@sphereon/ssi-sdk-ext.x509-utils 0.26.1-next.25 → 0.26.1-next.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -54,7 +54,7 @@ export declare const validateX509CertificateChain: ({ chain: pemOrDerChain, trus
|
|
|
54
54
|
export declare const getX509AlgorithmProvider: () => AlgorithmProvider;
|
|
55
55
|
export type ParsedCertificate = {
|
|
56
56
|
publicKeyInfo: SubjectPublicKeyInfo;
|
|
57
|
-
publicKeyJwk
|
|
57
|
+
publicKeyJwk?: JWK;
|
|
58
58
|
publicKeyRaw: Uint8Array;
|
|
59
59
|
publicKeyAlgorithm: Algorithm;
|
|
60
60
|
certificateInfo: CertificateInfo;
|
|
@@ -62,19 +62,6 @@ export type ParsedCertificate = {
|
|
|
62
62
|
x509Certificate: X509Certificate;
|
|
63
63
|
};
|
|
64
64
|
export declare const parseCertificate: (rawCert: string | Uint8Array) => Promise<ParsedCertificate>;
|
|
65
|
-
/**
|
|
66
|
-
*
|
|
67
|
-
* @param pemOrDerChain The order must be that the Certs signing another cert must come one after another. So first the signing cert, then any cert signing that cert and so on
|
|
68
|
-
* @param trustedPEMs
|
|
69
|
-
* @param verificationTime
|
|
70
|
-
* @param opts
|
|
71
|
-
*/
|
|
72
|
-
export declare const validateX509CertificateChainOrg: ({ chain: pemOrDerChain, trustAnchors, verificationTime, opts, }: {
|
|
73
|
-
chain: (Uint8Array | string)[];
|
|
74
|
-
trustAnchors?: string[];
|
|
75
|
-
verificationTime?: Date;
|
|
76
|
-
opts?: X509CertificateChainValidationOpts;
|
|
77
|
-
}) => Promise<X509ValidationResult>;
|
|
78
65
|
export declare const getIssuerDN: (cert: Certificate) => DNInfo;
|
|
79
66
|
export declare const getSubjectDN: (cert: Certificate) => DNInfo;
|
|
80
67
|
export declare const getCertificateSubjectPublicKeyJWK: (pemOrDerCert: string | Uint8Array | Certificate) => Promise<JWK>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"x509-validator.d.ts","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAEnE,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAA;AAEzC,OAAO,
|
|
1
|
+
{"version":3,"file":"x509-validator.d.ts","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAEnE,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAA;AAEzC,OAAO,EAAkC,WAAW,EAAyD,MAAM,OAAO,CAAA;AAM1H,MAAM,MAAM,MAAM,GAAG;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACnC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,WAAW,CAAC,EAAE,GAAG,CAAA;IACjB,SAAS,EAAE,IAAI,CAAA;IACf,QAAQ,EAAE,IAAI,CAAA;IACd,YAAY,CAAC,EAAE,GAAG,CAAA;IAClB,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAA;KACX,CAAA;IACD,OAAO,EAAE;QACP,EAAE,EAAE,MAAM,CAAA;QACV,uBAAuB,EAAE,sBAAsB,EAAE,CAAA;KAClD,CAAA;CACF,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,gBAAgB,EAAE,IAAI,CAAA;IACtB,gBAAgB,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;IACzC,WAAW,CAAC,EAAE,eAAe,CAAA;IAC7B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAQD,eAAO,MAAM,kBAAkB,gBAChB,WAAW,SACjB;IACL,aAAa,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAA;CAC/E,KACA,OAAO,CAAC,eAAe,CAgBzB,CAAA;AAED,MAAM,MAAM,kCAAkC,GAAG;IAE/C,sBAAsB,CAAC,EAAE,OAAO,CAAA;IAEhC,2BAA2B,CAAC,EAAE,OAAO,CAAA;IAGrC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAA;IAEhC,qBAAqB,CAAC,EAAE,OAAO,CAAA;IAE/B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAED,eAAO,MAAM,4BAA4B,oEAUtC;IACD,KAAK,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,CAAA;IAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IACvB,gBAAgB,CAAC,EAAE,IAAI,CAAA;IACvB,IAAI,CAAC,EAAE,kCAAkC,CAAA;CAC1C,KAAG,OAAO,CAAC,oBAAoB,CAS/B,CAAA;AA0KD,eAAO,MAAM,wBAAwB,QAAO,iBAE3C,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,aAAa,EAAE,oBAAoB,CAAA;IACnC,YAAY,CAAC,EAAE,GAAG,CAAA;IAClB,YAAY,EAAE,UAAU,CAAA;IACxB,kBAAkB,EAAE,SAAS,CAAA;IAC7B,eAAe,EAAE,eAAe,CAAA;IAChC,WAAW,EAAE,WAAW,CAAA;IACxB,eAAe,EAAE,eAAe,CAAA;CACjC,CAAA;AAED,eAAO,MAAM,gBAAgB,YAAmB,MAAM,GAAG,UAAU,KAAG,OAAO,CAAC,iBAAiB,CAsB9F,CAAA;AAwJD,eAAO,MAAM,WAAW,SAAU,WAAW,KAAG,MAK/C,CAAA;AAED,eAAO,MAAM,YAAY,SAAU,WAAW,KAAG,MAKhD,CAAA;AAgBD,eAAO,MAAM,iCAAiC,iBAAwB,MAAM,GAAG,UAAU,GAAG,WAAW,KAAG,OAAO,CAAC,GAAG,CA4BpH,CAAA;AAED;;;;;;;;;;GAUG;AACH,oBAAY,6BAA6B;IACvC,UAAU,IAAI,CAAE,QAAQ;IACxB,OAAO,IAAI;IACX,yBAAyB,IAAI;IAC7B,SAAS,IAAI;CACd;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,6BAA6B,CAAA;CACpC;AAED,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,cAAc,CAAA;AAE5D,eAAO,MAAM,sCAAsC,gBAAiB,WAAW,YAAY,MAAM,kBAAkB,cAAc,KAAG,IAUnI,CAAA;AAED,eAAO,MAAM,6CAA6C,gBAC3C,WAAW,YACd,MAAM,kBACA,cAAc,KAC7B,OAAO,CAAC,oBAAoB,CAoB9B,CAAA;AAED,eAAO,MAAM,0BAA0B,gBACxB,WAAW,SACjB;IACL,UAAU,CAAC,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAA;IAE5E,oBAAoB,CAAC,EAAE,cAAc,CAAA;CACtC,KACA,sBAAsB,EAsBxB,CAAA"}
|
|
@@ -35,7 +35,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
35
35
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
36
36
|
};
|
|
37
37
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
38
|
-
exports.getSubjectAlternativeNames = exports.validateCertificateChainMatchesClientIdScheme = exports.assertCertificateMatchesClientIdScheme = exports.SubjectAlternativeGeneralName = exports.getCertificateSubjectPublicKeyJWK = exports.getSubjectDN = exports.getIssuerDN = exports.
