@super-protocol/sdk-js 3.4.0-beta.16 → 3.4.0-beta.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/constants.d.ts +0 -5
- package/dist/cjs/constants.js +2 -7
- package/dist/cjs/index.d.ts +0 -1
- package/dist/cjs/index.js +1 -2
- package/dist/cjs/tee/OrderReportService.d.ts +3 -0
- package/dist/cjs/tee/OrderReportService.js +28 -12
- package/dist/cjs/tee/TeeCertificateService.d.ts +4 -0
- package/dist/cjs/tee/TeeCertificateService.js +34 -23
- package/dist/cjs/utils/TxManager.js +16 -27
- package/dist/mjs/constants.d.ts +0 -5
- package/dist/mjs/constants.js +1 -6
- package/dist/mjs/index.d.ts +0 -1
- package/dist/mjs/index.js +1 -2
- package/dist/mjs/tee/OrderReportService.d.ts +3 -0
- package/dist/mjs/tee/OrderReportService.js +29 -13
- package/dist/mjs/tee/TeeCertificateService.d.ts +4 -0
- package/dist/mjs/tee/TeeCertificateService.js +34 -23
- package/dist/mjs/utils/TxManager.js +17 -28
- package/package.json +2 -2
- package/dist/cjs/certificates/crl.d.ts +0 -6
- package/dist/cjs/certificates/crl.js +0 -66
- package/dist/cjs/certificates/helper.d.ts +0 -21
- package/dist/cjs/certificates/helper.js +0 -161
- package/dist/cjs/certificates/index.d.ts +0 -2
- package/dist/cjs/certificates/index.js +0 -19
- package/dist/cjs/certificates/ocsp.d.ts +0 -9
- package/dist/cjs/certificates/ocsp.js +0 -124
- package/dist/cjs/certificates/types.d.ts +0 -4
- package/dist/cjs/certificates/types.js +0 -3
- package/dist/mjs/certificates/crl.d.ts +0 -6
- package/dist/mjs/certificates/crl.js +0 -39
- package/dist/mjs/certificates/helper.d.ts +0 -21
- package/dist/mjs/certificates/helper.js +0 -131
- package/dist/mjs/certificates/index.d.ts +0 -2
- package/dist/mjs/certificates/index.js +0 -3
- package/dist/mjs/certificates/ocsp.d.ts +0 -9
- package/dist/mjs/certificates/ocsp.js +0 -94
- package/dist/mjs/certificates/types.d.ts +0 -4
- package/dist/mjs/certificates/types.js +0 -2
|
@@ -1,94 +0,0 @@
|
|
|
1
|
-
import * as pkijs from 'pkijs';
|
|
2
|
-
import * as asn1js from 'asn1js';
|
|
3
|
-
import axios from 'axios';
|
|
4
|
-
import { OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, OID_OCSP_ACCESS_METHOD, OID_OCSP_ISSUER_ACCESS_METHOD, } from '../constants.js';
|
|
5
|
-
import { CertificatesHelper } from './helper.js';
|
|
6
|
-
import { constants, helpers } from '../index.js';
|
|
7
|
-
export class OCSPHelper {
|
|
8
|
-
static async getOCSPResponseFromCerts(certs, ca) {
|
|
9
|
-
const ocspRequestsData = certs
|
|
10
|
-
.map(OCSPHelper.getOCSPRequestData)
|
|
11
|
-
.filter(Boolean);
|
|
12
|
-
if (!ocspRequestsData.length) {
|
|
13
|
-
return [];
|
|
14
|
-
}
|
|
15
|
-
const ocspResponseResults = await Promise.allSettled(ocspRequestsData.map((ocspReqData) => OCSPHelper.getOCSPResponse(ocspReqData, ca)));
|
|
16
|
-
const rejectedOCSPResponses = ocspResponseResults
|
|
17
|
-
.filter(helpers.isRejected)
|
|
18
|
-
.map((result) => result.reason);
|
|
19
|
-
if (rejectedOCSPResponses.length) {
|
|
20
|
-
