSeed.length); - var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md); + var dbMask = rsa_mgf1(seed, keyLength - md2.digestLength - 1, mgf1Md); var db = forge.util.xorBytes(maskedDB, dbMask, maskedDB.length); - var lHashPrime = db.substring(0, md.digestLength); + var lHashPrime = db.substring(0, md2.digestLength); var error3 = y !== "\0"; - for (var i = 0; i < md.digestLength; ++i) { + for (var i = 0; i < md2.digestLength; ++i) { error3 |= lHash.charAt(i) !== lHashPrime.charAt(i); } var in_ps = 1; - var index = md.digestLength; - for (var j = md.digestLength; j < db.length; j++) { + var index = md2.digestLength; + for (var j = md2.digestLength; j < db.length; j++) { var code = db.charCodeAt(j); var is_0 = code & 1 ^ 1; var error_mask = in_ps ? 65534 : 0; @@ -28840,13 +28840,13 @@ var require_rsa = __commonJS({ capture: "digest" }] }; - var emsaPkcs1v15encode = function(md) { + var emsaPkcs1v15encode = function(md2) { var oid; - if (md.algorithm in pki2.oids) { - oid = pki2.oids[md.algorithm]; + if (md2.algorithm in pki2.oids) { + oid = pki2.oids[md2.algorithm]; } else { var error3 = new Error("Unknown message digest algorithm."); - error3.algorithm = md.algorithm; + error3.algorithm = md2.algorithm; throw error3; } var oidBytes = asn1.oidToDer(oid).getBytes(); @@ -28878,7 +28878,7 @@ var require_rsa = __commonJS({ asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, - md.digest().getBytes() + md2.digest().getBytes() ); digestInfo.value.push(digestAlgorithm); digestInfo.value.push(digest); @@ -29390,7 +29390,7 @@ var require_rsa = __commonJS({ } return scheme.decode(d2, key, false); }; - key.sign = function(md, scheme) { + key.sign = function(md2, scheme) { var bt = false; if (typeof scheme === "string") { scheme = scheme.toUpperCase(); @@ -29400,11 +29400,11 @@ var require_rsa = __commonJS({ bt = 1; } else if (scheme === "NONE" || scheme === "NULL" || scheme === null) { scheme = { encode: function() { - return md; + return md2; } }; bt = 1; } - var d2 = scheme.encode(md, key.n.bitLength()); + var d2 = scheme.encode(md2, key.n.bitLength()); return pki2.rsa.encrypt(d2, key, bt); }; return key; @@ -30006,8 +30006,8 @@ var require_pbe = __commonJS({ throw error3; } var prfAlgorithm = "hmacWith" + options.prfAlgorithm.toUpperCase(); - var md = prfAlgorithmToMessageDigest(prfAlgorithm); - var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md); + var md2 = prfAlgorithmToMessageDigest(prfAlgorithm); + var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md2); var iv = forge.random.getBytesSync(ivLen); var cipher = cipherFn(dk); cipher.start(iv); @@ -30291,16 +30291,16 @@ var require_pbe = __commonJS({ } return rval; }; - pki2.pbe.generatePkcs12Key = function(password, salt, id, iter, n, md) { + pki2.pbe.generatePkcs12Key = function(password, salt, id, iter, n, md2) { var j, l; - if (typeof md === "undefined" || md === null) { + if (typeof md2 === "undefined" || md2 === null) { if (!("sha1" in forge.md)) { throw new Error('"sha1" hash algorithm unavailable.'); } - md = forge.md.sha1.create(); + md2 = forge.md.sha1.create(); } - var u = md.digestLength; - var v = md.blockLength; + var u = md2.digestLength; + var v = md2.blockLength; var result = new forge.util.ByteBuffer(); var passBuf = new forge.util.ByteBuffer(); if (password !== null && password !