npm - edockit - Versions diffs - 0.2.0 → 0.2.1 - Mend

edockit 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/CHANGELOG.md +9 -0
package/README.md +10 -2
package/dist/core/revocation/crl.d.ts +1 -0
package/dist/core/revocation/fetch.d.ts +12 -3
package/dist/core/revocation/ocsp.d.ts +3 -1
package/dist/core/revocation/types.d.ts +8 -1
package/dist/index.cjs.js +23 -12
package/dist/index.cjs.js.map +1 -1
package/dist/index.esm.js +23 -12
package/dist/index.esm.js.map +1 -1
package/dist/index.umd.js +10 -10
package/dist/index.umd.js.map +1 -1
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [0.2.1] - 2025-12-30
+### Added
+- **CORS Proxy Support** - New `proxyUrl` option in `revocationOptions` for browser environments
+  - Routes OCSP, CRL, and CA issuer certificate requests through a CORS proxy
+  - Enables revocation checking in browsers where direct requests are blocked by CORS
 ## [0.2.0] - 2025-12-29
 ### Added
@@ -39,5 +47,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - File checksum verification (SHA-256/384/512)
 - Browser and Node.js support
+[0.2.1]: https://github.com/edgarsj/edockit/compare/v0.2.0...v0.2.1
 [0.2.0]: https://github.com/edgarsj/edockit/compare/v0.1.2...v0.2.0
 [0.1.2]: https://github.com/edgarsj/edockit/releases/tag/v0.1.2

package/README.md CHANGED Viewed

@@ -45,6 +45,7 @@ const result = await verifySignature(container.signatures[0], container.files, {
   revocationOptions: {     // Optional: configure revocation check behavior
     ocspTimeout: 5000,     // OCSP request timeout in ms (default: 5000)
     crlTimeout: 10000,     // CRL fetch timeout in ms (default: 10000)
+    proxyUrl: 'https://cors-proxy.example.com/?url=',  // CORS proxy for browser (optional)
   },
   verifyTimestamps: true,  // RFC 3161 timestamp verification (default: true)
   verifyTime: new Date()   // Verify certificate at specific time (default: timestamp time if present, otherwise now)
@@ -119,8 +120,13 @@ async function verifyDocument(url) {
   console.log("Documents:", container.documentFileList);
   for (const signature of container.signatures) {
-    const result = await verifySignature(signature, container.files);
-    // checkRevocation and verifyTimestamps default to true
+    const result = await verifySignature(signature, container.files, {
+      checkRevocation: true,
+      revocationOptions: {
+        // Use a CORS proxy for OCSP/CRL requests in browser environments
+        proxyUrl: 'https://your-cors-proxy.example.com/?url=',
+      },
+    });
     console.log(`Valid: ${result.isValid}`);
@@ -134,6 +140,8 @@ async function verifyDocument(url) {
 }
 ```
+> **Note:** OCSP and CRL endpoints typically don't support CORS, so browser environments need a proxy to perform revocation checks. The `proxyUrl` option routes all revocation requests through the specified proxy, which should accept the original URL as a query parameter.
 ### Timestamp Utilities
 For advanced timestamp handling, you can use the timestamp utilities directly:

package/dist/core/revocation/crl.d.ts CHANGED Viewed

@@ -31,4 +31,5 @@ export declare function parseCRL(data: ArrayBuffer): X509Crl | null;
  */
 export declare function checkCRL(cert: X509Certificate, options?: {
     timeout?: number;
+    proxyUrl?: string;
 }): Promise<RevocationResult>;

package/dist/core/revocation/fetch.d.ts CHANGED Viewed

@@ -13,6 +13,12 @@ export interface FetchOptions {
     contentType?: string;
     /** Accept header */
     accept?: string;
+    /**
+     * CORS proxy URL for browser environments.
+     * When set, the original URL will be URL-encoded and appended to this proxy URL.
