@super-protocol/sdk-js 3.4.0-beta.17 → 3.4.0-beta.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/certificates/crl.d.ts +6 -0
- package/dist/cjs/certificates/crl.js +66 -0
- package/dist/cjs/certificates/helper.d.ts +23 -0
- package/dist/cjs/certificates/helper.js +179 -0
- package/dist/cjs/certificates/index.d.ts +2 -0
- package/dist/cjs/certificates/index.js +19 -0
- package/dist/cjs/certificates/ocsp.d.ts +9 -0
- package/dist/cjs/certificates/ocsp.js +124 -0
- package/dist/cjs/certificates/types.d.ts +4 -0
- package/dist/cjs/certificates/types.js +3 -0
- package/dist/cjs/constants.d.ts +5 -0
- package/dist/cjs/constants.js +7 -2
- package/dist/cjs/index.d.ts +1 -0
- package/dist/cjs/index.js +2 -1
- package/dist/cjs/tee/OrderReportService.d.ts +0 -3
- package/dist/cjs/tee/OrderReportService.js +12 -28
- package/dist/cjs/tee/TeeCertificateService.d.ts +1 -5
- package/dist/cjs/tee/TeeCertificateService.js +20 -36
- package/dist/cjs/utils/TxManager.js +27 -16
- package/dist/mjs/certificates/crl.d.ts +6 -0
- package/dist/mjs/certificates/crl.js +39 -0
- package/dist/mjs/certificates/helper.d.ts +23 -0
- package/dist/mjs/certificates/helper.js +149 -0
- package/dist/mjs/certificates/index.d.ts +2 -0
- package/dist/mjs/certificates/index.js +3 -0
- package/dist/mjs/certificates/ocsp.d.ts +9 -0
- package/dist/mjs/certificates/ocsp.js +94 -0
- package/dist/mjs/certificates/types.d.ts +4 -0
- package/dist/mjs/certificates/types.js +2 -0
- package/dist/mjs/constants.d.ts +5 -0
- package/dist/mjs/constants.js +6 -1
- package/dist/mjs/index.d.ts +1 -0
- package/dist/mjs/index.js +2 -1
- package/dist/mjs/tee/OrderReportService.d.ts +0 -3
- package/dist/mjs/tee/OrderReportService.js +13 -29
- package/dist/mjs/tee/TeeCertificateService.d.ts +1 -5
- package/dist/mjs/tee/TeeCertificateService.js +20 -36
- package/dist/mjs/utils/TxManager.js +28 -17
- package/package.json +3 -3
|
@@ -4,23 +4,22 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.OrderReportService = void 0;
|
|
7
|
-
const node_forge_1 = __importDefault(require("node-forge"));
|
|
8
7
|
const util_1 = require("util");
|
|
9
8
|
const zlib_1 = __importDefault(require("zlib"));
|
|
10
9
|
const dto_js_1 = require("@super-protocol/dto-js");
|
|
11
10
|
const OrderReport_js_1 = require("../proto/OrderReport.js");
|
|
12
|
-
const TeeCertificateService_js_1 = require("./TeeCertificateService.js");
|
|
13
11
|
const constants_js_1 = require("../constants.js");
|
|
14
12
|
const calculateObjectHash_js_1 = require("../utils/helpers/calculateObjectHash.js");
|
|
13
|
+
const helper_js_1 = require("../certificates/helper.js");
|
|
14
|
+
const TeeCertificateService_js_1 = require("./TeeCertificateService.js");
|
|
15
15
|
const gzipPromise = (0, util_1.promisify)(zlib_1.default.gzip);
|
|
16
16
|
const unzipPromise = (0, util_1.promisify)(zlib_1.default.unzip);
|
|
17
|
-
const rootCertDer = Buffer.from(node_forge_1.default.pki.pemToDer(constants_js_1.SUPERPROTOCOL_CA).bytes(), 'binary');
|
|
18
17
|
class OrderReportService {
|
|
19
|
-
static teeCertificateService = new TeeCertificateService_js_1.TeeCertificateService();
|
|
20
18
|
static async encode(orderReport) {
|
|
21
|
-
const
|
|
19
|
+
const { certs } = helper_js_1.CertificatesHelper.extractCAFromChain(orderReport.certificate);
|
|
20
|
+
const certsDer = helper_js_1.CertificatesHelper.pemChainToDer(certs);
|
|
22
21
|
const orderReportProto = {
|
|
23
|
-
certificates:
|
|
22
|
+
certificates: certsDer,
|
|
24
23
|
workloadInfo: {
|
|
25
24
|
runtimeInfo: orderReport.workloadInfo.runtimeInfo.map((ri) => ({
|
|
26
25
|
type: ri.type,
|
|
@@ -39,14 +38,7 @@ class OrderReportService {
|
|
|
39
38
|
static async decode(encodedOrderReport) {
|
|
40
39
|
const decompressed = await unzipPromise(encodedOrderReport);
|
|
41
40
|
const orderReportProto = OrderReport_js_1.OrderReportProto.decode(decompressed);
|
|
42
|
-
const certsPem = orderReportProto.certificates
|
|
43
|
-
contentDomain: null,
|
|
44
|
-
dekInfo: null,
|
|
45
|
-
headers: [],
|
|
46
|
-
procType: null,
|
|
47
|
-
type: 'CERTIFICATE',
|
|
48
|
-
body: Buffer.from(derCert).toString('binary'),
|
|
49
|
-
}));
|
|
41
|
+
const certsPem = helper_js_1.CertificatesHelper.derChainToPem(orderReportProto.certificates);
|
|
50
42
|
if (!orderReportProto.workloadInfo) {
|
|
51
43
|
throw new Error(`Wrong order report! Missing workloadInfo`);
|
|
52
44
|
}
|
|
@@ -65,34 +57,26 @@ class OrderReportService {
|
|
|
65
57
|
return result;
|
|
66
58
|
});
|
|
67
59
|
return {
|
|
68
|
-
certificate: certsPem
|
|
60
|
+
certificate: certsPem,
|
|
69
61
|
workloadInfo: {
|
|
70
62
|
runtimeInfo,
|
|
71
63
|
created: orderReportProto.workloadInfo.created,
|
|
72
64
|
},
|
|
73
65
|
};
|
|
74
66
|
}
|
|
75
|
-
static removeRootCertificateFromChain(certsDer) {
|
|
76
|
-
return certsDer.filter((certDer) => !certDer.equals(rootCertDer));
|
|
77
|
-
}
|
|
78
67
|
static async validateOrderReport(orderReport) {
|
|
79
|
-
|
|
80
|
-
|
|
68
|
+
const teeCertificateService = new TeeCertificateService_js_1.TeeCertificateService();
|
|
69
|
+
await teeCertificateService.validateTeeReportCertChain(orderReport.certificate);
|
|
70
|
+
const workloadInfoHashFromCert = helper_js_1.CertificatesHelper.getExtensionValue(orderReport.certificate, constants_js_1.OID_CUSTOM_EXTENSION_ORDER_REPORT_WORKLOAD_INFO_HASH);
|
|
81
71
|
if (!workloadInfoHashFromCert) {
|
|
82
72
|
throw new Error(`WorkloadInfoHash is missing in certificate!`);
|
|
83
73
|
}
|
|
84
74
|
const workloadInfoHash = await (0, calculateObjectHash_js_1.calculateObjectHash)(orderReport.workloadInfo);
|
|
85
|
-
const isHashMatch = Buffer.compare(
|
|
75
|
+
const isHashMatch = Buffer.compare(workloadInfoHashFromCert, Buffer.from(workloadInfoHash.hash, workloadInfoHash.encoding)) === 0;
|
|
86
76
|
if (!isHashMatch) {
|
|
87
77
|
throw new Error(`WorkloadInfoHash in the certificate doesn't match the WorkloadInfoHash in the orderReport`);
|
|
88
78
|
}
|
|
89
79
|
}
|
|
90
|
-
static certsToDerArray(certificate) {
|
|
91
|
-
const certs = this.teeCertificateService.splitPemCerts(certificate);
|
|
92
|
-
return certs.map((pemCert) => {
|
|
93
|
-
return Buffer.from(node_forge_1.default.pki.pemToDer(pemCert).bytes(), 'binary');
|
|
94
|
-
});
|
|
95
|
-
}
|
|
96
80
|
static hashToBinary(hash) {
|
|
97
81
|
if (!hash) {
|
|
98
82
|
return;
|
|
@@ -114,4 +98,4 @@ class OrderReportService {
|
|
|
114
98
|
}
|
|
115
99
|
}
|
|
116
100
|
exports.OrderReportService = OrderReportService;
|
|
117
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
101
