edockit 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +9 -0
- package/README.md +10 -2
- package/dist/core/revocation/crl.d.ts +1 -0
- package/dist/core/revocation/fetch.d.ts +12 -3
- package/dist/core/revocation/ocsp.d.ts +3 -1
- package/dist/core/revocation/types.d.ts +8 -1
- package/dist/index.cjs.js +23 -12
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.esm.js +23 -12
- package/dist/index.esm.js.map +1 -1
- package/dist/index.umd.js +10 -10
- package/dist/index.umd.js.map +1 -1
- package/package.json +1 -1
package/dist/index.esm.js
CHANGED
|
@@ -7922,7 +7922,9 @@ __decorate([
|
|
|
7922
7922
|
* @returns FetchResult with binary data or error
|
|
7923
7923
|
*/
|
|
7924
7924
|
async function fetchBinary(url, options = {}) {
|
|
7925
|
-
const { timeout = 10000, method = "GET", body, contentType, accept } = options;
|
|
7925
|
+
const { timeout = 10000, method = "GET", body, contentType, accept, proxyUrl } = options;
|
|
7926
|
+
// Apply proxy URL if provided
|
|
7927
|
+
const fetchUrl = proxyUrl ? `${proxyUrl}${encodeURIComponent(url)}` : url;
|
|
7926
7928
|
const controller = new AbortController();
|
|
7927
7929
|
const timeoutId = setTimeout(() => controller.abort(), timeout);
|
|
7928
7930
|
try {
|
|
@@ -7933,7 +7935,7 @@ async function fetchBinary(url, options = {}) {
|
|
|
7933
7935
|
if (accept) {
|
|
7934
7936
|
headers["Accept"] = accept;
|
|
7935
7937
|
}
|
|
7936
|
-
const response = await fetch(
|
|
7938
|
+
const response = await fetch(fetchUrl, {
|
|
7937
7939
|
method,
|
|
7938
7940
|
headers,
|
|
7939
7941
|
body: body ? new Uint8Array(body) : undefined,
|
|
@@ -7982,41 +7984,47 @@ async function fetchBinary(url, options = {}) {
|
|
|
7982
7984
|
* @param url OCSP responder URL
|
|
7983
7985
|
* @param request DER-encoded OCSP request
|
|
7984
7986
|
* @param timeout Timeout in milliseconds
|
|
7987
|
+
* @param proxyUrl Optional CORS proxy URL
|
|
7985
7988
|
* @returns FetchResult with OCSP response data
|
|
7986
7989
|
*/
|
|
7987
|
-
async function fetchOCSP(url, request, timeout = 5000) {
|
|
7990
|
+
async function fetchOCSP(url, request, timeout = 5000, proxyUrl) {
|
|
7988
7991
|
return fetchBinary(url, {
|
|
7989
7992
|
method: "POST",
|
|
7990
7993
|
body: request,
|
|
7991
7994
|
contentType: "application/ocsp-request",
|
|
7992
7995
|
accept: "application/ocsp-response",
|
|
7993
7996
|
timeout,
|
|
7997
|
+
proxyUrl,
|
|
7994
7998
|
});
|
|
7995
7999
|
}
|
|
7996
8000
|
/**
|
|
7997
8001
|
* Fetch CRL from distribution point
|
|
7998
8002
|
* @param url CRL distribution point URL
|
|
7999
8003
|
* @param timeout Timeout in milliseconds
|
|
8004
|
+
* @param proxyUrl Optional CORS proxy URL
|
|
8000
8005
|
* @returns FetchResult with CRL data
|
|
8001
8006
|
*/
|
|
8002
|
-
async function fetchCRL(url, timeout = 10000) {
|
|
8007
|
+
async function fetchCRL(url, timeout = 10000, proxyUrl) {
|
|
8003
8008
|
return fetchBinary(url, {
|
|
8004
8009
|
method: "GET",
|
|
8005
8010
|
accept: "application/pkix-crl",
|
|
8006
8011
|
timeout,
|
|
8012
|
+
proxyUrl,
|
|
8007
8013
|
});
|
|
8008
8014
|
}
|
|
8009
8015
|
/**
|
|
8010
8016
|
* Fetch issuer certificate from AIA extension
|
|
8011
8017
|
* @param url CA Issuers URL
|
|
8012
8018
|
* @param timeout Timeout in milliseconds
|
|
8019
|
+
* @param proxyUrl Optional CORS proxy URL
|
|
8013
8020
|
* @returns FetchResult with certificate data
|
|
8014
8021
|
*/
|
|
8015
|
-
async function fetchIssuerCertificate(url, timeout = 5000) {
|
|
8022
|
+
async function fetchIssuerCertificate(url, timeout = 5000, proxyUrl) {
|
|
8016
8023
|
return fetchBinary(url, {
|
|
8017
8024
|
method: "GET",
|
|
8018
8025
|
accept: "application/pkix-cert",
|
|
8019
8026
|
timeout,
|
|
8027
|
+
proxyUrl,
|
|
8020
8028
|
});
|
|
8021
8029
|
}
|
|
8022
8030
|
|
|
@@ -8173,13 +8181,14 @@ function findIssuerInChain(cert, chain) {
|
|
|
8173
8181
|
* Fetch issuer certificate from AIA extension