|
|
38
|
+
exports.getSubjectAlternativeNames = exports.validateCertificateChainMatchesClientIdScheme = exports.assertCertificateMatchesClientIdScheme = exports.SubjectAlternativeGeneralName = exports.getCertificateSubjectPublicKeyJWK = exports.getSubjectDN = exports.getIssuerDN = exports.parseCertificate = exports.getX509AlgorithmProvider = exports.validateX509CertificateChain = exports.getCertificateInfo = void 0;
|
|
39
39
|
const asn1_schema_1 = require("@peculiar/asn1-schema");
|
|
40
40
|
const asn1_x509_1 = require("@peculiar/asn1-x509");
|
|
41
41
|
const x509_1 = require("@peculiar/x509");
|
|
@@ -43,14 +43,15 @@ const js_x509_utils_1 = __importDefault(require("js-x509-utils"));
|
|
|
43
43
|
const pkijs_1 = require("pkijs");
|
|
44
44
|
const tsyringe_1 = require("tsyringe");
|
|
45
45
|
const u8a = __importStar(require("uint8arrays"));
|
|
46
|
+
const crypto_1 = require("./crypto");
|
|
46
47
|
const x509_utils_1 = require("./x509-utils");
|
|
47
48
|
const defaultCryptoEngine = () => {
|
|
48
49
|
const name = 'crypto';
|
|
49
|
-
(0, pkijs_1.setEngine)(name, new pkijs_1.CryptoEngine({ name, crypto:
|
|
50
|
+
(0, pkijs_1.setEngine)(name, new pkijs_1.CryptoEngine({ name, crypto: (0, crypto_1.globalCrypto)(false) }));
|
|
50
51
|
return (0, pkijs_1.getCrypto)(true);
|
|
51
52
|
};
|
|
52
53
|
const getCertificateInfo = (certificate, opts) => __awaiter(void 0, void 0, void 0, function* () {
|
|
53
|
-
|
|
54
|
+
let publicKeyJWK;
|
|
54
55
|
try {
|
|
55
56
|
publicKeyJWK = (yield (0, exports.getCertificateSubjectPublicKeyJWK)(certificate));
|
|
56
57
|
}
|
|
@@ -133,7 +134,7 @@ const validateX509CertificateChainImpl = (_a) => __awaiter(void 0, [_a], void 0,
|
|
|
133
134
|
trustAnchors,
|
|
134
135
|
});
|
|
135
136
|
}
|
|
136
|
-
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, detailMessage: `The certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer}, is not signed by the previous certificate ${previousCert === null || previousCert === void 0 ? void 0 : previousCert.certificateInfo.subject.dn.DN} with subject string ${previousCert === null || previousCert === void 0 ? void 0 : previousCert.x509Certificate.subject}.`, verificationTime }, (client && { client }));
|
|
137
|
+
return Object.assign({ error: true, critical: true, certificateChain: chain.map((cert) => cert.certificateInfo), message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, detailMessage: `The certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer}, is not signed by the previous certificate ${previousCert === null || previousCert === void 0 ? void 0 : previousCert.certificateInfo.subject.dn.DN} with subject string ${previousCert === null || previousCert === void 0 ? void 0 : previousCert.x509Certificate.subject}.`, verificationTime }, (client && { client }));
|
|
137
138
|
}
|
|
138
139
|
}
|
|
139
140
|
const result = yield currentCert.x509Certificate.verify({
|
|
@@ -150,17 +151,17 @@ const validateX509CertificateChainImpl = (_a) => __awaiter(void 0, [_a], void 0,
|
|
|
150
151
|
trustAnchors,
|
|
151
152
|
});
|
|
152
153
|
}
|
|
153
|
-
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, detailMessage: `Verification of the certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer} failed. Public key: ${JSON.stringify(currentCert.certificateInfo.publicKeyJWK)}.`, verificationTime }, (client && { client }));
|
|
154
|
+
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain: chain.map((cert) => cert.certificateInfo), detailMessage: `Verification of the certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer} failed. Public key: ${JSON.stringify(currentCert.certificateInfo.publicKeyJWK)}.`, verificationTime }, (client && { client }));
|
|
154
155
|
}
|
|
155
156
|
foundTrustAnchor = foundTrustAnchor !== null && foundTrustAnchor !== void 0 ? foundTrustAnchor : trustedCerts === null || trustedCerts === void 0 ? void 0 : trustedCerts.find((trusted) => isSameCertificate(trusted.x509Certificate, currentCert.x509Certificate));
|
|
156
157
|
if (i === 0 && chainLength === 1 && allowSingleNoCAChainElement) {
|
|
157
|
-
return Object.assign({ error: false, critical: false, message: `Certificate chain succeeded as allow single cert result is allowed: ${leafCert.certificateInfo.subject.dn.DN}.`, trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
|
|
158
|
+
return Object.assign({ error: false, critical: false, message: `Certificate chain succeeded as allow single cert result is allowed: ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain: chain.map((cert) => cert.certificateInfo), trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
|
|
158
159
|
}
|
|
159
160
|
}
|
|
160
161
|
if (foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo) {
|
|
161
|
-
return Object.assign({ error: false, critical: false, message: `Certificate chain was valid`, detailMessage: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo.subject.dn.DN}.`, trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
|
|
162
|
+
return Object.assign({ error: false, critical: false, message: `Certificate chain was valid`, certificateChain: chain.map((cert) => cert.certificateInfo), detailMessage: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo.subject.dn.DN}.`, trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
|
|
162
163
|
}
|
|
163
|
-
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, detailMessage: `No trust anchor was found in the chain. between ${chain[0].certificateInfo.subject.dn.DN} and ${chain[chain.length - 1].certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));
|
|
164
|
+
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain: chain.map((cert) => cert.certificateInfo), detailMessage: `No trust anchor was found in the chain. between ${chain[0].certificateInfo.subject.dn.DN} and ${chain[chain.length - 1].certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));
|
|
164
165
|
});
|
|
165
166
|
const isSameCertificate = (cert1, cert2) => {
|
|
166
167
|
return cert1.rawData.toString() === cert2.rawData.toString();
|
|
@@ -174,7 +175,13 @@ const parseCertificate = (rawCert) => __awaiter(void 0, void 0, void 0, function
|
|
|
174
175
|
const x509Certificate = new x509_1.X509Certificate(rawCert);
|
|
175
176
|
const publicKeyInfo = asn1_schema_1.AsnParser.parse(x509Certificate.publicKey.rawData, asn1_x509_1.SubjectPublicKeyInfo);
|
|
176
177
|
const publicKeyRaw = new Uint8Array(publicKeyInfo.subjectPublicKey);
|
|
177
|
-
|
|
178
|
+
let publicKeyJwk = undefined;
|
|
179
|
+
try {
|
|
180
|
+
publicKeyJwk = (yield (0, exports.getCertificateSubjectPublicKeyJWK)(new Uint8Array(x509Certificate.rawData)));
|
|
181
|
+
}
|
|
182
|
+
catch (e) {
|
|
183
|
+
console.error(e.message);
|
|
184
|
+
}
|
|
178
185
|
const certificate = (0, x509_utils_1.pemOrDerToX509Certificate)(rawCert);
|
|
179
186
|
const certificateInfo = yield (0, exports.getCertificateInfo)(certificate);
|
|
180
187
|
const publicKeyAlgorithm = (0, exports.getX509AlgorithmProvider)().toWebAlgorithm(publicKeyInfo.algorithm);
|
|
@@ -189,81 +196,142 @@ const parseCertificate = (rawCert) => __awaiter(void 0, void 0, void 0, function
|
|
|
189
196
|
};
|
|
190
197
|
});
|
|
191
198
|
exports.parseCertificate = parseCertificate;
|
|
192
|
-
|
|
199
|
+
/*
|
|
200
|
+
|
|
201
|
+
/!**
|
|
193
202
|
*
|
|
194
203
|
* @param pemOrDerChain The order must be that the Certs signing another cert must come one after another. So first the signing cert, then any cert signing that cert and so on
|
|
195
204
|
* @param trustedPEMs
|
|
196
205
|
* @param verificationTime
|
|
197
206
|
* @param opts
|
|
198
|
-
|
|
199
|
-
const validateX509CertificateChainOrg =
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
+
*!/
|
|
208
|
+
export const validateX509CertificateChainOrg = async ({
|
|
209
|
+
chain: pemOrDerChain,
|
|
210
|
+
trustAnchors,
|
|
211
|
+
verificationTime = new Date(),
|
|
212
|
+
opts = {
|
|
213
|
+
trustRootWhenNoAnchors: false,
|
|
214
|
+
allowSingleNoCAChainElement: true,
|
|
215
|
+
blindlyTrustedAnchors: [],
|
|
216
|
+
},
|
|
217
|
+
}: {
|
|
218
|
+
chain: (Uint8Array | string)[]
|
|
219
|
+
trustAnchors?: string[]
|
|
220
|
+
verificationTime?: Date
|
|
221
|
+
opts?: X509CertificateChainValidationOpts
|
|
222
|
+
}): Promise<X509ValidationResult> => {
|
|
223
|
+
const {
|
|
224
|
+
trustRootWhenNoAnchors = false,
|
|
225
|
+
allowSingleNoCAChainElement = true,
|
|
226
|
+
blindlyTrustedAnchors = [],
|
|
227
|
+
client
|
|
228
|
+
} = opts
|
|
229
|
+
const trustedPEMs = trustRootWhenNoAnchors && !trustAnchors ? [pemOrDerChain[pemOrDerChain.length - 1]] : trustAnchors
|
|
230
|
+
|
|
207
231
|
if (pemOrDerChain.length === 0) {
|
|
208
232
|
return {
|
|
209
233
|
error: true,
|
|
210
234
|
critical: true,
|
|
211
235
|
message: 'Certificate chain in DER or PEM format must not be empty',
|
|
212
236
|
verificationTime,
|
|
213
|
-
}
|
|
237
|
+
}
|
|
214
238
|
}
|
|
239
|
+
|
|
215
240
|
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around
|
|
216
|
-
const certs = pemOrDerChain.map(
|
|
217
|
-
const trustedCerts = trustedPEMs ? trustedPEMs.map(
|
|
218
|
-
defaultCryptoEngine()
|
|
241
|
+
const certs = pemOrDerChain.map(pemOrDerToX509Certificate).reverse()
|
|
242
|
+
const trustedCerts = trustedPEMs ? trustedPEMs.map(pemOrDerToX509Certificate) : undefined
|
|
243
|
+
defaultCryptoEngine()
|
|
244
|
+
|
|
219
245
|
if (pemOrDerChain.length === 1) {
|
|
220
|
-
const singleCert = typeof pemOrDerChain[0] === 'string' ? pemOrDerChain[0] : u8a.toString(pemOrDerChain[0], 'base64pad')
|
|
221
|
-
const cert =
|
|
246
|
+
const singleCert = typeof pemOrDerChain[0] === 'string' ? pemOrDerChain[0] : u8a.toString(pemOrDerChain[0], 'base64pad')
|
|
247
|
+
const cert = pemOrDerToX509Certificate(singleCert)
|
|
222
248
|
if (client) {
|
|
223
|
-
const validation =
|
|
249
|
+
const validation = await validateCertificateChainMatchesClientIdScheme(cert, client.clientId, client.clientIdScheme)
|
|
224
250
|
if (validation.error) {
|
|
225
|
-
return validation
|
|
251
|
+
return validation
|
|
226
252
|
}
|
|
227
253
|
}
|
|
228
254
|
if (blindlyTrustedAnchors.includes(singleCert)) {
|
|
229
|
-
console.log(`Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`)
|
|
230
|
-
return
|
|
255
|
+
console.log(`Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`)
|
|
256
|
+
return {
|
|
257
|
+
error: false,
|
|
258
|
+
critical: true,
|
|
259
|
+
message: `Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`,
|
|
260
|
+
verificationTime,
|
|
261
|
+
certificateChain: [await getCertificateInfo(cert)],
|
|
262
|
+
...(client && {client}),
|
|
263
|
+
}
|
|
231
264
|
}
|
|
232
265
|
if (allowSingleNoCAChainElement) {
|
|
233
|
-
const subjectDN =
|
|
234
|
-
if (!