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiT3JkZXJSZXBvcnRTZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9PcmRlclJlcG9ydFNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsK0JBQWlDO0FBQ2pDLGdEQUF3QjtBQUN4QixtREFPZ0M7QUFHaEMsNERBQTJEO0FBQzNELGtEQUF1RjtBQUN2RixvRkFBOEU7QUFDOUUseURBQStEO0FBQy9ELHlFQUFtRTtBQUVuRSxNQUFNLFdBQVcsR0FBRyxJQUFBLGdCQUFTLEVBQUMsY0FBSSxDQUFDLElBQUksQ0FBQyxDQUFDO0FBQ3pDLE1BQU0sWUFBWSxHQUFHLElBQUEsZ0JBQVMsRUFBQyxjQUFJLENBQUMsS0FBSyxDQUFDLENBQUM7QUFFM0MsTUFBYSxrQkFBa0I7SUFDN0IsTUFBTSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsV0FBd0I7UUFDMUMsTUFBTSxFQUFFLEtBQUssRUFBRSxHQUFHLDhCQUFrQixDQUFDLGtCQUFrQixDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUNqRixNQUFNLFFBQVEsR0FBRyw4QkFBa0IsQ0FBQyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUM7UUFFekQsTUFBTSxnQkFBZ0IsR0FBcUI7WUFDekMsWUFBWSxFQUFFLFFBQVE7WUFDdEIsWUFBWSxFQUFFO2dCQUNaLFdBQVcsRUFBRSxXQUFXLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7b0JBQzdELElBQUksRUFBRSxFQUFFLENBQUMsSUFBSTtvQkFDYixJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUk7b0JBQ2IsSUFBSSxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQztvQkFDaEMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUMsZ0JBQWdCLENBQUM7b0JBQ3hELFFBQVEsRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQyxRQUFRLENBQUM7aUJBQ3pDLENBQUMsQ0FBQztnQkFDSCxPQUFPLEVBQUUsV0FBVyxDQUFDLFlBQVksQ0FBQyxPQUFPO2FBQzFDO1NBQ0YsQ0FBQztRQUVGLE1BQU0sT0FBTyxHQUFHLGlDQUFnQixDQUFDLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ25FLE1BQU0sVUFBVSxHQUFHLE1BQU0sV0FBVyxDQUFDLE9BQU8sRUFBRSxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBRTVELE9BQU8sVUFBVSxDQUFDO0lBQ3BCLENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxrQkFBMEI7UUFDNUMsTUFBTSxZQUFZLEdBQUcsTUFBTSxZQUFZLENBQUMsa0JBQWtCLENBQUMsQ0FBQztRQUM1RCxNQUFNLGdCQUFnQixHQUFHLGlDQUFnQixDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUUvRCxNQUFNLFFBQVEsR0FBRyw4QkFBa0IsQ0FBQyxhQUFhLENBQUMsZ0JBQWdCLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFakYsSUFBSSxDQUFDLGdCQUFnQixDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ25DLE1BQU0sSUFBSSxLQUFLLENBQUMsMENBQTBDLENBQUMsQ0FBQztRQUM5RCxDQUFDO1FBRUQsTUFBTSxXQUFXLEdBQWtCLGdCQUFnQixDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUU7WUFDM0YsTUFBTSxNQUFNLEdBQWdCO2dCQUMxQixJQUFJLEVBQUUsT0FBTyxDQUFDLElBQWU7Z0JBQzdCLElBQUksRUFBRSxPQUFPLENBQUMsSUFBSTtnQkFDbEIsSUFBSSxFQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFFO2FBQzNDLENBQUM7WUFDRixJQUFJLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO2dCQUM3QixNQUFNLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1lBQzVFLENBQUM7WUFDRCxJQUFJLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztnQkFDckIsTUFBTSxDQUFDLFFBQVEsR0FBRyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQzVELENBQUM7WUFDRCxPQUFPLE1BQU0sQ0FBQztRQUNoQixDQUFDLENBQUMsQ0FBQztRQUVILE9BQU87WUFDTCxXQUFXLEVBQUUsUUFBUTtZQUNyQixZQUFZLEVBQUU7Z0JBQ1osV0FBVztnQkFDWCxPQUFPLEVBQUUsZ0JBQWdCLENBQUMsWUFBYSxDQUFDLE9BQU87YUFDaEQ7U0FDRixDQUFDO0lBQ0osQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMsbUJBQW1CLENBQUMsV0FBd0I7UUFDdkQsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLGdEQUFxQixFQUFFLENBQUM7UUFDMUQsTUFBTSxxQkFBcUIsQ0FBQywwQkFBMEIsQ0FBQyxXQUFXLENBQUMsV0FBVyxDQUFDLENBQUM7UUFFaEYsTUFBTSx3QkFBd0IsR0FBRyw4QkFBa0IsQ0FBQyxpQkFBaUIsQ0FDbkUsV0FBVyxDQUFDLFdBQVcsRUFDdkIsbUVBQW9ELENBQ3JELENBQUM7UUFDRixJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQztZQUM5QixNQUFNLElBQUksS0FBSyxDQUFDLDZDQUE2QyxDQUFDLENBQUM7UUFDakUsQ0FBQztRQUNELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFBLDRDQUFtQixFQUFDLFdBQVcsQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUU3RSxNQUFNLFdBQVcsR0FDZixNQUFNLENBQUMsT0FBTyxDQUNaLHdCQUF3QixFQUN4QixNQUFNLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLElBQUksRUFBRSxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsQ0FDOUQsS0FBSyxDQUFDLENBQUM7UUFDVixJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDakIsTUFBTSxJQUFJLEtBQUssQ0FDYiwyRkFBMkYsQ0FDNUYsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLFlBQVksQ0FBQyxJQUFXO1FBQ3JDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUNWLE9BQU87UUFDVCxDQUFDO1FBRUQsT0FBTztZQUNMLElBQUksRUFBRSxJQUFJLENBQUMsSUFBSTtZQUNmLElBQUksRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQztTQUM1QyxDQUFDO0lBQ0osQ0FBQztJQUVPLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxVQUFrQztRQUNoRSxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsT0FBTztRQUNULENBQUM7UUFFRCxPQUFPO1lBQ0wsSUFBSSxFQUFFLFVBQVUsQ0FBQyxJQUFxQjtZQUN0QyxJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLGlCQUFRLENBQUMsR0FBRyxDQUFDO1lBQ3pELFFBQVEsRUFBRSxpQkFBUSxDQUFDLEdBQUc7U0FDdkIsQ0FBQztJQUNKLENBQUM7Q0FDRjtBQTFHRCxnREEwR0MifQ==
|
|
@@ -9,11 +9,7 @@ export declare class TeeCertificateService {
|
|
|
9
9
|
private readonly certOidQuote;
|
|
10
10
|
private getCertificatePublicKey;
|
|
11
11
|
parseAndValidateCertificate(certificatePem: string | Buffer, sgxApiUrl: string): Promise<ParseTlsCertificateResult>;
|
|
12
|
-
fromRawToPem(data: Uint8Array): string;
|
|
13
|
-
splitPemCerts(certs: string): string[];
|
|
14
|
-
validateCertChain(certsPem: string, caPem: string): boolean;
|
|
15
|
-
getExtensionValue(certPem: string, oid: string): string | undefined;
|
|
16
12
|
validateTeeReportCertChain(certsPem: string): Promise<void>;
|
|
17
13
|
private validateChallengeSgx;
|
|
18
|
-
private
|
|
14
|
+
private validateChallengeTdxAndSnp;
|
|
19
15
|
}
|
|
@@ -11,6 +11,7 @@ const constants_js_1 = require("../constants.js");
|
|
|
11
11
|
const pki_common_1 = require("@super-protocol/pki-common");
|
|
12
12
|
const TeeSignatureVerifier_js_1 = require("./TeeSignatureVerifier.js");
|
|
13
13
|
const errors_js_1 = require("./errors.js");
|
|
14
|
+
const index_js_1 = require("../certificates/index.js");
|
|
14
15
|
class TeeCertificateService {
|
|
15
16
|
certOidQuote = '0.6.9.42.840.113741.1337.6';
|
|
16
17
|
getCertificatePublicKey(certificate) {
|
|
@@ -37,65 +38,48 @@ class TeeCertificateService {
|
|
|
37
38
|
dataHash: Buffer.from(report.dataHash),
|
|
38
39
|
};
|
|
39
40
|
}
|
|
40
|
-
fromRawToPem(data) {
|
|
41
|
-
const base64 = Buffer.from(data).toString('base64');
|
|
42
|
-
return `-----BEGIN CERTIFICATE-----\n${base64.match(/.{1,64}/g).join('\n')}\n-----END CERTIFICATE-----`;
|
|
43
|
-
}
|
|
44
|
-
splitPemCerts(certs) {
|
|
45
|
-
const pemRegex = /(-----BEGIN CERTIFICATE-----[\s\S]*?-----END CERTIFICATE-----)/g;
|
|
46
|
-
return certs.match(pemRegex) || [];
|
|
47
|
-
}
|
|
48
|
-
validateCertChain(certsPem, caPem) {
|
|
49
|
-
const certs = this.splitPemCerts(certsPem).map((cert) => node_forge_1.default.pki.certificateFromPem(cert));
|
|
50
|
-
const ca = node_forge_1.default.pki.certificateFromPem(caPem);
|
|
51
|
-
try {
|
|
52
|
-
return node_forge_1.default.pki.verifyCertificateChain(node_forge_1.default.pki.createCaStore([ca]), certs);
|
|
53
|
-
}
|
|
54
|
-
catch (err) {
|
|
55
|
-
return false;
|
|
56
|
-
}
|
|
57
|
-
}
|
|
58
|
-
getExtensionValue(certPem, oid) {
|
|
59
|
-
const cert = node_forge_1.default.pki.certificateFromPem(certPem);
|
|
60
|
-
const extension = cert.extensions.find((ext) => ext.id === oid);
|
|
61
|
-
return extension?.value;
|
|
62
|
-
}
|
|
63
41
|
async validateTeeReportCertChain(certsPem) {
|
|
64
|
-
const
|
|
65
|
-
if (!