+     * Example: "https://cors-proxy.example.com/?url="
+     */
+    proxyUrl?: string;
 }
 export interface FetchResult {
     ok: boolean;
@@ -32,20 +38,23 @@ export declare function fetchBinary(url: string, options?: FetchOptions): Promis
  * @param url OCSP responder URL
  * @param request DER-encoded OCSP request
  * @param timeout Timeout in milliseconds
+ * @param proxyUrl Optional CORS proxy URL
  * @returns FetchResult with OCSP response data
  */
-export declare function fetchOCSP(url: string, request: ArrayBuffer, timeout?: number): Promise<FetchResult>;
+export declare function fetchOCSP(url: string, request: ArrayBuffer, timeout?: number, proxyUrl?: string): Promise<FetchResult>;
 /**
  * Fetch CRL from distribution point
  * @param url CRL distribution point URL
  * @param timeout Timeout in milliseconds
+ * @param proxyUrl Optional CORS proxy URL
  * @returns FetchResult with CRL data
  */
-export declare function fetchCRL(url: string, timeout?: number): Promise<FetchResult>;
+export declare function fetchCRL(url: string, timeout?: number, proxyUrl?: string): Promise<FetchResult>;
 /**
  * Fetch issuer certificate from AIA extension
  * @param url CA Issuers URL
  * @param timeout Timeout in milliseconds
+ * @param proxyUrl Optional CORS proxy URL
  * @returns FetchResult with certificate data
  */
-export declare function fetchIssuerCertificate(url: string, timeout?: number): Promise<FetchResult>;
+export declare function fetchIssuerCertificate(url: string, timeout?: number, proxyUrl?: string): Promise<FetchResult>;

package/dist/core/revocation/ocsp.d.ts CHANGED Viewed

@@ -23,9 +23,10 @@ export declare function findIssuerInChain(cert: X509Certificate, chain: string[]
  * Fetch issuer certificate from AIA extension
  * @param cert Certificate to fetch issuer for
  * @param timeout Timeout in ms
+ * @param proxyUrl Optional CORS proxy URL
  * @returns Issuer certificate or null
  */
-export declare function fetchIssuerFromAIA(cert: X509Certificate, timeout?: number): Promise<X509Certificate | null>;
+export declare function fetchIssuerFromAIA(cert: X509Certificate, timeout?: number, proxyUrl?: string): Promise<X509Certificate | null>;
 /**
  * Build OCSP request for a certificate
  * @param cert Certificate to check
@@ -49,4 +50,5 @@ export declare function parseOCSPResponse(responseData: ArrayBuffer): Revocation
 export declare function checkOCSP(cert: X509Certificate, issuerCert: X509Certificate | null, options?: {
     timeout?: number;
     certificateChain?: string[];
+    proxyUrl?: string;
 }): Promise<RevocationResult>;

package/dist/core/revocation/types.d.ts CHANGED Viewed

@@ -29,11 +29,18 @@ export interface RevocationCheckOptions {
     crlTimeout?: number;
     /** Certificate chain for finding issuer (PEM strings) */
     certificateChain?: string[];
+    /**
+     * CORS proxy URL for browser environments.
+     * When set, all OCSP/CRL fetch requests will be routed through this proxy.
+     * The original URL will be URL-encoded and appended as a query parameter.
+     * Example: "https://cors-proxy.example.com/?url="
+     */
+    proxyUrl?: string;
 }
 /**
  * Default options for revocation checking
  */
-export declare const DEFAULT_REVOCATION_OPTIONS: Required<Omit<RevocationCheckOptions, "certificateChain">>;
+export declare const DEFAULT_REVOCATION_OPTIONS: Required<Omit<RevocationCheckOptions, "certificateChain" | "proxyUrl">>;
 /**
  * OID constants for certificate extensions
  */

package/dist/index.cjs.js CHANGED Viewed

@@ -7926,7 +7926,9 @@ __decorate([
  * @returns FetchResult with binary data or error
  */
 async function fetchBinary(url, options = {}) {
-    const { timeout = 10000, method = "GET", body, contentType, accept } = options;
+    const { timeout = 10000, method = "GET", body, contentType, accept, proxyUrl } = options;
+    // Apply proxy URL if provided
+    const fetchUrl = proxyUrl ? `${proxyUrl}${encodeURIComponent(url)}` : url;
     const controller = new AbortController();
     const timeoutId = setTimeout(() => controller.abort(), timeout);
     try {
@@ -7937,7 +7939,7 @@ async function fetchBinary(url, options = {}) {
         if (accept) {
             headers["Accept"] = accept;
         }
-        const response = await fetch(url, {
+        const response = await fetch(fetchUrl, {
             method,
             headers,
             body: body ? new Uint8Array(body) : undefined,
@@ -7986,41 +7988,47 @@ async function fetchBinary(url, options = {}) {
  * @param url OCSP responder URL
  * @param request DER-encoded OCSP request
  * @param timeout Timeout in milliseconds
+ * @param proxyUrl Optional CORS proxy URL
  * @returns FetchResult with OCSP response data
  */
-async function fetchOCSP(url, request, timeout = 5000) {