throw new Error(`Can't get OCSP responses for some certificates (reasons=${rejectedOCSPResponses.join(';\n')})`);
|
|
21
|
-
}
|
|
22
|
-
return ocspResponseResults.filter(helpers.isFulfilled).map((result) => result.value);
|
|
23
|
-
}
|
|
24
|
-
static getOCSPRequestData(cert) {
|
|
25
|
-
const authorityExtension = CertificatesHelper.getExtensionValue(cert, OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION);
|
|
26
|
-
if (!authorityExtension) {
|
|
27
|
-
return;
|
|
28
|
-
}
|
|
29
|
-
const extensionValue = pkijs.ExtensionValueFactory.fromBER(OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, authorityExtension);
|
|
30
|
-
const ocspUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === OID_OCSP_ACCESS_METHOD)?.accessLocation.value;
|
|
31
|
-
const issuerCertUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === OID_OCSP_ISSUER_ACCESS_METHOD)?.accessLocation.value;
|
|
32
|
-
if (!ocspUrl || !issuerCertUrl) {
|
|
33
|
-
// TODO: throw error?
|
|
34
|
-
return;
|
|
35
|
-
}
|
|
36
|
-
return { ocspUrl, issuerCertUrl, cert };
|
|
37
|
-
}
|
|
38
|
-
static async getOCSPResponse(data, ca) {
|
|
39
|
-
const { ocspUrl, issuerCertUrl, cert } = data;
|
|
40
|
-
const issuerCertRaw = await CertificatesHelper.downloadCertWithCache(issuerCertUrl);
|
|
41
|
-
const issuerCertificate = pkijs.Certificate.fromBER(issuerCertRaw);
|
|
42
|
-
const ocspReq = new pkijs.OCSPRequest();
|
|
43
|
-
await ocspReq.createForCertificate(cert, {
|
|
44
|
-
hashAlgorithm: 'SHA-256',
|
|
45
|
-
issuerCertificate,
|
|
46
|
-
});
|
|
47
|
-
const reqNonce = OCSPHelper.getNonceForRequest();
|
|
48
|
-
ocspReq.tbsRequest.requestExtensions = [
|
|
49
|
-
new pkijs.Extension({
|
|
50
|
-
extnID: constants.OID_OCSP_NONCE,
|
|
51
|
-
extnValue: new asn1js.OctetString({ valueHex: reqNonce.buffer }).toBER(),
|
|
52
|
-
}),
|
|
53
|
-
];
|
|
54
|
-
const ocspBasicResp = await OCSPHelper.sendOCSPRequest(ocspUrl, ocspReq);
|
|
55
|
-
const respNonce = await OCSPHelper.getNonceFromResponse(ocspBasicResp);
|
|
56
|
-
if (respNonce && Buffer.compare(reqNonce, respNonce) !== 0) {
|
|
57
|
-
throw new Error(`OCSP nonces from request and response do not match`);
|
|
58
|
-
}
|
|
59
|
-
const trustedCerts = [];
|
|
60
|
-
if (!ocspBasicResp.certs) {
|
|
61
|
-
ocspBasicResp.certs = [issuerCertificate];
|
|
62
|
-
trustedCerts.push(...ca);
|
|
63
|
-
}
|
|
64
|
-
else {
|
|
65
|
-
trustedCerts.push(issuerCertificate);
|
|
66
|
-
}
|
|
67
|
-
await ocspBasicResp.verify({ trustedCerts });
|
|
68
|
-
return ocspBasicResp;
|
|
69
|
-
}
|
|
70
|
-
static async sendOCSPRequest(ocspUrl, ocspReq) {
|
|
71
|
-
const ocspResponse = await axios(ocspUrl, {
|
|
72
|
-
method: 'POST',
|
|
73
|
-
headers: {
|
|
74
|
-
'Content-Type': 'application/ocsp-request',
|
|
75
|
-
},
|
|
76
|
-
responseType: 'arraybuffer',
|
|
77
|
-
data: ocspReq.toSchema(true).toBER(),
|
|
78
|
-
});
|
|
79
|
-
const ocspRespSimpl = pkijs.OCSPResponse.fromBER(ocspResponse.data);
|
|
80
|
-
if (!ocspRespSimpl.responseBytes) {
|
|
81
|
-