|
|
66
|
-
throw new Error(`Cert chain is invalid
|
|
42
|
+
const { success, errorMessage } = await index_js_1.CertificatesHelper.validateCertChain(certsPem, constants_js_1.SUPERPROTOCOL_CA);
|
|
43
|
+
if (!success) {
|
|
44
|
+
throw new Error(`Cert chain is invalid! (${errorMessage})`);
|
|
45
|
+
}
|
|
46
|
+
const sortedCerts = index_js_1.CertificatesHelper.sortCertsFromLeafToRoot(certsPem);
|
|
47
|
+
const challenges = sortedCerts.map((cert) => index_js_1.CertificatesHelper.getExtensionValue(cert, pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_TYPE)?.toString('binary'));
|
|
48
|
+
if (challenges.some((challenge) => !challenge || challenge === pki_common_1.ChallengeType.Untrusted)) {
|
|
49
|
+
throw new Error(`Cert chain has cert without or Untrusted challenge`);
|
|
67
50
|
}
|
|
68
|
-
const
|
|
69
|
-
switch (
|
|
51
|
+
const leafCertChallengeType = challenges[0];
|
|
52
|
+
switch (leafCertChallengeType) {
|
|
70
53
|
case pki_common_1.ChallengeType.SGXDCAP:
|
|
71
54
|
this.validateChallengeSgx(certsPem);
|
|
72
55
|
break;
|
|
73
56
|
case pki_common_1.ChallengeType.TDX:
|
|
74
|
-
|
|
57
|
+
case pki_common_1.ChallengeType.AMDSEV:
|
|
58
|
+
await this.validateChallengeTdxAndSnp(certsPem);
|
|
75
59
|
break;
|
|
76
60
|
default:
|
|
77
|
-
throw new Error(`Challenge type ${
|
|
61
|
+
throw new Error(`Challenge type ${leafCertChallengeType || `[none]`} is missing or not allowed!`);
|
|
78
62
|
}
|
|
79
63
|
}
|
|
80
64
|
validateChallengeSgx(certPem) {
|
|
81
|
-
const mrSignerBinaryString =
|
|
65
|
+
const mrSignerBinaryString = index_js_1.CertificatesHelper.getExtensionValue(certPem, pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID);
|
|
82
66
|
if (!mrSignerBinaryString) {
|
|
83
67
|
throw new Error(`SGX challenge signature is wrong!`);
|
|
84
68
|
}
|
|
85
69
|
try {
|
|
86
|
-
TeeSignatureVerifier_js_1.TeeSignatureVerifier.validateSignatureSgx(
|
|
70
|
+
TeeSignatureVerifier_js_1.TeeSignatureVerifier.validateSignatureSgx(mrSignerBinaryString);
|
|
87
71
|
}
|
|
88
72
|
catch (err) {
|
|
89
73
|
throw new Error(`SGX challenge signature is wrong!`);
|
|
90
74
|
}
|
|
91
75
|
}
|
|
92
|
-
async
|
|
93
|
-
const mrEnclaveBinaryString =
|
|
76
|
+
async validateChallengeTdxAndSnp(certPem) {
|
|
77
|
+
const mrEnclaveBinaryString = index_js_1.CertificatesHelper.getExtensionValue(certPem, pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_ID);
|
|
94
78
|
if (!mrEnclaveBinaryString) {
|
|
95
79
|
throw new Error(`Challenge id is missing in certificate!`);
|
|
96
80
|
}
|
|
97
81
|
try {
|
|
98
|
-
await TeeSignatureVerifier_js_1.TeeSignatureVerifier.validateSignatureTdxAndSnp(
|
|
82
|
+
await TeeSignatureVerifier_js_1.TeeSignatureVerifier.validateSignatureTdxAndSnp(mrEnclaveBinaryString);
|
|
99
83
|
}
|
|
100
84
|
catch (err) {
|
|
101
85
|
const message = `Tdx signature is invalid!`;
|
|
@@ -107,4 +91,4 @@ class TeeCertificateService {
|
|
|
107
91
|
}
|
|
108
92
|
}
|
|
109
93
|
exports.TeeCertificateService = TeeCertificateService;
|
|
110
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
94
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVGVlQ2VydGlmaWNhdGVTZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9UZWVDZXJ0aWZpY2F0ZVNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsNERBQStCO0FBQy9CLHFEQUFnRDtBQUNoRCwyREFBcUQ7QUFDckQsa0RBQW1EO0FBQ25ELDJEQUtvQztBQUNwQyx1RUFBaUU7QUFDakUsMkNBQW9EO0FBQ3BELHVEQUE4RDtBQVM5RCxNQUFhLHFCQUFxQjtJQUNmLFlBQVksR0FBRyw0QkFBNEIsQ0FBQztJQUVyRCx1QkFBdUIsQ0FBQyxXQUFrQztRQUNoRSxNQUFNLFlBQVksR0FBRyxvQkFBSyxDQUFDLElBQUk7YUFDNUIsS0FBSyxDQUFDLG9CQUFLLENBQUMsR0FBRyxDQUFDLGVBQWUsQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDLENBQUM7YUFDdkQsUUFBUSxFQUFFLENBQUM7UUFFZCxPQUFPLE1BQU0sQ0FBQyxJQUFJLENBQUMsWUFBWSxFQUFFLFFBQVEsQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRCxLQUFLLENBQUMsMkJBQTJCLENBQy9CLGNBQStCLEVBQy9CLFNBQWlCO1FBRWpCLE1BQU0sR0FBRyxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQyxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLENBQUMsY0FBYyxDQUFDO1FBQ3pGLE1BQU0sV0FBVyxHQUFHLG9CQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sVUFBVSxHQUFHLFdBQVcsQ0FBQyxVQUFVLENBQUM7UUFFMUMsTUFBTSxLQUFLLEdBQUcsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLEVBQUUsS0FBSyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDckUsTUFBTSxXQUFXLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1FBQ3ZELE1BQU0sU0FBUyxHQUFHLElBQUksa0NBQWMsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUNoRCxNQUFNLFNBQVMsQ0FBQyxVQUFVLENBQUMsV0FBVyxFQUFFLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDO1FBRW5GLE1BQU0sTUFBTSxHQUFHLElBQUksNkJBQVksRUFBRSxDQUFDO1FBQ2xDLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDbkQsTUFBTSxNQUFNLEdBQUcsTUFBTSxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFdEQsT0FBTztZQUNMLFFBQVEsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO1lBQ2xELFNBQVMsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUM7WUFDeEMsUUFBUSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQztZQUN0QyxRQUFRLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO1NBQ3ZDLENBQUM7SUFDSixDQUFDO0lBRUQsS0FBSyxDQUFDLDBCQUEwQixDQUFDLFFBQWdCO1FBQy9DLE1BQU0sRUFBRSxPQUFPLEVBQUUsWUFBWSxFQUFFLEdBQUcsTUFBTSw2QkFBa0IsQ0FBQyxpQkFBaUIsQ0FDMUUsUUFBUSxFQUNSLCtCQUFnQixDQUNqQixDQUFDO1FBQ0YsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsTUFBTSxJQUFJLEtBQUssQ0FBQywyQkFBMkIsWUFBWSxHQUFHLENBQUMsQ0FBQztRQUM5RCxDQUFDO1FBRUQsTUFBTSxXQUFXLEdBQUcsNkJBQWtCLENBQUMsdUJBQXVCLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFekUsTUFBTSxVQUFVLEdBQUcsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQzFDLDZCQUFrQixDQUFDLGlCQUFpQixDQUFDLElBQUksRUFBRSxnREFBbUMsQ0FBQyxFQUFFLFFBQVEsQ0FDdkYsUUFBUSxDQUNULENBQ0YsQ0FBQztRQUNGLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsQ0FBQyxTQUFTLElBQUksU0FBUyxLQUFLLDBCQUFhLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUN4RixNQUFNLElBQUksS0FBSyxDQUFDLG9EQUFvRCxDQUFDLENBQUM7UUFDeEUsQ0FBQztRQUVELE1BQU0scUJBQXFCLEdBQUcsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzVDLFFBQVEscUJBQXFCLEVBQUUsQ0FBQztZQUM5QixLQUFLLDBCQUFhLENBQUMsT0FBTztnQkFDeEIsSUFBSSxDQUFDLG9CQUFvQixDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUNwQyxNQUFNO1lBQ1IsS0FBSywwQkFBYSxDQUFDLEdBQUcsQ0FBQztZQUN2QixLQUFLLDBCQUFhLENBQUMsTUFBTTtnQkFDdkIsTUFBTSxJQUFJLENBQUMsMEJBQTBCLENBQUMsUUFBUSxDQUFDLENBQUM7Z0JBQ2hELE1BQU07WUFFUjtnQkFDRSxNQUFNLElBQUksS0FBSyxDQUNiLGtCQUFrQixxQkFBcUIsSUFBSSxRQUFRLDZCQUE2QixDQUNqRixDQUFDO1FBQ04sQ0FBQztJQUNILENBQUM7SUFFTyxvQkFBb0IsQ0FBQyxPQUFlO1FBQzFDLE1BQU0sb0JBQW9CLEdBQUcsNkJBQWtCLENBQUMsaUJBQWlCLENBQy9ELE9BQU8sRUFDUCxxREFBd0MsQ0FDekMsQ0FBQztRQUNGLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1lBQzFCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsOENBQW9CLENBQUMsb0JBQW9CLENBQUMsb0JBQW9CLENBQUMsQ0FBQztRQUNsRSxDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO0lBQ0gsQ0FBQztJQUVPLEtBQUssQ0FBQywwQkFBMEIsQ0FBQyxPQUFlO1FBQ3RELE1BQU0scUJBQXFCLEdBQUcsNkJBQWtCLENBQUMsaUJBQWlCLENBQ2hFLE9BQU8sRUFDUCw4Q0FBaUMsQ0FDbEMsQ0FBQztRQUNGLElBQUksQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO1lBQzNCLE1BQU0sSUFBSSxLQUFLLENBQUMseUNBQXlDLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsTUFBTSw4Q0FBb0IsQ0FBQywwQkFBMEIsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO1FBQy9FLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsTUFBTSxPQUFPLEdBQUcsMkJBQTJCLENBQUM7WUFDNUMsSUFBSSxHQUFHLFlBQVksaUNBQXFCLEVBQUUsQ0FBQztnQkFDekMsTUFBTSxJQUFJLEtBQUssQ0FBQyxHQUFHLE9BQU8sSUFBSSxHQUFHLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUMvQyxDQUFDO1lBQ0QsTUFBTSxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMzQixDQUFDO0lBQ0gsQ0FBQztDQUNGO0FBNUdELHNEQTRHQyJ9
|
|
@@ -129,25 +129,36 @@ class TxManager {
|
|
|
129
129
|
maxPriorityFeePerGas,
|
|
130
130
|
maxFeePerGas,
|
|
131
131
|
};
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
132
|
+
let estimatedGas;
|
|
133
|
+
if (transactionCall) {
|
|
134
|
+
try {
|
|
135
|
+
estimatedGas = await transactionCall.estimateGas(txData);
|
|
136
|
+
}
|
|
137
|
+
catch (e) {
|
|
138
|
+
TxManager.logger.debug({ error: e }, 'Fail to calculate estimated gas');
|
|
139
|
+
estimatedGas = constants_js_1.defaultGasLimit;
|
|
140
|
+
}
|
|
137
141
|
}
|
|
138
142
|
else {
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
...txData,
|
|
142
|
-
gas: undefined,
|
|
143
|
-
};
|
|
144
|
-
if (transactionCall) {
|
|
145
|
-
estimatedGas = await transactionCall.estimateGas(txDataForEstimate);
|
|
143
|
+
try {
|
|
144
|
+
estimatedGas = await store_js_1.default.web3Https.eth.estimateGas(txData);
|
|
146
145
|
}
|
|
147
|
-
|
|
148
|
-
|
|
146
|
+
catch (e) {
|
|
147
|
+
TxManager.logger.debug({ error: e }, 'Fail to calculate estimated gas');
|
|
148
|
+
estimatedGas = constants_js_1.defaultGasLimit;
|
|
149
149
|
}
|
|
150
|
-
|
|
150
|
+
}
|
|
151
|
+
txData.gas = (0, helper_js_1.multiplyBigIntByNumber)(estimatedGas, store_js_1.default.gasLimitMultiplier);
|
|
152
|
+
// defaultGasLimit is max gas limit
|
|
153
|
+
txData.gas = txData.gas < constants_js_1.defaultGasLimit ? txData.gas : constants_js_1.defaultGasLimit;
|
|
154
|
+
if (transactionOptions.gas) {
|
|
155
|
+
if (transactionOptions.gas < estimatedGas) {
|
|
156
|
+
TxManager.logger.warn({
|
|
157
|
+
estimated: estimatedGas,
|
|
158
|
+
specified: transactionOptions.gas,
|
|
159
|
+
}, 'Overriding gas is lower than estimated');
|
|
160
|
+
}
|
|
161
|
+
txData.gas = transactionOptions.gas;
|
|
151
162
|
}
|
|
152
163
|
let nonceTracker;
|
|
153
164
|
// TODO: Consider a better way to organize different strategies for publishing transactions.
|
|
@@ -200,4 +211,4 @@ class TxManager {
|
|
|
200
211
|
}
|
|
201
212
|
}
|
|
202
213
|
exports.default = TxManager;
|
|
203
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
214
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVHhNYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3V0aWxzL1R4TWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFDQSx3RUFBNkM7QUFDN0MsNkRBQXNDO0FBQ3RDLDJEQUFnQztBQVFoQywyQ0FLcUI7QUFDckIsOEVBQW1EO0FBQ25ELGtEQUl5QjtBQUN6QixvREFBNEI7QUFFNUIsNERBQW9DO0FBRXBDLHFFQUErRDtBQVEvRCxNQUFNLG9CQUFxQixTQUFRLEtBQUs7SUFDdEIsYUFBYSxDQUFVO0lBQ3ZDLFlBQVksYUFBc0IsRUFBRSxPQUFlO1FBQ2pELEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNmLElBQUksQ0FBQyxJQUFJLEdBQUcsc0JBQXNCLENBQUM7UUFDbkMsSUFBSSxDQUFDLGFBQWEsR0FBRyxhQUFhLENBQUM7SUFDckMsQ0FBQztDQUNGO0FBRUQsTUFBYSxpQ0FBa0MsU0FBUSxvQkFBb0I7SUFDekUsWUFBWSxhQUFzQixFQUFFLE9BQWU7UUFDakQsS0FBSyxDQUFDLGFBQWEsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUM5QixJQUFJLENBQUMsSUFBSSxHQUFHLG1DQUFtQyxDQUFDO0lBQ2xELENBQUM7Q0FDRjtBQUxELDhFQUtDO0FBSUQsTUFBTSxTQUFTO0lBQ0wsTUFBTSxDQUFDLElBQUksQ0FBTztJQUNsQixNQUFNLENBQUMseUJBQXlCLENBQVU7SUFDMUMsTUFBTSxDQUFDLE1BQU0sR0FBRyxtQkFBVSxDQUFDLEtBQUssQ0FBQyxFQUFFLFNBQVMsRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQzdELE1BQU0sQ0FBQyxhQUFhLEdBQXdDLEVBQUUsQ0FBQztJQUMvRCxNQUFNLENBQUMsTUFBTSxHQUFzQyxFQUFFLENBQUM7SUFDdkQsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFVLEVBQUUsNEJBQXFDLEtBQUs7UUFDdkUsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7UUFDakIsSUFBSSxDQUFDLHlCQUF5QixHQUFHLHlCQUF5QixDQUFDO0lBQzdELENBQUM7SUFFTyxNQUFNLENBQUMsa0JBQWtCO1FBQy9CLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDZixNQUFNLEtBQUssQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO1FBQy9ELENBQUM7SUFDSCxDQUFDO0lBRU0sTUFBTSxDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsT0FBZTtRQUM3QyxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDO1lBQUUsT0FBTztRQUN4QyxJQUFJLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxHQUFHLElBQUkseUJBQVksQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ25FLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUNsRCxDQUFDO0lBRU0sTUFBTSxDQUFDLE9BQU8sQ0FDbkIsV0FBbUMsRUFDbkMsa0JBQXVDLEVBQ3ZDLEtBQWEscUJBQVEsQ0FBQyxPQUFPO1FBRTdCLE1BQU0sTUFBTSxHQUEyQjtZQUNyQyxFQUFFO1lBQ0YsSUFBSSxFQUFFLFdBQVcsQ0FBQyxTQUFTLEVBQUU7U0FDOUIsQ0FBQztRQUVGLE9BQU8sU0FBUyxDQUFDLGtCQUFrQixDQUFDLE1BQU0sRUFBRSxrQkFBa0IsRUFBRSxXQUFXLENBQUMsQ0FBQztJQUMvRSxDQUFDO0lBRU0sTUFBTSxDQUFDLEtBQUssQ0FBQyxrQkFBa0IsQ0FDcEMsTUFBOEIsRUFDOUIsa0JBQXVDLEVBQ3ZDLGVBQXdDO1FBRXhDLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQzFCLElBQUEsMkNBQStCLEVBQUMsa0JBQWtCLENBQUMsQ0FBQztRQUVwRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUEsb0NBQXdCLEVBQUMsSUFBSSxDQUFDLHlCQUF5QixFQUFFO1lBQy9FLEdBQUcsa0JBQWtCO1NBQ3RCLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDcEIsTUFBTSxLQUFLLENBQ1QsNkZBQTZGLENBQzlGLENBQUM7UUFDSixDQUFDO1FBRUQsTUFBTSxnQkFBZ0IsR0FBOEI7WUFDbEQsR0FBSSxTQUF3QztZQUM1QyxJQUFJLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJO1lBQzNDLG9CQUFvQixFQUFFLElBQUEsMENBQThCLEVBQUMsa0JBQWtCLENBQUM7U0FDekUsQ0FBQztRQUVGLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDeEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsR0FBRyxJQUFJLG9CQUFVLENBQUM7Z0JBQ2xELGFBQWEsRUFBRSxrQkFBSyxDQUFDLGFBQWE7Z0JBQ2xDLE9BQU8sRUFBRSxrQkFBSyxDQUFDLFlBQVk7YUFDNUIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELElBQUkscUJBQXFCLENBQUM7UUFDMUIsSUFBSSxJQUFJLENBQUMseUJBQXlCLEVBQUUsQ0FBQztZQUNuQyxxQkFBcUIsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxHQUFHLEVBQUUsQ0FDdkUsU0FBUyxDQUFDLDJCQUEyQixDQUFDLE1BQU0sRUFBRSxnQkFBZ0IsQ0FBQyxDQUNoRSxDQUFDO1FBQ0osQ0FBQzthQUFNLENBQUM7WUFDTixxQkFBcUIsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxHQUFHLEVBQUUsQ0FDdkUsU0FBUyxDQUFDLG1CQUFtQixDQUFDLE1BQU0sRUFBRSxnQkFBZ0IsRUFBRSxlQUFlLENBQUMsQ0FDekUsQ0FBQztRQUNKLENBQUM7UUFDRCxPQUFPLHFCQUFxQixDQUFDO0lBQy9CLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLDJCQUEyQixDQUM5QyxNQUE4QixFQUM5QixrQkFBNkM7UUFFN0MsTUFBTSxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsR0FBRyxrQkFBa0IsQ0FBQztRQUUxQyxNQUFNLG1CQUFtQixHQUFHO1lBQzFCLElBQUksRUFBRSxJQUFJO1lBQ1YsRUFBRSxFQUFFLE1BQU0sQ0FBQyxFQUFFO1lBQ2IsSUFBSSxFQUFFLE1BQU0sQ0FBQyxJQUFJO1lBQ2pCLEtBQUssRUFBRSxNQUFNLENBQUMsS0FBSztTQUNwQixDQUFDO1FBQ0YsU0FBUyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQ3BCO1lBQ0UsTUFBTSxFQUFFLGdCQUFNLENBQUMsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUMsTUFBTSxDQUFDLENBQUM7U0FDbkQsRUFDRCxpQ0FBaUMsQ0FDbEMsQ0FBQztRQUNGLE1BQU0sTUFBTSxHQUFHLENBQUMsTUFBTSxJQUFLLENBQUMsUUFBUyxDQUFDLE9BQU8sQ0FBQztZQUM1QyxNQUFNLEVBQUUscUJBQXFCO1lBQzdCLE1BQU0sRUFBRSxDQUFDLG1CQUFtQixDQUFDO1NBQzlCLENBQUMsQ0FBa0IsQ0FBQztRQUVyQixNQUFNLHFCQUFxQixHQUFHLE1BQU0sSUFBQSxvQ0FBZSxFQUFDO1lBQ2xELE9BQU8sRUFBRSxLQUFLLElBQUksRUFBRSxDQUFDLE1BQU0sSUFBSyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLENBQUM7WUFDbEUsV0FBVyxFQUFFLENBQUMsTUFBTSxFQUFFLEVBQUU7Z0JBQ3RCLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxLQUFLLElBQUksRUFBRSxDQUFDO1lBQ3pDLENBQUM7WUFDRCxhQUFhLEVBQUUsNkNBQThCO1lBQzdDLFFBQVEsRUFBRSw2Q0FBOEI7U0FDekMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxxQkFBcUIsQ0FBQztJQUMvQixDQUFDO0lBRU0sTUFBTSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQ3hCLFdBQW1DLEVBQ25DLGtCQUF1QztRQUV2QyxNQUFNLElBQUksR0FBRyxrQkFBa0IsRUFBRSxJQUFJLElBQUksa0JBQUssQ0FBQyxhQUFhLENBQUM7UUFFN0QsSUFBSSxDQUFDO1lBQ0gsT0FBTyxNQUFNLFdBQVcsQ0FBQyxJQUFJLENBQUMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO1FBQzFDLENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1YsQ0FBaUIsQ0FBQyxVQUFVLEdBQUksQ0FBYyxDQUFDLElBQUksQ0FBQyxPQUFPLElBQUkseUJBQXlCLENBQUM7WUFDMUYsTUFBTSxDQUFDLENBQUM7UUFDVixDQUFDO0lBQ0gsQ0FBQztJQUVPLE1BQU0sQ0FBQyxLQUFLLENBQUMsbUJBQW1CLENBQ3RDLE1BQThCLEVBQzlCLGtCQUE2QyxFQUM3QyxlQUF3QztRQUV4QyxNQUFNLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxvQkFBb0IsRUFBRSxZQUFZLEVBQUUsSUFBSSxFQUFFLEdBQUcsa0JBQWtCLENBQUM7UUFFbkYsTUFBTSxHQUFHO1lBQ1AsR0FBRyxNQUFNO1lBQ1QsSUFBSTtZQUNKLEdBQUc7WUFDSCxvQkFBb0I7WUFDcEIsWUFBWTtTQUNiLENBQUM7UUFFRixJQUFJLFlBQVksQ0FBQztRQUNqQixJQUFJLGVBQWUsRUFBRSxDQUFDO1lBQ3BCLElBQUksQ0FBQztnQkFDSCxZQUFZLEdBQUcsTUFBTSxlQUFlLENBQUMsV0FBVyxDQUFDLE1BQTZCLENBQUMsQ0FBQztZQUNsRixDQUFDO1lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDWCxTQUFTLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsRUFBRSxpQ0FBaUMsQ0FBQyxDQUFDO2dCQUN4RSxZQUFZLEdBQUcsOEJBQWUsQ0FBQztZQUNqQyxDQUFDO1FBQ0gsQ0FBQzthQUFNLENBQUM7WUFDTixJQUFJLENBQUM7Z0JBQ0gsWUFBWSxHQUFHLE1BQU0sa0JBQUssQ0FBQyxTQUFVLENBQUMsR0FBRyxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUNoRSxDQUFDO1lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDWCxTQUFTLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsRUFBRSxpQ0FBaUMsQ0FBQyxDQUFDO2dCQUN4RSxZQUFZLEdBQUcsOEJBQWUsQ0FBQztZQUNqQyxDQUFDO1FBQ0gsQ0FBQztRQUNELE1BQU0sQ0FBQyxHQUFHLEdBQUcsSUFBQSxrQ0FBc0IsRUFBQyxZQUFZLEVBQUUsa0JBQUssQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1FBQzVFLG1DQUFtQztRQUNuQyxNQUFNLENBQUMsR0FBRyxHQUFHLE1BQU0sQ0FBQyxHQUFHLEdBQUcsOEJBQWUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsOEJBQWUsQ0FBQztRQUV6RSxJQUFJLGtCQUFrQixDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQzNCLElBQUksa0JBQWtCLENBQUMsR0FBRyxHQUFHLFlBQVksRUFBRSxDQUFDO2dCQUMxQyxTQUFTLENBQUMsTUFBTSxDQUFDLElBQUksQ0FDbkI7b0JBQ0UsU0FBUyxFQUFFLFlBQVk7b0JBQ3ZCLFNBQVMsRUFBRSxrQkFBa0IsQ0FBQyxHQUFHO2lCQUNsQyxFQUNELHdDQUF3QyxDQUN6QyxDQUFDO1lBQ0osQ0FBQztZQUNELE1BQU0sQ0FBQyxHQUFHLEdBQUcsa0JBQWtCLENBQUMsR0FBRyxDQUFDO1FBQ3RDLENBQUM7UUFFRCxJQUFJLFlBQVksQ0FBQztRQUNqQiw0RkFBNEY7UUFDNUYsSUFBSSxDQUFDLGtCQUFrQixDQUFDLG9CQUFvQixJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztZQUM1RixZQUFZLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQyxrQkFBa0IsQ0FBQyxJQUFLLENBQUMsQ0FBQztZQUM1RCxNQUFNLFlBQVksQ0FBQyw0QkFBNEIsRUFBRSxDQUFDO1lBQ2xELE1BQU0sQ0FBQyxLQUFLLEdBQUcsWUFBWSxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQzdDLENBQUM7UUFDRCxNQUFNLFVBQVUsR0FBRyxrQkFBSyxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxJQUFLLENBQUMsQ0FBQztRQUN4RCxJQUFJLENBQUM7WUFDSCxJQUFJLHFCQUFxQixDQUFDO1lBQzFCLElBQUksVUFBVSxFQUFFLENBQUM7Z0JBQ2YsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFLLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxlQUFlLENBQUMsTUFBTSxFQUFFLFVBQVUsQ0FBQyxDQUFDO2dCQUM1RSxJQUFJLENBQUMsTUFBTSxDQUFDLGNBQWMsRUFBRSxDQUFDO29CQUMzQixNQUFNLElBQUksS0FBSyxDQUFDLDRCQUE0QixDQUFDLENBQUM7Z0JBQ2hELENBQUM7Z0JBRUQsU0FBUyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQ3BCO29CQUNFLE1BQU0sRUFBRSxNQUFNLENBQUMsZUFBZTtvQkFDOUIsTUFBTSxFQUFFLGdCQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDO2lCQUN0QyxFQUNELCtCQUErQixDQUNoQyxDQUFDO2dCQUVGLHFCQUFxQixHQUFHLE1BQU0sSUFBSyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLENBQUMsY0FBYyxDQUFDLENBQUM7Z0JBRXJGLFNBQVMsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUNwQjtvQkFDRSxNQUFNLEVBQUUsTUFBTSxDQUFDLGVBQWU7b0JBQzlCLGFBQWEsRUFBRSxxQkFBcUIsQ0FBQyxXQUFXO29CQUNoRCxTQUFTLEVBQUUscUJBQXFCLENBQUMsT0FBTztpQkFDekMsRUFDRCxvQkFBb0IsQ0FDckIsQ0FBQztZQUNKLENBQUM7aUJBQU0sQ0FBQztnQkFDTixTQUFTLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FDcEI7b0JBQ0UsTUFBTSxFQUFFLGdCQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDO2lCQUN0QyxFQUNELGlDQUFpQyxDQUNsQyxDQUFDO2dCQUVGLHFCQUFxQixHQUFHLE1BQU0sSUFBSyxDQUFDLEdBQUcsQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDbEUsQ0FBQztZQUVELElBQUksWUFBWTtnQkFBRSxZQUFZLENBQUMsc0JBQXNCLENBQUMsTUFBTSxDQUFDLEtBQU0sQ0FBQyxDQUFDO1lBRXJFLE9BQU8scUJBQXFCLENBQUM7UUFDL0IsQ0FBQztRQUFDLE9BQU8sQ0FBVSxFQUFFLENBQUM7WUFDcEIsTUFBTSxPQUFPLEdBQUcsb0NBQW9DLENBQUM7WUFDckQsU0FBUyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ25DLElBQUksWUFBWTtnQkFBRSxNQUFNLFlBQVksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQzFELElBQUssQ0FBcUIsQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLDBDQUEwQyxDQUFDLEVBQUUsQ0FBQztnQkFDekYsTUFBTSxJQUFJLGlDQUFpQyxDQUFDLENBQUMsRUFBRSxPQUFPLENBQUMsQ0FBQztZQUMxRCxDQUFDO2lCQUFNLENBQUM7Z0JBQ04sTUFBTSxJQUFJLG9CQUFvQixDQUFDLENBQUMsRUFBRSxPQUFPLENBQUMsQ0FBQztZQUM3QyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7O0FBR0gsa0JBQWUsU0FBUyxDQUFDIn0=