+async function fetchOCSP(url, request, timeout = 5000, proxyUrl) {
     return fetchBinary(url, {
         method: "POST",
         body: request,
         contentType: "application/ocsp-request",
         accept: "application/ocsp-response",
         timeout,
+        proxyUrl,
     });
 }
 /**
  * Fetch CRL from distribution point
  * @param url CRL distribution point URL
  * @param timeout Timeout in milliseconds
+ * @param proxyUrl Optional CORS proxy URL
  * @returns FetchResult with CRL data
  */
-async function fetchCRL(url, timeout = 10000) {
+async function fetchCRL(url, timeout = 10000, proxyUrl) {
     return fetchBinary(url, {
         method: "GET",
         accept: "application/pkix-crl",
         timeout,
+        proxyUrl,
     });
 }
 /**
  * Fetch issuer certificate from AIA extension
  * @param url CA Issuers URL
  * @param timeout Timeout in milliseconds
+ * @param proxyUrl Optional CORS proxy URL
  * @returns FetchResult with certificate data
  */
-async function fetchIssuerCertificate(url, timeout = 5000) {
+async function fetchIssuerCertificate(url, timeout = 5000, proxyUrl) {
     return fetchBinary(url, {
         method: "GET",
         accept: "application/pkix-cert",
         timeout,
+        proxyUrl,
     });
 }
@@ -8177,13 +8185,14 @@ function findIssuerInChain(cert, chain) {
  * Fetch issuer certificate from AIA extension
  * @param cert Certificate to fetch issuer for
  * @param timeout Timeout in ms
+ * @param proxyUrl Optional CORS proxy URL
  * @returns Issuer certificate or null
  */
-async function fetchIssuerFromAIA(cert, timeout = 5000) {
+async function fetchIssuerFromAIA(cert, timeout = 5000, proxyUrl) {
     const urls = extractCAIssuersUrls(cert);
     for (const url of urls) {
         try {
-            const result = await fetchIssuerCertificate(url, timeout);
+            const result = await fetchIssuerCertificate(url, timeout, proxyUrl);
             if (result.ok && result.data) {
                 // Try to parse as DER first, then PEM
                 try {
@@ -8376,7 +8385,7 @@ function parseOCSPResponse(responseData) {
  * @returns Revocation result
  */
 async function checkOCSP(cert, issuerCert, options = {}) {
-    const { timeout = 5000, certificateChain = [] } = options;
+    const { timeout = 5000, certificateChain = [], proxyUrl } = options;
     const now = new Date();
     // Get OCSP URLs
     const ocspUrls = extractOCSPUrls(cert);
@@ -8397,7 +8406,7 @@ async function checkOCSP(cert, issuerCert, options = {}) {
     }
     if (!issuer) {
         // Try AIA extension
-        issuer = await fetchIssuerFromAIA(cert, timeout);
+        issuer = await fetchIssuerFromAIA(cert, timeout, proxyUrl);
     }
     if (!issuer) {
         return {
@@ -8425,7 +8434,7 @@ async function checkOCSP(cert, issuerCert, options = {}) {
     // Try each OCSP URL
     for (const url of ocspUrls) {
         try {
-            const result = await fetchOCSP(url, request, timeout);
+            const result = await fetchOCSP(url, request, timeout, proxyUrl);
             if (result.ok && result.data) {
                 return parseOCSPResponse(result.data);
             }
@@ -8532,7 +8541,7 @@ function parseCRL(data) {
  * @returns Revocation result
  */
 async function checkCRL(cert, options = {}) {
-    const { timeout = 10000 } = options;
+    const { timeout = 10000, proxyUrl } = options;
     const now = new Date();
     // Get CRL URLs
     const crlUrls = extractCRLUrls(cert);
@@ -8549,7 +8558,7 @@ async function checkCRL(cert, options = {}) {
     const errors = [];
     for (const url of crlUrls) {
         try {
-            const result = await fetchCRL(url, timeout);
+            const result = await fetchCRL(url, timeout, proxyUrl);
             if (!result.ok || !result.data) {
                 errors.push(`${url}: ${result.error || "Failed to fetch"}`);
                 continue;
@@ -8638,6 +8647,7 @@ async function checkCertificateRevocation(cert, options = {}) {
         ocspResult = await checkOCSP(x509Cert, null, {
             timeout: opts.ocspTimeout,
             certificateChain: opts.certificateChain,
+            proxyUrl: options.proxyUrl,
         });
         // If OCSP gives a definitive answer (good or revoked), use it
         if (ocspResult.status === "good" || ocspResult.status === "revoked") {
@@ -8649,6 +8659,7 @@ async function checkCertificateRevocation(cert, options = {}) {
     if (opts.crlEnabled) {
         crlResult = await checkCRL(x509Cert, {
             timeout: opts.crlTimeout,
+            proxyUrl: options.proxyUrl,
         });
         // If CRL gives a definitive answer, use it
         if (crlResult.status === "good" || crlResult.status === "revoked") {