diff options
| author | Matthew Miller <matthew@millerti.me> | 2022-01-29 12:46:06 -0800 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2022-01-29 12:46:06 -0800 |
| commit | 09529ba226cd317cc242b5679454610d7660f94c (patch) | |
| tree | bc6cd1dba9a3fcf299436382ce1e534cd68506aa | |
| parent | c87a366479e587dc9e747978a9aa126f2d5d2e04 (diff) | |
Split out notBefore + notAfter check into helper
| -rw-r--r-- | packages/server/src/helpers/validateCertificatePath.ts | 4 | ||||
| -rw-r--r-- | packages/server/src/helpers/validateCertificateValidityWindow.ts | 7 |
2 files changed, 9 insertions, 2 deletions
diff --git a/packages/server/src/helpers/validateCertificatePath.ts b/packages/server/src/helpers/validateCertificatePath.ts index ae8a2fd..32c1c6b 100644 --- a/packages/server/src/helpers/validateCertificatePath.ts +++ b/packages/server/src/helpers/validateCertificatePath.ts @@ -4,6 +4,7 @@ import { KJUR, X509, ASN1HEX, zulutodate } from 'jsrsasign'; import isCertRevoked from './isCertRevoked'; +import { validateCertificateValidityWindow } from './validateCertificateValidityWindow'; const { crypto } = KJUR; @@ -80,8 +81,7 @@ async function _validatePath(certificates: string[]): Promise<boolean> { const notBefore = zulutodate(issuerCert.getNotBefore()); const notAfter = zulutodate(issuerCert.getNotAfter()); - const now = new Date(); - if (notBefore > now || notAfter < now) { + if (!validateCertificateValidityWindow(notBefore, notAfter)) { throw new Error('Intermediate certificate is not yet valid or expired'); } diff --git a/packages/server/src/helpers/validateCertificateValidityWindow.ts b/packages/server/src/helpers/validateCertificateValidityWindow.ts new file mode 100644 index 0000000..e1a0926 --- /dev/null +++ b/packages/server/src/helpers/validateCertificateValidityWindow.ts @@ -0,0 +1,7 @@ +/** + * Make sure "now" is within a specific time frame + */ +export function validateCertificateValidityWindow(notBefore: Date, notAfter: Date): boolean { + const now = new Date(); + return notBefore < now && now < notAfter; +} |