|
|
235
|
-
const passed =
|
|
236
|
-
return
|
|
266
|
+
const subjectDN = getSubjectDN(cert).DN
|
|
267
|
+
if (!getIssuerDN(cert).DN || getIssuerDN(cert).DN === subjectDN) {
|
|
268
|
+
const passed = await cert.verify()
|
|
269
|
+
return {
|
|
270
|
+
error: !passed,
|
|
271
|
+
critical: true,
|
|
272
|
+
message: `Certificate chain validation for ${subjectDN}: ${passed ? 'successful' : 'failed'}.`,
|
|
273
|
+
verificationTime,
|
|
274
|
+
certificateChain: [await getCertificateInfo(cert)],
|
|
275
|
+
...(client && {client}),
|
|
276
|
+
}
|
|
237
277
|
}
|
|
238
278
|
}
|
|
239
279
|
}
|
|
240
|
-
|
|
241
|
-
|
|
280
|
+
|
|
281
|
+
const validationEngine = new CertificateChainValidationEngine({
|
|
282
|
+
certs /!*crls: [crl1], ocsps: [ocsp1], *!/,
|
|
242
283
|
checkDate: verificationTime,
|
|
243
284
|
trustedCerts,
|
|
244
|
-
})
|
|
285
|
+
})
|
|
286
|
+
|
|
245
287
|
try {
|
|
246
|
-
const verification =
|
|
288
|
+
const verification = await validationEngine.verify()
|
|
247
289
|
if (!verification.result || !verification.certificatePath) {
|
|
248
|
-
return
|
|
290
|
+
return {
|
|
291
|
+
error: true,
|
|
292
|
+
critical: true,
|
|
293
|
+
message: verification.resultMessage !== '' ? verification.resultMessage : `Certificate chain validation failed.`,
|
|
294
|
+
verificationTime,
|
|
295
|
+
...(client && {client}),
|
|
296
|
+
}
|
|
249
297
|
}
|
|
250
|
-
const certPath = verification.certificatePath
|
|
298
|
+
const certPath = verification.certificatePath
|
|
251
299
|
if (client) {
|
|
252
|
-
const clientIdValidation =
|
|
300
|
+
const clientIdValidation = await validateCertificateChainMatchesClientIdScheme(certs[0], client.clientId, client.clientIdScheme)
|
|
253
301
|
if (clientIdValidation.error) {
|
|
254
|
-
return clientIdValidation
|
|
302
|
+
return clientIdValidation
|
|
255
303
|
}
|
|
256
304
|
}
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
305
|
+
let certInfos: Array<CertificateInfo> | undefined
|
|
306
|
+
|
|
307
|
+
for (const certificate of certPath) {
|
|
308
|
+
try {
|
|
309
|
+
certInfos?.push(await getCertificateInfo(certificate))
|
|
310
|
+
} catch (e: any) {
|
|
311
|
+
console.log(`Error getting certificate info ${e.message}`)
|
|
312
|
+
}
|
|
313
|
+
}
|
|
314
|
+
|
|
315
|
+
|
|
316
|
+
return {
|
|
317
|
+
error: false,
|
|
318
|
+
critical: false,
|
|
319
|
+
message: `Certificate chain was valid`,
|
|
320
|
+
verificationTime,
|
|
321
|
+
certificateChain: certInfos,
|
|
322
|
+
...(client && {client}),
|
|
323
|
+
}
|
|
324
|
+
} catch (error: any) {
|
|
325
|
+
return {
|
|
326
|
+
error: true,
|
|
327
|
+
critical: true,
|
|
328
|
+
message: `Certificate chain was invalid, ${error.message ?? '<unknown error>'}`,
|
|
329
|
+
verificationTime,
|
|
330
|
+
...(client && {client}),
|
|
331
|
+
}
|
|
264
332
|
}
|
|
265
|
-
}
|
|
266
|
-
|
|
333
|
+
}
|
|
334
|
+
*/
|
|
267
335
|
const rdnmap = {
|
|
268
336
|
'2.5.4.6': 'C',
|
|
269
337
|
'2.5.4.10': 'O',
|
|
@@ -323,7 +391,12 @@ const getCertificateSubjectPublicKeyJWK = (pemOrDerCert) => __awaiter(void 0, vo
|
|
|
323
391
|
console.log(`Error in primary get JWK from cert:`, error === null || error === void 0 ? void 0 : error.message);
|
|
324
392
|
}
|
|
325
393
|
if (!jwk) {
|
|
326
|
-
|
|
394
|
+
try {
|
|
395
|
+
jwk = (yield js_x509_utils_1.default.toJwk(pem, 'pem'));
|
|
396
|
+
}
|
|
397
|
+
catch (error) {
|
|
398
|
+
console.log(`Error in secondary get JWK from cert as well:`, error === null || error === void 0 ? void 0 : error.message);
|
|
399
|
+
}
|
|
327
400
|
}
|
|
328
401
|
if (!jwk) {
|
|
329
402
|
throw Error(`Failed to get JWK from certificate ${pem}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"x509-validator.js","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAAiD;AACjD,mDAA0D;AAC1D,yCAAmE;AAGnE,kEAAgC;AAChC,iCASc;AACd,uCAAoC;AACpC,iDAAkC;AAClC,6CAAwF;AAoCxF,MAAM,mBAAmB,GAAG,GAAG,EAAE;IAC/B,MAAM,IAAI,GAAG,QAAQ,CAAA;IACrB,IAAA,iBAAS,EAAC,IAAI,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAA;IAC3D,OAAO,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAA;AACxB,CAAC,CAAA;AAEM,MAAM,kBAAkB,GAAG,CAChC,WAAwB,EACxB,IAEC,EACyB,EAAE;IAC5B,IAAI,YAA6B,CAAA;IACjC,IAAI,CAAC;QACH,YAAY,GAAG,CAAC,MAAM,IAAA,yCAAiC,EAAC,WAAW,CAAC,CAAQ,CAAA;IAC9E,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC,CAAA,CAAC;IACd,OAAO;QACL,MAAM,EAAE,EAAE,EAAE,EAAE,IAAA,mBAAW,EAAC,WAAW,CAAC,EAAE;QACxC,OAAO,EAAE;YACP,EAAE,EAAE,IAAA,oBAAY,EAAC,WAAW,CAAC;YAC7B,uBAAuB,EAAE,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,UAAU,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,EAAE,CAAC;SACtG;QACD,YAAY;QACZ,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,KAAK;QACtC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,KAAK;QACpC,cAAc;KACW,CAAA;AAC7B,CAAC,CAAA,CAAA;AArBY,QAAA,kBAAkB,sBAqB9B;AAoBM,MAAM,4BAA4B,GAAG,KAeV,EAAE,4CAfe,EACjD,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAC7B,IAAI,GAAG;IACL,sBAAsB,EAAE,KAAK;IAC7B,2BAA2B,EAAE,IAAI;IACjC,qBAAqB,EAAE,EAAE;IACzB,qBAAqB,EAAE,KAAK;CAC7B,GAMF;IACC,+KAA+K;IAC/K,OAAO,MAAM,gCAAgC,CAAC;QAC5C,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;QAC9B,YAAY;QACZ,gBAAgB;QAChB,IAAI;KACL,CAAC,CAAA;AACJ,CAAC,CAAA,CAAA;AAxBY,QAAA,4BAA4B,gCAwBxC;AACD,MAAM,gCAAgC,GAAG,KAYP,EAAE,4CAZY,EAC9C,QAAQ,EACR,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,EAAE,QAAQ,EAC1B,IAAI,GAOL;;IACC,MAAM,gBAAgB,GAAS,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAA;IAC3F,MAAM,EACJ,sBAAsB,GAAG,KAAK,EAC9B,2BAA2B,GAAG,IAAI,EAClC,qBAAqB,GAAG,EAAE,EAC1B,qBAAqB,GAAG,KAAK,EAC7B,MAAM,GACP,GAAG,IAAI,CAAA;IACR,MAAM,WAAW,GAAG,sBAAsB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;IAEtH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,0DAA0D;YACnE,gBAAgB;SACjB,CAAA;IACH,CAAC;IACD,mBAAmB,EAAE,CAAA;IAErB,+HAA+H;IAC/H,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAClF,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACjH,MAAM,cAAc,GAClB,MAAA,CACE,MAAM,OAAO,CAAC,GAAG,CACf,qBAAqB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAChC,IAAI,CAAC;YACH,OAAO,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAA;QAC9B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,aAAa;YACb,OAAO,CAAC,GAAG,CAAC,+CAA+C,GAAG,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,CAAA;YACtF,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC,CAAC,CACH,CACF,CAAC,MAAM,CAAC,CAAC,IAAI,EAA6B,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC,mCAAI,EAAE,CAAA;IACzE,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAExC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAA;IAChC,IAAI,gBAAgB,GAAkC,SAAS,CAAA;IAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QAC5B,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACrD,MAAM,kBAAkB,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,iCAAoB,EAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,WAAW,CAAC,CAAC,CAAA;QAC/H,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,iHAAiH,CAAC,CAAA;YAC9H,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,iHAAiH,EAC1H,aAAa,EAAE,+BAA+B,kBAAkB,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,0BAA0B,EACxH,WAAW,EAAE,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,eAAe,EAChD,gBAAgB,EAChB,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,IACxD,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,WAAW,CAAC,eAAe,CAAC,MAAM,KAAK,YAAY,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;gBAChF,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACxC,OAAO,MAAM,gCAAgC,CAAC;wBAC5C,QAAQ,EAAE,IAAI;wBACd,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;wBAC9B,IAAI;wBACJ,gBAAgB;wBAChB,YAAY;qBACb,CAAC,CAAA;gBACJ,CAAC;gBACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