Initial testing

2024-05-21 06:07:52 -04:00 · 2024-01-27 18:15:08 -05:00 · 2024-01-27 18:15:08 -05:00 · 8da3dfa18d
commit 8da3dfa18d
4 changed files with 216 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,133 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+.cache
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+# custom
+*.pem
--- a/package-lock.json
+++ b/package-lock.json
@ -0,0 +1,24 @@
+{
+  "name": "sssl",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "sssl",
+      "version": "1.0.0",
+      "license": "ISC",
+      "dependencies": {
+        "node-forge": "^1.3.1"
+      }
+    },
+    "node_modules/node-forge": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz",
+      "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==",
+      "engines": {
+        "node": ">= 6.13.0"
+      }
+    }
+  }
+}
--- a/package.json
+++ b/package.json
@ -0,0 +1,15 @@
+{
+  "name": "sssl",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "node-forge": "^1.3.1"
+  }
+}
--- a/patch.js
+++ b/patch.js
@ -0,0 +1,44 @@
+const fs = require('node:fs');
+const { pki, md } = require('node-forge');
+
+// * Parse Nintendo CA - G3
+const nintendoCAG3PEM = fs.readFileSync('./CACERT_NINTENDO_CA_G3.pem')
+const nintendoCAG3 = pki.certificateFromPem(nintendoCAG3PEM);
+
+// * Generate a new key pair for the patched CA for condition 1
+const newKeyPair = pki.rsa.generateKeyPair(2048);
+const newCaPrivateKey = newKeyPair.privateKey;
+const newCaPubliceKey = newKeyPair.publicKey;
+
+// * Create a new CA based off Nintendo CA - G3. Just copy the values
+const newCaCertificate = pki.createCertificate();
+
+newCaCertificate.publicKey = newCaPubliceKey; // * Use the new public key, otherwise Charles complains
+newCaCertificate.serialNumber = nintendoCAG3.serialNumber;
+newCaCertificate.validity.notBefore = nintendoCAG3.validity.notBefore;
+newCaCertificate.validity.notAfter = nintendoCAG3.validity.notAfter;
+newCaCertificate.setIssuer(nintendoCAG3.subject.attributes);
+newCaCertificate.setSubject(nintendoCAG3.subject.attributes);
+newCaCertificate.setExtensions([
+	...nintendoCAG3.extensions.filter(({ name }) => name !== 'authorityKeyIdentifier'), // * Remove old one
+	{
+		// * Set a new authority key identifier extension for condition 2
+		// * node-forge has no docs for this extension. Taken from
+		// * https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/tests/unit/x509.js#L324-L329
+		// * https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/x509.js#L2204-L2233
+		name: 'authorityKeyIdentifier',
+		keyIdentifier: nintendoCAG3.generateSubjectKeyIdentifier().getBytes(),
+		authorityCertIssuer: nintendoCAG3.issuer,
+		serialNumber: nintendoCAG3.serialNumber
+	}
+]);
+
+// * Self-sign the CA patched with the new private key
+newCaCertificate.sign(newCaPrivateKey, md.sha256.create()); // * sha256WithRSAEncryption
+
+// * Save the new private key and patched CA
+const newCaPrivateKeyPem = pki.privateKeyToPem(newCaPrivateKey);
+const newCaCertificatePem = pki.certificateToPem(newCaCertificate);
+
+fs.writeFileSync('./private-key.pem', newCaPrivateKeyPem, 'utf8');
+fs.writeFileSync('./patched-ca.pem', newCaCertificatePem, 'utf8');