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import * as pkijs from 'pkijs';
|
|
2
|
+
import { CertificatesHelper } from './helper.js';
|
|
3
|
+
import { OID_CRL_DISTRIBUTION_POINTS } from '../constants.js';
|
|
4
|
+
import { helpers } from '../index.js';
|
|
5
|
+
export class CRLHelper {
|
|
6
|
+
static async getCRLFromCerts(certs) {
|
|
7
|
+
const crlRequestsData = certs.map(this.getCRLRequestData).filter(Boolean);
|
|
8
|
+
if (!crlRequestsData.length) {
|
|
9
|
+
return [];
|
|
10
|
+
}
|
|
11
|
+
const crlResponseResults = await Promise.allSettled(crlRequestsData.map((reqData) => this.getCRLResponse(reqData)));
|
|
12
|
+
const rejectedCRLResponses = crlResponseResults
|
|
13
|
+
.filter(helpers.isRejected)
|
|
14
|
+
.map((result) => result.reason);
|
|
15
|
+
if (rejectedCRLResponses.length) {
|
|
16
|
+
throw new Error(`Can't get CRL responses for some certificates (reasons=${rejectedCRLResponses.join(';\n')})`);
|
|
17
|
+
}
|
|
18
|
+
return crlResponseResults.filter(helpers.isFulfilled).map((result) => result.value);
|
|
19
|
+
}
|
|
20
|
+
static getCRLRequestData(cert) {
|
|
21
|
+
const authorityExtension = CertificatesHelper.getExtensionValue(cert, OID_CRL_DISTRIBUTION_POINTS);
|
|
22
|
+
if (!authorityExtension) {
|
|
23
|
+
return;
|
|
24
|
+
}
|
|
25
|
+
const extensionValue = pkijs.ExtensionValueFactory.fromBER(OID_CRL_DISTRIBUTION_POINTS, authorityExtension);
|
|
26
|
+
const findType6DistributionPointExtension = (entry) => entry.type === 6;
|
|
27
|
+
const crlUrlDistributionPoints = extensionValue?.distributionPoints.find((point) => point.distributionPoint?.some(findType6DistributionPointExtension));
|
|
28
|
+
const crlUrl = crlUrlDistributionPoints?.distributionPoint?.find(findType6DistributionPointExtension)?.value;
|
|
29
|
+
if (!crlUrl) {
|
|
30
|
+
return;
|
|
31
|
+
}
|
|
32
|
+
return { crlUrl };
|
|
33
|
+
}
|
|
34
|
+
static async getCRLResponse(data) {
|
|
35
|
+
const response = await CertificatesHelper.downloadCertWithCache(data.crlUrl);
|
|
36
|
+
return pkijs.CertificateRevocationList.fromBER(response);
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3JsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9jcmwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDL0IsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ2pELE9BQU8sRUFBRSwyQkFBMkIsRUFBRSxNQUFNLGlCQUFpQixDQUFDO0FBQzlELE9BQU8sRUFBRSxPQUFPLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFJdEMsTUFBTSxPQUFPLFNBQVM7SUFDcEIsTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQzFCLEtBQTBCO1FBRTFCLE1BQU0sZUFBZSxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBcUIsQ0FBQztRQUM5RixJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzVCLE9BQU8sRUFBRSxDQUFDO1FBQ1osQ0FBQztRQUVELE1BQU0sa0JBQWtCLEdBQUcsTUFBTSxPQUFPLENBQUMsVUFBVSxDQUNqRCxlQUFlLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQy9ELENBQUM7UUFFRixNQUFNLG9CQUFvQixHQUFHLGtCQUFrQjthQUM1QyxNQUFNLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQzthQUMxQixHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxJQUFJLG9CQUFvQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2hDLE1BQU0sSUFBSSxLQUFLLENBQ2IsMERBQTBELG9CQUFvQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUM5RixDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU8sa0JBQWtCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN0RixDQUFDO0lBRU8sTUFBTSxDQUFDLGlCQUFpQixDQUFDLElBQXVCO1FBQ3RELE1BQU0sa0JBQWtCLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQzdELElBQUksRUFDSiwyQkFBMkIsQ0FDNUIsQ0FBQztRQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3hCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FDeEQsMkJBQTJCLEVBQzNCLGtCQUFrQixDQUNZLENBQUM7UUFFakMsTUFBTSxtQ0FBbUMsR0FBRyxDQUFDLEtBQXdCLEVBQVcsRUFBRSxDQUNoRixLQUFLLENBQUMsSUFBSSxLQUFLLENBQUMsQ0FBQztRQUVuQixNQUFNLHdCQUF3QixHQUFHLGNBQWMsRUFBRSxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUNoRixLQUFLLENBQUMsaUJBQXFELEVBQUUsSUFBSSxDQUNoRSxtQ0FBbUMsQ0FDcEMsQ0FDRixDQUFDO1FBQ0YsTUFBTSxNQUFNLEdBQ1Ysd0JBQXdCLEVBQUUsaUJBQzNCLEVBQUUsSUFBSSxDQUFDLG1DQUFtQyxDQUFDLEVBQUUsS0FBSyxDQUFDO1FBQ3BELElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNaLE9BQU87UUFDVCxDQUFDO1FBRUQsT0FBTyxFQUFFLE1BQU0sRUFBRSxDQUFDO0lBQ3BCLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FDakMsSUFBb0I7UUFFcEIsTUFBTSxRQUFRLEdBQUcsTUFBTSxrQkFBa0IsQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFN0UsT0FBTyxLQUFLLENBQUMseUJBQXlCLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQzNELENBQUM7Q0FDRiJ9
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/// <reference types="node" />
|
|
2
|
+
import * as pkijs from 'pkijs';
|
|
3
|
+
import { ValidateCertChainResult } from './types.js';
|
|
4
|
+
export declare class CertificatesHelper {
|
|
5
|
+
private static downloadedCertificateCache;
|
|
6
|
+
static derToPem(data: ArrayBuffer): string;
|
|
7
|
+
static pemToDer(certPem: string): Uint8Array;
|
|
8
|
+
static splitPemCerts(certs: string): string[];
|
|
9
|
+
static getDomain(certPem: string): string | undefined;
|
|
10
|
+
static getExtensionValue(certParam: string | pkijs.Certificate, oid: string): Buffer | undefined;
|
|
11
|
+
static extractCAFromChain(certsPem: string): {
|
|
12
|
+
certs: string;
|
|
13
|
+
ca: string;
|
|
14
|
+
};
|
|
15
|
+
static pemChainToDer(certsPem: string): Uint8Array[];
|
|
16
|
+
static derChainToPem(certsDer: Uint8Array[]): string;
|
|
17
|
+
static downloadCertWithCache(url: string): Promise<Buffer>;
|
|
18
|
+