,aAAa,EAAE,mBAAmB,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBAAgB,WAAW,CAAC,eAAe,CAAC,MAAM,+CAA+C,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,wBAAwB,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,GAAG,EACvR,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;YACH,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,MAAM,CACrD;YACE,IAAI,EAAE,gBAAgB;YACtB,SAAS,EAAE,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,0CAAE,SAAS;SACpD,EACD,MAAA,MAAA,MAAA,IAAA,iBAAS,GAAE,0CAAE,MAAM,mCAAI,MAAM,mCAAI,MAAM,CAAC,MAAM,CAC/C,CAAA;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAClD,OAAO,MAAM,gCAAgC,CAAC;oBAC5C,QAAQ,EAAE,IAAI;oBACd,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;oBAC9B,IAAI;oBACJ,gBAAgB;oBAChB,YAAY;iBACb,CAAC,CAAA;YACJ,CAAC;YACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,aAAa,EAAE,mCAAmC,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBACzF,WAAW,CAAC,eAAe,CAAC,MAC9B,wBAAwB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,eAAe,CAAC,YAAY,CAAC,GAAG,EACnF,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QAED,gBAAgB,GAAG,gBAAgB,aAAhB,gBAAgB,cAAhB,gBAAgB,GAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,eAAe,EAAE,WAAW,CAAC,eAAe,CAAC,CAAC,CAAA;QAE/I,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,KAAK,CAAC,IAAI,2BAA2B,EAAE,CAAC;YAChE,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,uEAAuE,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACzH,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAAE,CAAC;QACtC,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,6BAA6B,EACtC,aAAa,EAAE,wBAAwB,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,yCAAyC,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACxK,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;IAED,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,aAAa,EAAE,mDAAmD,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,QACtG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EACrD,GAAG,EACH,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;AACH,CAAC,CAAA,CAAA;AAED,MAAM,iBAAiB,GAAG,CAAC,KAAsB,EAAE,KAAsB,EAAW,EAAE;IACpF,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAA;AAC9D,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAsB,oBAAS,CAAC,OAAO,CAAC,wBAAiB,CAAC,CAAA;AAC1E,MAAM,wBAAwB,GAAG,GAAsB,EAAE;IAC9D,OAAO,iBAAiB,CAAA;AAC1B,CAAC,CAAA;AAFY,QAAA,wBAAwB,4BAEpC;AAYM,MAAM,gBAAgB,GAAG,CAAO,OAA4B,EAA8B,EAAE;IACjG,MAAM,eAAe,GAAG,IAAI,sBAAe,CAAC,OAAO,CAAC,CAAA;IACpD,MAAM,aAAa,GAAG,uBAAS,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,OAAO,EAAE,gCAAoB,CAAC,CAAA;IAC9F,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAA;IACnE,MAAM,YAAY,GAAQ,CAAC,MAAM,IAAA,yCAAiC,EAAC,IAAI,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAQ,CAAA;IACnH,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,OAAO,CAAC,CAAA;IACtD,MAAM,eAAe,GAAG,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAA;IAC7D,MAAM,kBAAkB,GAAG,IAAA,gCAAwB,GAAE,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;IAC7F,OAAO;QACL,kBAAkB;QAClB,aAAa;QACb,YAAY;QACZ,YAAY;QACZ,eAAe;QACf,WAAW;QACX,eAAe;KAChB,CAAA;AACH,CAAC,CAAA,CAAA;AAjBY,QAAA,gBAAgB,oBAiB5B;AAED;;;;;;GAMG;AACI,MAAM,+BAA+B,GAAG,KAcb,EAAE,4CAdkB,EACpD,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAC7B,IAAI,GAAG;IACL,sBAAsB,EAAE,KAAK;IAC7B,2BAA2B,EAAE,IAAI;IACjC,qBAAqB,EAAE,EAAE;CAC1B,GAMF;;IACC,MAAM,EAAE,sBAAsB,GAAG,KAAK,EAAE,2BAA2B,GAAG,IAAI,EAAE,qBAAqB,GAAG,EAAE,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACvH,MAAM,WAAW,GAAG,sBAAsB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;IAEtH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,0DAA0D;YACnE,gBAAgB;SACjB,CAAA;IACH,CAAC;IAED,+HAA+H;IAC/H,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,sCAAyB,CAAC,CAAC,OAAO,EAAE,CAAA;IACpE,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,sCAAyB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACzF,mBAAmB,EAAE,CAAA;IAErB,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,OAAO,aAAa,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QACxH,MAAM,IAAI,GAAG,IAAA,sCAAyB,EAAC,UAAU,CAAC,CAAA;QAClD,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,UAAU,GAAG,MAAM,IAAA,qDAA6C,EAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,cAAc,CAAC,CAAA;YACpH,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO,UAAU,CAAA;YACnB,CAAC;QACH,CAAC;QACD,IAAI,qBAAqB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,iHAAiH,CAAC,CAAA;YAC9H,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,iHAAiH,EAC1H,gBAAgB,EAChB,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,IAAI,CAAC,CAAC,IAC/C,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,IAAI,2BAA2B,EAAE,CAAC;YAChC,MAAM,SAAS,GAAG,IAAA,oBAAY,EAAC,IAAI,CAAC,CAAC,EAAE,CAAA;YACvC,IAAI,CAAC,IAAA,mBAAW,EAAC,IAAI,CAAC,CAAC,EAAE,IAAI,IAAA,mBAAW,EAAC,IAAI,CAAC,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC;gBAChE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;gBAClC,uBACE,KAAK,EAAE,CAAC,MAAM,EACd,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,oCAAoC,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,GAAG,EAC9F,gBAAgB,EAChB,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,IAAI,CAAC,CAAC,IAC/C,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,IAAI,wCAAgC,CAAC;QAC5D,KAAK,CAAC,oCAAoC;QAC1C,SAAS,EAAE,gBAAgB;QAC3B,YAAY;KACb,CAAC,CAAA;IAEF,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,CAAA;QACpD,IAAI,CAAC,YAAY,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;YAC1D,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,YAAY,CAAC,aAAa,KAAK,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,sCAAsC,EAChH,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,MAAM,QAAQ,GAAG,YAAY,CAAC,eAAe,CAAA;QAC7C,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,kBAAkB,GAAG,MAAM,IAAA,qDAA6C,EAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,cAAc,CAAC,CAAA;YAChI,IAAI,kBAAkB,CAAC,KAAK,EAAE,CAAC;gBAC7B,OAAO,kBAAkB,CAAA;YAC3B,CAAC;QACH,CAAC;QACD,MAAM,SAAS,GAA2B,MAAM,OAAO,CAAC,GAAG,CACzD,QAAQ,CAAC,GAAG,CAAC,CAAO,WAAW,EAAE,EAAE;YACjC,OAAO,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAA;QACxC,CAAC,CAAA,CAAC,CACH,CAAA;QACD,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,6BAA6B,EACtC,gBAAgB,EAChB,gBAAgB,EAAE,SAAS,IACxB,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,kCAAkC,MAAA,KAAK,CAAC,OAAO,mCAAI,iBAAiB,EAAE,EAC/E,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;AACH,CAAC,CAAA,CAAA;AAlHY,QAAA,+BAA+B,mCAkH3C;AAED,MAAM,MAAM,GAA2B;IACrC,SAAS,EAAE,GAAG;IACd,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,GAAG;IACd,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,UAAU,EAAE,GAAG;IACf,SAAS,EAAE,IAAI;IACf,sBAAsB,EAAE,QAAQ;CACjC,CAAA;AAEM,MAAM,WAAW,GAAG,CAAC,IAAiB,EAAU,EAAE;IACvD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;QAC3C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;KACpD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,WAAW,eAKvB;AAEM,MAAM,YAAY,GAAG,CAAC,IAAiB,EAAU,EAAE;IACxD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAC5C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;KACrD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,YAAY,gBAKxB;AAED,MAAM,WAAW,GAAG,CAAC,cAAuC,EAA0B,EAAE;;IACtF,MAAM,EAAE,GAA2B,EAAE,CAAA;IACrC,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,MAAA,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,mCAAI,YAAY,CAAC,IAAI,CAAA;QAC3D,EAAE,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAA;IAC1C,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC,CAAA;AACD,MAAM,WAAW,GAAG,CAAC,cAAuC,EAAU,EAAE;IACtE,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,GAAG,CAAC,CAAA;AACd,CAAC,CAAA;AAEM,MAAM,iCAAiC,GAAG,CAAO,YAA+C,EAAgB,EAAE;IACvH,MAAM,WAAW,GACf,OAAO,YAAY,KAAK,QAAQ;QAC9B,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,YAAY,YAAY,UAAU;YACpC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,WAAW,CAAC;YACzC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,GAAG,GAAG,IAAA,qBAAQ,EAAC,WAAW,CAAC,CAAA;IACjC,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,GAAG,CAAC,CAAA;IAClD,IAAI,GAAoB,CAAA;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACrC,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAA;QAC3E,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CAAoB,CAAA;IAC9D,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;IACpE,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,GAAG,GAAG,CAAC,MAAM,uBAAI,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAQ,CAAA;IAC7C,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,KAAK,CAAC,sCAAsC,GAAG,EAAE,CAAC,CAAA;IAC1D,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA,CAAA;AAxBY,QAAA,iCAAiC,qCAwB7C;AAED;;;;;;;;;;GAUG;AACH,IAAY,6BAKX;AALD,WAAY,6BAA6B;IACvC,6FAAc,CAAA;IACd,uFAAW,CAAA;IACX,2HAA6B,CAAA;IAC7B,2FAAa,CAAA;AACf,CAAC,EALW,6BAA6B,6CAA7B,6BAA6B,QAKxC;AASM,MAAM,sCAAsC,GAAG,CAAC,WAAwB,EAAE,QAAgB,EAAE,cAA8B,EAAQ,EAAE;IACzI,MAAM,IAAI,GAAG,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,oBAAoB,EAAE,cAAc,EAAE,CAAC,CAAA;IAC9F,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAA;IAClE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,KAAK,CACT,oBAAoB,cAAc,0EAChC,IAAA,oBAAY,EAAC,WAAW,CAAC,CAAC,EAC5B,WAAW,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CACpD,CAAA;IACH,CAAC;AACH,CAAC,CAAA;AAVY,QAAA,sCAAsC,0CAUlD;AAEM,MAAM,6CAA6C,GAAG,CAC3D,WAAwB,EACxB,QAAgB,EAChB,cAA8B,EACC,EAAE;IACjC,MAAM,MAAM,GAAG;QACb,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,aAAa,QAAQ,gDAAgD,cAAc,EAAE;QAC9F,MAAM,EAAE;YACN,QAAQ;YACR,cAAc;SACf;QACD,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAC;QACzD,gBAAgB,EAAE,IAAI,IAAI,EAAE;KAC7B,CAAA;IACD,IAAI,CAAC;QACH,IAAA,8CAAsC,EAAC,WAAW,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;IAC/E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,CAAC,KAAK,GAAG,KAAK,CAAA;IACpB,MAAM,CAAC,OAAO,GAAG,aAAa,QAAQ,4CAA4C,cAAc,EAAE,CAAA;IAClG,OAAO,MAAM,CAAA;AACf,CAAC,CAAA,CAAA;AAxBY,QAAA,6CAA6C,iDAwBzD;AAEM,MAAM,0BAA0B,GAAG,CACxC,WAAwB,EACxB,IAIC,EACyB,EAAE;;IAC5B,IAAI,UAA2C,CAAA;IAC/C,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,EAAE,CAAC;QAC/B,UAAU;YACR,IAAI,CAAC,oBAAoB,KAAK,cAAc;gBAC1C,CAAC,CAAC,CAAC,6BAA6B,CAAC,OAAO,CAAC;gBACzC,CAAC,CAAC,CAAC,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IACjE,CAAC;SAAM,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,EAAE,CAAC;QAC5B,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACnF,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,CAAC,6BAA6B,CAAC,OAAO,EAAE,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IAC/G,CAAC;IACD,MAAM,WAAW,GAAG,MAAA,MAAA,WAAW,CAAC,UAAU,0CAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,yBAAiB,CAAC,0CAAE,WAAsB,CAAA;IACnH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAA;IAC9C,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACf,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAmC,CAAA;IACtF,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AA7BY,QAAA,0BAA0B,8BA6BtC"}
|
|
1
|
+
{"version":3,"file":"x509-validator.js","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAAiD;AACjD,mDAA0D;AAC1D,yCAAmE;AAGnE,kEAAgC;AAChC,iCAA0H;AAC1H,uCAAoC;AACpC,iDAAkC;AAClC,qCAAsC;AACtC,6CAAwF;AAoCxF,MAAM,mBAAmB,GAAG,GAAG,EAAE;IAC/B,MAAM,IAAI,GAAG,QAAQ,CAAA;IACrB,IAAA,iBAAS,EAAC,IAAI,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAA,qBAAY,EAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAA;IACxE,OAAO,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAA;AACxB,CAAC,CAAA;AAEM,MAAM,kBAAkB,GAAG,CAChC,WAAwB,EACxB,IAEC,EACyB,EAAE;IAC5B,IAAI,YAA6B,CAAA;IACjC,IAAI,CAAC;QACH,YAAY,GAAG,CAAC,MAAM,IAAA,yCAAiC,EAAC,WAAW,CAAC,CAAQ,CAAA;IAC9E,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC,CAAA,CAAC;IACd,OAAO;QACL,MAAM,EAAE,EAAE,EAAE,EAAE,IAAA,mBAAW,EAAC,WAAW,CAAC,EAAE;QACxC,OAAO,EAAE;YACP,EAAE,EAAE,IAAA,oBAAY,EAAC,WAAW,CAAC;YAC7B,uBAAuB,EAAE,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,UAAU,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,EAAE,CAAC;SACtG;QACD,YAAY;QACZ,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,KAAK;QACtC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,KAAK;QACpC,cAAc;KACW,CAAA;AAC7B,CAAC,CAAA,CAAA;AArBY,QAAA,kBAAkB,sBAqB9B;AAoBM,MAAM,4BAA4B,GAAG,KAeV,EAAE,4CAfe,EACjD,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAC7B,IAAI,GAAG;IACL,sBAAsB,EAAE,KAAK;IAC7B,2BAA2B,EAAE,IAAI;IACjC,qBAAqB,EAAE,EAAE;IACzB,qBAAqB,EAAE,KAAK;CAC7B,GAMF;IACC,+KAA+K;IAC/K,OAAO,MAAM,gCAAgC,CAAC;QAC5C,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;QAC9B,YAAY;QACZ,gBAAgB;QAChB,IAAI;KACL,CAAC,CAAA;AACJ,CAAC,CAAA,CAAA;AAxBY,QAAA,4BAA4B,gCAwBxC;AACD,MAAM,gCAAgC,GAAG,KAYP,EAAE,4CAZY,EAC9C,QAAQ,EACR,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,EAAE,QAAQ,EAC1B,IAAI,GAOL;;IACC,MAAM,gBAAgB,GAAS,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAA;IAC3F,MAAM,EACJ,sBAAsB,GAAG,KAAK,EAC9B,2BAA2B,GAAG,IAAI,EAClC,qBAAqB,GAAG,EAAE,EAC1B,qBAAqB,GAAG,KAAK,EAC7B,MAAM,GACP,GAAG,IAAI,CAAA;IACR,MAAM,WAAW,GAAG,sBAAsB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;IAEtH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,0DAA0D;YACnE,gBAAgB;SACjB,CAAA;IACH,CAAC;IACD,mBAAmB,EAAE,CAAA;IAErB,+HAA+H;IAC/H,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAClF,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACjH,MAAM,cAAc,GAClB,MAAA,CACE,MAAM,OAAO,CAAC,GAAG,CACf,qBAAqB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAChC,IAAI,CAAC;YACH,OAAO,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAA;QAC9B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,aAAa;YACb,OAAO,CAAC,GAAG,CAAC,+CAA+C,GAAG,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,CAAA;YACtF,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC,CAAC,CACH,CACF,CAAC,MAAM,CAAC,CAAC,IAAI,EAA6B,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC,mCAAI,EAAE,CAAA;IACzE,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAExC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAA;IAChC,IAAI,gBAAgB,GAAkC,SAAS,CAAA;IAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QAC5B,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACrD,MAAM,kBAAkB,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,iCAAoB,EAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,WAAW,CAAC,CAAC,CAAA;QAC/H,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,iHAAiH,CAAC,CAAA;YAC9H,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,iHAAiH,EAC1H,aAAa,EAAE,+BAA+B,kBAAkB,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,0BAA0B,EACxH,WAAW,EAAE,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,eAAe,EAChD,gBAAgB,EAChB,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,IACxD,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,WAAW,CAAC,eAAe,CAAC,MAAM,KAAK,YAAY,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;gBAChF,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACxC,OAAO,MAAM,gCAAgC,CAAC;wBAC5C,QAAQ,EAAE,IAAI;wBACd,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;wBAC9B,IAAI;wBACJ,gBAAgB;wBAChB,YAAY;qBACb,CAAC,CAAA;gBACJ,CAAC;gBACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,aAAa,EAAE,mBAAmB,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBAAgB,WAAW,CAAC,eAAe,CAAC,MAAM,+CAA+C,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,wBAAwB,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,GAAG,EACvR,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;YACH,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,MAAM,CACrD;YACE,IAAI,EAAE,gBAAgB;YACtB,SAAS,EAAE,