== void 0) { @@ -30331,9 +30331,9 @@ var require_pbe = __commonJS({ buf.putBytes(D.bytes()); buf.putBytes(I.bytes()); for (var round = 0; round < iter; round++) { - md.start(); - md.update(buf.getBytes()); - buf = md.digest(); + md2.start(); + md2.update(buf.getBytes()); + buf = md2.digest(); } var B = new forge.util.ByteBuffer(); for (l = 0; l < v; l++) { @@ -30430,8 +30430,8 @@ var require_pbe = __commonJS({ cipherFn = forge.des.createDecryptionCipher; break; } - var md = prfOidToMessageDigest(capture.prfOid); - var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md); + var md2 = prfOidToMessageDigest(capture.prfOid); + var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md2); var iv = capture.encIv; var cipher = cipherFn(dk); cipher.start(iv); @@ -30469,30 +30469,30 @@ var require_pbe = __commonJS({ error3.oid = oid; throw error3; } - var md = prfOidToMessageDigest(capture.prfOid); - var key = pki2.pbe.generatePkcs12Key(password, salt, 1, count, dkLen, md); - md.start(); - var iv = pki2.pbe.generatePkcs12Key(password, salt, 2, count, dIvLen, md); + var md2 = prfOidToMessageDigest(capture.prfOid); + var key = pki2.pbe.generatePkcs12Key(password, salt, 1, count, dkLen, md2); + md2.start(); + var iv = pki2.pbe.generatePkcs12Key(password, salt, 2, count, dIvLen, md2); return cipherFn(key, iv); }; - pki2.pbe.opensslDeriveBytes = function(password, salt, dkLen, md) { - if (typeof md === "undefined" || md === null) { + pki2.pbe.opensslDeriveBytes = function(password, salt, dkLen, md2) { + if (typeof md2 === "undefined" || md2 === null) { if (!("md5" in forge.md)) { throw new Error('"md5" hash algorithm unavailable.'); } - md = forge.md.md5.create(); + md2 = forge.md.md5.create(); } if (salt === null) { salt = ""; } - var digests = [hash(md, password + salt)]; + var digests = [hash(md2, password + salt)]; for (var length = 16, i = 1; length < dkLen; ++i, length += 16) { - digests.push(hash(md, digests[i - 1] + password + salt)); + digests.push(hash(md2, digests[i - 1] + password + salt)); } return digests.join("").substr(0, dkLen); }; - function hash(md, bytes) { - return md.start().update(bytes).digest().getBytes(); + function hash(md2, bytes) { + return md2.start().update(bytes).digest().getBytes(); } function prfOidToMessageDigest(prfOid) { var prfAlgorithm; @@ -30896,7 +30896,7 @@ var require_mgf1 = __commonJS({ require_util9(); forge.mgf = forge.mgf || {}; var mgf1 = module2.exports = forge.mgf.mgf1 = forge.mgf1 = forge.mgf1 || {}; - mgf1.create = function(md) { + mgf1.create = function(md2) { var mgf = { /** * Generate mask of specified length. @@ -30907,13 +30907,13 @@ var require_mgf1 = __commonJS({ */ generate: function(seed, maskLen) { var t = new forge.util.ByteBuffer(); - var len = Math.ceil(maskLen / md.digestLength); + var len = Math.ceil(maskLen / md2.digestLength); for (var i = 0; i < len; i++) { var c = new forge.util.ByteBuffer(); c.putInt32(i); - md.start(); - md.update(seed + c.getBytes()); - t.putBuffer(md.digest()); + md2.start(); + md2.update(seed + c.getBytes()); + t.putBuffer(md2.digest()); } t.truncate(t.length() - maskLen); return t.getBytes(); @@ -30969,11 +30969,11 @@ var require_pss = __commonJS({ } var prng = options.prng || forge.random; var pssobj = {}; - pssobj.encode = function(md, modBits) { + pssobj.encode = function(md2, modBits) { var i; var emBits = modBits - 1; var emLen = Math.ceil(emBits / 8); - var mHash = md.digest().getBytes(); + var mHash = md2.digest().getBytes(); if (emLen < hLen + sLen + 2) { throw new Error("Message is too long to encrypt."); } @@ -31439,7 +31439,7 @@ var require_x509 = __commonJS({ } ] }; - pki2.RDNAttributesAsArray = function(rdn, md) { + pki2.RDNAttributesAsArray = function(rdn, md2) { var rval = []; var set2, attr, obj; for (var si = 0; si < rdn.value.length; ++si) { @@ -31456,9 +31456,9 @@ var require_x509 = __commonJS({ obj.shortName = _shortNames[obj.name]; } } - if (md) { - md.update(obj.type); - md.update(obj.value); + if (md2) { + md2.update(obj.type); + md2.update(obj.value); } rval.push(obj); } @@ -31674,7 +31674,7 @@ var require_x509 = __commonJS({ }; pki2.getPublicKeyFingerprint = function(key, options) { options = options || {}; - var md = options.md || forge.md.sha1.create(); + var md2 = options.md || forge.md.sha1.create(); var type2 = options.type || "RSAPublicKey"; var bytes; switch (type2) { @@ -31687,9 +31687,9 @@ var require_x509 = __commonJS({ default: throw new Error('Unknown fingerprint type "' + options.type + '".'); } - md.start(); - md.update(bytes); - var digest = md.digest(); + md2.start(); + md2.update(bytes); + var digest = md2.digest(); if (options.encoding === "hex") { var hex = digest.toHex(); if (options.delimiter) { @@ -31797,8 +31797,8 @@ var require_x509 = __commonJS({ } return rval; }; - cert.sign = function(key, md) { - cert.md = md || forge.md.sha1.create(); + cert.sign = function(key, md2) { + cert.md = md2 || forge.md.sha1.create(); var algorithmOid = oids[cert.md.algorithm + "WithRSAEncryption"]; if (!algorithmOid) { var error3 = new Error("Could not compute certificate digest. Unknown message digest algorithm OID."); @@ -31823,20 +31823,20 @@ var require_x509 = __commonJS({ error3.actualIssuer = issuer.attributes; throw error3; } - var md = child.md; - if (md === null) { - md = _createSignatureDigest({ + var md2 = child.md; + if (md2 === null) { + md2 = _createSignatureDigest({ signatureOid: child.signatureOid, type: "certificate" }); var tbsCertificate = child.tbsCertificate || pki2.getTBSCertificate(child); var bytes = asn1.toDer(tbsCertificate); - md.update(bytes.getBytes()); + md2.update(bytes.getBytes()); } - if (md !== null) { + if (md2 !== null) { rval = _verifySignature({ certificate: cert, - md, + md: md2, signature: child.signature }); } @@ -32195,8 +32195,8 @@ var require_x509 = __commonJS({ _fillMissingFields(attrs); csr.attributes = attrs; }; - csr.sign = function(key, md) { - csr.md = md || forge.md.sha1.create(); + csr.sign = function(key, md2) { + csr.md = md2 || forge.md.sha1.create(); var algorithmOid = oids[csr.md.algorithm + "WithRSAEncryption"]; if (!algorithmOid) { var error3 = new Error("Could not compute certification request digest. Unknown message digest algorithm OID."); @@ -32211,20 +32211,20 @@ var require_x509 = __commonJS({ }; csr.verify = function() { var rval = false; - var md = csr.md; - if (md === null) { - md = _createSignatureDigest({ + var md2 = csr.md; + if (md2 === null) { + md2 = _createSignatureDigest({ signatureOid: csr.signatureOid, type: "certification request" }); var cri = csr.certificationRequestInfo || pki2.getCertificationRequestInfo(csr); var bytes = asn1.toDer(cri); - md.update(bytes.getBytes()); + md2.update(bytes.getBytes()); } - if (md !== null) { + if (md2 !== null) { rval = _verifySignature({ certificate: csr, - md, + md: md2, signature: csr.signature }); } @@ -33009,9 +33009,9 @@ var require_x509 = __commonJS({ } function ensureSubjectHasHash(subject) { if (!subject.hash) { - var md = forge.md.sha1.create(); - subject.attributes = pki2.RDNAttributesAsArray(_dnToAsn1(subject), md); - subject.hash = md.digest().toHex(); + var md2 = forge.md.sha1.create(); + subject.attributes = pki2.RDNAttributesAsArray(_dnToAsn1(subject), md2); + subject.hash = md2.digest().toHex(); } } if (certs) { @@ -33488,32 +33488,32 @@ var require_pkcs12 = __commonJS({ } data = _decodePkcs7Data(data); if (capture.mac) { - var md = null; + var md2 = null; var macKeyBytes = 0; var macAlgorithm = asn1.derToOid(capture.macAlgorithm); switch (macAlgorithm) { case pki2.oids.sha1: - md = forge.md.sha1.create(); + md2 = forge.md.sha1.create(); macKeyBytes = 20; break; case pki2.oids.sha256: - md = forge.md.sha256.create(); + md2 = forge.md.sha256.create(); macKeyBytes = 32; break; case pki2.oids.sha384: - md = forge.md.sha384.create(); + md2 = forge.md.sha384.create(); macKeyBytes = 48; break; case pki2.oids.sha512: - md = forge.md.sha512.create(); + md2 = forge.md.sha512.create(); macKeyBytes = 64; break; case pki2.oids.md5: - md = forge.md.md5.create(); + md2 = forge.md.md5.create(); macKeyBytes = 16; break; } - if (md === null) { + if (md2 === null) { throw new Error("PKCS#12 uses unsupported MAC algorithm: " + macAlgorithm); } var macSalt = new forge.util.ByteBuffer(capture.macSalt); @@ -33524,10 +33524,10 @@ var require_pkcs12 = __commonJS({ 3, macIterations, macKeyBytes, - md + md2 ); var mac = forge.hmac.create(); - mac.start(md, macKey); + mac.start(md2, macKey); mac.update(data.value); var macValue = mac.getMac(); if (macValue.getBytes() !== capture.macDigest) { @@ -36324,7 +36324,7 @@ var require_sha512 = __commonJS({ digestLength = 28; break; } - var md = { + var md2 = { // SHA-512 => sha512 algorithm: algorithm.replace("-", "").toLowerCase(), blockLength: 128, @@ -36336,32 +36336,32 @@ var require_sha512 = __commonJS({ // size of message length in bytes messageLengthSize: 16 }; - md.start = function() { - md.messageLength = 0; - md.fullMessageLength = md.messageLength128 = []; - var int32s = md.messageLengthSize / 4; + md2.start = function() { + md2.messageLength = 0; + md2.fullMessageLength = md2.messageLength128 = []; + var int32s = md2.messageLengthSize / 4; for (var i = 0; i < int32s; ++i) { - md.fullMessageLength.push(0); + md2.fullMessageLength.push(0); } _input = forge.util.createBuffer(); _h = new Array(_state.length); for (var i = 0; i < _state.length; ++i) { _h[i] = _state[i].slice(0); } - return md; + return md2; }; - md.start(); - md.update = function(msg, encoding) { + md2.start(); + md2.update = function(msg, encoding) { if (encoding === "utf8") { msg = forge.util.encodeUtf8(msg); } var len = msg.length; - md.messageLength += len; + md2.messageLength += len; len = [len / 4294967296 >>> 0, len >>> 0]; - for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { - md.fullMessageLength[i] += len[1]; - len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); - md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; + for (var i = md2.fullMessageLength.length - 1; i >= 0; --i) { + md2.fullMessageLength[i] += len[1]; + len[1] = len[0] + (md2.fullMessageLength[i] / 4294967296 >>> 0); + md2.fullMessageLength[i] = md2.fullMessageLength[i] >>> 0; len[0] = len[1] / 4294967296 >>> 0; } _input.putBytes(msg); @@ -36369,18 +36369,18 @@ var require_sha512 = __commonJS({ if (_input.read > 2048 || _input.length() === 0) { _input.compact(); } - return md; + return md2; }; - md.digest = function() { + md2.digest = function() { var finalBlock = forge.util.createBuffer(); finalBlock.putBytes(_input.bytes()); - var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; - var overflow = remaining & md.blockLength - 1; - finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); + var remaining = md2.fullMessageLength[md2.fullMessageLength.length - 1] + md2.messageLengthSize; + var overflow = remaining & md2.blockLength - 1; + finalBlock.putBytes(_padding.substr(0, md2.blockLength - overflow)); var next, carry; - var bits = md.fullMessageLength[0] * 8; - for (var i = 0; i < md.fullMessageLength.length - 1; ++i) { - next = md.fullMessageLength[i + 1] * 8; + var bits = md2.fullMessageLength[0] * 8; + for (var i = 0; i < md2.fullMessageLength.length - 1; ++i) { + next = md2.fullMessageLength[i + 1] * 