static sortCertsFromLeafToRoot(certsPem: string | string[]): pkijs.Certificate[];
|
|
19
|
+
static validateCertChain(certsPem: string | string[], caPem: string | string[], options?: {
|
|
20
|
+
offline?: boolean;
|
|
21
|
+
}): Promise<ValidateCertChainResult>;
|
|
22
|
+
private static toPkiCerts;
|
|
23
|
+
}
|
|
@@ -0,0 +1,149 @@
|
|
|
1
|
+
import { X509Certificate } from 'crypto';
|
|
2
|
+
import _ from 'lodash';
|
|
3
|
+
import axios from 'axios';
|
|
4
|
+
import forge from 'node-forge';
|
|
5
|
+
import * as pkijs from 'pkijs';
|
|
6
|
+
import { createMemoryCache } from '../utils/cache/memory.js';
|
|
7
|
+
import { OCSPHelper } from './ocsp.js';
|
|
8
|
+
import { CRLHelper } from './crl.js';
|
|
9
|
+
//pkijs initCryptoEngine method doesn't work properly in nodejs
|
|
10
|
+
//https://github.com/PeculiarVentures/PKI.js/blob/91c596be220c5010b38415a68bd100942dfd321e/src/CryptoEngine/CryptoEngineInit.ts#L4
|
|
11
|
+
try {
|
|
12
|
+
pkijs.getEngine();
|
|
13
|
+
}
|
|
14
|
+
catch (err) {
|
|
15
|
+
if (err.message === `Please call 'setEngine' before call to 'getEngine'`) {
|
|
16
|
+
pkijs.setEngine('Node', new pkijs.CryptoEngine({ name: 'Node', crypto: require('crypto').webcrypto }));
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
export class CertificatesHelper {
|
|
20
|
+
static downloadedCertificateCache = createMemoryCache();
|
|
21
|
+
static derToPem(data) {
|
|
22
|
+
return forge.pem.encode({
|
|
23
|
+
contentDomain: null,
|
|
24
|
+
dekInfo: null,
|
|
25
|
+
headers: [],
|
|
26
|
+
procType: null,
|
|
27
|
+
type: 'CERTIFICATE',
|
|
28
|
+
body: Buffer.from(data).toString('binary'),
|
|
29
|
+
});
|
|
30
|
+
}
|
|
31
|
+
static pemToDer(certPem) {
|
|
32
|
+
return Buffer.from(forge.pki.pemToDer(certPem).bytes(), 'binary');
|
|
33
|
+
}
|
|
34
|
+
static splitPemCerts(certs) {
|
|
35
|
+
const pemRegex = /(-----BEGIN CERTIFICATE-----[\s\S]*?-----END CERTIFICATE-----)/g;
|
|
36
|
+
return certs.match(pemRegex) || [];
|
|
37
|
+
}
|
|
38
|
+
static getDomain(certPem) {
|
|
39
|
+
const cert = forge.pki.certificateFromPem(certPem);
|
|
40
|
+
return cert.subject.attributes.find((attribute) => attribute.name === 'commonName')
|
|
41
|
+
?.value;
|
|
42
|
+
}
|
|
43
|
+
static getExtensionValue(certParam, oid) {
|
|
44
|
+
const cert = typeof certParam === 'string'
|
|
45
|
+
? pkijs.Certificate.fromBER(CertificatesHelper.pemToDer(certParam))
|
|
46
|
+
: certParam;
|
|
47
|
+
const extension = cert.extensions?.find((ext) => ext.extnID === oid);
|
|
48
|
+
return extension && Buffer.from(extension.extnValue.valueBlock.toBER());
|
|
49
|
+
}
|
|
50
|
+
static extractCAFromChain(certsPem) {
|
|
51
|
+
const certs = CertificatesHelper.splitPemCerts(certsPem);
|
|
52
|
+
const splitCerts = _.partition(certs, (cert) => {
|
|
53
|
+
const x509 = new X509Certificate(cert);
|
|
54
|
+
return x509.issuer !== x509.subject;
|
|
55
|
+
});
|
|
56
|
+
return {
|
|
57
|
+
certs: splitCerts[0].join('\n'),
|
|
58
|
+
ca: splitCerts[1].join('\n'),
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
static pemChainToDer(certsPem) {
|
|
62
|
+
const certs = CertificatesHelper.splitPemCerts(certsPem);
|
|
63
|
+
return certs.map((certPem) => CertificatesHelper.pemToDer(certPem));
|
|
64
|
+
}
|
|
65
|
+
static derChainToPem(certsDer) {
|
|
66
|
+
return certsDer.map(CertificatesHelper.derToPem).join('').trim();
|
|
67
|
+
}
|
|
68
|
+
static async downloadCertWithCache(url) {
|
|
69
|
+
const responseData = await CertificatesHelper.downloadedCertificateCache.wrap(url, async () => {
|
|
70
|
+
const response = await axios(url, {
|
|
71
|
+
responseType: 'arraybuffer',
|
|
72
|
+
});
|
|
73
|
+
return response?.data;
|
|
74
|
+
}, {
|
|
75
|
+
ttl: 5 * 60 * 1000, //5 min
|
|
76
|
+
});
|
|
77
|
+
return responseData;
|
|
78
|
+
}
|
|
79
|
+
static sortCertsFromLeafToRoot(certsPem) {
|
|
80
|
+
const allCerts = CertificatesHelper.toPkiCerts(certsPem);
|
|
81
|
+
const leafs = allCerts.filter((certToCheck) => !allCerts.some((certsToCheckWith) => certToCheck.subject.isEqual(certsToCheckWith.issuer)));
|
|
82
|
+
const buildChain = (leaf) => {
|
|
83
|
+
const chain = [leaf];
|
|
84
|
+
let currentCert = leaf;
|
|
85
|
+
do {
|
|
86
|
+
currentCert = allCerts.find((potentialIssuer) => currentCert?.issuer.isEqual(potentialIssuer.subject) &&
|
|
87
|
+
!currentCert.subject.isEqual(currentCert.issuer));
|
|
88
|
+
if (currentCert) {
|
|
89
|
+
chain.push(currentCert);
|
|
90
|
+
}
|
|
91
|
+
} while (currentCert);
|
|
92
|
+
return chain;
|
|
93
|
+
};
|
|
94
|
+
const chains = leafs.map(buildChain).sort((one, two) => two.length - one.length);
|
|
95
|
+
return chains.flat();
|
|
96
|
+
}
|
|
97
|
+
static async validateCertChain(certsPem, caPem, options = {}) {
|
|
98
|
+
const { offline } = options;
|
|
99
|
+
// reverse() is needed because pkijs expects certificates to be ordered from root to leaf
|
|
100
|
+
const sortedCerts = CertificatesHelper.sortCertsFromLeafToRoot(certsPem).reverse();
|
|
101
|
+
const ca = CertificatesHelper.toPkiCerts(caPem);
|
|
102
|
+
try {
|
|
103
|
+
const crls = offline ? [] : await CRLHelper.getCRLFromCerts(sortedCerts);
|
|
104
|
+
const ocspBaseResponses = offline
|
|
105
|
+
? []
|
|
106
|
+
: await OCSPHelper.getOCSPResponseFromCerts(sortedCerts, ca);
|
|
107
|
+
const chainEngine = new pkijs.CertificateChainValidationEngine({
|
|
108
|
+
certs: sortedCerts,
|
|
109
|
+
trustedCerts: ca,
|
|
110
|
+
ocsps: ocspBaseResponses,
|
|
111
|
+
crls,
|
|
112
|
+
});
|
|
113
|
+
const verifyResult = await chainEngine.verify();
|
|
114
|
+
if (!verifyResult.result) {
|
|
115
|
+
return {
|
|
116
|
+
success: false,
|
|
117
|
+
errorMessage: verifyResult.resultMessage,
|
|
118
|
+
};
|
|
119
|
+
}
|
|
120
|
+
/**
|
|
121
|
+
* When verifying a certificate chain, chainEngine.verify() attempts to find a valid
|
|
122
|
+
* certification path using the provided certificates. It may ignore certificates that
|
|
123
|
+
* don't belong to the valid chain.
|
|
124
|
+
*
|
|
125
|
+
* This check ensures that all certificates we initially provided were actually used
|
|
126
|
+
* in the valid certification path that CertificateChainValidationEngine constructed.
|
|
127
|
+
* If any certificate was ignored/not used, we throw an error.
