commit 8da3dfa18da10985acd9ac0dcbe84fe2f7ea5bae Author: Jonathan Barrow Date: Sat Jan 27 18:15:08 2024 -0500 Initial testing diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a159b15 --- /dev/null +++ b/.gitignore @@ -0,0 +1,133 @@ +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +lerna-debug.log* +.pnpm-debug.log* + +# Diagnostic reports (https://nodejs.org/api/report.html) +report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage +*.lcov + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Bower dependency directory (https://bower.io/) +bower_components + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules/ +jspm_packages/ + +# Snowpack dependency directory (https://snowpack.dev/) +web_modules/ + +# TypeScript cache +*.tsbuildinfo + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Optional stylelint cache +.stylelintcache + +# Microbundle cache +.rpt2_cache/ +.rts2_cache_cjs/ +.rts2_cache_es/ +.rts2_cache_umd/ + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + +# dotenv environment variable files +.env +.env.development.local +.env.test.local +.env.production.local +.env.local + +# parcel-bundler cache (https://parceljs.org/) +.cache +.parcel-cache + +# Next.js build output +.next +out + +# Nuxt.js build / generate output +.nuxt +dist + +# Gatsby files +.cache/ +# Comment in the public line in if your project uses Gatsby and not Next.js +# https://nextjs.org/blog/next-9-1#public-directory-support +# public + +# vuepress build output +.vuepress/dist + +# vuepress v2.x temp and cache directory +.temp +.cache + +# Docusaurus cache and generated files +.docusaurus + +# Serverless directories +.serverless/ + +# FuseBox cache +.fusebox/ + +# DynamoDB Local files +.dynamodb/ + +# TernJS port file +.tern-port + +# Stores VSCode versions used for testing VSCode extensions +.vscode-test + +# yarn v2 +.yarn/cache +.yarn/unplugged +.yarn/build-state.yml +.yarn/install-state.gz +.pnp.* + +# custom +*.pem \ No newline at end of file diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..d6fa3d8 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,24 @@ +{ + "name": "sssl", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "sssl", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "node-forge": "^1.3.1" + } + }, + "node_modules/node-forge": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", + "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==", + "engines": { + "node": ">= 6.13.0" + } + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 0000000..a48a168 --- /dev/null +++ b/package.json @@ -0,0 +1,15 @@ +{ + "name": "sssl", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "ISC", + "dependencies": { + "node-forge": "^1.3.1" + } +} diff --git a/patch.js b/patch.js new file mode 100644 index 0000000..5553f4a --- /dev/null +++ b/patch.js @@ -0,0 +1,44 @@ +const fs = require('node:fs'); +const { pki, md } = require('node-forge'); + +// * Parse Nintendo CA - G3 +const nintendoCAG3PEM = fs.readFileSync('./CACERT_NINTENDO_CA_G3.pem') +const nintendoCAG3 = pki.certificateFromPem(nintendoCAG3PEM); + +// * Generate a new key pair for the patched CA for condition 1 +const newKeyPair = pki.rsa.generateKeyPair(2048); +const newCaPrivateKey = newKeyPair.privateKey; +const newCaPubliceKey = newKeyPair.publicKey; + +// * Create a new CA based off Nintendo CA - G3. Just copy the values +const newCaCertificate = pki.createCertificate(); + +newCaCertificate.publicKey = newCaPubliceKey; // * Use the new public key, otherwise Charles complains +newCaCertificate.serialNumber = nintendoCAG3.serialNumber; +newCaCertificate.validity.notBefore = nintendoCAG3.validity.notBefore; +newCaCertificate.validity.notAfter = nintendoCAG3.validity.notAfter; +newCaCertificate.setIssuer(nintendoCAG3.subject.attributes); +newCaCertificate.setSubject(nintendoCAG3.subject.attributes); +newCaCertificate.setExtensions([ + ...nintendoCAG3.extensions.filter(({ name }) => name !== 'authorityKeyIdentifier'), // * Remove old one + { + // * Set a new authority key identifier extension for condition 2 + // * node-forge has no docs for this extension. Taken from + // * https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/tests/unit/x509.js#L324-L329 + // * https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/x509.js#L2204-L2233 + name: 'authorityKeyIdentifier', + keyIdentifier: nintendoCAG3.generateSubjectKeyIdentifier().getBytes(), + authorityCertIssuer: nintendoCAG3.issuer, + serialNumber: nintendoCAG3.serialNumber + } +]); + +// * Self-sign the CA patched with the new private key +newCaCertificate.sign(newCaPrivateKey, md.sha256.create()); // * sha256WithRSAEncryption + +// * Save the new private key and patched CA +const newCaPrivateKeyPem = pki.privateKeyToPem(newCaPrivateKey); +const newCaCertificatePem = pki.certificateToPem(newCaCertificate); + +fs.writeFileSync('./private-key.pem', newCaPrivateKeyPem, 'utf8'); +fs.writeFileSync('./patched-ca.pem', newCaCertificatePem, 'utf8'); \ No newline at end of file