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,0CAAE,SAAS;SACpD,EACD,MAAA,MAAA,MAAA,IAAA,iBAAS,GAAE,0CAAE,MAAM,mCAAI,MAAM,mCAAI,MAAM,CAAC,MAAM,CAC/C,CAAA;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAClD,OAAO,MAAM,gCAAgC,CAAC;oBAC5C,QAAQ,EAAE,IAAI;oBACd,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;oBAC9B,IAAI;oBACJ,gBAAgB;oBAChB,YAAY;iBACb,CAAC,CAAA;YACJ,CAAC;YACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,aAAa,EAAE,mCAAmC,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBACzF,WAAW,CAAC,eAAe,CAAC,MAC9B,wBAAwB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,eAAe,CAAC,YAAY,CAAC,GAAG,EACnF,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QAED,gBAAgB,GAAG,gBAAgB,aAAhB,gBAAgB,cAAhB,gBAAgB,GAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,eAAe,EAAE,WAAW,CAAC,eAAe,CAAC,CAAC,CAAA;QAE/I,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,KAAK,CAAC,IAAI,2BAA2B,EAAE,CAAC;YAChE,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,uEAAuE,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACzH,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAAE,CAAC;QACtC,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,6BAA6B,EACtC,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,aAAa,EAAE,wBAAwB,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,yCAAyC,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACxK,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;IAED,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,aAAa,EAAE,mDAAmD,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,QACtG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EACrD,GAAG,EACH,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;AACH,CAAC,CAAA,CAAA;AAED,MAAM,iBAAiB,GAAG,CAAC,KAAsB,EAAE,KAAsB,EAAW,EAAE;IACpF,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAA;AAC9D,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAsB,oBAAS,CAAC,OAAO,CAAC,wBAAiB,CAAC,CAAA;AAC1E,MAAM,wBAAwB,GAAG,GAAsB,EAAE;IAC9D,OAAO,iBAAiB,CAAA;AAC1B,CAAC,CAAA;AAFY,QAAA,wBAAwB,4BAEpC;AAYM,MAAM,gBAAgB,GAAG,CAAO,OAA4B,EAA8B,EAAE;IACjG,MAAM,eAAe,GAAG,IAAI,sBAAe,CAAC,OAAO,CAAC,CAAA;IACpD,MAAM,aAAa,GAAG,uBAAS,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,OAAO,EAAE,gCAAoB,CAAC,CAAA;IAC9F,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAA;IACnE,IAAI,YAAY,GAAoB,SAAS,CAAA;IAC7C,IAAI,CAAC;QACH,YAAY,GAAG,CAAC,MAAM,IAAA,yCAAiC,EAAC,IAAI,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAQ,CAAA;IAC1G,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;IAC1B,CAAC;IACD,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,OAAO,CAAC,CAAA;IACtD,MAAM,eAAe,GAAG,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAA;IAC7D,MAAM,kBAAkB,GAAG,IAAA,gCAAwB,GAAE,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;IAC7F,OAAO;QACL,kBAAkB;QAClB,aAAa;QACb,YAAY;QACZ,YAAY;QACZ,eAAe;QACf,WAAW;QACX,eAAe;KAChB,CAAA;AACH,CAAC,CAAA,CAAA;AAtBY,QAAA,gBAAgB,oBAsB5B;AACD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuIE;AAEF,MAAM,MAAM,GAA2B;IACrC,SAAS,EAAE,GAAG;IACd,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,GAAG;IACd,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,UAAU,EAAE,GAAG;IACf,SAAS,EAAE,IAAI;IACf,sBAAsB,EAAE,QAAQ;CACjC,CAAA;AAEM,MAAM,WAAW,GAAG,CAAC,IAAiB,EAAU,EAAE;IACvD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;QAC3C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;KACpD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,WAAW,eAKvB;AAEM,MAAM,YAAY,GAAG,CAAC,IAAiB,EAAU,EAAE;IACxD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAC5C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;KACrD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,YAAY,gBAKxB;AAED,MAAM,WAAW,GAAG,CAAC,cAAuC,EAA0B,EAAE;;IACtF,MAAM,EAAE,GAA2B,EAAE,CAAA;IACrC,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,MAAA,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,mCAAI,YAAY,CAAC,IAAI,CAAA;QAC3D,EAAE,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAA;IAC1C,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC,CAAA;AACD,MAAM,WAAW,GAAG,CAAC,cAAuC,EAAU,EAAE;IACtE,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,GAAG,CAAC,CAAA;AACd,CAAC,CAAA;AAEM,MAAM,iCAAiC,GAAG,CAAO,YAA+C,EAAgB,EAAE;IACvH,MAAM,WAAW,GACf,OAAO,YAAY,KAAK,QAAQ;QAC9B,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,YAAY,YAAY,UAAU;YACpC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,WAAW,CAAC;YACzC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,GAAG,GAAG,IAAA,qBAAQ,EAAC,WAAW,CAAC,CAAA;IACjC,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,GAAG,CAAC,CAAA;IAClD,IAAI,GAAoB,CAAA;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACrC,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAA;QAC3E,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CAAoB,CAAA;IAC9D,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;IACpE,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,IAAI,CAAC;YACH,GAAG,GAAG,CAAC,MAAM,uBAAI,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAQ,CAAA;QAC7C,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;QAC9E,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,KAAK,CAAC,sCAAsC,GAAG,EAAE,CAAC,CAAA;IAC1D,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA,CAAA;AA5BY,QAAA,iCAAiC,qCA4B7C;AAED;;;;;;;;;;GAUG;AACH,IAAY,6BAKX;AALD,WAAY,6BAA6B;IACvC,6FAAc,CAAA;IACd,uFAAW,CAAA;IACX,2HAA6B,CAAA;IAC7B,2FAAa,CAAA;AACf,CAAC,EALW,6BAA6B,6CAA7B,6BAA6B,QAKxC;AASM,MAAM,sCAAsC,GAAG,CAAC,WAAwB,EAAE,QAAgB,EAAE,cAA8B,EAAQ,EAAE;IACzI,MAAM,IAAI,GAAG,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,oBAAoB,EAAE,cAAc,EAAE,CAAC,CAAA;IAC9F,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAA;IAClE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,KAAK,CACT,oBAAoB,cAAc,0EAChC,IAAA,oBAAY,EAAC,WAAW,CAAC,CAAC,EAC5B,WAAW,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CACpD,CAAA;IACH,CAAC;AACH,CAAC,CAAA;AAVY,QAAA,sCAAsC,0CAUlD;AAEM,MAAM,6CAA6C,GAAG,CAC3D,WAAwB,EACxB,QAAgB,EAChB,cAA8B,EACC,EAAE;IACjC,MAAM,MAAM,GAAG;QACb,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,aAAa,QAAQ,gDAAgD,cAAc,EAAE;QAC9F,MAAM,EAAE;YACN,QAAQ;YACR,cAAc;SACf;QACD,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAC;QACzD,gBAAgB,EAAE,IAAI,IAAI,EAAE;KAC7B,CAAA;IACD,IAAI,CAAC;QACH,IAAA,8CAAsC,EAAC,WAAW,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;IAC/E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,CAAC,KAAK,GAAG,KAAK,CAAA;IACpB,MAAM,CAAC,OAAO,GAAG,aAAa,QAAQ,4CAA4C,cAAc,EAAE,CAAA;IAClG,OAAO,MAAM,CAAA;AACf,CAAC,CAAA,CAAA;AAxBY,QAAA,6CAA6C,iDAwBzD;AAEM,MAAM,0BAA0B,GAAG,CACxC,WAAwB,EACxB,IAIC,EACyB,EAAE;;IAC5B,IAAI,UAA2C,CAAA;IAC/C,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,EAAE,CAAC;QAC/B,UAAU;YACR,IAAI,CAAC,oBAAoB,KAAK,cAAc;gBAC1C,CAAC,CAAC,CAAC,6BAA6B,CAAC,OAAO,CAAC;gBACzC,CAAC,CAAC,CAAC,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IACjE,CAAC;SAAM,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,EAAE,CAAC;QAC5B,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACnF,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,CAAC,6BAA6B,CAAC,OAAO,EAAE,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IAC/G,CAAC;IACD,MAAM,WAAW,GAAG,MAAA,MAAA,WAAW,CAAC,UAAU,0CAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,yBAAiB,CAAC,0CAAE,WAAsB,CAAA;IACnH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAA;IAC9C,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACf,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAmC,CAAA;IACtF,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AA7BY,QAAA,0BAA0B,8BA6BtC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk-ext.x509-utils",
|
|
3
3
|
"description": "Sphereon SSI-SDK plugin functions for X.509 Certificate handling.",
|
|
4
|
-
"version": "0.26.1-next.