|
|
128
|
+
*/
|
|
129
|
+
const isEachCertVerified = sortedCerts.every((cert) => verifyResult.certificatePath?.find((verifiedCert) => verifiedCert.serialNumber.isEqual(cert.serialNumber)));
|
|
130
|
+
if (!isEachCertVerified) {
|
|
131
|
+
throw new Error('Some of certificates do not belong to chain');
|
|
132
|
+
}
|
|
133
|
+
return {
|
|
134
|
+
success: true,
|
|
135
|
+
};
|
|
136
|
+
}
|
|
137
|
+
catch (err) {
|
|
138
|
+
return {
|
|
139
|
+
success: false,
|
|
140
|
+
errorMessage: err.message,
|
|
141
|
+
};
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
static toPkiCerts(certs) {
|
|
145
|
+
const certsArray = Array.isArray(certs) ? certs : CertificatesHelper.splitPemCerts(certs);
|
|
146
|
+
return certsArray.map((certPem) => pkijs.Certificate.fromBER(CertificatesHelper.pemToDer(certPem)));
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9oZWxwZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLFFBQVEsQ0FBQztBQUN6QyxPQUFPLENBQUMsTUFBTSxRQUFRLENBQUM7QUFDdkIsT0FBTyxLQUFLLE1BQU0sT0FBTyxDQUFDO0FBQzFCLE9BQU8sS0FBSyxNQUFNLFlBQVksQ0FBQztBQUMvQixPQUFPLEtBQUssS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMvQixPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUU3RCxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sV0FBVyxDQUFDO0FBQ3ZDLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxVQUFVLENBQUM7QUFFckMsK0RBQStEO0FBQy9ELGtJQUFrSTtBQUNsSSxJQUFJLENBQUM7SUFDSCxLQUFLLENBQUMsU0FBUyxFQUFFLENBQUM7QUFDcEIsQ0FBQztBQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7SUFDYixJQUFLLEdBQWEsQ0FBQyxPQUFPLEtBQUssb0RBQW9ELEVBQUUsQ0FBQztRQUNwRixLQUFLLENBQUMsU0FBUyxDQUNiLE1BQU0sRUFDTixJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FDOUUsQ0FBQztJQUNKLENBQUM7QUFDSCxDQUFDO0FBRUQsTUFBTSxPQUFPLGtCQUFrQjtJQUNyQixNQUFNLENBQUMsMEJBQTBCLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQztJQUVoRSxNQUFNLENBQUMsUUFBUSxDQUFDLElBQWlCO1FBQy9CLE9BQU8sS0FBSyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUM7WUFDdEIsYUFBYSxFQUFFLElBQUk7WUFDbkIsT0FBTyxFQUFFLElBQUk7WUFDYixPQUFPLEVBQUUsRUFBRTtZQUNYLFFBQVEsRUFBRSxJQUFJO1lBQ2QsSUFBSSxFQUFFLGFBQWE7WUFDbkIsSUFBSSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQztTQUMzQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsTUFBTSxDQUFDLFFBQVEsQ0FBQyxPQUFlO1FBQzdCLE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxRQUFRLENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRUQsTUFBTSxDQUFDLGFBQWEsQ0FBQyxLQUFhO1FBQ2hDLE1BQU0sUUFBUSxHQUFHLGlFQUFpRSxDQUFDO1FBQ25GLE9BQU8sS0FBSyxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDckMsQ0FBQztJQUVELE1BQU0sQ0FBQyxTQUFTLENBQUMsT0FBZTtRQUM5QixNQUFNLElBQUksR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ25ELE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUMsU0FBUyxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsSUFBSSxLQUFLLFlBQVksQ0FBQztZQUNqRixFQUFFLEtBQWUsQ0FBQztJQUN0QixDQUFDO0lBRUQsTUFBTSxDQUFDLGlCQUFpQixDQUFDLFNBQXFDLEVBQUUsR0FBVztRQUN6RSxNQUFNLElBQUksR0FDUixPQUFPLFNBQVMsS0FBSyxRQUFRO1lBQzNCLENBQUMsQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDbkUsQ0FBQyxDQUFDLFNBQVMsQ0FBQztRQUNoQixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLE1BQU0sS0FBSyxHQUFHLENBQUMsQ0FBQztRQUNyRSxPQUFPLFNBQVMsSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUM7SUFDMUUsQ0FBQztJQUVELE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFnQjtRQUN4QyxNQUFNLEtBQUssR0FBRyxrQkFBa0IsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDekQsTUFBTSxVQUFVLEdBQUcsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxJQUFJLEVBQUUsRUFBRTtZQUM3QyxNQUFNLElBQUksR0FBRyxJQUFJLGVBQWUsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUV2QyxPQUFPLElBQUksQ0FBQyxNQUFNLEtBQUssSUFBSSxDQUFDLE9BQU8sQ0FBQztRQUN0QyxDQUFDLENBQUMsQ0FBQztRQUVILE9BQU87WUFDTCxLQUFLLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUM7WUFDL0IsRUFBRSxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO1NBQzdCLENBQUM7SUFDSixDQUFDO0lBRUQsTUFBTSxDQUFDLGFBQWEsQ0FBQyxRQUFnQjtRQUNuQyxNQUFNLEtBQUssR0FBRyxrQkFBa0IsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFekQsT0FBTyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBRUQsTUFBTSxDQUFDLGFBQWEsQ0FBQyxRQUFzQjtRQUN6QyxPQUFPLFFBQVEsQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ25FLENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLHFCQUFxQixDQUFDLEdBQVc7UUFDNUMsTUFBTSxZQUFZLEdBQUcsTUFBTSxrQkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxJQUFJLENBQzNFLEdBQUcsRUFDSCxLQUFLLElBQUksRUFBRTtZQUNULE1BQU0sUUFBUSxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsRUFBRTtnQkFDaEMsWUFBWSxFQUFFLGFBQWE7YUFDNUIsQ0FBQyxDQUFDO1lBQ0gsT0FBTyxRQUFRLEVBQUUsSUFBSSxDQUFDO1FBQ3hCLENBQUMsRUFDRDtZQUNFLEdBQUcsRUFBRSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksRUFBRSxPQUFPO1NBQzVCLENBQ0YsQ0FBQztRQUVGLE9BQU8sWUFBWSxDQUFDO0lBQ3RCLENBQUM7SUFFRCxNQUFNLENBQUMsdUJBQXVCLENBQUMsUUFBMkI7UUFDeEQsTUFBTSxRQUFRLEdBQUcsa0JBQWtCLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBRXpELE1BQU0sS0FBSyxHQUFHLFFBQVEsQ0FBQyxNQUFNLENBQzNCLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FDZCxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQyxnQkFBZ0IsRUFBRSxFQUFFLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FDN0YsQ0FBQztRQUVGLE1BQU0sVUFBVSxHQUFHLENBQUMsSUFBdUIsRUFBdUIsRUFBRTtZQUNsRSxNQUFNLEtBQUssR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ3JCLElBQUksV0FBVyxHQUFrQyxJQUFJLENBQUM7WUFFdEQsR0FBRyxDQUFDO2dCQUNGLFdBQVcsR0FBRyxRQUFRLENBQUMsSUFBSSxDQUN6QixDQUFDLGVBQWUsRUFBRSxFQUFFLENBQ2xCLFdBQVcsRUFBRSxNQUFNLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FBQyxPQUFPLENBQUM7b0JBQ3BELENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLE1BQU0sQ0FBQyxDQUNuRCxDQUFDO2dCQUVGLElBQUksV0FBVyxFQUFFLENBQUM7b0JBQ2hCLEtBQUssQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7Z0JBQzFCLENBQUM7WUFDSCxDQUFDLFFBQVEsV0FBVyxFQUFFO1lBRXRCLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQyxDQUFDO1FBRUYsTUFBTSxNQUFNLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsTUFBTSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNqRixPQUFPLE1BQU0sQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUN2QixDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxpQkFBaUIsQ0FDNUIsUUFBMkIsRUFDM0IsS0FBd0IsRUFDeEIsVUFBaUMsRUFBRTtRQUVuQyxNQUFNLEVBQUUsT0FBTyxFQUFFLEdBQUcsT0FBTyxDQUFDO1FBRTVCLHlGQUF5RjtRQUN6RixNQUFNLFdBQVcsR0FBRyxrQkFBa0IsQ0FBQyx1QkFBdUIsQ0FBQyxRQUFRLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUVuRixNQUFNLEVBQUUsR0FBRyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUM7UUFFaEQsSUFBSSxDQUFDO1lBQ0gsTUFBTSxJQUFJLEdBQUcsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sU0FBUyxDQUFDLGVBQWUsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUN6RSxNQUFNLGlCQUFpQixHQUFHLE9BQU87Z0JBQy9CLENBQUMsQ0FBQyxFQUFFO2dCQUNKLENBQUMsQ0FBQyxNQUFNLFVBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFFL0QsTUFBTSxXQUFXLEdBQUcsSUFBSSxLQUFLLENBQUMsZ0NBQWdDLENBQUM7Z0JBQzdELEtBQUssRUFBRSxXQUFXO2dCQUNsQixZQUFZLEVBQUUsRUFBRTtnQkFDaEIsS0FBSyxFQUFFLGlCQUFpQjtnQkFDeEIsSUFBSTthQUNMLENBQUMsQ0FBQztZQUVILE1BQU0sWUFBWSxHQUFHLE1BQU0sV0FBVyxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2hELElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQ3pCLE9BQU87b0JBQ0wsT0FBTyxFQUFFLEtBQUs7b0JBQ2QsWUFBWSxFQUFFLFlBQVksQ0FBQyxhQUFhO2lCQUN6QyxDQUFDO1lBQ0osQ0FBQztZQUVEOzs7Ozs7OztlQVFHO1lBQ0gsTUFBTSxrQkFBa0IsR0FBRyxXQUFXLENBQUMsS0FBSyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FDcEQsWUFBWSxDQUFDLGVBQWUsRUFBRSxJQUFJLENBQUMsQ0FBQyxZQUFZLEVBQUUsRUFBRSxDQUNsRCxZQUFZLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQ3JELENBQ0YsQ0FBQztZQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO2dCQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLDZDQUE2QyxDQUFDLENBQUM7WUFDakUsQ0FBQztZQUVELE9BQU87Z0JBQ0wsT0FBTyxFQUFFLElBQUk7YUFDZCxDQUFDO1FBQ0osQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixPQUFPO2dCQUNMLE9BQU8sRUFBRSxLQUFLO2dCQUNkLFlBQVksRUFBRyxHQUFhLENBQUMsT0FBTzthQUNyQyxDQUFDO1FBQ0osQ0FBQztJQUNILENBQUM7SUFFTyxNQUFNLENBQUMsVUFBVSxDQUFDLEtBQXdCO1FBQ2hELE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsa0JBQWtCLENBQUMsYUFBYSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzFGLE9BQU8sVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQ2hDLEtBQUssQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUNoRSxDQUFDO0lBQ0osQ0FBQyJ9
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
export * from './helper.js';
|
|
2
|
+
export * from './types.js';
|
|
3
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY2VydGlmaWNhdGVzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsYUFBYSxDQUFDO0FBQzVCLGNBQWMsWUFBWSxDQUFDIn0=
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import * as pkijs from 'pkijs';
|
|
2
|
+
export declare class OCSPHelper {
|
|
3
|
+
static getOCSPResponseFromCerts(certs: pkijs.Certificate[], ca: pkijs.Certificate[]): Promise<pkijs.BasicOCSPResponse[]>;
|
|
4
|
+
private static getOCSPRequestData;
|
|
5
|
+
private static getOCSPResponse;
|
|
6
|
+
private static sendOCSPRequest;
|
|
7
|
+
private static getNonceForRequest;
|
|
8
|
+
private static getNonceFromResponse;
|
|
9
|
+
}
|