8; carry = next / 4294967296 >>> 0; bits += carry; finalBlock.putInt32(bits >>> 0); @@ -36409,7 +36409,7 @@ var require_sha512 = __commonJS({ } return rval; }; - return md; + return md2; }; var _padding = null; var _initialized = false; @@ -37104,10 +37104,10 @@ var require_ed25519 = __commonJS({ 11139 ]); function sha512(msg, msgLen) { - var md = forge.md.sha512.create(); + var md2 = forge.md.sha512.create(); var buffer = new ByteBuffer(msg); - md.update(buffer.getBytes(msgLen), "binary"); - var hash = md.digest().getBytes(); + md2.update(buffer.getBytes(msgLen), "binary"); + var hash = md2.digest().getBytes(); if (typeof Buffer !== "undefined") { return Buffer.from(hash, "binary"); } @@ -37906,22 +37906,22 @@ var require_kem = __commonJS({ }; return kem; }; - forge.kem.kdf1 = function(md, digestLength) { - _createKDF(this, md, 0, digestLength || md.digestLength); + forge.kem.kdf1 = function(md2, digestLength) { + _createKDF(this, md2, 0, digestLength || md2.digestLength); }; - forge.kem.kdf2 = function(md, digestLength) { - _createKDF(this, md, 1, digestLength || md.digestLength); + forge.kem.kdf2 = function(md2, digestLength) { + _createKDF(this, md2, 1, digestLength || md2.digestLength); }; - function _createKDF(kdf, md, counterStart, digestLength) { + function _createKDF(kdf, md2, counterStart, digestLength) { kdf.generate = function(x, length) { var key = new forge.util.ByteBuffer(); var k = Math.ceil(length / digestLength) + counterStart; var c = new forge.util.ByteBuffer(); for (var i = counterStart; i < k; ++i) { c.putInt32(i); - md.start(); - md.update(x + c.getBytes()); - var hash = md.digest(); + md2.start(); + md2.update(x + c.getBytes()); + var hash = md2.digest(); key.putBytes(hash.getBytes(digestLength)); } key.truncate(key.length() - length); @@ -39196,15 +39196,15 @@ var require_ssh = __commonJS({ }; ssh.getPublicKeyFingerprint = function(key, options) { options = options || {}; - var md = options.md || forge.md.md5.create(); + var md2 = options.md || forge.md.md5.create(); var type2 = "ssh-rsa"; var buffer = forge.util.createBuffer(); _addStringToBuffer(buffer, type2); _addBigIntegerToBuffer(buffer, key.e); _addBigIntegerToBuffer(buffer, key.n); - md.start(); - md.update(buffer.getBytes()); - var digest = md.digest(); + md2.start(); + md2.update(buffer.getBytes()); + var digest = md2.digest(); if (options.encoding === "hex") { var hex = digest.toHex(); if (options.delimiter) { @@ -121844,7 +121844,7 @@ function generateCertificateAuthority() { { name: "basicConstraints", cA: true }, { name: "keyUsage", keyCertSign: true, cRLSign: true } ]); - cert.sign(keys.privateKey); + cert.sign(keys.privateKey, import_node_forge.md.sha256.create()); const pem = import_node_forge.pki.certificateToPem(cert); const key = import_node_forge.pki.privateKeyToPem(keys.privateKey); return { cert: pem, key }; diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index def4acf5a..eff0c22da 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -2,7 +2,7 @@ import { ChildProcess, spawn } from "child_process"; import * as path from "path"; import * as core from "@actions/core"; -import { pki } from "node-forge"; +import { md, pki } from "node-forge"; import * as actionsUtil from "./actions-util"; import { getGitHubVersion } from "./api-client"; @@ -90,7 +90,7 @@ function generateCertificateAuthority(): CertificateAuthority { { name: "basicConstraints", cA: true }, { name: "keyUsage", keyCertSign: true, cRLSign: true }, ]); - cert.sign(keys.privateKey); + cert.sign(keys.privateKey, md.sha256.create()); const pem = pki.certificateToPem(cert); const key = pki.privateKeyToPem(keys.privateKey);