|
|
4
|
+
"version": "0.26.1-next.27+503768f",
|
|
5
5
|
"source": "src/index.ts",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
@@ -42,5 +42,5 @@
|
|
|
42
42
|
"DID",
|
|
43
43
|
"Veramo"
|
|
44
44
|
],
|
|
45
|
-
"gitHead": "
|
|
45
|
+
"gitHead": "503768f6fa976585b6b2ae2c63652bad556cce20"
|
|
46
46
|
}
|
|
@@ -4,18 +4,10 @@ import { AlgorithmProvider, X509Certificate } from '@peculiar/x509'
|
|
|
4
4
|
// import {calculateJwkThumbprint} from "@sphereon/ssi-sdk-ext.key-utils";
|
|
5
5
|
import { JWK } from '@sphereon/ssi-types'
|
|
6
6
|
import x509 from 'js-x509-utils'
|
|
7
|
-
import {
|
|
8
|
-
AltName,
|
|
9
|
-
AttributeTypeAndValue,
|
|
10
|
-
Certificate,
|
|
11
|
-
CertificateChainValidationEngine,
|
|
12
|
-
CryptoEngine,
|
|
13
|
-
getCrypto,
|
|
14
|
-
id_SubjectAltName,
|
|
15
|
-
setEngine,
|
|
16
|
-
} from 'pkijs'
|
|
7
|
+
import { AltName, AttributeTypeAndValue, Certificate, CryptoEngine, getCrypto, id_SubjectAltName, setEngine } from 'pkijs'
|
|
17
8
|
import { container } from 'tsyringe'
|
|
18
9
|
import * as u8a from 'uint8arrays'
|
|
10
|
+
import {globalCrypto} from "./crypto";
|
|
19
11
|
import { areCertificatesEqual, derToPEM, pemOrDerToX509Certificate } from './x509-utils'
|
|
20
12
|
|
|
21
13
|
export type DNInfo = {
|
|
@@ -54,7 +46,7 @@ export type X509ValidationResult = {
|
|
|
54
46
|
|
|
55
47
|
const defaultCryptoEngine = () => {
|
|
56
48
|
const name = 'crypto'
|
|
57
|
-
setEngine(name, new CryptoEngine({ name, crypto:
|
|
49
|
+
setEngine(name, new CryptoEngine({ name, crypto: globalCrypto(false) }))
|
|
58
50
|
return getCrypto(true)
|
|
59
51
|
}
|
|
60
52
|
|
|
@@ -64,7 +56,7 @@ export const getCertificateInfo = async (
|
|
|
64
56
|
sanTypeFilter: SubjectAlternativeGeneralName | SubjectAlternativeGeneralName[]
|
|
65
57
|
}
|
|
66
58
|
): Promise<CertificateInfo> => {
|
|
67
|
-
|
|
59
|
+
let publicKeyJWK: JWK | undefined
|
|
68
60
|
try {
|
|
69
61
|
publicKeyJWK = (await getCertificateSubjectPublicKeyJWK(certificate)) as JWK
|
|
70
62
|
} catch (e) {}
|
|
@@ -209,6 +201,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
209
201
|
return {
|
|
210
202
|
error: true,
|
|
211
203
|
critical: true,
|
|
204
|
+
certificateChain: chain.map((cert) => cert.certificateInfo),
|
|
212
205
|
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
213
206
|
detailMessage: `The certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer}, is not signed by the previous certificate ${previousCert?.certificateInfo.subject.dn.DN} with subject string ${previousCert?.x509Certificate.subject}.`,
|
|
214
207
|
verificationTime,
|
|
@@ -237,6 +230,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
237
230
|
error: true,
|
|
238
231
|
critical: true,
|
|
239
232
|
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
233
|
+
certificateChain: chain.map((cert) => cert.certificateInfo),
|
|
240
234
|
detailMessage: `Verification of the certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${
|
|
241
235
|
currentCert.x509Certificate.issuer
|
|
242
236
|
} failed. Public key: ${JSON.stringify(currentCert.certificateInfo.publicKeyJWK)}.`,
|
|
@@ -252,6 +246,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
252
246
|
error: false,
|
|
253
247
|
critical: false,
|
|
254
248
|
message: `Certificate chain succeeded as allow single cert result is allowed: ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
249
|
+
certificateChain: chain.map((cert) => cert.certificateInfo),
|
|
255
250
|
trustAnchor: foundTrustAnchor?.certificateInfo,
|
|
256
251
|
verificationTime,
|
|
257
252
|
...(client && { client }),
|
|
@@ -264,6 +259,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
264
259
|
error: false,
|
|
265
260
|
critical: false,
|
|
266
261
|
message: `Certificate chain was valid`,
|
|
262
|
+
certificateChain: chain.map((cert) => cert.certificateInfo),
|
|
267
263
|
detailMessage: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor?.certificateInfo.subject.dn.DN}.`,
|
|
268
264
|
trustAnchor: foundTrustAnchor?.certificateInfo,
|
|
269
265
|
verificationTime,
|
|
@@ -275,6 +271,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
275
271
|
error: true,
|
|
276
272
|
critical: true,
|
|
277
273
|
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
274
|
+
certificateChain: chain.map((cert) => cert.certificateInfo),
|
|
278
275
|
detailMessage: `No trust anchor was found in the chain. between ${chain[0].certificateInfo.subject.dn.DN} and ${
|
|
279
276
|
chain[chain.length - 1].certificateInfo.subject.dn.DN
|
|
280
277
|
}.`,
|
|
@@ -294,7 +291,7 @@ export const getX509AlgorithmProvider = (): AlgorithmProvider => {
|
|
|
294
291
|
|
|
295
292
|
export type ParsedCertificate = {
|
|
296
293
|
publicKeyInfo: SubjectPublicKeyInfo
|
|
297
|
-
publicKeyJwk
|
|
294
|
+
publicKeyJwk?: JWK
|
|
298
295
|
publicKeyRaw: Uint8Array
|
|
299
296
|
publicKeyAlgorithm: Algorithm
|
|
300
297
|
certificateInfo: CertificateInfo
|
|
@@ -306,7 +303,12 @@ export const parseCertificate = async (rawCert: string | Uint8Array): Promise<Pa
|
|
|
306
303
|
const x509Certificate = new X509Certificate(rawCert)
|
|
307
304
|
const publicKeyInfo = AsnParser.parse(x509Certificate.publicKey.rawData, SubjectPublicKeyInfo)
|
|
308
305
|
const publicKeyRaw = new Uint8Array(publicKeyInfo.subjectPublicKey)
|
|
309
|
-
|
|
306
|
+
let publicKeyJwk: JWK | undefined = undefined
|
|
307
|
+
try {
|
|
308
|
+
publicKeyJwk = (await getCertificateSubjectPublicKeyJWK(new Uint8Array(x509Certificate.rawData))) as JWK
|
|
309
|
+
} catch (e: any) {
|
|
310
|
+
console.error(e.message)
|
|
311
|
+
}
|
|
310
312
|
const certificate = pemOrDerToX509Certificate(rawCert)
|
|
311
313
|
const certificateInfo = await getCertificateInfo(certificate)
|
|
312
314
|
const publicKeyAlgorithm = getX509AlgorithmProvider().toWebAlgorithm(publicKeyInfo.algorithm)
|
|
@@ -320,129 +322,142 @@ export const parseCertificate = async (rawCert: string | Uint8Array): Promise<Pa
|
|
|
320
322
|
x509Certificate,
|
|
321
323
|
}
|
|
322
324
|
}
|
|
325
|
+
/*
|
|
323
326
|
|
|
324
|
-
|
|
327
|
+
/!**
|
|
325
328
|
*
|
|
326
329
|
* @param pemOrDerChain The order must be that the Certs signing another cert must come one after another. So first the signing cert, then any cert signing that cert and so on
|
|
327
330
|
* @param trustedPEMs
|
|
328
331
|
* @param verificationTime
|
|
329
332
|
* @param opts
|
|
330
|
-
|
|
333
|
+
*!/
|
|
331
334
|
export const validateX509CertificateChainOrg = async ({
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
}: {
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
335
|
+
chain: pemOrDerChain,
|
|
336
|
+
trustAnchors,
|
|
337
|
+
verificationTime = new Date(),
|
|
338
|
+
opts = {
|
|
339
|
+
trustRootWhenNoAnchors: false,
|
|
340
|
+
allowSingleNoCAChainElement: true,
|
|
341
|
+
blindlyTrustedAnchors: [],
|
|
342