throw new Error('"No "ResponseBytes" in the OCSP Response - nothing to verify');
|
|
82
|
-
}
|
|
83
|
-
const ocspBasicResp = pkijs.BasicOCSPResponse.fromBER(ocspRespSimpl.responseBytes.response.valueBlock.valueHexView);
|
|
84
|
-
return ocspBasicResp;
|
|
85
|
-
}
|
|
86
|
-
static getNonceForRequest() {
|
|
87
|
-
return pkijs.getRandomValues(new Uint8Array(32));
|
|
88
|
-
}
|
|
89
|
-
static getNonceFromResponse(ocspBasicResp) {
|
|
90
|
-
const nonceExtension = ocspBasicResp.tbsResponseData?.responseExtensions?.find((extension) => extension.extnID === constants.OID_OCSP_NONCE);
|
|
91
|
-
return nonceExtension?.extnValue.valueBlock.valueHexView;
|
|
92
|
-
}
|
|
93
|
-
}
|
|
94
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2NzcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvb2NzcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMvQixPQUFPLEtBQUssTUFBTSxNQUFNLFFBQVEsQ0FBQztBQUNqQyxPQUFPLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDMUIsT0FBTyxFQUNMLDBDQUEwQyxFQUMxQyxzQkFBc0IsRUFDdEIsNkJBQTZCLEdBQzlCLE1BQU0saUJBQWlCLENBQUM7QUFDekIsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ2pELE9BQU8sRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBSWpELE1BQU0sT0FBTyxVQUFVO0lBQ3JCLE1BQU0sQ0FBQyxLQUFLLENBQUMsd0JBQXdCLENBQ25DLEtBQTBCLEVBQzFCLEVBQXVCO1FBRXZCLE1BQU0sZ0JBQWdCLEdBQUcsS0FBSzthQUMzQixHQUFHLENBQUMsVUFBVSxDQUFDLGtCQUFrQixDQUFDO2FBQ2xDLE1BQU0sQ0FBQyxPQUFPLENBQXNCLENBQUM7UUFFeEMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzdCLE9BQU8sRUFBRSxDQUFDO1FBQ1osQ0FBQztRQUVELE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxPQUFPLENBQUMsVUFBVSxDQUNsRCxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxlQUFlLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQ25GLENBQUM7UUFFRixNQUFNLHFCQUFxQixHQUFHLG1CQUFtQjthQUM5QyxNQUFNLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQzthQUMxQixHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxJQUFJLHFCQUFxQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQ2IsMkRBQTJELHFCQUFxQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUNoRyxDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU8sbUJBQW1CLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQixDQUFDLElBQXVCO1FBQ3ZELE1BQU0sa0JBQWtCLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQzdELElBQUksRUFDSiwwQ0FBMEMsQ0FDM0MsQ0FBQztRQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3hCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FDeEQsMENBQTBDLEVBQzFDLGtCQUFrQixDQUNFLENBQUM7UUFFdkIsTUFBTSxPQUFPLEdBQUcsY0FBYyxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FDcEQsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxZQUFZLEtBQUssc0JBQXNCLENBQ3ZELEVBQUUsY0FBYyxDQUFDLEtBQUssQ0FBQztRQUV4QixNQUFNLGFBQWEsR0FBRyxjQUFjLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUMxRCxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFlBQVksS0FBSyw2QkFBNkIsQ0FDOUQsRUFBRSxjQUFjLENBQUMsS0FBSyxDQUFDO1FBRXhCLElBQUksQ0FBQyxPQUFPLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUMvQixxQkFBcUI7WUFDckIsT0FBTztRQUNULENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLGFBQWEsRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUMxQyxDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLElBQXFCLEVBQ3JCLEVBQXVCO1FBRXZCLE1BQU0sRUFBRSxPQUFPLEVBQUUsYUFBYSxFQUFFLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQztRQUM5QyxNQUFNLGFBQWEsR0FBRyxNQUFNLGtCQUFrQixDQUFDLHFCQUFxQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3BGLE1BQU0saUJBQWlCLEdBQUcsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDbkUsTUFBTSxPQUFPLEdBQUcsSUFBSSxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDeEMsTUFBTSxPQUFPLENBQUMsb0JBQW9CLENBQUMsSUFBSSxFQUFFO1lBQ3ZDLGFBQWEsRUFBRSxTQUFTO1lBQ3hCLGlCQUFpQjtTQUNsQixDQUFDLENBQUM7UUFDSCxNQUFNLFFBQVEsR0FBRyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUNqRCxPQUFPLENBQUMsVUFBVSxDQUFDLGlCQUFpQixHQUFHO1lBQ3JDLElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQztnQkFDbEIsTUFBTSxFQUFFLFNBQVMsQ0FBQyxjQUFjO2dCQUNoQyxTQUFTLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLEtBQUssRUFBRTthQUN6RSxDQUFDO1NBQ0gsQ0FBQztRQUVGLE1BQU0sYUFBYSxHQUFHLE1BQU0sVUFBVSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFekUsTUFBTSxTQUFTLEdBQUcsTUFBTSxVQUFVLENBQUMsb0JBQW9CLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDdkUsSUFBSSxTQUFTLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDM0QsTUFBTSxJQUFJLEtBQUssQ0FBQyxvREFBb0QsQ0FBQyxDQUFDO1FBQ3hFLENBQUM7UUFFRCxNQUFNLFlBQVksR0FBd0IsRUFBRSxDQUFDO1FBQzdDLElBQUksQ0FBQyxhQUFhLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDekIsYUFBYSxDQUFDLEtBQUssR0FBRyxDQUFDLGlCQUFpQixDQUFDLENBQUM7WUFDMUMsWUFBWSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQzNCLENBQUM7YUFBTSxDQUFDO1lBQ04sWUFBWSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQ3ZDLENBQUM7UUFFRCxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQzdDLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FDbEMsT0FBZSxFQUNmLE9BQTBCO1FBRTFCLE1BQU0sWUFBWSxHQUFHLE1BQU0sS0FBSyxDQUFDLE9BQU8sRUFBRTtZQUN4QyxNQUFNLEVBQUUsTUFBTTtZQUNkLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsMEJBQTBCO2FBQzNDO1lBQ0QsWUFBWSxFQUFFLGFBQWE7WUFDM0IsSUFBSSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBSyxFQUFFO1NBQ3JDLENBQUMsQ0FBQztRQUVILE1BQU0sYUFBYSxHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwRSxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQUMsOERBQThELENBQUMsQ0FBQztRQUNsRixDQUFDO1FBRUQsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkQsYUFBYSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FDN0QsQ0FBQztRQUVGLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsa0JBQWtCO1FBQy9CLE9BQU8sS0FBSyxDQUFDLGVBQWUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFTyxNQUFNLENBQUMsb0JBQW9CLENBQ2pDLGFBQXNDO1FBRXRDLE1BQU0sY0FBYyxHQUFHLGFBQWEsQ0FBQyxlQUFlLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxDQUM1RSxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLE1BQU0sS0FBSyxTQUFTLENBQUMsY0FBYyxDQUM3RCxDQUFDO1FBQ0YsT0FBTyxjQUFjLEVBQUUsU0FBUyxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUM7SUFDM0QsQ0FBQztDQUNGIn0=
|