|
|
8174
8182
|
* @param cert Certificate to fetch issuer for
|
|
8175
8183
|
* @param timeout Timeout in ms
|
|
8184
|
+
* @param proxyUrl Optional CORS proxy URL
|
|
8176
8185
|
* @returns Issuer certificate or null
|
|
8177
8186
|
*/
|
|
8178
|
-
async function fetchIssuerFromAIA(cert, timeout = 5000) {
|
|
8187
|
+
async function fetchIssuerFromAIA(cert, timeout = 5000, proxyUrl) {
|
|
8179
8188
|
const urls = extractCAIssuersUrls(cert);
|
|
8180
8189
|
for (const url of urls) {
|
|
8181
8190
|
try {
|
|
8182
|
-
const result = await fetchIssuerCertificate(url, timeout);
|
|
8191
|
+
const result = await fetchIssuerCertificate(url, timeout, proxyUrl);
|
|
8183
8192
|
if (result.ok && result.data) {
|
|
8184
8193
|
// Try to parse as DER first, then PEM
|
|
8185
8194
|
try {
|
|
@@ -8372,7 +8381,7 @@ function parseOCSPResponse(responseData) {
|
|
|
8372
8381
|
* @returns Revocation result
|
|
8373
8382
|
*/
|
|
8374
8383
|
async function checkOCSP(cert, issuerCert, options = {}) {
|
|
8375
|
-
const { timeout = 5000, certificateChain = [] } = options;
|
|
8384
|
+
const { timeout = 5000, certificateChain = [], proxyUrl } = options;
|
|
8376
8385
|
const now = new Date();
|
|
8377
8386
|
// Get OCSP URLs
|
|
8378
8387
|
const ocspUrls = extractOCSPUrls(cert);
|
|
@@ -8393,7 +8402,7 @@ async function checkOCSP(cert, issuerCert, options = {}) {
|
|
|
8393
8402
|
}
|
|
8394
8403
|
if (!issuer) {
|
|
8395
8404
|
// Try AIA extension
|
|
8396
|
-
issuer = await fetchIssuerFromAIA(cert, timeout);
|
|
8405
|
+
issuer = await fetchIssuerFromAIA(cert, timeout, proxyUrl);
|
|
8397
8406
|
}
|
|
8398
8407
|
if (!issuer) {
|
|
8399
8408
|
return {
|
|
@@ -8421,7 +8430,7 @@ async function checkOCSP(cert, issuerCert, options = {}) {
|
|
|
8421
8430
|
// Try each OCSP URL
|
|
8422
8431
|
for (const url of ocspUrls) {
|
|
8423
8432
|
try {
|
|
8424
|
-
const result = await fetchOCSP(url, request, timeout);
|
|
8433
|
+
const result = await fetchOCSP(url, request, timeout, proxyUrl);
|
|
8425
8434
|
if (result.ok && result.data) {
|
|
8426
8435
|
return parseOCSPResponse(result.data);
|
|
8427
8436
|
}
|
|
@@ -8528,7 +8537,7 @@ function parseCRL(data) {
|
|
|
8528
8537
|
* @returns Revocation result
|
|
8529
8538
|
*/
|
|
8530
8539
|
async function checkCRL(cert, options = {}) {
|
|
8531
|
-
const { timeout = 10000 } = options;
|
|
8540
|
+
const { timeout = 10000, proxyUrl } = options;
|
|
8532
8541
|
const now = new Date();
|
|
8533
8542
|
// Get CRL URLs
|
|
8534
8543
|
const crlUrls = extractCRLUrls(cert);
|
|
@@ -8545,7 +8554,7 @@ async function checkCRL(cert, options = {}) {
|
|
|
8545
8554
|
const errors = [];
|
|
8546
8555
|
for (const url of crlUrls) {
|
|
8547
8556
|
try {
|
|
8548
|
-
const result = await fetchCRL(url, timeout);
|
|
8557
|
+
const result = await fetchCRL(url, timeout, proxyUrl);
|
|
8549
8558
|
if (!result.ok || !result.data) {
|
|
8550
8559
|
errors.push(`${url}: ${result.error || "Failed to fetch"}`);
|
|
8551
8560
|
continue;
|
|
@@ -8634,6 +8643,7 @@ async function checkCertificateRevocation(cert, options = {}) {
|
|
|
8634
8643
|
ocspResult = await checkOCSP(x509Cert, null, {
|
|
8635
8644
|
timeout: opts.ocspTimeout,
|
|
8636
8645
|
certificateChain: opts.certificateChain,
|
|
8646
|
+
proxyUrl: options.proxyUrl,
|
|
8637
8647
|
});
|
|
8638
8648
|
// If OCSP gives a definitive answer (good or revoked), use it
|
|
8639
8649
|
if (ocspResult.status === "good" || ocspResult.status === "revoked") {
|
|
@@ -8645,6 +8655,7 @@ async function checkCertificateRevocation(cert, options = {}) {
|
|
|
8645
8655
|
if (opts.crlEnabled) {
|
|
8646
8656
|
crlResult = await checkCRL(x509Cert, {
|
|
8647
8657
|
timeout: opts.crlTimeout,
|
|
8658
|
+
proxyUrl: options.proxyUrl,
|
|
8648
8659
|
});
|
|
8649
8660
|
// If CRL gives a definitive answer, use it
|
|
8650
8661
|
if (crlResult.status === "good" || crlResult.status === "revoked") {
|