|
+
},
|
|
343
|
+
}: {
|
|
344
|
+
chain: (Uint8Array | string)[]
|
|
345
|
+
trustAnchors?: string[]
|
|
346
|
+
verificationTime?: Date
|
|
347
|
+
opts?: X509CertificateChainValidationOpts
|
|
345
348
|
}): Promise<X509ValidationResult> => {
|
|
346
|
-
|
|
347
|
-
|
|
349
|
+
const {
|
|
350
|
+
trustRootWhenNoAnchors = false,
|
|
351
|
+
allowSingleNoCAChainElement = true,
|
|
352
|
+
blindlyTrustedAnchors = [],
|
|
353
|
+
client
|
|
354
|
+
} = opts
|
|
355
|
+
const trustedPEMs = trustRootWhenNoAnchors && !trustAnchors ? [pemOrDerChain[pemOrDerChain.length - 1]] : trustAnchors
|
|
356
|
+
|
|
357
|
+
if (pemOrDerChain.length === 0) {
|
|
358
|
+
return {
|
|
359
|
+
error: true,
|
|
360
|
+
critical: true,
|
|
361
|
+
message: 'Certificate chain in DER or PEM format must not be empty',
|
|
362
|
+
verificationTime,
|
|
363
|
+
}
|
|
364
|
+
}
|
|
348
365
|
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
366
|
+
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around
|
|
367
|
+
const certs = pemOrDerChain.map(pemOrDerToX509Certificate).reverse()
|
|
368
|
+
const trustedCerts = trustedPEMs ? trustedPEMs.map(pemOrDerToX509Certificate) : undefined
|
|
369
|
+
defaultCryptoEngine()
|
|
370
|
+
|
|
371
|
+
if (pemOrDerChain.length === 1) {
|
|
372
|
+
const singleCert = typeof pemOrDerChain[0] === 'string' ? pemOrDerChain[0] : u8a.toString(pemOrDerChain[0], 'base64pad')
|
|
373
|
+
const cert = pemOrDerToX509Certificate(singleCert)
|
|
374
|
+
if (client) {
|
|
375
|
+
const validation = await validateCertificateChainMatchesClientIdScheme(cert, client.clientId, client.clientIdScheme)
|
|
376
|
+
if (validation.error) {
|
|
377
|
+
return validation
|
|
378
|
+
}
|
|
379
|
+
}
|
|
380
|
+
if (blindlyTrustedAnchors.includes(singleCert)) {
|
|
381
|
+
console.log(`Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`)
|
|
382
|
+
return {
|
|
383
|
+
error: false,
|
|
384
|
+
critical: true,
|
|
385
|
+
message: `Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`,
|
|
386
|
+
verificationTime,
|
|
387
|
+
certificateChain: [await getCertificateInfo(cert)],
|
|
388
|
+
...(client && {client}),
|
|
389
|
+
}
|
|
390
|
+
}
|
|
391
|
+
if (allowSingleNoCAChainElement) {
|
|
392
|
+
const subjectDN = getSubjectDN(cert).DN
|
|
393
|
+
if (!getIssuerDN(cert).DN || getIssuerDN(cert).DN === subjectDN) {
|
|
394
|
+
const passed = await cert.verify()
|
|
395
|
+
return {
|
|
396
|
+
error: !passed,
|
|
397
|
+
critical: true,
|
|
398
|
+
message: `Certificate chain validation for ${subjectDN}: ${passed ? 'successful' : 'failed'}.`,
|
|
399
|
+
verificationTime,
|
|
400
|
+
certificateChain: [await getCertificateInfo(cert)],
|
|
401
|
+
...(client && {client}),
|
|
402
|
+
}
|
|
403
|
+
}
|
|
404
|
+
}
|
|
355
405
|
}
|
|
356
|
-
}
|
|
357
406
|
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
407
|
+
const validationEngine = new CertificateChainValidationEngine({
|
|
408
|
+
certs /!*crls: [crl1], ocsps: [ocsp1], *!/,
|
|
409
|
+
checkDate: verificationTime,
|
|
410
|
+
trustedCerts,
|
|
411
|
+
})
|
|
362
412
|
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
critical: true,
|
|
390
|
-
message: `Certificate chain validation for ${subjectDN}: ${passed ? 'successful' : 'failed'}.`,
|
|
391
|
-
verificationTime,
|
|
392
|
-
certificateChain: [await getCertificateInfo(cert)],
|
|
393
|
-
...(client && { client }),
|
|
413
|
+
try {
|
|
414
|
+
const verification = await validationEngine.verify()
|
|
415
|
+
if (!verification.result || !verification.certificatePath) {
|
|
416
|
+
return {
|
|
417
|
+
error: true,
|
|
418
|
+
critical: true,
|
|
419
|
+
message: verification.resultMessage !== '' ? verification.resultMessage : `Certificate chain validation failed.`,
|
|
420
|
+
verificationTime,
|
|
421
|
+
...(client && {client}),
|
|
422
|
+
}
|
|
423
|
+
}
|
|
424
|
+
const certPath = verification.certificatePath
|
|
425
|
+
if (client) {
|
|
426
|
+
const clientIdValidation = await validateCertificateChainMatchesClientIdScheme(certs[0], client.clientId, client.clientIdScheme)
|
|
427
|
+
if (clientIdValidation.error) {
|
|
428
|
+
return clientIdValidation
|
|
429
|
+
}
|
|
430
|
+
}
|
|
431
|
+
let certInfos: Array<CertificateInfo> | undefined
|
|
432
|
+
|
|
433
|
+
for (const certificate of certPath) {
|
|
434
|
+
try {
|
|
435
|
+
certInfos?.push(await getCertificateInfo(certificate))
|
|
436
|
+
} catch (e: any) {
|
|
437
|
+
console.log(`Error getting certificate info ${e.message}`)
|
|
438
|
+
}
|
|
394
439
|
}
|
|
395
|
-
}
|
|
396
|
-
}
|
|
397
|
-
}
|
|
398
440
|
|
|
399
|
-
const validationEngine = new CertificateChainValidationEngine({
|
|
400
|
-
certs /*crls: [crl1], ocsps: [ocsp1], */,
|
|
401
|
-
checkDate: verificationTime,
|
|
402
|
-
trustedCerts,
|
|
403
|
-
})
|
|
404
441
|
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
}
|
|
422
|
-
}
|
|
423
|
-
const certInfos: Array<CertificateInfo> = await Promise.all(
|
|
424
|
-
certPath.map(async (certificate) => {
|
|
425
|
-
return getCertificateInfo(certificate)
|
|
426
|
-
})
|
|
427
|
-
)
|
|
428
|
-
return {
|
|
429
|
-
error: false,
|
|
430
|
-
critical: false,
|
|
431
|
-
message: `Certificate chain was valid`,
|
|
432
|
-
verificationTime,
|
|
433
|
-
certificateChain: certInfos,
|
|
434
|
-
...(client && { client }),
|
|
435
|
-
}
|
|
436
|
-
} catch (error: any) {
|
|
437
|
-
return {
|
|
438
|
-
error: true,
|
|
439
|
-
critical: true,
|
|
440
|
-
message: `Certificate chain was invalid, ${error.message ?? '<unknown error>'}`,
|
|
441
|
-
verificationTime,
|
|
442
|
-
...(client && { client }),
|
|
442
|
+
return {
|
|
443
|
+
error: false,
|
|
444
|
+
critical: false,
|
|
445
|
+
message: `Certificate chain was valid`,
|
|
446
|
+
verificationTime,
|
|
447
|
+
certificateChain: certInfos,
|
|
448
|
+
...(client && {client}),
|
|
449
|
+
}
|
|
450
|
+
} catch (error: any) {
|
|
451
|
+
return {
|
|
452
|
+
error: true,
|
|
453
|
+
critical: true,
|
|
454
|
+
message: `Certificate chain was invalid, ${error.message ?? '<unknown error>'}`,
|
|
455
|
+
verificationTime,
|
|
456
|
+
...(client && {client}),
|
|
457
|
+
}
|
|
443
458
|
}
|
|
444
|
-
}
|
|
445
459
|
}
|
|
460
|
+
*/
|
|
446
461
|
|
|
447
462
|
const rdnmap: Record<string, string> = {
|
|
448
463
|
'2.5.4.6': 'C',
|
|
@@ -504,7 +519,11 @@ export const getCertificateSubjectPublicKeyJWK = async (pemOrDerCert: string | U
|
|
|
504
519
|
console.log(`Error in primary get JWK from cert:`, error?.message)
|
|
505
520
|
}
|
|
506
521
|
if (!jwk) {
|
|
507
|
-
|
|
522
|
+
try {
|
|
523
|
+
jwk = (await x509.toJwk(pem, 'pem')) as JWK
|
|
524
|
+
} catch (error: any) {
|
|
525
|
+
console.log(`Error in secondary get JWK from cert as well:`, error?.message)
|
|
526
|
+
}
|
|
508
527
|
}
|
|
509
528
|
if (!jwk) {
|
|
510
529
|
throw Error(`Failed to get JWK from certificate ${pem}`)
|